Jump to content

gilgul

Members
  • Posts

    12
  • Joined

  • Last visited

Everything posted by gilgul

  1. No luck. Tried to reboot as well but still the same. I suspect system reload may be necessary unless you have any other ideas?
  2. Here you go: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 11:40:59 AM, on 1/18/2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Program Files (x86)\Belkin\F1U201.401\usbshare.exe C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe C:\Program Files (x86)\Intuit\QuickBooks 2011\QBW32.EXE C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe C:\Users\Nick and Sandy\Downloads\HijackThis(2).exe C:\Windows\SysWOW64\DllHost.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4320&r=17361010e206p04h5v1i5k45m1r29q R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120117010455.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing) O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O4 - HKLM\..\Run: [Hotkey Utility] C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [Gateway Photo Frame] C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe -A O4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized O4 - Global Startup: F1U201.401.lnk = ? O4 - Global Startup: Intuit Data Protect.lnk = C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe O4 - Global Startup: McAfee Security Scan Plus.lnk = ? O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe O4 - Global Startup: QuickBooks_Standard_21.lnk = C:\Program Files (x86)\Intuit\QuickBooks 2011\QBW32.EXE O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100 O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files (x86)\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing) O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\mcafee\msc\mcsniepl.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing) O23 - Service: McAfee Online Backup (MOBKbackup) - McAfee, Inc. - C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: QBCFMonitorService - Intuit - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe O23 - Service: QBIDPService (QBVSS) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Updater Service - Acer Group - C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 14661 bytes hijackthis.log
  3. Alright, contents below: 2012-01-18 16:23:32 . 2012-01-18 16:23:33 95 ----a-w- C:\Qoobox\Quarantine\catchme.txt 2012-01-18 16:14:25 . 2012-01-18 16:46:25 208 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-Toolbar-Locked.reg.dat 2012-01-18 16:00:34 . 2012-01-18 16:28:09 4,132 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg 2012-01-18 15:55:50 . 2012-01-18 16:22:40 102 ----a-w- C:\Qoobox\Quarantine\catchme.log
  4. Not sure what happened... Hope this works better... ComboFix 12-01-18.04 - Nick and Sandy 01/18/2012 8:23.4.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5872.4090 [GMT -8:00] Running from: c:\users\Nick and Sandy\Desktop\ComboFix.exe Command switches used :: c:\users\Nick and Sandy\Desktop\CFScript.txt AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637} FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C} SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2011-12-18 to 2012-01-18 ))))))))))))))))))))))))))))))) . . 2012-01-18 16:32 . 2012-01-18 16:32 -------- d-----w- c:\users\SSI remote\AppData\Local\temp 2012-01-18 16:32 . 2012-01-18 16:32 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-01-17 23:26 . 2012-01-17 23:26 -------- d-----w- c:\users\Nick and Sandy\AppData\Roaming\TeamViewer 2012-01-16 18:52 . 2012-01-16 18:52 -------- d-----w- c:\users\Nick and Sandy\AppData\Roaming\SUPERAntiSpyware.com 2012-01-16 18:52 . 2012-01-16 18:52 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2012-01-16 18:48 . 2011-11-17 06:35 340992 ----a-w- c:\windows\system32\schannel.dll 2012-01-14 22:37 . 2011-11-11 14:25 16376 ----a-w- c:\windows\system32\drivers\TVMonitor.sys 2012-01-14 22:37 . 2012-01-14 22:37 -------- d-----w- c:\program files (x86)\TeamViewer 2012-01-14 22:14 . 2012-01-14 22:14 16200 ----a-w- c:\windows\stinger.sys 2012-01-13 18:32 . 2012-01-13 18:32 -------- d-----w- c:\users\Nick and Sandy\AppData\Local\LogMeIn 2012-01-13 18:32 . 2011-12-08 02:22 87456 ----a-w- c:\windows\system32\LMIRfsClientNP.dll 2012-01-13 18:32 . 2011-12-08 02:22 59776 ----a-w- c:\windows\system32\Spool\prtprocs\x64\LMIproc.dll 2012-01-13 18:32 . 2011-12-08 02:22 34688 ----a-w- c:\windows\system32\LMIport.dll 2012-01-13 18:32 . 2011-09-16 22:10 72216 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys 2012-01-13 18:32 . 2011-12-08 02:22 80768 ----a-w- c:\windows\system32\LMIinit.dll 2012-01-11 17:24 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll 2012-01-11 17:24 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll 2012-01-11 17:24 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll 2012-01-11 17:24 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll 2012-01-11 17:24 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll 2012-01-11 17:24 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll 2012-01-11 17:24 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll 2012-01-11 17:24 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll 2012-01-07 02:20 . 2012-01-07 02:20 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-01-02 04:50 . 2012-01-02 04:50 -------- d-----w- c:\program files\iPod 2012-01-02 04:50 . 2012-01-02 04:50 -------- d-----w- c:\program files\iTunes 2012-01-02 04:50 . 2012-01-02 04:50 -------- d-----w- c:\program files (x86)\iTunes 2012-01-02 04:48 . 2012-01-02 04:48 -------- d-----w- c:\program files\Bonjour 2012-01-02 04:48 . 2012-01-02 04:48 -------- d-----w- c:\program files (x86)\Bonjour 2012-01-02 03:10 . 2012-01-02 03:10 -------- d-----w- c:\program files (x86)\Apple Software Update 2011-12-31 06:25 . 2011-12-31 06:26 -------- d-----w- c:\program files (x86)\Pdf Editor 2011-12-31 06:25 . 2011-12-31 06:24 723294 ----a-w- c:\windows\unins000.exe 2011-12-31 06:24 . 2011-12-31 06:24 -------- d-----w- c:\program files (x86)\AVI to MP4 Converter 2011-12-31 06:03 . 2011-12-31 06:03 -------- d-----w- c:\programdata\ALM 2011-12-31 05:52 . 2011-12-31 06:04 -------- d-----w- c:\program files\Common Files\Adobe 2011-12-31 04:12 . 2011-12-31 05:43 -------- d-----w- c:\users\Nick and Sandy\Creative Suite 5.5 Design Premium 2011-12-31 04:12 . 2011-12-31 04:12 -------- d-----w- c:\program files (x86)\Adobe Download Assistant 2011-12-31 04:12 . 2011-12-31 04:12 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR 2011-12-31 02:45 . 2011-12-31 02:45 -------- d-----w- c:\users\Public\Roaming 2011-12-23 01:30 . 2011-12-07 01:22 28760 ----a-w- c:\program files (x86)\Mozilla Firefox\distribution\bundles\{D19CA586-DD6C-4a0a-96F8-14644F340D60}\components\scriptff.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-12-10 23:24 . 2011-12-17 09:15 23152 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-11-24 04:52 . 2011-12-13 18:44 3145216 ----a-w- c:\windows\system32\win32k.sys 2011-11-05 05:32 . 2011-12-13 18:44 2048 ----a-w- c:\windows\system32\tzres.dll 2011-11-05 04:26 . 2011-12-13 18:44 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2011-10-26 05:21 . 2011-12-13 18:44 43520 ----a-w- c:\windows\system32\csrsrv.dll 2011-10-24 22:29 . 2011-10-24 22:29 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx 2011-10-24 22:29 . 2011-10-24 22:29 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts . . ((((((((((((((((((((((((((((( SnapShot@2012-01-18_16.09.19 ))))))))))))))))))))))))))))))))))))))))) . + 2010-04-12 08:44 . 2012-01-18 16:22 39258 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2012-01-18 16:22 31616 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2010-10-26 20:02 . 2012-01-18 16:22 12018 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1763548599-1364003559-2775150887-1000_UserData.bin - 2010-04-29 19:09 . 2012-01-18 16:03 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-04-29 19:09 . 2012-01-18 16:34 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-04-29 19:09 . 2012-01-18 16:03 65536 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2010-04-29 19:09 . 2012-01-18 16:34 65536 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2012-01-18 16:03 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:54 . 2012-01-18 16:34 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2012-01-18 16:03 . 2012-01-18 16:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-01-18 16:34 . 2012-01-18 16:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-01-18 16:34 . 2012-01-18 16:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2012-01-18 16:03 . 2012-01-18 16:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2009-07-14 02:36 . 2012-01-18 16:07 618026 c:\windows\system32\perfh009.dat + 2009-07-14 02:36 . 2012-01-18 16:26 618026 c:\windows\system32\perfh009.dat + 2009-07-14 02:36 . 2012-01-18 16:26 104340 c:\windows\system32\perfc009.dat - 2009-07-14 02:36 . 2012-01-18 16:07 104340 c:\windows\system32\perfc009.dat - 2009-07-14 05:01 . 2012-01-18 16:02 445484 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 05:01 . 2012-01-18 16:33 445484 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2012-01-16 23:15 . 2012-01-18 16:33 848793 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1763548599-1364003559-2775150887-1000-8192.dat - 2012-01-16 23:15 . 2012-01-18 16:02 848793 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1763548599-1364003559-2775150887-1000-8192.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 17351304] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Hotkey Utility"="c:\program files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe" [2010-03-26 563744] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-11 98304] "Gateway Photo Frame"="c:\program files (x86)\Gateway Photo Frame\ButtonMonitor.exe" [2009-07-20 124416] "RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192] "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-11-23 1675160] "Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2011-09-30 2215768] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ F1U201.401.lnk - c:\program files (x86)\Belkin\F1U201.401\usbshare.exe [2011-1-12 135168] Intuit Data Protect.lnk - c:\program files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe [2011-11-9 5911896] McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536] QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2011-11-9 1156968] QuickBooks_Standard_21.lnk - c:\program files (x86)\Intuit\QuickBooks 2011\QBW32.EXE [2011-11-9 1178984] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . R1 SASDIFSV;SASDIFSV;c:\users\NICKAN~1\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV64.SYS [x] R1 SASKUTIL;SASKUTIL;c:\users\NICKAN~1\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL64.SYS [x] R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-28 249936] R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560] R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232] R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x] R3 NWUSBCDFIL64;Novatel Wireless Installation CD;c:\windows\system32\DRIVERS\NwUsbCdFil64.sys [x] R3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\DRIVERS\nwusbser2.sys [x] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184] R3 radpms;Driver for RADPMS Device;c:\windows\system32\DRIVERS\radpms.sys [x] R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] S0 ahcix64s;ahcix64s;c:\windows\system32\DRIVERS\ahcix64s.sys [x] S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x] S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x] S1 MOBKFilter;MOBKFilter;c:\windows\system32\DRIVERS\MOBK.sys [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 Greg_Service;GRegService;c:\program files (x86)\Gateway\Registration\GregHSRW.exe [2009-08-28 1150496] S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2011-12-08 375176] S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2011-09-16 15928] S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-28 249936] S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-28 249936] S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-10-18 208536] S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x] S2 MOBKbackup;McAfee Online Backup;c:\program files (x86)\McAfee Online Backup\MOBKbackup.exe [2010-04-14 231224] S2 QBVSS;QBIDPService;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2011-06-30 1248256] S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-14 2984832] S2 Updater Service;Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [2010-01-28 243232] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x] S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x] S3 MonitorFunction;Driver for Monitor;c:\windows\system32\DRIVERS\TVMonitor.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] . . --- Other Services/Drivers In Memory --- . *Deregistered* - mfeavfk01 . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK] @="{3c3f3c1a-9153-7c05-f938-622e7003894d}" [HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}] 2010-04-14 03:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2] @="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}" [HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}] 2010-04-14 03:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3] @="{b4caf489-1eec-c617-49ad-8d7088598c06}" [HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}] 2010-04-14 03:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2011-09-16 57928] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4320&r=17361010e206p04h5v1i5k45m1r29q mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 68.105.28.16 68.105.29.16 FF - ProfilePath - c:\users\Nick and Sandy\AppData\Roaming\Mozilla\Firefox\Profiles\49hxicz7.default\ FF - prefs.js: browser.search.selectedEngine - Secure Search FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p= FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files (x86)\McAfee\SiteAdvisor . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\windows\SysWOW64\rundll32.exe c:\program files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE c:\program files (x86)\TeamViewer\Version7\TeamViewer_Desktop.exe c:\program files (x86)\teamviewer\version7\TeamViewer.exe c:\program files (x86)\TeamViewer\Version7\tv_w32.exe . ************************************************************************** . Completion time: 2012-01-18 08:48:44 - machine was rebooted ComboFix-quarantined-files.txt 2012-01-18 16:48 ComboFix2.txt 2012-01-18 16:15 ComboFix3.txt 2012-01-17 23:26 . Pre-Run: 546,701,660,160 bytes free Post-Run: 546,501,332,992 bytes free . - - End Of File - - A583EA6D705597E9D112C6D981219D80
  5. <p>Here is the log:</p> <p> </p> <p> </p> <div><span> </span> <div><span>ComboFix 12-01-18.04 - Nick and Sandy 01/18/2012 8:23.4.4 - x64</span></div> <div><span>Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5872.4090 [GMT -8:00]</span></div> <div><span>Running from: c:\users\Nick and Sandy\Desktop\ComboFix.exe</span></div> <div><span>Command switches used :: c:\users\Nick and Sandy\Desktop\CFScript.txt</span></div> <div><span>AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}</span></div> <div><span>FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}</span></div> <div><span>SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}</span></div> <div><span>SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}</span></div> <div><span>.</span></div> <div><span>.</span></div> <div><span>((((((((((((((((((((((((( Files Created from 2011-12-18 to 2012-01-18 )))))))))))))))))))))))))))))))</span></div> <div><span>.</span></div> <div><span>.</span></div> <div><span>2012-01-18 16:32 . 2012-01-18 16:32<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\SSI remote\AppData\Local\temp</span></div> <div><span>2012-01-18 16:32 . 2012-01-18 16:32<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Default\AppData\Local\temp</span></div> <div><span>2012-01-17 23:26 . 2012-01-17 23:26<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Nick and Sandy\AppData\Roaming\TeamViewer</span></div> <div><span>2012-01-16 18:52 . 2012-01-16 18:52<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Nick and Sandy\AppData\Roaming\SUPERAntiSpyware.com</span></div> <div><span>2012-01-16 18:52 . 2012-01-16 18:52<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\SUPERAntiSpyware.com</span></div> <div><span>2012-01-16 18:48 . 2011-11-17 06:35<span class="Apple-tab-span" style="white-space:pre"> </span>340992<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\schannel.dll</span></div> <div><span>2012-01-14 22:37 . 2011-11-11 14:25<span class="Apple-tab-span" style="white-space:pre"> </span>16376<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\TVMonitor.sys</span></div> <div><span>2012-01-14 22:37 . 2012-01-14 22:37<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files (x86)\TeamViewer</span></div> <div><span>2012-01-14 22:14 . 2012-01-14 22:14<span class="Apple-tab-span" style="white-space:pre"> </span>16200<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\stinger.sys</span></div> <div><span>2012-01-13 18:32 . 2012-01-13 18:32<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Nick and Sandy\AppData\Local\LogMeIn</span></div> <div><span>2012-01-13 18:32 . 2011-12-08 02:22<span class="Apple-tab-span" style="white-space:pre"> </span>87456<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\LMIRfsClientNP.dll</span></div> <div><span>2012-01-13 18:32 . 2011-12-08 02:22<span class="Apple-tab-span" style="white-space:pre"> </span>59776<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\Spool\prtprocs\x64\LMIproc.dll</span></div> <div><span>2012-01-13 18:32 . 2011-12-08 02:22<span class="Apple-tab-span" style="white-space:pre"> </span>34688<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\LMIport.dll</span></div> <div><span>2012-01-13 18:32 . 2011-09-16 22:10<span class="Apple-tab-span" style="white-space:pre"> </span>72216<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\LMIRfsDriver.sys</span></div> <div><span>2012-01-13 18:32 . 2011-12-08 02:22<span class="Apple-tab-span" style="white-space:pre"> </span>80768<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\LMIinit.dll</span></div> <div><span>2012-01-11 17:24 . 2011-10-26 05:25<span class="Apple-tab-span" style="white-space:pre"> </span>1572864<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\quartz.dll</span></div> <div><span>2012-01-11 17:24 . 2011-10-26 04:32<span class="Apple-tab-span" style="white-space:pre"> </span>514560<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\qdvd.dll</span></div> <div><span>2012-01-11 17:24 . 2011-10-26 04:32<span class="Apple-tab-span" style="white-space:pre"> </span>1328128<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\quartz.dll</span></div> <div><span>2012-01-11 17:24 . 2011-10-26 05:25<span class="Apple-tab-span" style="white-space:pre"> </span>366592<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\qdvd.dll</span></div> <div><span>2012-01-11 17:24 . 2011-11-17 06:41<span class="Apple-tab-span" style="white-space:pre"> </span>1731920<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\ntdll.dll</span></div> <div><span>2012-01-11 17:24 . 2011-11-17 05:38<span class="Apple-tab-span" style="white-space:pre"> </span>1292080<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\ntdll.dll</span></div> <div><span>2012-01-11 17:24 . 2011-11-19 14:58<span class="Apple-tab-span" style="white-space:pre"> </span>77312<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\packager.dll</span></div> <div><span>2012-01-11 17:24 . 2011-11-19 14:01<span class="Apple-tab-span" style="white-space:pre"> </span>67072<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\packager.dll</span></div> <div><span>2012-01-07 02:20 . 2012-01-07 02:20<span class="Apple-tab-span" style="white-space:pre"> </span>404640<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\FlashPlayerCPLApp.cpl</span></div> <div><span>2012-01-02 04:50 . 2012-01-02 04:50<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\iPod</span></div> <div><span>2012-01-02 04:50 . 2012-01-02 04:50<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\iTunes</span></div> <div><span>2012-01-02 04:50 . 2012-01-02 04:50<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files (x86)\iTunes</span></div> <div><span>2012-01-02 04:48 . 2012-01-02 04:48<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Bonjour</span></div> <div><span>2012-01-02 04:48 . 2012-01-02 04:48<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files (x86)\Bonjour</span></div> <div><span>2012-01-02 03:10 . 2012-01-02 03:10<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files (x86)\Apple Software Update</span></div> <div><span>2011-12-31 06:25 . 2011-12-31 06:26<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files (x86)\Pdf Editor</span></div> <div><span>2011-12-31 06:25 . 2011-12-31 06:24<span class="Apple-tab-span" style="white-space:pre"> </span>723294<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\unins000.exe</span></div> <div><span>2011-12-31 06:24 . 2011-12-31 06:24<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files (x86)\AVI to MP4 Converter</span></div> <div><span>2011-12-31 06:03 . 2011-12-31 06:03<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\ALM</span></div> <div><span>2011-12-31 05:52 . 2011-12-31 06:04<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Common Files\Adobe</span></div> <div><span>2011-12-31 04:12 . 2011-12-31 05:43<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Nick and Sandy\Creative Suite 5.5 Design Premium</span></div> <div><span>2011-12-31 04:12 . 2011-12-31 04:12<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files (x86)\Adobe Download Assistant</span></div> <div><span>2011-12-31 04:12 . 2011-12-31 04:12<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files (x86)\Common Files\Adobe AIR</span></div> <div><span>2011-12-31 02:45 . 2011-12-31 02:45<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Public\Roaming</span></div> <div><span>2011-12-23 01:30 . 2011-12-07 01:22<span class="Apple-tab-span" style="white-space:pre"> </span>28760<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files (x86)\Mozilla Firefox\distribution\bundles\{D19CA586-DD6C-4a0a-96F8-14644F340D60}\components\scriptff.dll</span></div> <div><span>.</span></div> <div><span>.</span></div> <div><span>.</span></div> <div><span>(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))</span></div> <div><span>.</span></div> <div><span>2011-12-10 23:24 . 2011-12-17 09:15<span class="Apple-tab-span" style="white-space:pre"> </span>23152<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\mbam.sys</span></div> <div><span>2011-11-24 04:52 . 2011-12-13 18:44<span class="Apple-tab-span" style="white-space:pre"> </span>3145216<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\win32k.sys</span></div> <div><span>2011-11-05 05:32 . 2011-12-13 18:44<span class="Apple-tab-span" style="white-space:pre"> </span>2048<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\tzres.dll</span></div> <div><span>2011-11-05 04:26 . 2011-12-13 18:44<span class="Apple-tab-span" style="white-space:pre"> </span>2048<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\tzres.dll</span></div> <div><span>2011-10-26 05:21 . 2011-12-13 18:44<span class="Apple-tab-span" style="white-space:pre"> </span>43520<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\csrsrv.dll</span></div> <div><span>2011-10-24 22:29 . 2011-10-24 22:29<span class="Apple-tab-span" style="white-space:pre"> </span>94208<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\QuickTimeVR.qtx</span></div> <div><span>2011-10-24 22:29 . 2011-10-24 22:29<span class="Apple-tab-span" style="white-space:pre"> </span>69632<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\QuickTime.qts</span></div> <div><span>.</span></div> <div><span>.</span></div> <div><span>((((((((((((((((((((((((((((( SnapShot@2012-01-18_16.09.19 )))))))))))))))))))))))))))))))))))))))))</span></div> <div><span>.</span></div> <div><span>+ 2010-04-12 08:44 . 2012-01-18 16:22<span class="Apple-tab-span" style="white-space:pre"> </span>39258 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin</span></div> <div><span>+ 2009-07-14 05:10 . 2012-01-18 16:22<span class="Apple-tab-span" style="white-space:pre"> </span>31616 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin</span></div> <div><span>+ 2010-10-26 20:02 . 2012-01-18 16:22<span class="Apple-tab-span" style="white-space:pre"> </span>12018 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1763548599-1364003559-2775150887-1000_UserData.bin</span></div> <div><span>- 2010-04-29 19:09 . 2012-01-18 16:03<span class="Apple-tab-span" style="white-space:pre"> </span>32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat</span></div> <div><span>+ 2010-04-29 19:09 . 2012-01-18 16:34<span class="Apple-tab-span" style="white-space:pre"> </span>32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat</span></div> <div><span>- 2010-04-29 19:09 . 2012-01-18 16:03<span class="Apple-tab-span" style="white-space:pre"> </span>65536 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat</span></div> <div><span>+ 2010-04-29 19:09 . 2012-01-18 16:34<span class="Apple-tab-span" style="white-space:pre"> </span>65536 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat</span></div> <div><span>- 2009-07-14 04:54 . 2012-01-18 16:03<span class="Apple-tab-span" style="white-space:pre"> </span>16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat</span></div> <div><span>+ 2009-07-14 04:54 . 2012-01-18 16:34<span class="Apple-tab-span" style="white-space:pre"> </span>16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat</span></div> <div><span>- 2012-01-18 16:03 . 2012-01-18 16:03<span class="Apple-tab-span" style="white-space:pre"> </span>2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat</span></div> <div><span>+ 2012-01-18 16:34 . 2012-01-18 16:34<span class="Apple-tab-span" style="white-space:pre"> </span>2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat</span></div> <div><span>+ 2012-01-18 16:34 . 2012-01-18 16:34<span class="Apple-tab-span" style="white-space:pre"> </span>2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat</span></div> <div><span>- 2012-01-18 16:03 . 2012-01-18 16:03<span class="Apple-tab-span" style="white-space:pre"> </span>2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat</span></div> <div><span>- 2009-07-14 02:36 . 2012-01-18 16:07<span class="Apple-tab-span" style="white-space:pre"> </span>618026 c:\windows\system32\perfh009.dat</span></div> <div><span>+ 2009-07-14 02:36 . 2012-01-18 16:26<span class="Apple-tab-span" style="white-space:pre"> </span>618026 c:\windows\system32\perfh009.dat</span></div> <div><span>+ 2009-07-14 02:36 . 2012-01-18 16:26<span class="Apple-tab-span" style="white-space:pre"> </span>104340 c:\windows\system32\perfc009.dat</span></div> <div><span>- 2009-07-14 02:36 . 2012-01-18 16:07<span class="Apple-tab-span" style="white-space:pre"> </span>104340 c:\windows\system32\perfc009.dat</span></div> <div><span>- 2009-07-14 05:01 . 2012-01-18 16:02<span class="Apple-tab-span" style="white-space:pre"> </span>445484 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat</span></div> <div><span>+ 2009-07-14 05:01 . 2012-01-18 16:33<span class="Apple-tab-span" style="white-space:pre"> </span>445484 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat</span></div> <div><span>+ 2012-01-16 23:15 . 2012-01-18 16:33<span class="Apple-tab-span" style="white-space:pre"> </span>848793 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1763548599-1364003559-2775150887-1000-8192.dat</span></div> <div><span>- 2012-01-16 23:15 . 2012-01-18 16:02<span class="Apple-tab-span" style="white-space:pre"> </span>848793 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1763548599-1364003559-2775150887-1000-8192.dat</span></div> <div><span>.</span></div> <div><span>((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))</span></div> <div><span>.</span></div> <div><span>.</span></div> <div><span>*Note* empty entries & legit default entries are not shown </span></div> <div><span>REGEDIT4</span></div> <div><span>.</span></div> <div><span>[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]</span></div> <div><span>"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 17351304]</span></div> <div><span>.</span></div> <div><span>[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]</span></div> <div><span>"Hotkey Utility"="c:\program files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe" [2010-03-26 563744]</span></div> <div><span>"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-11 98304]</span></div> <div><span>"Gateway Photo Frame"="c:\program files (x86)\Gateway Photo Frame\ButtonMonitor.exe" [2009-07-20 124416]</span></div> <div><span>"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]</span></div> <div><span>"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-11-23 1675160]</span></div> <div><span>"Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2011-09-30 2215768]</span></div> <div><span>.</span></div> <div><span>c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\</span></div> <div><span>F1U201.401.lnk - c:\program files (x86)\Belkin\F1U201.401\usbshare.exe [2011-1-12 135168]</span></div> <div><span>Intuit Data Protect.lnk - c:\program files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe [2011-11-9 5911896]</span></div> <div><span>McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]</span></div> <div><span>QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2011-11-9 1156968]</span></div> <div><span>QuickBooks_Standard_21.lnk - c:\program files (x86)\Intuit\QuickBooks 2011\QBW32.EXE [2011-11-9 1178984]</span></div> <div><span>.</span></div> <div><span>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]</span></div> <div><span>"ConsentPromptBehaviorAdmin"= 5 (0x5)</span></div> <div><span>"ConsentPromptBehaviorUser"= 3 (0x3)</span></div> <div><span>"EnableUIADesktopToggle"= 0 (0x0)</span></div> <div><span>.</span></div> <div><span>[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]</span></div> <div><span>"aux"=wdmaud.drv</span></div> <div><span>.</span></div> <div><span>[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]</span></div> <div><span>Security Packages<span class="Apple-tab-span" style="white-space:pre"> </span>REG_MULTI_SZ <span class="Apple-tab-span" style="white-space:pre"> </span>kerberos msv1_0 schannel wdigest tspkg pku2u livessp</span></div> <div><span>.</span></div> <div><span>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]</span></div> <div><span>@=""</span></div> <div><span>.</span></div> <div><span>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]</span></div> <div><span>@=""</span></div> <div><span>.</span></div> <div><span>R1 SASDIFSV;SASDIFSV;c:\users\NICKAN~1\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV64.SYS [x]</span></div> <div><span>R1 SASKUTIL;SASKUTIL;c:\users\NICKAN~1\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL64.SYS [x]</span></div> <div><span>R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-28 249936]</span></div> <div><span>R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560]</span></div> <div><span>R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]</span></div> <div><span>R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]</span></div> <div><span>R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]</span></div> <div><span>R3 NWUSBCDFIL64;Novatel Wireless Installation CD;c:\windows\system32\DRIVERS\NwUsbCdFil64.sys [x]</span></div> <div><span>R3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\DRIVERS\nwusbser2.sys [x]</span></div> <div><span>R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]</span></div> <div><span>R3 radpms;Driver for RADPMS Device;c:\windows\system32\DRIVERS\radpms.sys [x]</span></div> <div><span>R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]</span></div> <div><span>R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]</span></div> <div><span>R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]</span></div> <div><span>R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]</span></div> <div><span>S0 ahcix64s;ahcix64s;c:\windows\system32\DRIVERS\ahcix64s.sys [x]</span></div> <div><span>S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]</span></div> <div><span>S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]</span></div> <div><span>S1 MOBKFilter;MOBKFilter;c:\windows\system32\DRIVERS\MOBK.sys [x]</span></div> <div><span>S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]</span></div> <div><span>S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]</span></div> <div><span>S2 Greg_Service;GRegService;c:\program files (x86)\Gateway\Registration\GregHSRW.exe [2009-08-28 1150496]</span></div> <div><span>S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2011-12-08 375176]</span></div> <div><span>S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2011-09-16 15928]</span></div> <div><span>S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-28 249936]</span></div> <div><span>S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-28 249936]</span></div> <div><span>S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-10-18 208536]</span></div> <div><span>S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]</span></div> <div><span>S2 MOBKbackup;McAfee Online Backup;c:\program files (x86)\McAfee Online Backup\MOBKbackup.exe [2010-04-14 231224]</span></div> <div><span>S2 QBVSS;QBIDPService;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2011-06-30 1248256]</span></div> <div><span>S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-14 2984832]</span></div> <div><span>S2 Updater Service;Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [2010-01-28 243232]</span></div> <div><span>S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]</span></div> <div><span>S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]</span></div> <div><span>S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]</span></div> <div><span>S3 MonitorFunction;Driver for Monitor;c:\windows\system32\DRIVERS\TVMonitor.sys [x]</span></div> <div><span>S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]</span></div> <div><span>.</span></div> <div><span>.</span></div> <div><span>--- Other Services/Drivers In Memory ---</span></div> <div><span>.</span></div> <div><span>*Deregistered* - mfeavfk01</span></div> <div><span>.</span></div> <div><span>.</span></div> <div><span>--------- x86-64 -----------</span></div> <div><span>.</span></div> <div><span>.</span></div> <div><span>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]</span></div> <div><span>@="{3c3f3c1a-9153-7c05-f938-622e7003894d}"</span></div> <div><span>[HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]</span></div> <div><span>2010-04-14 03:11<span class="Apple-tab-span" style="white-space:pre"> </span>3816248<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files (x86)\McAfee Online Backup\MOBKshell.dll</span></div> <div><span>.</span></div> <div><span>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]</span></div> <div><span>@="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"</span></div> <div><span>[HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]</span></div> <div><span>2010-04-14 03:11<span class="Apple-tab-span" style="white-space:pre"> </span>3816248<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files (x86)\McAfee Online Backup\MOBKshell.dll</span></div> <div><span>.</span></div> <div><span>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]</span></div> <div><span>@="{b4caf489-1eec-c617-49ad-8d7088598c06}"</span></div> <div><span>[HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]</span></div> <div><span>2010-04-14 03:11<span class="Apple-tab-span" style="white-space:pre"> </span>3816248<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files (x86)\McAfee Online Backup\MOBKshell.dll</span></div> <div><span>.</span></div> <div><span>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]</span></div> <div><span>"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2011-09-16 57928]</span></div> <div><span>.</span></div> <div><span>------- Supplementary Scan -------</span></div> <div><span>.</span></div> <div><span>uLocal Page = c:\windows\system32\blank.htm</span></div> <div><span>mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4320&r=17361010e206p04h5v1i5k45m1r29q</span></div> <div><span>mLocal Page = c:\windows\SysWOW64\blank.htm</span></div> <div><span>uInternet Settings,ProxyOverride = *.local</span></div> <div><span>IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html</span></div> <div><span>IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html</span></div> <div><span>IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html</span></div> <div><span>IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html</span></div> <div><span>IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000</span></div> <div><span>IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html</span></div> <div><span>IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105</span></div> <div><span>TCP: DhcpNameServer = 68.105.28.16 68.105.29.16</span></div> <div><span>FF - ProfilePath - c:\users\Nick and Sandy\AppData\Roaming\Mozilla\Firefox\Profiles\49hxicz7.default\</span></div> <div><span>FF - prefs.js: browser.search.selectedEngine - Secure Search</span></div> <div><span>FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official</span></div> <div><span>FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=</span></div> <div><span>FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}</span></div> <div><span>FF - Ext: Java Console: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}</span></div> <div><span>FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}</span></div> <div><span>FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files (x86)\McAfee\SiteAdvisor</span></div> <div><span>.</span></div> <div><span>- - - - ORPHANS REMOVED - - - -</span></div> <div><span>.</span></div> <div><span>Toolbar-Locked - (no file)</span></div> <div><span>.</span></div> <div><span>.</span></div> <div><span>.</span></div> <div><span>--------------------- LOCKED REGISTRY KEYS ---------------------</span></div> <div><span>.</span></div> <div><span>[HKEY_LOCAL_MACHINE\software\McAfee]</span></div> <div><span>"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,</span></div> <div><span> 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\</span></div> <div><span>.</span></div> <div><span>[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]</span></div> <div><span>@Denied: (A) (Everyone)</span></div> <div><span>"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"</span></div> <div><span>.</span></div> <div><span>[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]</span></div> <div><span>@Denied: (A) (Everyone)</span></div> <div><span>.</span></div> <div><span>[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]</span></div> <div><span>"Key"="ActionsPane3"</span></div> <div><span>"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"</span></div> <div><span>.</span></div> <div><span>[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]</span></div> <div><span>@Denied: (A) (Users)</span></div> <div><span>@Denied: (A) (Everyone)</span></div> <div><span>@Allowed: (B 1 2 3 4 5) (S-1-5-20)</span></div> <div><span>"BlindDial"=dword:00000000</span></div> <div><span>.</span></div> <div><span>[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]</span></div> <div><span>@Denied: (A) (Users)</span></div> <div><span>@Denied: (A) (Everyone)</span></div> <div><span>@Allowed: (B 1 2 3 4 5) (S-1-5-20)</span></div> <div><span>"BlindDial"=dword:00000000</span></div> <div><span>.</span></div> <div><span>[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]</span></div> <div><span>@Denied: (Full) (Everyone)</span></div> <div><span>.</span></div> <div><span>------------------------ Other Running Processes ------------------------</span></div> <div><span>.</span></div> <div><span>c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe</span></div> <div><span>c:\windows\SysWOW64\rundll32.exe</span></div> <div><span>c:\program files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe</span></div> <div><span>c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE</span></div> <div><span>c:\program files (x86)\TeamViewer\Version7\TeamViewer_Desktop.exe</span></div> <div><span>c:\program files (x86)\teamviewer\version7\TeamViewer.exe</span></div> <div><span>c:\program files (x86)\TeamViewer\Version7\tv_w32.exe</span></div> <div><span>.</span></div> <div><span>**************************************************************************</span></div> <div><span>.</span></div> <div><span>Completion time: 2012-01-18 08:48:44 - machine was rebooted</span></div> <div><span>ComboFix-quarantined-files.txt 2012-01-18 16:48</span></div> <div><span>ComboFix2.txt 2012-01-18 16:15</span></div> <div><span>ComboFix3.txt 2012-01-17 23:26</span></div> <div><span>.</span></div> <div><span>Pre-Run: 546,701,660,160 bytes free</span></div> <div><span>Post-Run: 546,501,332,992 bytes free</span></div> <div><span>.</span></div> <div><span>- - End Of File - - A583EA6D705597E9D112C6D981219D80</span></div> <span></span></div> <div> </div>
  6. Firewall is down again. Hopefully we can keep looking for a solution.
  7. ComboFix completed. Computer rebooted. Log attached. So far, firewall is staying on (been about 5 mins but this is the longest so far).
  8. I could not find mfAACEncr.exe in that folder. Only a .dll one. Here is the link: https://www.virustotal.com/file/1e9c1e9302d49d26e78f9f52d1b9f5c4f51a6a31b2ca34a207b42b4d02f2c9d3/analysis/1326836528/
  9. Thank you for the quick reply! I just posted an update there that the topic was moved over here.
  10. A week ago I began having an issue with McAfee Security Suite where the Firewall keeps shutting off. When I manually try to start it, it stays for about 5 minutes then shuts off again... Originally I ran MBAM and that solved the issue for a couple of days. Now it is back and nothing helps anymore. Tries MBAM / SUPRA but no luck. Below is HijackThis log. If any of you pros can see anything and suggest a solution I'd be forever grateful! Thanks in advance... Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 3:30:06 PM, on 1/16/2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: c:\program files (x86)\teamviewer\version7\TeamViewer.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Program Files (x86)\Belkin\F1U201.401\usbshare.exe C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe C:\Program Files (x86)\Intuit\QuickBooks 2011\QBW32.EXE C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe C:\Users\Nick and Sandy\Downloads\HijackThis(2).exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4320&r=17361010e206p04h5v1i5k45m1r29q R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4320&r=17361010e206p04h5v1i5k45m1r29q R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4320&r=17361010e206p04h5v1i5k45m1r29q R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111222173024.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing) O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing) O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O4 - HKLM\..\Run: [Hotkey Utility] C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [Gateway Photo Frame] C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe -A O4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKLM\..\Policies\Explorer\Run: [WFDR] C:\Windows\SysWOW64\mfAACEncr.exe O4 - Global Startup: F1U201.401.lnk = ? O4 - Global Startup: Intuit Data Protect.lnk = C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe O4 - Global Startup: McAfee Security Scan Plus.lnk = ? O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe O4 - Global Startup: QuickBooks_Standard_21.lnk = C:\Program Files (x86)\Intuit\QuickBooks 2011\QBW32.EXE O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {6318EFFA-BE57-49EE-830C-C5E1ABD9ECCB} (CAmxVncCtrl Object) - http://192.168.10.30/web/http/AMXG4WebControl.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100 O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files (x86)\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing) O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\mcafee\msc\mcsniepl.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing) O23 - Service: McAfee Online Backup (MOBKbackup) - McAfee, Inc. - C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: QBCFMonitorService - Intuit - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe O23 - Service: QBIDPService (QBVSS) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Updater Service - Acer Group - C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 15347 bytes
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.