Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

aswMBR found IRP_MJ_CREATE - asked to make new post here


  • This topic is locked This topic is locked
18 replies to this topic

#1 whatisavailable

whatisavailable

  • Members
  • 212 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:06:43 PM

Posted 25 February 2013 - 03:56 PM

Hi

Below is dds.txt. Attached aswMBR log and attach.txt.

Thanks!

Jim

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16464  BrowserJavaVersion: 10.15.2
Run by Jim at 14:42:19 on 2013-02-25
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2815.527 [GMT -6:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Microsoft Security Essentials Prerelease *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials Prerelease *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\LSI SoftModem\agr64svc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
C:\Program Files (x86)\Kodak\CloudPrinting\KCPConnector.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
C:\Program Files (x86)\Secunia\PSI\PSIA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\fxssvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\Secunia\PSI\sua.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Users\Jim\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\StorageSync\StrgSync.exe
C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManager.exe
C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exe
C:\Users\Jim\AppData\Roaming\mjusbsp\magicJack.exe
C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe
C:\Program Files (x86)\Memeo\AutoBackup\MemeoUpdater.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\PeerBlock\peerblock.exe
C:\Windows\system32\SearchIndexer.exe
C:\Users\Jim\TCPView\Tcpview.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\McAfee\Core\mchost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\PrintIsolationHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: ExplorerBHO Class: {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - <orphaned>
BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6} - <orphaned>
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe
uRun: [cdloader] "C:\Users\Jim\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [StrgSync.exe] C:\Program Files\StorageSync\StrgSync.exe -w
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [Intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManager.lnk"
mRun: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
mRun: [Memeo Instant Backup] C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe --silent --no_ui
mRun: [Seagate Dashboard] C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Conime] C:\Windows\System32\conime.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
mRun: [EKIJ5000StatusMonitor] C:\Windows\System32\spool\DRIVERS\x64\3\EKIJ5000MUI.EXE
mRun: [EKStatusMonitor] C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Bonus.SSR.FR11] "C:\Program Files (x86)\ABBYY FineReader 11\Bonus.ScreenshotReader.exe" /autorun
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
dRunOnce: [KodakHomeCenter] "C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe"
StartupFolder: C:\Users\Jim\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Jim\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Jim\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAGICJ~1.LNK - C:\Users\Jim\AppData\Roaming\mjusbsp\magicJackLoader.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{84C948A5-6D46-4EBC-9E24-03C3E1F7221D} : DHCPNameServer = 209.18.47.61 209.18.47.62
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Notify: PFW - <no file>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.97\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: ExplorerBHO Class: {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: Classic Explorer Bar: {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
x64-Run: [EKIJ5000StatusMonitor] C:\Windows\System32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {64964764-1101-4bbd-8891-B56B1A53B9B3} - {553891B7-A0D5-4526-BE18-D3CE461D6310}
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\lqrbomld.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\PROGRA~2\mcafee\msc\npMcSnFFPl.dll
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npatgpc.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2012-7-17 771096]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2012-7-17 339776]
R2 ggcfdrv;ggcfdrv;C:\Windows\System32\drivers\ggcfdrv.sys [2011-9-30 27224]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2010-9-17 15928]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2011-1-29 72216]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2012-11-8 309400]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2012-11-8 515528]
R3 PSI;PSI;C:\Windows\System32\drivers\psi_mf.sys [2010-9-1 17976]
S3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2012-11-8 69672]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-11-10 48488]
S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\System32\drivers\ivusb.sys [2010-3-10 29720]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2012-11-8 106112]
.
=============== Created Last 30 ================
.
2013-02-25 17:24:14    76232    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C02E81BF-FB83-42A4-BE46-3B8567998B08}\offreg.dll
2013-02-25 17:05:49    972264    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{80615DF3-8671-4AA4-9898-6DFA99154663}\gapaengine.dll
2013-02-25 17:05:40    9162192    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C02E81BF-FB83-42A4-BE46-3B8567998B08}\mpengine.dll
2013-02-25 17:01:31    --------    d-----w-    C:\Program Files (x86)\Microsoft Security Client
2013-02-25 17:01:15    --------    d-----w-    C:\Program Files\Microsoft Security Client
2013-02-25 16:29:30    36680    ----a-w-    C:\Windows\System32\drivers\mbamchameleon.sys
2013-02-22 00:31:24    --------    d-----w-    C:\Users\Jim\TCPView
2013-02-21 21:56:35    95648    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-02-19 20:05:02    --------    d-sh--w-    C:\$RECYCLE.BIN
2013-02-15 23:38:28    --------    d-----w-    C:\Users\Jim\AppData\Local\Programs
2013-02-15 22:31:23    186432    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2013-02-15 22:31:23    186432    ----a-w-    C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
2013-02-13 09:06:56    996352    ----a-w-    C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 09:06:56    768000    ----a-w-    C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 02:33:38    5553512    ----a-w-    C:\Windows\System32\ntoskrnl.exe
2013-02-13 02:33:37    3967848    ----a-w-    C:\Windows\SysWow64\ntkrnlpa.exe
2013-02-13 02:33:37    3913064    ----a-w-    C:\Windows\SysWow64\ntoskrnl.exe
2013-02-13 02:33:00    3153408    ----a-w-    C:\Windows\System32\win32k.sys
2013-02-13 02:32:54    215040    ----a-w-    C:\Windows\System32\winsrv.dll
2013-02-13 02:32:54    14336    ----a-w-    C:\Windows\SysWow64\ntvdm64.dll
2013-02-13 02:32:53    7680    ----a-w-    C:\Windows\SysWow64\instnm.exe
2013-02-13 02:32:53    25600    ----a-w-    C:\Windows\SysWow64\setup16.exe
2013-02-13 02:32:52    5120    ----a-w-    C:\Windows\SysWow64\wow32.dll
2013-02-13 02:32:48    2048    ----a-w-    C:\Windows\SysWow64\user.exe
2013-02-13 02:32:44    1913192    ----a-w-    C:\Windows\System32\drivers\tcpip.sys
2013-02-13 02:32:43    288088    ----a-w-    C:\Windows\System32\drivers\FWPKCLNT.SYS
2013-02-11 05:54:30    --------    d-----w-    C:\Program Files (x86)\GUM1C7A.tmp
2013-02-10 04:12:05    --------    d-----w-    C:\Program Files (x86)\ABBYY FineReader 11
2013-02-10 04:12:03    --------    d-----w-    C:\ProgramData\ABBYY
2013-02-10 04:02:56    --------    d-----w-    C:\Users\Jim\AppData\Roaming\ABBYY
2013-02-10 04:02:56    --------    d-----w-    C:\Users\Jim\AppData\Local\ABBYY
2013-01-30 19:43:58    --------    d-----w-    C:\Program Files\iPod
2013-01-30 19:43:57    --------    d-----w-    C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-01-30 19:43:57    --------    d-----w-    C:\Program Files\iTunes
2013-01-30 19:43:57    --------    d-----w-    C:\Program Files (x86)\iTunes
2013-01-30 18:49:44    159744    ----a-w-    C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2013-01-30 18:49:44    159744    ----a-w-    C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2013-01-30 18:49:44    159744    ----a-w-    C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2013-01-30 18:49:44    159744    ----a-w-    C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2013-01-30 18:49:44    159744    ----a-w-    C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2013-01-30 18:49:44    159744    ----a-w-    C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2013-01-30 18:49:44    159744    ----a-w-    C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
.
==================== Find3M  ====================
.
2013-02-21 21:56:28    861088    ----a-w-    C:\Windows\SysWow64\npDeployJava1.dll
2013-02-21 21:56:28    782240    ----a-w-    C:\Windows\SysWow64\deployJava1.dll
2013-01-30 10:53:22    273840    ------w-    C:\Windows\System32\MpSigStub.exe
2013-01-20 21:59:04    230320    ----a-w-    C:\Windows\System32\drivers\MpFilter.sys
2013-01-20 21:59:04    130008    ----a-w-    C:\Windows\System32\drivers\NisDrvWFP.sys
2013-01-09 01:19:09    2312704    ----a-w-    C:\Windows\System32\jscript9.dll
2013-01-09 01:12:03    1392128    ----a-w-    C:\Windows\System32\wininet.dll
2013-01-09 01:11:06    1494528    ----a-w-    C:\Windows\System32\inetcpl.cpl
2013-01-09 01:07:51    173056    ----a-w-    C:\Windows\System32\ieUnatt.exe
2013-01-09 01:07:47    599040    ----a-w-    C:\Windows\System32\vbscript.dll
2013-01-09 01:04:42    2382848    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-01-08 22:11:21    1800704    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-01-08 22:03:20    1129472    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-01-08 22:03:12    1427968    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2013-01-08 21:59:02    142848    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2013-01-08 21:58:29    420864    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2013-01-08 21:56:23    2382848    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-01-04 04:43:21    44032    ----a-w-    C:\Windows\apppatch\acwow64.dll
2012-12-26 15:55:26    69672    ----a-w-    C:\Windows\System32\drivers\cfwids.sys
2012-12-26 15:52:44    339776    ----a-w-    C:\Windows\System32\drivers\mfewfpk.sys
2012-12-26 15:52:34    182312    ----a-w-    C:\Windows\System32\mfevtps.exe
2012-12-26 15:51:34    10288    ----a-w-    C:\Windows\System32\drivers\mfeclnk.sys
2012-12-26 15:51:24    106112    ----a-w-    C:\Windows\System32\drivers\mferkdet.sys
2012-12-26 15:50:48    771096    ----a-w-    C:\Windows\System32\drivers\mfehidk.sys
2012-12-26 15:49:42    515528    ----a-w-    C:\Windows\System32\drivers\mfefirek.sys
2012-12-26 15:49:00    309400    ----a-w-    C:\Windows\System32\drivers\mfeavfk.sys
2012-12-26 15:48:30    178840    ----a-w-    C:\Windows\System32\drivers\mfeapfk.sys
2012-12-26 00:48:22    564824    ----a-w-    C:\Windows\System32\drivers\sptd.sys
2012-12-16 17:11:22    46080    ----a-w-    C:\Windows\System32\atmlib.dll
2012-12-16 14:45:03    367616    ----a-w-    C:\Windows\System32\atmfd.dll
2012-12-16 14:13:28    295424    ----a-w-    C:\Windows\SysWow64\atmfd.dll
2012-12-16 14:13:20    34304    ----a-w-    C:\Windows\SysWow64\atmlib.dll
2012-12-14 22:49:28    24176    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2012-12-07 13:20:16    441856    ----a-w-    C:\Windows\System32\Wpc.dll
2012-12-07 13:15:31    2746368    ----a-w-    C:\Windows\System32\gameux.dll
2012-12-07 12:26:17    308736    ----a-w-    C:\Windows\SysWow64\Wpc.dll
2012-12-07 12:20:43    2576384    ----a-w-    C:\Windows\SysWow64\gameux.dll
2012-12-07 11:20:04    30720    ----a-w-    C:\Windows\System32\usk.rs
2012-12-07 11:20:03    43520    ----a-w-    C:\Windows\System32\csrr.rs
2012-12-07 11:20:03    23552    ----a-w-    C:\Windows\System32\oflc.rs
2012-12-07 11:20:01    45568    ----a-w-    C:\Windows\System32\oflc-nz.rs
2012-12-07 11:20:01    44544    ----a-w-    C:\Windows\System32\pegibbfc.rs
2012-12-07 11:20:01    20480    ----a-w-    C:\Windows\System32\pegi-fi.rs
2012-12-07 11:20:00    20480    ----a-w-    C:\Windows\System32\pegi-pt.rs
2012-12-07 11:19:59    20480    ----a-w-    C:\Windows\System32\pegi.rs
2012-12-07 11:19:58    46592    ----a-w-    C:\Windows\System32\fpb.rs
2012-12-07 11:19:57    40960    ----a-w-    C:\Windows\System32\cob-au.rs
2012-12-07 11:19:57    21504    ----a-w-    C:\Windows\System32\grb.rs
2012-12-07 11:19:57    15360    ----a-w-    C:\Windows\System32\djctq.rs
2012-12-07 11:19:56    55296    ----a-w-    C:\Windows\System32\cero.rs
2012-12-07 11:19:55    51712    ----a-w-    C:\Windows\System32\esrb.rs
2012-11-30 05:45:35    362496    ----a-w-    C:\Windows\System32\wow64win.dll
2012-11-30 05:45:35    243200    ----a-w-    C:\Windows\System32\wow64.dll
2012-11-30 05:45:35    13312    ----a-w-    C:\Windows\System32\wow64cpu.dll
2012-11-30 05:43:12    16384    ----a-w-    C:\Windows\System32\ntvdm64.dll
2012-11-30 05:41:07    424448    ----a-w-    C:\Windows\System32\KernelBase.dll
2012-11-30 04:53:59    274944    ----a-w-    C:\Windows\SysWow64\KernelBase.dll
2012-11-30 03:23:48    338432    ----a-w-    C:\Windows\System32\conhost.exe
2012-11-30 02:38:59    6144    ---ha-w-    C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-11-30 02:38:59    4608    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 02:38:59    3584    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 02:38:59    3072    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
.
============= FINISH: 14:48:14.47 ===============
 

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2013-02-24 08:39:05
-----------------------------
08:39:05.822    OS Version: Windows x64 6.1.7601 Service Pack 1
08:39:05.822    Number of processors: 2 586 0x602
08:39:05.822    ComputerName: JIM-PC7  UserName: Jim
08:39:08.567    Initialize success
08:39:58.802    AVAST engine defs: 13022400
08:40:59.848    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005e
08:40:59.848    Disk 0 Vendor: WDC_WD50 05.0 Size: 476940MB BusType: 3
08:41:00.020    Disk 0 MBR read error 0
08:41:00.035    Disk 0 MBR scan
08:41:00.035    Disk 0 unknown MBR code
08:41:00.035    MBR BIOS signature not found 0
08:41:00.066    Disk 0 scanning C:\Windows\system32\drivers
08:41:30.503    Service scanning
08:42:11.219    Modules scanning
08:42:11.235    Disk 0 trace - called modules:
08:42:11.281    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa8002ab52c0]<<sptd.sys storport.sys hal.dll nvstor64.sys
08:42:11.297    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800332e790]
08:42:11.297    3 CLASSPNP.SYS[fffff88001b9543f] -> nt!IofCallDriver -> [0xfffffa8002b76d30]
08:42:11.313    5 ACPI.sys[fffff880011a97a1] -> nt!IofCallDriver -> \Device\0000005e[0xfffffa8002bf85d0]
08:42:11.313    \Driver\nvstor64[0xfffffa8002ba5ac0] -> IRP_MJ_CREATE -> 0xfffffa8002ab52c0
08:42:15.478    AVAST engine scan C:\Windows
08:42:24.120    AVAST engine scan C:\Windows\system32
08:51:29.350    AVAST engine scan C:\Windows\system32\drivers
08:51:56.385    AVAST engine scan C:\Users\Jim
11:59:42.857    AVAST engine scan C:\ProgramData
12:07:45.881    Scan finished successfully
08:24:15.330    Disk 0 MBR has been saved successfully to "C:\Users\Jim\Desktop\MBR.dat"
08:24:15.408    The log file has been saved successfully to "C:\Users\Jim\Desktop\aswMBR-2-25-13.txt"

 


Edited by Noviciate, 25 February 2013 - 05:27 PM.
aswMBR log added from attachment.


BC AdBot (Login to Remove)

 


#2 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:43 PM

Posted 26 February 2013 - 03:19 PM

welcome.gif   My name is Jeff and would be happy to take a look at your malware results logs and help you with solving any malware problems you might have.

 

 


Please download TDSSKiller
  • Double click TDSSKiller.exe
  • Press Start Scan but do nothing else as we are just looking for what is there.
  • If Malicious objects are found, select Skip by changing the Cure dropdown in the upper right.
  • Attach the log in your next reply
  • A copy of the log will be saved automatically to the root of the drive (typically C:\)

  • Edited by jeffce, 26 February 2013 - 03:20 PM.

    WFxJwA4.png
     
    mvp_horizontal_fullcolor-(copy2).jpeg
     


    #3 whatisavailable

    whatisavailable
    • Topic Starter

    • Members
    • 212 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Texas
    • Local time:06:43 PM

    Posted 26 February 2013 - 03:49 PM

    Hi Jeff

    Here is the log.

    Edit: Note you said to "attach" the log but I coudln't attach a file so I just included it in the post.

    <removed log in post - see below for attached - guess you can't attach a file when you edit a previous post>


    Edited by whatisavailable, 26 February 2013 - 03:53 PM.


    #4 whatisavailable

    whatisavailable
    • Topic Starter

    • Members
    • 212 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Texas
    • Local time:06:43 PM

    Posted 26 February 2013 - 03:52 PM

    Oops - file is attached.



    #5 jeffce

    jeffce

      Bleepin' Super Saiyan


    • Malware Response Team
    • 3,442 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:USA
    • Local time:06:43 PM

    Posted 26 February 2013 - 05:34 PM

    ComboFix
     
    Download Combofix from the link below, and save it to your desktop.  
     
    **Note:  It is important that it is saved directly to your desktop**
     If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.
     
    --------------------------------------------------------------------
     
    IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
     
    --------------------------------------------------------------------
     
    Right-Click and Run as Administrator on ComboFix.exe & follow the prompts.
    • When finished, it will produce a report for you.  
  • Please post the C:\ComboFix.txt for further review.
  • ----------

    WFxJwA4.png
     
    mvp_horizontal_fullcolor-(copy2).jpeg
     


    #6 whatisavailable

    whatisavailable
    • Topic Starter

    • Members
    • 212 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Texas
    • Local time:06:43 PM

    Posted 27 February 2013 - 11:36 AM

    Hi

    Here is the combofix report.  It was interesting that McAfee was turned off by the system and days ago I could not get MS Essentials to install so I went to the pre-release version. I turned it off as well but it doesn't reflect that in the report.

    Thanks!

    Jim

     

    ComboFix 13-02-26.01 - Jim 02/27/2013   4:12.17.2 - x64
    Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2815.1129 [GMT -6:00]
    Running from: c:\users\Jim\Desktop\WinLogin.exe.exe
    AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
    AV: Microsoft Security Essentials Prerelease *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
    SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
    SP: Microsoft Security Essentials Prerelease *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    (((((((((((((((((((((((((   Files Created from 2013-01-27 to 2013-02-27  )))))))))))))))))))))))))))))))
    .
    .
    2013-02-27 10:36 . 2013-02-27 10:36    --------    d-----w-    c:\users\Terrilynn\AppData\Local\temp
    2013-02-27 10:36 . 2013-02-27 10:36    --------    d-----w-    c:\users\Rylie\AppData\Local\temp
    2013-02-27 10:36 . 2013-02-27 10:36    --------    d-----w-    c:\users\Public\AppData\Local\temp
    2013-02-27 10:36 . 2013-02-27 10:36    --------    d-----w-    c:\users\Default\AppData\Local\temp
    2013-02-27 10:36 . 2013-02-27 10:36    --------    d-----w-    c:\users\jdxxxx\AppData\Local\temp
    2013-02-27 10:36 . 2013-02-27 10:36    --------    d-----w-    c:\users\Avery\AppData\Local\temp
    2013-02-27 09:11 . 2013-01-04 06:11    2284544    ----a-w-    c:\windows\SysWow64\msmpeg2vdec.dll
    2013-02-27 09:11 . 2013-01-13 19:53    187392    ----a-w-    c:\windows\SysWow64\UIAnimation.dll
    2013-02-27 09:11 . 2013-01-04 06:11    2776576    ----a-w-    c:\windows\system32\msmpeg2vdec.dll
    2013-02-27 09:11 . 2013-01-13 19:24    221184    ----a-w-    c:\windows\system32\UIAnimation.dll
    2013-02-27 09:09 . 2013-01-13 19:02    417792    ----a-w-    c:\windows\SysWow64\WMPhoto.dll
    2013-02-27 09:09 . 2013-01-13 18:32    465920    ----a-w-    c:\windows\system32\WMPhoto.dll
    2013-02-27 09:07 . 2013-01-13 19:10    3928064    ----a-w-    c:\windows\system32\d2d1.dll
    2013-02-27 09:07 . 2013-01-13 19:37    3419136    ----a-w-    c:\windows\SysWow64\d2d1.dll
    2013-02-26 20:46 . 2013-02-26 20:46    208216    ----a-w-    c:\windows\system32\drivers\36209797.sys
    2013-02-26 17:15 . 2013-02-07 22:28    9162192    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9200FE73-96E2-4D6F-8CFB-CF42FE94F671}\mpengine.dll
    2013-02-25 17:05 . 2013-02-25 17:05    972264    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{80615DF3-8671-4AA4-9898-6DFA99154663}\gapaengine.dll
    2013-02-25 17:05 . 2013-02-07 22:28    9162192    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2013-02-25 17:01 . 2013-02-25 17:01    --------    d-----w-    c:\program files (x86)\Microsoft Security Client
    2013-02-25 17:01 . 2013-02-25 17:02    --------    d-----w-    c:\program files\Microsoft Security Client
    2013-02-25 16:29 . 2013-02-25 16:29    36680    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
    2013-02-22 00:31 . 2013-02-22 00:31    --------    d-----w-    c:\users\Jim\TCPView
    2013-02-21 21:56 . 2013-02-21 21:56    95648    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
    2013-02-18 17:59 . 2013-02-18 17:59    --------    d-----w-    c:\users\.TemporaryItems
    2013-02-15 23:38 . 2013-02-15 23:38    --------    d-----w-    c:\users\Jim\AppData\Local\Programs
    2013-02-15 22:31 . 2013-02-15 22:31    186432    ----a-w-    c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
    2013-02-13 09:06 . 2013-01-09 01:10    996352    ----a-w-    c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
    2013-02-13 09:06 . 2013-01-08 22:01    768000    ----a-w-    c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
    2013-02-13 09:01 . 2013-01-09 01:48    17812992    ----a-w-    c:\windows\system32\mshtml.dll
    2013-02-13 09:01 . 2013-01-09 01:22    10925568    ----a-w-    c:\windows\system32\ieframe.dll
    2013-02-13 02:33 . 2013-01-05 05:53    5553512    ----a-w-    c:\windows\system32\ntoskrnl.exe
    2013-02-13 02:33 . 2013-01-05 05:00    3967848    ----a-w-    c:\windows\SysWow64\ntkrnlpa.exe
    2013-02-13 02:33 . 2013-01-05 05:00    3913064    ----a-w-    c:\windows\SysWow64\ntoskrnl.exe
    2013-02-13 02:33 . 2013-01-04 03:26    3153408    ----a-w-    c:\windows\system32\win32k.sys
    2013-02-13 02:32 . 2013-01-04 05:46    215040    ----a-w-    c:\windows\system32\winsrv.dll
    2013-02-13 02:32 . 2013-01-04 02:47    14336    ----a-w-    c:\windows\SysWow64\ntvdm64.dll
    2013-02-13 02:32 . 2013-01-04 02:47    25600    ----a-w-    c:\windows\SysWow64\setup16.exe
    2013-02-13 02:32 . 2013-01-04 02:47    7680    ----a-w-    c:\windows\SysWow64\instnm.exe
    2013-02-13 02:32 . 2013-01-04 04:51    5120    ----a-w-    c:\windows\SysWow64\wow32.dll
    2013-02-13 02:32 . 2013-01-04 02:47    2048    ----a-w-    c:\windows\SysWow64\user.exe
    2013-02-13 02:32 . 2013-01-03 06:00    1913192    ----a-w-    c:\windows\system32\drivers\tcpip.sys
    2013-02-13 02:32 . 2013-01-03 06:00    288088    ----a-w-    c:\windows\system32\drivers\FWPKCLNT.SYS
    2013-02-11 05:54 . 2013-02-11 05:54    --------    d-----w-    c:\program files (x86)\GUM1C7A.tmp
    2013-02-10 04:12 . 2013-02-10 04:24    --------    d-----w-    c:\program files (x86)\ABBYY FineReader 11
    2013-02-10 04:12 . 2013-02-10 04:12    --------    d-----w-    c:\programdata\ABBYY
    2013-02-10 04:02 . 2013-02-10 04:24    --------    d-----w-    c:\users\Jim\AppData\Local\ABBYY
    2013-02-10 04:02 . 2013-02-10 04:02    --------    d-----w-    c:\users\Jim\AppData\Roaming\ABBYY
    2013-01-30 19:43 . 2013-01-30 19:43    --------    d-----w-    c:\program files\iPod
    2013-01-30 19:43 . 2013-01-30 19:45    --------    d-----w-    c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
    2013-01-30 19:43 . 2013-01-30 19:45    --------    d-----w-    c:\program files\iTunes
    2013-01-30 19:43 . 2013-01-30 19:45    --------    d-----w-    c:\program files (x86)\iTunes
    2013-01-30 18:49 . 2013-01-30 18:49    159744    ----a-w-    c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
    2013-01-30 18:49 . 2013-01-30 18:49    159744    ----a-w-    c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
    2013-01-30 18:49 . 2013-01-30 18:49    159744    ----a-w-    c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
    2013-01-30 18:49 . 2013-01-30 18:49    159744    ----a-w-    c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
    2013-01-30 18:49 . 2013-01-30 18:49    159744    ----a-w-    c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
    2013-01-30 18:49 . 2013-01-30 18:49    159744    ----a-w-    c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
    2013-01-30 18:49 . 2013-01-30 18:49    159744    ----a-w-    c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-02-21 21:56 . 2012-12-01 17:26    861088    ----a-w-    c:\windows\SysWow64\npDeployJava1.dll
    2013-02-21 21:56 . 2010-08-27 17:27    782240    ----a-w-    c:\windows\SysWow64\deployJava1.dll
    2013-02-13 09:13 . 2010-05-02 20:26    70004024    ----a-w-    c:\windows\system32\MRT.exe
    2013-01-30 10:53 . 2010-07-02 14:00    273840    ------w-    c:\windows\system32\MpSigStub.exe
    2013-01-20 21:59 . 2013-01-20 21:59    230320    ----a-w-    c:\windows\system32\drivers\MpFilter.sys
    2013-01-20 21:59 . 2013-01-20 21:59    130008    ----a-w-    c:\windows\system32\drivers\NisDrvWFP.sys
    2013-01-04 04:43 . 2013-02-13 02:32    44032    ----a-w-    c:\windows\apppatch\acwow64.dll
    2012-12-26 15:55 . 2012-11-08 14:37    69672    ----a-w-    c:\windows\system32\drivers\cfwids.sys
    2012-12-26 15:52 . 2012-07-17 20:52    339776    ----a-w-    c:\windows\system32\drivers\mfewfpk.sys
    2012-12-26 15:52 . 2012-11-07 15:58    182312    ----a-w-    c:\windows\system32\mfevtps.exe
    2012-12-26 15:51 . 2012-11-08 14:38    10288    ----a-w-    c:\windows\system32\drivers\mfeclnk.sys
    2012-12-26 15:51 . 2012-11-08 14:37    106112    ----a-w-    c:\windows\system32\drivers\mferkdet.sys
    2012-12-26 15:50 . 2012-07-17 20:50    771096    ----a-w-    c:\windows\system32\drivers\mfehidk.sys
    2012-12-26 15:49 . 2012-11-08 14:37    515528    ----a-w-    c:\windows\system32\drivers\mfefirek.sys
    2012-12-26 15:49 . 2012-11-08 14:37    309400    ----a-w-    c:\windows\system32\drivers\mfeavfk.sys
    2012-12-26 15:48 . 2012-07-17 20:48    178840    ----a-w-    c:\windows\system32\drivers\mfeapfk.sys
    2012-12-26 00:48 . 2012-12-26 00:48    564824    ----a-w-    c:\windows\system32\drivers\sptd.sys
    2012-12-16 17:11 . 2012-12-21 09:01    46080    ----a-w-    c:\windows\system32\atmlib.dll
    2012-12-16 14:45 . 2012-12-21 09:01    367616    ----a-w-    c:\windows\system32\atmfd.dll
    2012-12-16 14:13 . 2012-12-21 09:01    295424    ----a-w-    c:\windows\SysWow64\atmfd.dll
    2012-12-16 14:13 . 2012-12-21 09:01    34304    ----a-w-    c:\windows\SysWow64\atmlib.dll
    2012-12-14 22:49 . 2011-07-11 04:38    24176    ----a-w-    c:\windows\system32\drivers\mbam.sys
    2012-12-07 13:20 . 2013-01-09 04:50    441856    ----a-w-    c:\windows\system32\Wpc.dll
    2012-12-07 13:15 . 2013-01-09 04:50    2746368    ----a-w-    c:\windows\system32\gameux.dll
    2012-12-07 12:26 . 2013-01-09 04:50    308736    ----a-w-    c:\windows\SysWow64\Wpc.dll
    2012-12-07 12:20 . 2013-01-09 04:50    2576384    ----a-w-    c:\windows\SysWow64\gameux.dll
    2012-12-07 11:20 . 2013-01-09 04:50    30720    ----a-w-    c:\windows\system32\usk.rs
    2012-12-07 11:20 . 2013-01-09 04:50    43520    ----a-w-    c:\windows\system32\csrr.rs
    2012-12-07 11:20 . 2013-01-09 04:49    23552    ----a-w-    c:\windows\system32\oflc.rs
    2012-12-07 11:20 . 2013-01-09 04:50    45568    ----a-w-    c:\windows\system32\oflc-nz.rs
    2012-12-07 11:20 . 2013-01-09 04:50    44544    ----a-w-    c:\windows\system32\pegibbfc.rs
    2012-12-07 11:20 . 2013-01-09 04:49    20480    ----a-w-    c:\windows\system32\pegi-fi.rs
    2012-12-07 11:20 . 2013-01-09 04:50    20480    ----a-w-    c:\windows\system32\pegi-pt.rs
    2012-12-07 11:19 . 2013-01-09 04:50    20480    ----a-w-    c:\windows\system32\pegi.rs
    2012-12-07 11:19 . 2013-01-09 04:50    46592    ----a-w-    c:\windows\system32\fpb.rs
    2012-12-07 11:19 . 2013-01-09 04:50    40960    ----a-w-    c:\windows\system32\cob-au.rs
    2012-12-07 11:19 . 2013-01-09 04:50    15360    ----a-w-    c:\windows\system32\djctq.rs
    2012-12-07 11:19 . 2013-01-09 04:50    21504    ----a-w-    c:\windows\system32\grb.rs
    2012-12-07 11:19 . 2013-01-09 04:49    55296    ----a-w-    c:\windows\system32\cero.rs
    2012-12-07 11:19 . 2013-01-09 04:49    51712    ----a-w-    c:\windows\system32\esrb.rs
    2012-12-07 10:46 . 2013-01-09 04:50    43520    ----a-w-    c:\windows\SysWow64\csrr.rs
    2012-12-07 10:46 . 2013-01-09 04:50    30720    ----a-w-    c:\windows\SysWow64\usk.rs
    2012-12-07 10:46 . 2013-01-09 04:50    45568    ----a-w-    c:\windows\SysWow64\oflc-nz.rs
    2012-12-07 10:46 . 2013-01-09 04:50    44544    ----a-w-    c:\windows\SysWow64\pegibbfc.rs
    2012-12-07 10:46 . 2013-01-09 04:50    20480    ----a-w-    c:\windows\SysWow64\pegi-pt.rs
    2012-12-07 10:46 . 2013-01-09 04:49    23552    ----a-w-    c:\windows\SysWow64\oflc.rs
    2012-12-07 10:46 . 2013-01-09 04:49    20480    ----a-w-    c:\windows\SysWow64\pegi-fi.rs
    2012-12-07 10:46 . 2013-01-09 04:50    46592    ----a-w-    c:\windows\SysWow64\fpb.rs
    2012-12-07 10:46 . 2013-01-09 04:50    20480    ----a-w-    c:\windows\SysWow64\pegi.rs
    2012-12-07 10:46 . 2013-01-09 04:50    21504    ----a-w-    c:\windows\SysWow64\grb.rs
    2012-12-07 10:46 . 2013-01-09 04:50    40960    ----a-w-    c:\windows\SysWow64\cob-au.rs
    2012-12-07 10:46 . 2013-01-09 04:50    15360    ----a-w-    c:\windows\SysWow64\djctq.rs
    2012-12-07 10:46 . 2013-01-09 04:49    51712    ----a-w-    c:\windows\SysWow64\esrb.rs
    2012-12-07 10:46 . 2013-01-09 04:49    55296    ----a-w-    c:\windows\SysWow64\cero.rs
    2012-11-30 05:45 . 2013-01-09 04:48    362496    ----a-w-    c:\windows\system32\wow64win.dll
    2012-11-30 05:45 . 2013-01-09 04:48    243200    ----a-w-    c:\windows\system32\wow64.dll
    2012-11-30 05:45 . 2013-01-09 04:48    13312    ----a-w-    c:\windows\system32\wow64cpu.dll
    2012-11-30 05:43 . 2013-01-09 04:48    16384    ----a-w-    c:\windows\system32\ntvdm64.dll
    2012-11-30 05:41 . 2013-01-09 04:48    424448    ----a-w-    c:\windows\system32\KernelBase.dll
    2012-11-30 05:41 . 2013-01-09 04:48    1161216    ----a-w-    c:\windows\system32\kernel32.dll
    2012-11-30 05:38 . 2013-01-09 04:48    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 04:48    6144    ---ha-w-    c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 04:48    4608    ---ha-w-    c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 04:48    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 04:48    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 04:48    4096    ---ha-w-    c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 04:48    4096    ---ha-w-    c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 04:48    3584    ---ha-w-    c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 04:48    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 04:48    4608    ---ha-w-    c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 04:48    3584    ---ha-w-    c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 04:48    3584    ---ha-w-    c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 04:48    3584    ---ha-w-    c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 04:48    5120    ---ha-w-    c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 04:48    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 04:48    3584    ---ha-w-    c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 04:47    4096    ---ha-w-    c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 04:47    3584    ---ha-w-    c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 04:47    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 04:47    3584    ---ha-w-    c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 04:47    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 04:47    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 04:47    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 04:47    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 04:47    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 04:47    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 04:47    4096    ---ha-w-    c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 04:47    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
    2012-11-30 04:53 . 2013-01-09 04:48    274944    ----a-w-    c:\windows\SysWow64\KernelBase.dll
    2012-11-30 04:45 . 2013-01-09 04:48    4096    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 04:48    4096    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 04:48    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 04:48    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 04:48    4608    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 04:48    3584    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 04:48    3584    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 04:48    4096    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 04:48    4096    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 04:48    3584    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 04:47    3584    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
    .
    .
    (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
    @="{95A27763-F62A-4114-9072-E81D87DE3B68}"
    [HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
    2012-11-08 15:01    1019976    ----a-r-    c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
    @="{E300CD91-100F-4E67-9AF3-1384A6124015}"
    [HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
    2012-11-08 15:01    1019976    ----a-r-    c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
    @="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
    [HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
    2012-11-08 15:01    1019976    ----a-r-    c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32    129272    ----a-w-    c:\users\Jim\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32    129272    ----a-w-    c:\users\Jim\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32    129272    ----a-w-    c:\users\Jim\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32    129272    ----a-w-    c:\users\Jim\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShareOverlay]
    @="{594D4122-1F87-41E2-96C7-825FB4796516}"
    [HKEY_CLASSES_ROOT\CLSID\{594D4122-1F87-41E2-96C7-825FB4796516}]
    2011-04-01 02:45    501760    ----a-w-    c:\program files\Classic Shell\ClassicExplorer32.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
    "PeerBlock"="c:\program files\PeerBlock\peerblock.exe" [2010-10-15 2646128]
    "cdloader"="c:\users\Jim\AppData\Roaming\mjusbsp\cdloader2.exe" [2012-02-01 50592]
    "iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-12-17 59872]
    "ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2012-12-17 59872]
    "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-08-25 39408]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "StrgSync.exe"="c:\program files\StorageSync\StrgSync.exe" [2005-10-08 3032576]
    "AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]
    "Intel AppUp(SM) center"="c:\program files (x86)\Intel\IntelAppStore\bin\serviceManager.lnk" [2011-03-22 1345]
    "WinPatrol"="c:\program files (x86)\BillP Studios\WinPatrol\winpatrol.exe" [2011-05-15 325512]
    "Memeo Instant Backup"="c:\program files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe" [2011-01-24 136416]
    "Seagate Dashboard"="c:\program files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe" [2011-06-01 79112]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
    "Conime"="c:\windows\system32\conime.exe" [BU]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
    "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-01-15 1534504]
    "Carbonite Backup"="c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe" [2012-11-08 1065032]
    "EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.EXE" [2012-10-08 3182080]
    "EKStatusMonitor"="c:\program files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe" [2012-10-15 2844608]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
    "Bonus.SSR.FR11"="c:\program files (x86)\ABBYY FineReader 11\Bonus.ScreenshotReader.exe" [2011-11-07 934152]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "KodakHomeCenter"="c:\program files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe" [2012-10-19 2235840]
    .
    c:\users\Jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\Jim\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-1-20 28539272]
    magicJack (2).lnk - c:\users\Jim\AppData\Roaming\mjusbsp\magicJackLoader.exe [2012-2-1 804672]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-4-19 291896]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
     [BU]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\90336028.sys]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R2 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 BlackBox;BlackBox SR2; [x]
    R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-12-26 69672]
    R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-03-10 29720]
    R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2013-02-25 36680]
    R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-12-26 106112]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]
    R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2010-10-15 24176]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-02 1255736]
    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
    R4 Digital Lifeboat Backup Service;Digital Lifeboat Backup Service;c:\program files (x86)\DigitalLifeboat\Data Protection Service\DataProtectionService.exe [2011-09-28 11264]
    R4 Digital Lifeboat Update Service;Digital Lifeboat Update Service;c:\program files (x86)\DigitalLifeboat\Data Protection Service\DataProtectionUpdateService.exe [2011-09-28 108032]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
    S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-12-26 339776]
    S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
    S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
    S2 ggcfdrv;ggcfdrv;c:\windows\system32\DRIVERS\ggcfdrv.sys [2011-09-28 27224]
    S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216]
    S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2012-10-19 395200]
    S2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;c:\program files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [2012-10-15 779200]
    S2 Kodak Cloud Software Connector;Kodak Cloud Software Connector;c:\program files (x86)\Kodak\CloudPrinting\KCPConnector.exe [2011-09-06 1519536]
    S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-11-08 375728]
    S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2010-09-17 15928]
    S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]
    S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [2011-01-24 25824]
    S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-12-26 218320]
    S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-12-26 182312]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S2 SeagateDashboardService;Seagate Dashboard Service;c:\program files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-06-01 14088]
    S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-04-19 993848]
    S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-04-19 399416]
    S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-12-26 515528]
    S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 17976]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *Deregistered* - mfeavfk01
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2013-02-23 01:51    1629648    ----a-w-    c:\program files (x86)\Google\Chrome\Application\25.0.1364.97\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-02-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-25 17:16]
    .
    2013-02-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-25 17:16]
    .
    2013-02-19 c:\windows\Tasks\HPCeeScheduleForJim.job
    - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 12:22]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
    @="{95A27763-F62A-4114-9072-E81D87DE3B68}"
    [HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
    2012-11-08 14:53    1292360    ----a-r-    c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
    @="{E300CD91-100F-4E67-9AF3-1384A6124015}"
    [HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
    2012-11-08 14:53    1292360    ----a-r-    c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
    @="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
    [HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
    2012-11-08 14:53    1292360    ----a-r-    c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32    162552    ----a-w-    c:\users\Jim\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32    162552    ----a-w-    c:\users\Jim\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32    162552    ----a-w-    c:\users\Jim\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32    162552    ----a-w-    c:\users\Jim\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShareOverlay]
    @="{594D4122-1F87-41E2-96C7-825FB4796516}"
    [HKEY_CLASSES_ROOT\CLSID\{594D4122-1F87-41E2-96C7-825FB4796516}]
    2011-04-01 02:46    625152    ----a-w-    c:\program files\Classic Shell\ClassicExplorer64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2010-09-17 57928]
    "EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe" [2012-10-08 3182080]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
    FontCache
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    Trusted Zone: intuit.com\ttlc
    TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
    FF - ProfilePath - c:\users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\lqrbomld.default\
    FF - prefs.js: browser.search.selectedEngine - Bing
    FF - prefs.js: network.proxy.type - 0
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
       00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
    .
    Completion time: 2013-02-27  04:41:38
    ComboFix-quarantined-files.txt  2013-02-27 10:41
    ComboFix2.txt  2013-02-19 18:08
    ComboFix3.txt  2013-02-19 03:26
    ComboFix4.txt  2013-02-18 19:22
    ComboFix5.txt  2013-02-27 10:06
    .
    Pre-Run: 14,634,594,304 bytes free
    Post-Run: 14,467,203,072 bytes free
    .
    - - End Of File - - 0EAD89456DE45F6266349BA714A15F79
     



    #7 jeffce

    jeffce

      Bleepin' Super Saiyan


    • Malware Response Team
    • 3,442 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:USA
    • Local time:06:43 PM

    Posted 27 February 2013 - 12:15 PM

    Open notepad and copy/paste the text in the quotebox below into it:
    http://www.bleepingcomputer.com/forums/t/486678/aswmbr-found-irp-mj-create-asked-to-make-new-post-here/#entry2989385
    
    Collect::
    c:\program files (x86)\GUM1C7A.tmp
    
    Registry::
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\90336028.sys]
    
    Save this as "CFScript.txt", and as Type: All Files (*.*) in the same location as ComboFix.exe


    CFScriptB-4.gif

    Refering to the picture above, drag CFScript.txt into ComboFix.exe

    When finished, it shall produce a log for you. Post that log in your next reply.

    **Note**

    When ComboFix finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
    Ensure you are connected to the internet and click OK on the message box.

    Please let me know if the file was successfully submitted . Thanks.
     
    Let me know how your system is running.

    Edited by jeffce, 27 February 2013 - 12:17 PM.

    WFxJwA4.png
     
    mvp_horizontal_fullcolor-(copy2).jpeg
     


    #8 whatisavailable

    whatisavailable
    • Topic Starter

    • Members
    • 212 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Texas
    • Local time:06:43 PM

    Posted 27 February 2013 - 01:27 PM

    Hi

    I ran the script and it rebooted after going through all stages. However, when it rebooted there was an issue with firefox.exe and it abended.

    When I tried to run firefox from the start menu, it said there was a registry pending deletion.  I ran it as admin.

    Here is the comboxfix log

    Thanks

    Jim

     

    PS - turns out everything I try to run gives the pending deletion error.

     

    ComboFix 13-02-26.01 - Jim 02/27/2013  11:41:34.18.2 - x64
    Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2815.910 [GMT -6:00]
    Running from: c:\users\Jim\Desktop\WinLogin.exe.exe
    Command switches used :: c:\users\Jim\Desktop\CFScript.txt.txt
    AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
    AV: Microsoft Security Essentials Prerelease *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
    SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
    SP: Microsoft Security Essentials Prerelease *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    .
    (((((((((((((((((((((((((   Files Created from 2013-01-27 to 2013-02-27  )))))))))))))))))))))))))))))))
    .
    .
    2013-02-27 18:00 . 2013-02-27 18:00    --------    d-----w-    c:\users\Terrilynn\AppData\Local\temp
    2013-02-27 18:00 . 2013-02-27 18:00    --------    d-----w-    c:\users\Rylie\AppData\Local\temp
    2013-02-27 18:00 . 2013-02-27 18:00    --------    d-----w-    c:\users\Public\AppData\Local\temp
    2013-02-27 18:00 . 2013-02-27 18:00    --------    d-----w-    c:\users\jd----\AppData\Local\temp
    2013-02-27 18:00 . 2013-02-27 18:00    --------    d-----w-    c:\users\Default\AppData\Local\temp
    2013-02-27 18:00 . 2013-02-27 18:00    --------    d-----w-    c:\users\Avery\AppData\Local\temp
    2013-02-27 16:31 . 2013-02-07 22:28    9162192    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{467DAE1E-5D4B-44CC-9751-5BF1ABB100BE}\mpengine.dll
    2013-02-27 09:11 . 2013-01-04 06:11    2284544    ----a-w-    c:\windows\SysWow64\msmpeg2vdec.dll
    2013-02-27 09:11 . 2013-01-13 19:53    187392    ----a-w-    c:\windows\SysWow64\UIAnimation.dll
    2013-02-27 09:11 . 2013-01-04 06:11    2776576    ----a-w-    c:\windows\system32\msmpeg2vdec.dll
    2013-02-27 09:11 . 2013-01-13 19:24    221184    ----a-w-    c:\windows\system32\UIAnimation.dll
    2013-02-27 09:09 . 2013-01-13 19:02    417792    ----a-w-    c:\windows\SysWow64\WMPhoto.dll
    2013-02-27 09:09 . 2013-01-13 18:32    465920    ----a-w-    c:\windows\system32\WMPhoto.dll
    2013-02-27 09:07 . 2013-01-13 19:10    3928064    ----a-w-    c:\windows\system32\d2d1.dll
    2013-02-27 09:07 . 2013-01-13 19:37    3419136    ----a-w-    c:\windows\SysWow64\d2d1.dll
    2013-02-26 20:46 . 2013-02-26 20:46    208216    ----a-w-    c:\windows\system32\drivers\36209797.sys
    2013-02-25 17:05 . 2013-02-25 17:05    972264    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{80615DF3-8671-4AA4-9898-6DFA99154663}\gapaengine.dll
    2013-02-25 17:05 . 2013-02-07 22:28    9162192    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2013-02-25 17:01 . 2013-02-25 17:01    --------    d-----w-    c:\program files (x86)\Microsoft Security Client
    2013-02-25 17:01 . 2013-02-25 17:02    --------    d-----w-    c:\program files\Microsoft Security Client
    2013-02-25 16:29 . 2013-02-25 16:29    36680    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
    2013-02-22 00:31 . 2013-02-22 00:31    --------    d-----w-    c:\users\Jim\TCPView
    2013-02-21 21:56 . 2013-02-21 21:56    95648    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
    2013-02-18 17:59 . 2013-02-18 17:59    --------    d-----w-    c:\users\.TemporaryItems
    2013-02-15 23:38 . 2013-02-15 23:38    --------    d-----w-    c:\users\Jim\AppData\Local\Programs
    2013-02-15 22:31 . 2013-02-15 22:31    186432    ----a-w-    c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
    2013-02-13 09:06 . 2013-01-09 01:10    996352    ----a-w-    c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
    2013-02-13 09:06 . 2013-01-08 22:01    768000    ----a-w-    c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
    2013-02-13 09:01 . 2013-01-09 01:48    17812992    ----a-w-    c:\windows\system32\mshtml.dll
    2013-02-13 09:01 . 2013-01-09 01:22    10925568    ----a-w-    c:\windows\system32\ieframe.dll
    2013-02-13 02:33 . 2013-01-05 05:53    5553512    ----a-w-    c:\windows\system32\ntoskrnl.exe
    2013-02-13 02:33 . 2013-01-05 05:00    3967848    ----a-w-    c:\windows\SysWow64\ntkrnlpa.exe
    2013-02-13 02:33 . 2013-01-05 05:00    3913064    ----a-w-    c:\windows\SysWow64\ntoskrnl.exe
    2013-02-13 02:33 . 2013-01-04 03:26    3153408    ----a-w-    c:\windows\system32\win32k.sys
    2013-02-13 02:32 . 2013-01-04 05:46    215040    ----a-w-    c:\windows\system32\winsrv.dll
    2013-02-13 02:32 . 2013-01-04 02:47    14336    ----a-w-    c:\windows\SysWow64\ntvdm64.dll
    2013-02-13 02:32 . 2013-01-04 02:47    25600    ----a-w-    c:\windows\SysWow64\setup16.exe
    2013-02-13 02:32 . 2013-01-04 02:47    7680    ----a-w-    c:\windows\SysWow64\instnm.exe
    2013-02-13 02:32 . 2013-01-04 04:51    5120    ----a-w-    c:\windows\SysWow64\wow32.dll
    2013-02-13 02:32 . 2013-01-04 02:47    2048    ----a-w-    c:\windows\SysWow64\user.exe
    2013-02-13 02:32 . 2013-01-03 06:00    1913192    ----a-w-    c:\windows\system32\drivers\tcpip.sys
    2013-02-13 02:32 . 2013-01-03 06:00    288088    ----a-w-    c:\windows\system32\drivers\FWPKCLNT.SYS
    2013-02-11 05:54 . 2013-02-11 05:54    --------    d-----w-    c:\program files (x86)\GUM1C7A.tmp
    2013-02-10 04:12 . 2013-02-10 04:24    --------    d-----w-    c:\program files (x86)\ABBYY FineReader 11
    2013-02-10 04:12 . 2013-02-10 04:12    --------    d-----w-    c:\programdata\ABBYY
    2013-02-10 04:02 . 2013-02-10 04:24    --------    d-----w-    c:\users\Jim\AppData\Local\ABBYY
    2013-02-10 04:02 . 2013-02-10 04:02    --------    d-----w-    c:\users\Jim\AppData\Roaming\ABBYY
    2013-01-30 19:43 . 2013-01-30 19:43    --------    d-----w-    c:\program files\iPod
    2013-01-30 19:43 . 2013-01-30 19:45    --------    d-----w-    c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
    2013-01-30 19:43 . 2013-01-30 19:45    --------    d-----w-    c:\program files\iTunes
    2013-01-30 19:43 . 2013-01-30 19:45    --------    d-----w-    c:\program files (x86)\iTunes
    2013-01-30 18:49 . 2013-01-30 18:49    159744    ----a-w-    c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
    2013-01-30 18:49 . 2013-01-30 18:49    159744    ----a-w-    c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
    2013-01-30 18:49 . 2013-01-30 18:49    159744    ----a-w-    c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
    2013-01-30 18:49 . 2013-01-30 18:49    159744    ----a-w-    c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
    2013-01-30 18:49 . 2013-01-30 18:49    159744    ----a-w-    c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
    2013-01-30 18:49 . 2013-01-30 18:49    159744    ----a-w-    c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
    2013-01-30 18:49 . 2013-01-30 18:49    159744    ----a-w-    c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-02-21 21:56 . 2012-12-01 17:26    861088    ----a-w-    c:\windows\SysWow64\npDeployJava1.dll
    2013-02-21 21:56 . 2010-08-27 17:27    782240    ----a-w-    c:\windows\SysWow64\deployJava1.dll
    2013-02-13 09:13 . 2010-05-02 20:26    70004024    ----a-w-    c:\windows\system32\MRT.exe
    2013-01-30 10:53 . 2010-07-02 14:00    273840    ------w-    c:\windows\system32\MpSigStub.exe
    2013-01-20 21:59 . 2013-01-20 21:59    230320    ----a-w-    c:\windows\system32\drivers\MpFilter.sys
    2013-01-20 21:59 . 2013-01-20 21:59    130008    ----a-w-    c:\windows\system32\drivers\NisDrvWFP.sys
    2013-01-04 04:43 . 2013-02-13 02:32    44032    ----a-w-    c:\windows\apppatch\acwow64.dll
    2012-12-26 15:55 . 2012-11-08 14:37    69672    ----a-w-    c:\windows\system32\drivers\cfwids.sys
    2012-12-26 15:52 . 2012-07-17 20:52    339776    ----a-w-    c:\windows\system32\drivers\mfewfpk.sys
    2012-12-26 15:52 . 2012-11-07 15:58    182312    ----a-w-    c:\windows\system32\mfevtps.exe
    2012-12-26 15:51 . 2012-11-08 14:38    10288    ----a-w-    c:\windows\system32\drivers\mfeclnk.sys
    2012-12-26 15:51 . 2012-11-08 14:37    106112    ----a-w-    c:\windows\system32\drivers\mferkdet.sys
    2012-12-26 15:50 . 2012-07-17 20:50    771096    ----a-w-    c:\windows\system32\drivers\mfehidk.sys
    2012-12-26 15:49 . 2012-11-08 14:37    515528    ----a-w-    c:\windows\system32\drivers\mfefirek.sys
    2012-12-26 15:49 . 2012-11-08 14:37    309400    ----a-w-    c:\windows\system32\drivers\mfeavfk.sys
    2012-12-26 15:48 . 2012-07-17 20:48    178840    ----a-w-    c:\windows\system32\drivers\mfeapfk.sys
    2012-12-26 00:48 . 2012-12-26 00:48    564824    ----a-w-    c:\windows\system32\drivers\sptd.sys
    2012-12-16 17:11 . 2012-12-21 09:01    46080    ----a-w-    c:\windows\system32\atmlib.dll
    2012-12-16 14:45 . 2012-12-21 09:01    367616    ----a-w-    c:\windows\system32\atmfd.dll
    2012-12-16 14:13 . 2012-12-21 09:01    295424    ----a-w-    c:\windows\SysWow64\atmfd.dll
    2012-12-16 14:13 . 2012-12-21 09:01    34304    ----a-w-    c:\windows\SysWow64\atmlib.dll
    2012-12-14 22:49 . 2011-07-11 04:38    24176    ----a-w-    c:\windows\system32\drivers\mbam.sys
    2012-12-07 13:20 . 2013-01-09 04:50    441856    ----a-w-    c:\windows\system32\Wpc.dll
    2012-12-07 13:15 . 2013-01-09 04:50    2746368    ----a-w-    c:\windows\system32\gameux.dll
    2012-12-07 12:26 . 2013-01-09 04:50    308736    ----a-w-    c:\windows\SysWow64\Wpc.dll
    2012-12-07 12:20 . 2013-01-09 04:50    2576384    ----a-w-    c:\windows\SysWow64\gameux.dll
    2012-12-07 11:20 . 2013-01-09 04:50    30720    ----a-w-    c:\windows\system32\usk.rs
    2012-12-07 11:20 . 2013-01-09 04:50    43520    ----a-w-    c:\windows\system32\csrr.rs
    2012-12-07 11:20 . 2013-01-09 04:49    23552    ----a-w-    c:\windows\system32\oflc.rs
    2012-12-07 11:20 . 2013-01-09 04:50    45568    ----a-w-    c:\windows\system32\oflc-nz.rs
    2012-12-07 11:20 . 2013-01-09 04:50    44544    ----a-w-    c:\windows\system32\pegibbfc.rs
    2012-12-07 11:20 . 2013-01-09 04:49    20480    ----a-w-    c:\windows\system32\pegi-fi.rs
    2012-12-07 11:20 . 2013-01-09 04:50    20480    ----a-w-    c:\windows\system32\pegi-pt.rs
    2012-12-07 11:19 . 2013-01-09 04:50    20480    ----a-w-    c:\windows\system32\pegi.rs
    2012-12-07 11:19 . 2013-01-09 04:50    46592    ----a-w-    c:\windows\system32\fpb.rs
    2012-12-07 11:19 . 2013-01-09 04:50    40960    ----a-w-    c:\windows\system32\cob-au.rs
    2012-12-07 11:19 . 2013-01-09 04:50    15360    ----a-w-    c:\windows\system32\djctq.rs
    2012-12-07 11:19 . 2013-01-09 04:50    21504    ----a-w-    c:\windows\system32\grb.rs
    2012-12-07 11:19 . 2013-01-09 04:49    55296    ----a-w-    c:\windows\system32\cero.rs
    2012-12-07 11:19 . 2013-01-09 04:49    51712    ----a-w-    c:\windows\system32\esrb.rs
    2012-12-07 10:46 . 2013-01-09 04:50    43520    ----a-w-    c:\windows\SysWow64\csrr.rs
    2012-12-07 10:46 . 2013-01-09 04:50    30720    ----a-w-    c:\windows\SysWow64\usk.rs
    2012-12-07 10:46 . 2013-01-09 04:50    45568    ----a-w-    c:\windows\SysWow64\oflc-nz.rs
    2012-12-07 10:46 . 2013-01-09 04:50    44544    ----a-w-    c:\windows\SysWow64\pegibbfc.rs
    2012-12-07 10:46 . 2013-01-09 04:50    20480    ----a-w-    c:\windows\SysWow64\pegi-pt.rs
    2012-12-07 10:46 . 2013-01-09 04:49    23552    ----a-w-    c:\windows\SysWow64\oflc.rs
    2012-12-07 10:46 . 2013-01-09 04:49    20480    ----a-w-    c:\windows\SysWow64\pegi-fi.rs
    2012-12-07 10:46 . 2013-01-09 04:50    46592    ----a-w-    c:\windows\SysWow64\fpb.rs
    2012-12-07 10:46 . 2013-01-09 04:50    20480    ----a-w-    c:\windows\SysWow64\pegi.rs
    2012-12-07 10:46 . 2013-01-09 04:50    21504    ----a-w-    c:\windows\SysWow64\grb.rs
    2012-12-07 10:46 . 2013-01-09 04:50    40960    ----a-w-    c:\windows\SysWow64\cob-au.rs
    2012-12-07 10:46 . 2013-01-09 04:50    15360    ----a-w-    c:\windows\SysWow64\djctq.rs
    2012-12-07 10:46 . 2013-01-09 04:49    51712    ----a-w-    c:\windows\SysWow64\esrb.rs
    2012-12-07 10:46 . 2013-01-09 04:49    55296    ----a-w-    c:\windows\SysWow64\cero.rs
    2012-11-30 05:45 . 2013-01-09 04:48    362496    ----a-w-    c:\windows\system32\wow64win.dll
    2012-11-30 05:45 . 2013-01-09 04:48    243200    ----a-w-    c:\windows\system32\wow64.dll
    2012-11-30 05:45 . 2013-01-09 04:48    13312    ----a-w-    c:\windows\system32\wow64cpu.dll
    2012-11-30 05:43 . 2013-01-09 04:48    16384    ----a-w-    c:\windows\system32\ntvdm64.dll
    2012-11-30 05:41 . 2013-01-09 04:48    424448    ----a-w-    c:\windows\system32\KernelBase.dll
    2012-11-30 05:41 . 2013-01-09 04:48    1161216    ----a-w-    c:\windows\system32\kernel32.dll
    2012-11-30 05:38 . 2013-01-09 04:48    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 04:48    6144    ---ha-w-    c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 04:48    4608    ---ha-w-    c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 04:48    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 04:48    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 04:48    4096    ---ha-w-    c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 04:48    4096    ---ha-w-    c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 04:48    3584    ---ha-w-    c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 04:48    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 04:48    4608    ---ha-w-    c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 04:48    3584    ---ha-w-    c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 04:48    3584    ---ha-w-    c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 04:48    3584    ---ha-w-    c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 04:48    5120    ---ha-w-    c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 04:48    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 04:48    3584    ---ha-w-    c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 04:47    4096    ---ha-w-    c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 04:47    3584    ---ha-w-    c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 04:47    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 04:47    3584    ---ha-w-    c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 04:47    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 04:47    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 04:47    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 04:47    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 04:47    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 04:47    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 04:47    4096    ---ha-w-    c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 04:47    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
    2012-11-30 04:53 . 2013-01-09 04:48    274944    ----a-w-    c:\windows\SysWow64\KernelBase.dll
    2012-11-30 04:45 . 2013-01-09 04:48    4096    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 04:48    4096    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 04:48    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 04:48    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 04:48    4608    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 04:48    3584    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 04:48    3584    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 04:48    4096    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 04:48    4096    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 04:48    3584    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 04:47    3584    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
    .
    .
    (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
    @="{95A27763-F62A-4114-9072-E81D87DE3B68}"
    [HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
    2012-11-08 15:01    1019976    ----a-r-    c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
    @="{E300CD91-100F-4E67-9AF3-1384A6124015}"
    [HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
    2012-11-08 15:01    1019976    ----a-r-    c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
    @="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
    [HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
    2012-11-08 15:01    1019976    ----a-r-    c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32    129272    ----a-w-    c:\users\Jim\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32    129272    ----a-w-    c:\users\Jim\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32    129272    ----a-w-    c:\users\Jim\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32    129272    ----a-w-    c:\users\Jim\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShareOverlay]
    @="{594D4122-1F87-41E2-96C7-825FB4796516}"
    [HKEY_CLASSES_ROOT\CLSID\{594D4122-1F87-41E2-96C7-825FB4796516}]
    2011-04-01 02:45    501760    ----a-w-    c:\program files\Classic Shell\ClassicExplorer32.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
    "PeerBlock"="c:\program files\PeerBlock\peerblock.exe" [2010-10-15 2646128]
    "cdloader"="c:\users\Jim\AppData\Roaming\mjusbsp\cdloader2.exe" [2012-02-01 50592]
    "iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-12-17 59872]
    "ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2012-12-17 59872]
    "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-08-25 39408]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "StrgSync.exe"="c:\program files\StorageSync\StrgSync.exe" [2005-10-08 3032576]
    "AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]
    "Intel AppUp(SM) center"="c:\program files (x86)\Intel\IntelAppStore\bin\serviceManager.lnk" [2011-03-22 1345]
    "WinPatrol"="c:\program files (x86)\BillP Studios\WinPatrol\winpatrol.exe" [2011-05-15 325512]
    "Memeo Instant Backup"="c:\program files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe" [2011-01-24 136416]
    "Seagate Dashboard"="c:\program files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe" [2011-06-01 79112]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
    "Conime"="c:\windows\system32\conime.exe" [BU]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
    "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-01-15 1534504]
    "Carbonite Backup"="c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe" [2012-11-08 1065032]
    "EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.EXE" [2012-10-08 3182080]
    "EKStatusMonitor"="c:\program files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe" [2012-10-15 2844608]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
    "Bonus.SSR.FR11"="c:\program files (x86)\ABBYY FineReader 11\Bonus.ScreenshotReader.exe" [2011-11-07 934152]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "KodakHomeCenter"="c:\program files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe" [2012-10-19 2235840]
    .
    c:\users\Jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\Jim\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-1-20 28539272]
    magicJack (2).lnk - c:\users\Jim\AppData\Roaming\mjusbsp\magicJackLoader.exe [2012-2-1 804672]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-4-19 291896]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
     [BU]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 BlackBox;BlackBox SR2; [x]
    R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-12-26 69672]
    R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-03-10 29720]
    R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2013-02-25 36680]
    R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-12-26 106112]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]
    R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2010-10-15 24176]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-02 1255736]
    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
    R4 Digital Lifeboat Backup Service;Digital Lifeboat Backup Service;c:\program files (x86)\DigitalLifeboat\Data Protection Service\DataProtectionService.exe [2011-09-28 11264]
    R4 Digital Lifeboat Update Service;Digital Lifeboat Update Service;c:\program files (x86)\DigitalLifeboat\Data Protection Service\DataProtectionUpdateService.exe [2011-09-28 108032]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
    S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-12-26 339776]
    S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
    S2 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
    S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
    S2 ggcfdrv;ggcfdrv;c:\windows\system32\DRIVERS\ggcfdrv.sys [2011-09-28 27224]
    S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216]
    S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2012-10-19 395200]
    S2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;c:\program files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [2012-10-15 779200]
    S2 Kodak Cloud Software Connector;Kodak Cloud Software Connector;c:\program files (x86)\Kodak\CloudPrinting\KCPConnector.exe [2011-09-06 1519536]
    S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-11-08 375728]
    S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2010-09-17 15928]
    S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]
    S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [2011-01-24 25824]
    S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-12-26 218320]
    S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-12-26 182312]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S2 SeagateDashboardService;Seagate Dashboard Service;c:\program files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-06-01 14088]
    S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-04-19 993848]
    S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-04-19 399416]
    S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-12-26 515528]
    S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 17976]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *Deregistered* - mfeavfk01
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2013-02-23 01:51    1629648    ----a-w-    c:\program files (x86)\Google\Chrome\Application\25.0.1364.97\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-02-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-25 17:16]
    .
    2013-02-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-25 17:16]
    .
    2013-02-19 c:\windows\Tasks\HPCeeScheduleForJim.job
    - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 12:22]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
    @="{95A27763-F62A-4114-9072-E81D87DE3B68}"
    [HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
    2012-11-08 14:53    1292360    ----a-r-    c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
    @="{E300CD91-100F-4E67-9AF3-1384A6124015}"
    [HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
    2012-11-08 14:53    1292360    ----a-r-    c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
    @="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
    [HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
    2012-11-08 14:53    1292360    ----a-r-    c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32    162552    ----a-w-    c:\users\Jim\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32    162552    ----a-w-    c:\users\Jim\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32    162552    ----a-w-    c:\users\Jim\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32    162552    ----a-w-    c:\users\Jim\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShareOverlay]
    @="{594D4122-1F87-41E2-96C7-825FB4796516}"
    [HKEY_CLASSES_ROOT\CLSID\{594D4122-1F87-41E2-96C7-825FB4796516}]
    2011-04-01 02:46    625152    ----a-w-    c:\program files\Classic Shell\ClassicExplorer64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2010-09-17 57928]
    "EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe" [2012-10-08 3182080]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
    FontCache
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    Trusted Zone: intuit.com\ttlc
    TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
    FF - ProfilePath - c:\users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\lqrbomld.default\
    FF - prefs.js: browser.search.selectedEngine - Bing
    FF - prefs.js: network.proxy.type - 0
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
       00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Flip Video\FlipShare\FlipShareService.exe
    c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
    .
    **************************************************************************
    .
    Completion time: 2013-02-27  12:18:03 - machine was rebooted
    ComboFix-quarantined-files.txt  2013-02-27 18:18
    ComboFix2.txt  2013-02-27 10:41
    ComboFix3.txt  2013-02-19 18:08
    ComboFix4.txt  2013-02-19 03:26
    ComboFix5.txt  2013-02-27 17:39
    .
    Pre-Run: 14,760,902,656 bytes free
    Post-Run: 14,069,178,368 bytes free
    .
    - - End Of File - - CF20B2984D2C402C947A33437DE6BC06
     


    Edited by whatisavailable, 27 February 2013 - 01:30 PM.


    #9 jeffce

    jeffce

      Bleepin' Super Saiyan


    • Malware Response Team
    • 3,442 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:USA
    • Local time:06:43 PM

    Posted 27 February 2013 - 02:03 PM

     If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.

    Does it look like that? Just reboot your system once or twice and let me know how things are running.


    WFxJwA4.png
     
    mvp_horizontal_fullcolor-(copy2).jpeg
     


    #10 whatisavailable

    whatisavailable
    • Topic Starter

    • Members
    • 212 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Texas
    • Local time:06:43 PM

    Posted 01 March 2013 - 10:07 AM

    System seems okay but I notice that MS Essentials was turned off. 

    Jim



    #11 jeffce

    jeffce

      Bleepin' Super Saiyan


    • Malware Response Team
    • 3,442 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:USA
    • Local time:06:43 PM

    Posted 01 March 2013 - 02:51 PM

    Hi,

    I notice that you have both McAfee and Microsoft Security Essentials running at the same time. Having more than one antivirus program running at the same time can seriously degrade the performance of your system. Please uninstall either McAfee or Microsoft Security Essentials (which ever you prefer) using either the provided uninstall feature that is part of the antivirus program or through Add/Remove Programs (for Vista and Win 7 users to go to Programs and Features in the Control Panel). As a rule of thumb one should run one firewall, one antivirus program in memory, and one antispyware utility in memory. It's fine to have other security tools available on an as-needed or on-demand basis, but when multiple tools simultaneously perform the same function, you're asking for trouble.
    ----------

    java-1.jpgJava

    Please go to Start > Control Panel > Programs and Features > uninstall all the Java Programs you see, now download the latest Java from the following link and install it:

    http://java.com/en/download/index.jsp
    ----------

    java-1.jpg
    See this page for instructions on how to clear java's cache.

    Go into the Control Panel and double-click the Java Icon. (looks like a coffee cup)
    • Under Temporary Internet Files, click the Delete Files button.
    • There are three options in the window to clear the cache - Leave ALL 3 Checked

      • Downloaded Applets
        Downloaded Applications
        Installed Applications and Applets
    • Click OK on Delete Temporary Files Window
      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
    • Click OK to leave the Java Control Panel.
    • ----------

      mbam-3.jpgMalwarebytes

      Please open Malwarebytes, update it and then run a Quick Scan. Save the log that is created for your next reply.
      ----------

      ESET Online Scanner

      Go here to run an online scannner from ESET. Windows Vista/Windows 7 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator
      • Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
      • Turn off the real time scanner of any existing antivirus program while performing the online scan
      • Tick the box next to YES, I accept the Terms of Use.
      • Click Start
      • When asked, allow the activex control to install
      • Click Start
      • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
      • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
      • Click Scan
      • Wait for the scan to finish
      • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
      • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
      • Close the ESET online scan, and let me know how things are now.
      ----------


    WFxJwA4.png
     
    mvp_horizontal_fullcolor-(copy2).jpeg
     


    #12 whatisavailable

    whatisavailable
    • Topic Starter

    • Members
    • 212 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Texas
    • Local time:06:43 PM

    Posted 01 March 2013 - 04:49 PM

    Hi

    JAVA updated and cache cleared.

    Malwarebytes log is below.

    ESET is almost complete. Will post it when done.

     

    Malwarebytes Anti-Malware 1.70.0.1100
    www.malwarebytes.org

    Database version: v2013.03.01.09

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Jim :: JIM-PC7 [administrator]

    3/1/2013 3:23:14 PM
    MBAM-log-2013-03-01 (15-35-23).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 320158
    Time elapsed: 11 minute(s), 44 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\Users\Jim\Downloads\WiNlOgOn.exe (Heuristics.Reserved.Word.Exploit) -> No action taken.

    (end)
     



    #13 jeffce

    jeffce

      Bleepin' Super Saiyan


    • Malware Response Team
    • 3,442 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:USA
    • Local time:06:43 PM

    Posted 01 March 2013 - 11:09 PM

    ESET is almost complete. Will post it when done.

    Sounds good.  

     

     

    C:\Users\Jim\Downloads\WiNlOgOn.exe

    Did you download RKill at some point?  


    WFxJwA4.png
     
    mvp_horizontal_fullcolor-(copy2).jpeg
     


    #14 whatisavailable

    whatisavailable
    • Topic Starter

    • Members
    • 212 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Texas
    • Local time:06:43 PM

    Posted 02 March 2013 - 02:39 PM

    ESET log below.
    I've downloaded the hiren CD - didn't realize I had that many versions of it on my computer. :-)
    Also, I have downloaded rkill before.

    Thanks!
    Jim

    C:\Documents and Settings\Jim\Downloads\Hirens.BootCD.15.2(1).zip    Win32/PSWTool.KonBoot.A application
    C:\Documents and Settings\Jim\Downloads\Hirens.BootCD.15.2.zip    Win32/PSWTool.KonBoot.A application
    C:\Documents and Settings\Jim\Downloads\Hirens.BootCD.15.2(1)\Hiren's.BootCD.15.2.iso    Win32/PSWTool.KonBoot.A application
    C:\Users\Jim\Downloads\Hirens.BootCD.15.2(1).zip    Win32/PSWTool.KonBoot.A application
    C:\Users\Jim\Downloads\Hirens.BootCD.15.2.zip    Win32/PSWTool.KonBoot.A application
    C:\Users\Jim\Downloads\Hirens.BootCD.15.2(1)\Hiren's.BootCD.15.2.iso    Win32/PSWTool.KonBoot.A application
     

    Edited by whatisavailable, 02 March 2013 - 02:41 PM.


    #15 whatisavailable

    whatisavailable
    • Topic Starter

    • Members
    • 212 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Texas
    • Local time:06:43 PM

    Posted 02 March 2013 - 02:41 PM

    Also, I have downloaded rkill before.






    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users