Member Avatar for sampson

Computer Has been acting funky. Sluggish. MSE will not update. So I ran MBA-M and it found some nasties. I then decided to come and get some help. Using safe mode to run the required test. I am having a hard time posting on this site. So I may post each log into a separate part of this thread...sorry

Item 1.
MBA-M original scan I did before coming here

Malwarebytes Anti-Malware (PRO) 1.70.0.1100
www.malwarebytes.org

Database version: v2012.12.29.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Jimmy :: JIMANDLISA [administrator]

Protection: Enabled

12/28/2012 9:41:26 PM
mbam-log-2012-12-28 (21-41-26).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 349809
Time elapsed: 1 hour(s), 4 minute(s), 8 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 5
C:\Documents and Settings\Jimmy\wgsdgsdgdsgsd.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jimmy\Application Data\Sun\Java\Deployment\cache\6.0\20\5b548e94-39ca25b8 (Trojan.Exploitdrop.AW) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jimmy\Application Data\Uguz\vibiu.exe (Trojan.Exploitdrop.AW) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jimmy\Local Settings\Temp\tmp9260c66b\statsreaderfix.exe (Spyware.Password) -> Quarantined and deleted successfully.
C:\System Volume Information_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP767\A0109058.exe (Trojan.Exploitdrop.AW) -> Quarantined and deleted successfully.

(end)

  • 1 Contributor
  • 4 Replies
  • 122 Views
  • 1 Hour Discussion Span
  • Latest Post Latest Post by sampson
Member Avatar for sampson

MBA-M Scan after following instructions here:

Malwarebytes Anti-Malware (PRO) 1.70.0.1100
www.malwarebytes.org

Database version: v2012.12.30.09

Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.6001.18702
Jimmy :: JIMANDLISA [administrator]

Protection: Disabled

12/30/2012 2:18:32 PM
mbam-log-2012-12-30 (14-18-32).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 347821
Time elapsed: 24 minute(s), 55 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Member Avatar for sampson

GMER Log 1:
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-12-29 20:58:53
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD5000AAKS-75A7B0 rev.01.03B01
Running: 45s2wigj.exe; Driver: C:\DOCUME~1\Jimmy\LOCALS~1\Temp\awliqkow.sys

---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

GMER Log 2:
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-12-30 14:15:25
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD5000AAKS-75A7B0 rev.01.03B01
Running: 45s2wigj.exe; Driver: C:\DOCUME~1\Jimmy\LOCALS~1\Temp\awliqkow.sys

---- System - GMER 1.0.15 ----

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xF764787E]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xF7647BFE]

---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)
Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)

AttachedDevice fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@PendingFileRenameOperations ????e:??????6a??? ?????????????????????g??????????\e?????????W???????????3??????????? ?????????????????????g????????N?Lo????Se???????&???????????m???e??awliqkow?e???????????t???s???????????l?????sng???????????0??sm??LegacyDriver?e????N??????t????DJim??{8ECC055D-047F-11D1-A537-0000F8753ED1}?Doc??? ???????S?????gs\??awliqkow? ??????????????Bi??? ?????????????????????g??????????gs?????f??????????? ?????????????????????g??????????me?????f??????????? ?????????????????????g??????????mp?????f??????????ts and Settings\Jimmy\Local Settings\temp\Bit14.tmp??\??\C:\Documents and Settings\Jimmy\Local Settings\temp\Bit15.tmp??\??\C:\Documents and Settings\Jimmy\Local Settings\temp\Bit15B.tmp??\??\C:\Documents and Settings\Jimmy\Local Settings\temp\Bit16.tmp??\??\C:\Documents and Settings\Jimmy\Local Settings\temp\Bit191.tmp??\??\C:\Documents and Settings\Jimmy\Local Settings\temp\Bit193.tmp??\??\C:\Documents and Settings\Jimmy\Local Settings\temp\Bit1B.tmp??\??\C:\Documents and Settings\Jimmy\Local Settings\temp\Bit1C.tmp

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\Jimmy\My Documents\My documents\New Folder\Lisa Skiiing 3-28-03\Lisa Skiiing-wachusettes 3-28-03\Lisa Skiiing-wachusettes 3-28-03\Lisa Skiiing-wachusettes 3-28-03\Lisa Skiiing-wachusettes 3-28-03\Lisa Skiiing-wachusettes 3-28-03\LISASK~1\DSC00915.JPG 1327442 bytes
File C:\Documents and Settings\Jimmy\My Documents\My documents\New Folder\Lisa Skiiing 3-28-03\Lisa Skiiing-wachusettes 3-28-03\Lisa Skiiing-wachusettes 3-28-03\Lisa Skiiing-wachusettes 3-28-03\Lisa Skiiing-wachusettes 3-28-03\Lisa Skiiing-wachusettes 3-28-03\LISASK~1\DSC00916.JPG 1335657 bytes
File C:\Documents and Settings\Jimmy\My Documents\My documents\New Folder\Lisa Skiiing 3-28-03\Lisa Skiiing-wachusettes 3-28-03\Lisa Skiiing-wachusettes 3-28-03\Lisa Skiiing-wachusettes 3-28-03\Lisa Skiiing-wachusettes 3-28-03\Lisa Skiiing-wachusettes 3-28-03\LISASK~1\DSC00917.JPG 1461070 bytes
File C:\Documents and Settings\Jimmy\My Documents\My documents\New Folder\Lisa Skiiing 3-28-03\Lisa Skiiing-wachusettes 3-28-03\Lisa Skiiing-wachusettes 3-28-03\Lisa Skiiing-wachusettes 3-28-03\Lisa Skiiing-wachusettes 3-28-03\Lisa Skiiing-wachusettes 3-28-03\LISASK~1\DSC00918.JPG 1459958 bytes
File C:\Documents and Settings\Jimmy\My Documents\My documents\New Folder\Lisa Skiiing 3-28-03\Lisa Skiiing-wachusettes 3-28-03\Lisa Skiiing-wachusettes 3-28-03\Lisa Skiiing-wachusettes 3-28-03\Lisa Skiiing-wachusettes 3-28-03\Lisa Skiiing-wachusettes 3-28-03\LISASK~1\DSC00919.JPG 1434180 bytes
File C:\Documents and Settings\Jimmy\My Documents\My documents\New Folder\Lisa Skiiing 3-28-03\Lisa Skiiing-wachusettes 3-28-03\Lisa Skiiing-wachusettes 3-28-03\Lisa Skiiing-wachusettes 3-28-03\Lisa Skiiing-wachusettes 3-28-03\Lisa Skiiing-wachusettes 3-28-03\LISASK~1\DSC00920.JPG 1346856 bytes
File C:\Documents and Settings\Jimmy\My Documents\My documents\New Folder\Lisa Skiiing 3-28-03\Lisa Skiiing-wachusettes 3-28-03\Lisa Skiiing-wachusettes 3-28-03\Lisa Skiiing-wachusettes 3-28-03\Lisa Skiiing-wachusettes 3-28-03\Lisa Skiiing-wachusettes 3-28-03\LISASK~1\DSC00921.JPG 1348112 bytes
File C:\Documents and Settings\Jimmy\My Documents\My documents\New Folder\Lisa Skiiing 3-28-03\Lisa Skiiing-wachusettes 3-28-03\Lisa Skiiing-wachusettes 3-28-03\Lisa Skiiing-wachusettes 3-28-03\Lisa Skiiing-wachusettes 3-28-03\Lisa Skiiing-wachusettes 3-28-03\LISASK~1\DSC00922.JPG 1429567 bytes
File C:\Documents and Settings\Jimmy\My Documents\My documents\New Folder\Lisa Skiiing 3-28-03\Lisa Skiiing-wachusettes 3-28-03\Lisa Skiiing-wachusettes 3-28-03\Lisa Skiiing-wachusettes 3-28-03\Lisa Skiiing-wachusettes 3-28-03\Lisa Skiiing-wachusettes 3-28-03\LISASK~1\DSC00923.JPG 1484807 bytes
File C:\Documents and Settings\Jimmy\My Documents\My documents\New Folder\Lisa Skiiing 3-28-03\Lisa Skiiing-wachusettes 3-28-03\Lisa Skiiing-wachusettes 3-28-03\Lisa Skiiing-wachusettes 3-28-03\Lisa Skiiing-wachusettes 3-28-03\Lisa Skiiing-wachusettes 3-28-03\LISASK~1\DSC00924.JPG 1503984 bytes
File C:\Documents and Settings\Jimmy\My Documents\My documents\New Folder\Lisa Skiiing 3-28-03\Lisa Skiiing-wachusettes 3-28-03\Lisa Skiiing-wachusettes 3-28-03\Lisa Skiiing-wachusettes 3-28-03\Lisa Skiiing-wachusettes 3-28-03\Lisa Skiiing-wachusettes 3-28-03\LISASK~1\DSC00925.JPG 1405536 bytes
File C:\Documents and Settings\Jimmy\My Documents\My documents\New Folder\Lisa Skiiing 3-28-03\Lisa Skiiing-wachusettes 3-28-03\Lisa Skiiing-wachusettes 3-28-03\Lisa Skiiing-wachusettes 3-28-03\Lisa Skiiing-wachusettes 3-28-03\Lisa Skiiing-wachusettes 3-28-03\LISASK~1\DSC00926.JPG 1464739 bytes
File C:\Documents and Settings\Jimmy\My Documents\My documents\New Folder\Lisa Skiiing 3-28-03\Lisa Skiiing-wachusettes 3-28-03\Lisa Skiiing-wachusettes 3-28-03\Lisa Skiiing-wachusettes 3-28-03\Lisa Skiiing-wachusettes 3-28-03\Lisa Skiiing-wachusettes 3-28-03\LISASK~1\DSC00927.JPG 1417769 bytes
File C:\Documents and Settings\Jimmy\My Documents\My documents\New Folder\Lisa Skiiing 3-28-03\Lisa Skiiing-wachusettes 3-28-03\Lisa Skiiing-wachusettes 3-28-03\Lisa Skiiing-wachusettes 3-28-03\Lisa Skiiing-wachusettes 3-28-03\Lisa Skiiing-wachusettes 3-28-03\LISASK~1\DSC00929.JPG 1342407 bytes
File C:\Documents and Settings\Jimmy\My Documents\My documents\New Folder\Lisa Skiiing 3-28-03\Lisa Skiiing-wachusettes 3-28-03\Lisa Skiiing-wachusettes 3-28-03\Lisa Skiiing-wachusettes 3-28-03\Lisa Skiiing-wachusettes 3-28-03\Lisa Skiiing-wachusettes 3-28-03\LISASK~1\DSC00930.JPG 1348259 bytes
File C:\Documents and Settings\Jimmy\My Documents\My documents\New Folder\Lisa Skiiing 3-28-03\Lisa Skiiing-wachusettes 3-28-03\Lisa Skiiing-wachusettes 3-28-03\Lisa Skiiing-wachusettes 3-28-03\Lisa Skiiing-wachusettes 3-28-03\Lisa Skiiing-wachusettes 3-28-03\LISASK~1\DSC00931.JPG 1367207 bytes
File C:\Documents and Settings\Jimmy\My Documents\My documents\New Folder\Lisa Skiiing 3-28-03\Lisa Skiiing-wachusettes 3-28-03\Lisa Skiiing-wachusettes 3-28-03\Lisa Skiiing-wachusettes 3-28-03\Lisa Skiiing-wachusettes 3-28-03\Lisa Skiiing-wachusettes 3-28-03\LISASK~1\DSC00932.JPG 1381538 bytes
File C:\Documents and Settings\Jimmy\My Documents\My documents\New Folder\Lisa Skiiing 3-28-03\Lisa Skiiing-wachusettes 3-28-03\Lisa Skiiing-wachusettes 3-28-03\Lisa Skiiing-wachusettes 3-28-03\Lisa Skiiing-wachusettes 3-28-03\Lisa Skiiing-wachusettes 3-28-03\LISASK~1\DSC00933.JPG 1419540 bytes
File C:\Documents and Settings\Jimmy\My Documents\My documents\New Folder\Lisa Skiiing 3-28-03\Lisa Skiiing-wachusettes 3-28-03\Lisa Skiiing-wachusettes 3-28-03\Lisa Skiiing-wachusettes 3-28-03\Lisa Skiiing-wachusettes 3-28-03\Lisa Skiiing-wachusettes 3-28-03\LISASK~1\DSC00934.JPG 1404449 bytes
File C:\Documents and Settings\Jimmy\My Documents\My documents\New Folder\Lisa Skiiing 3-28-03\Lisa Skiiing-wachusettes 3-28-03\Lisa Skiiing-wachusettes 3-28-03\Lisa Skiiing-wachusettes 3-28-03\Lisa Skiiing-wachusettes 3-28-03\Lisa Skiiing-wachusettes 3-28-03\LISASK~1\DSC00935.JPG 1441633 bytes

---- EOF - GMER 1.0.15 ----

Member Avatar for sampson

i cannot seem to copy/past DDS logs. Site tells me I am using the wrong code snippet???

Member Avatar for sampson 
DDS (Ver_2012-11-20.01) - NTFS_x86 NETWORK
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 1.6.0_30
Run by Jimmy at 15:59:08 on 2012-12-30
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3061.2545 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ================
.
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1081222
uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1081222
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - <orphaned>
BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\program files\dell\bae\BAE.dll
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - <orphaned>
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [cdloader] "c:\documents and settings\jimmy\application data\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [Microsoft Works Update Detection] ?\WkDetect.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\jimmy\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\realte~1.lnk - c:\program files\realtek\rtl8187 wireless lan utility\RtWLan.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000
IE: Free YouTube to Mp3 Converter - c:\documents and settings\jimmy\application data\dvdvideosoftiehelpers\youtubetomp3.htm
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1232279814357
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{32F15BCD-E4A8-451A-9825-58215822E7E6} : DHCPNameServer = 192.168.1.1
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\jimmy\application data\mozilla\firefox\profiles\umsuer3h.default\
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - plugin: c:\documents and settings\jimmy\application data\mozilla\firefox\profiles\umsuer3h.default\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Garmin Communicator: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E} - %profile%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-12-30 64288]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2010-12-30 101720]
S0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 193552]
S2 ALIEHCD;ALi PCI to USB Enhanced Host Controller;c:\windows\system32\drivers\AliEhci.sys [2009-1-25 112835]
S2 Amazon Download Agent;Amazon Download Agent;c:\program files\amazon\amazon games & software downloader\AmazonGSDownloaderService.exe [2010-2-4 401920]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2012-6-13 38144]
S2 HPFECP11;HPFECP11;c:\windows\system32\drivers\HPFecp11.sys [1999-5-3 52800]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2011-8-25 13672]
S2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2009-3-14 10384]
S2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-9-21 398184]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-5-9 682344]
S2 NovacomD;Palm Novacom;c:\program files\palm, inc\novacomd\x86\novacomd.exe [2011-3-15 61440]
S2 VBoxDRV;PortableVBoxDRV;\??\f:\virtualbox\portable-virtualbox\app32\drivers\vboxdrv\vboxdrv.sys --> f:\virtualbox\portable-virtualbox\app32\drivers\vboxdrv\VBoxDrv.sys [?]
S2 VBoxUSBMon;PortableVBoxUSBMon;\??\f:\virtualbox\portable-virtualbox\app32\drivers\usb\filter\vboxusbmon.sys --> f:\virtualbox\portable-virtualbox\app32\drivers\usb\filter\VBoxUSBMon.sys [?]
S3 aliroothub;USB 2.0 Root Hub;c:\windows\system32\drivers\AliRtHub.sys [2009-1-25 5325]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-5-9 21104]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\rtl8187.sys [2012-6-13 332928]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-12-26 23:49:57 6812136 ----a-w-    c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{53b678b0-1555-4e73-bd01-4c36ab2e7341}\mpengine.dll
2012-12-26 23:40:44 --------    d-----w-    c:\documents and settings\jimmy\application data\Viaf
2012-12-26 23:40:44 --------    d-----w-    c:\documents and settings\jimmy\application data\Tepu
2012-12-26 23:40:44 --------    d-----w-    c:\documents and settings\jimmy\application data\Qyrimo
2012-12-26 15:40:26 --------    d-----w-    c:\documents and settings\jimmy\application data\Zeziq
2012-12-26 15:40:26 --------    d-----w-    c:\documents and settings\jimmy\application data\Ufgu
2012-12-26 15:40:26 --------    d-----w-    c:\documents and settings\jimmy\application data\Amdatu
2012-12-26 07:40:09 --------    d-----w-    c:\documents and settings\jimmy\application data\Uvafqi
2012-12-26 07:40:09 --------    d-----w-    c:\documents and settings\jimmy\application data\Ihysg
2012-12-26 07:40:09 --------    d-----w-    c:\documents and settings\jimmy\application data\Azby
2012-12-25 23:39:52 --------    d-----w-    c:\documents and settings\jimmy\application data\Peveaf
2012-12-25 23:39:52 --------    d-----w-    c:\documents and settings\jimmy\application data\Ekyl
2012-12-25 23:39:52 --------    d-----w-    c:\documents and settings\jimmy\application data\Cerom
2012-12-23 02:36:45 --------    d-----w-    c:\documents and settings\jimmy\application data\Xauwqy
2012-12-23 02:36:45 --------    d-----w-    c:\documents and settings\jimmy\application data\Ryyn
2012-12-23 02:36:45 --------    d-----w-    c:\documents and settings\jimmy\application data\Nuko
2012-12-22 18:36:24 --------    d-----w-    c:\documents and settings\jimmy\application data\Uxuhdy
2012-12-22 18:36:24 --------    d-----w-    c:\documents and settings\jimmy\application data\Siym
2012-12-22 18:36:24 --------    d-----w-    c:\documents and settings\jimmy\application data\Koqyzu
2012-12-22 02:35:41 --------    d-----w-    c:\documents and settings\jimmy\application data\Ykyfa
2012-12-22 02:35:41 --------    d-----w-    c:\documents and settings\jimmy\application data\Vopae
2012-12-22 02:35:41 --------    d-----w-    c:\documents and settings\jimmy\application data\Mahibu
2012-12-21 18:35:23 --------    d-----w-    c:\documents and settings\jimmy\application data\Tuyl
2012-12-21 18:35:23 --------    d-----w-    c:\documents and settings\jimmy\application data\Suokpa
2012-12-21 18:35:23 --------    d-----w-    c:\documents and settings\jimmy\application data\Koigy
2012-12-21 10:35:15 --------    d-----w-    c:\documents and settings\jimmy\application data\Ymfoa
2012-12-21 10:35:15 --------    d-----w-    c:\documents and settings\jimmy\application data\Olur
2012-12-21 10:35:14 --------    d-----w-    c:\documents and settings\jimmy\application data\Ildofu
2012-12-21 02:35:03 --------    d-----w-    c:\documents and settings\jimmy\application data\Uxme
2012-12-21 02:35:03 --------    d-----w-    c:\documents and settings\jimmy\application data\Rufi
2012-12-21 02:35:03 --------    d-----w-    c:\documents and settings\jimmy\application data\Ixem
2012-12-19 10:44:04 --------    d-----w-    c:\documents and settings\jimmy\application data\Vuda
2012-12-19 10:44:04 --------    d-----w-    c:\documents and settings\jimmy\application data\Uguz
2012-12-19 10:44:04 --------    d-----w-    c:\documents and settings\jimmy\application data\Piahb
2012-12-19 10:43:05 --------    d-----w-    c:\documents and settings\jimmy\application data\Umym
2012-12-19 10:43:05 --------    d-----w-    c:\documents and settings\jimmy\application data\Umxe
2012-12-19 10:43:05 --------    d-----w-    c:\documents and settings\jimmy\application data\Avver
2012-12-17 22:00:11 6812136 ----a-w-    c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
.
==================== Find3M  ====================
.
2012-12-14 21:49:28 21104   ----a-w-    c:\windows\system32\drivers\mbam.sys
2012-11-13 11:20:36 1875456 ----a-w-    c:\windows\system32\win32k.sys
2012-11-06 00:41:17 290560  ----a-w-    c:\windows\system32\atmfd.dll
2012-11-02 02:02:42 375296  ----a-w-    c:\windows\system32\dpnet.dll
2012-11-01 12:17:54 916992  ----a-w-    c:\windows\system32\wininet.dll
2012-11-01 12:17:54 43520   ------w-    c:\windows\system32\licmgr10.dll
2012-11-01 12:17:54 1469440 ------w-    c:\windows\system32\inetcpl.cpl
2012-11-01 00:35:34 385024  ------w-    c:\windows\system32\html.iec
2012-10-02 18:04:21 58368   ----a-w-    c:\windows\system32\synceng.dll
.
============= FINISH: 15:59:49.65 ===============
Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.