• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1177
  • Last Modified:

IE8 and Firefox Hijack

Hi Experts
I have a browser that has been hijacked. Can someone look at this log and suggest something?
Thanks in Advance


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:55:46 PM, on 10/11/2011
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16839)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Citrix\GoToMeeting\799\g2mstart.exe
C:\Program Files (x86)\Capture Express\capexp.exe
C:\ProgramData\webex\MyWebEx\419\mwmPad.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Windows\V0350Mon.exe
C:\Program Files (x86)\Citrix\GoToMeeting\799\g2mcomm.exe
C:\Program Files (x86)\Citrix\GoToMeeting\799\g2mlauncher.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\timg\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111011111334.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SAOB Monitor] C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [V0350Mon.exe] C:\Windows\V0350Mon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\timg\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [appMobilelink] rundll32.exe "C:\Users\timg\AppData\Local\DirectGLdrm\appMobilelink.dll",advUserserv kbdGLserv
O4 - HKCU\..\Run: [GoToMeeting] "C:\Program Files (x86)\Citrix\GoToMeeting\799\g2mstart.exe" "/Trigger RunAtLogon"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Capture Express.lnk = C:\Program Files (x86)\Capture Express\capexp.exe
O4 - Global Startup: Start WebEx MeetMeNow.lnk = ?
O9 - Extra button: Start WebEx MeetMeNow - {F5AD6CC5-776C-4DBB-B38F-F5404A3582F3} - C:\ProgramData\webex\MyWebEx\419\mwmie.dll
O9 - Extra 'Tools' menuitem: Start WebEx MeetMeNow - {F5AD6CC5-776C-4DBB-B38F-F5404A3582F3} - C:\ProgramData\webex\MyWebEx\419\mwmie.dll
O16 - DPF: {00000035-9593-4264-8B29-930B3E4EDCCD} (HPVirtualRooms35 Class) - https://www.rooms.hp.com/vRoom_Cab/WebHPVCInstall35.cab
O16 - DPF: {1241F20B-0688-45A5-ADB2-208AFE4A5DDC} (iGoldMine) - http://goldmine/plugins/igm-activex.cab
O16 - DPF: {33415AC7-AFFA-4D55-B41C-C64C0D07DFCA} (Hewlett-Packard Printer Diagnostics) - http://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISWebManager.CAB
O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} (Cisco AnyConnect VPN Client Web Control) - https://64.6.49.26/CACHE/stc/1/binaries/vpnweb.cab
O16 - DPF: {705EC6D4-B138-4079-A307-EF13E4889A82} (CSD ActiveX Installer) - https://64.6.49.26/CACHE/sdesktop/install/binaries/instweb.cab
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = myco.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = myco.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = myco.com
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\mcafee\msc\mcsniepl.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Acronis Nonstop Backup Service (afcdpsrv) - Acronis - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
O23 - Service: McAfee Online Backup (MOBKbackup) - McAfee, Inc. - C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: Cisco AnyConnect VPN Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12467 bytes
0
GetRdone
Asked:
GetRdone
  • 4
  • 4
  • 3
  • +1
1 Solution
 
GMGeniusCommented:
Hi, I suggest you just download and run Malware Bytes

Its very good at this sort of thing
0
 
younghvCommented:
GetRdone,
Have you used any tools/scanners to try to repair this (other than McAfee) and could you give us some more details about the site redirection?

There are 3 basic steps that apply to most malware situations as described in this EE Article:
Stop-the-Bleeding-First-Aid-for-Malware

If you want to use those tools and then post the resultant logs, we can take a look at them and recommend some other actions.
0
 
younghvCommented:
Hi GMGenius,
As good as Malwarebytes is, it is no longer feasible to simply "download and run" it (or any other scanner). Depending on the malware variant, there are a number of other steps and/or programs you need to run before trying to use it.
0
 
rpggamergirlCommented:
Have you also scanned with TDSSKiller?  and also Combofix and show us the logfiles.
http://support.kaspersky.com/viruses/solutions?qid=208280684


ComboFix:(You need to disable your antivirus while scanning with combofix.)
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
0
 
GMGeniusCommented:
@younghv  Totally understand but that is always my first suggestion, you have to start somewhere and its always worked for me.
0
 
GetRdoneAuthor Commented:
Thanks for the responses. Maybe I'm confused, I thought the Hijack this logs would give me data that someone could analyze.  The browsers Firefox and IE oftern gets redirected to www.topusaprizes.com
and others like it from a Google search results link. You won a prize etc...

Is the Hijack this log useless? Is there software that would do this automatically?

Thanks again


0
 
younghvCommented:
Many years ago HijackThis (HJT) was a brilliant piece of work. The creator (known as Merjin) sold the rights to it to Trend, but they did not hire him to manage it.

He has since taken his talents over to Malwarebytes and is part of the develper team over there.

HJT is not maintained/developed as it could/should be, so the value of the logs is quite limited. An example is the last 50% or so of your report. All of the 023 entries end with "file missing", simply because no one has improved HJT to the point of reading 64 bit OS's.

Please have a read of the EE Article I mentioned above and run the applications listed. I'd be glad to answer any other questions you have.
0
 
rpggamergirlCommented:
As younghv had mentioned HijackThis hasn't been having major updates(just minor ones) since it changed hands and is no longer an excellent diagnostic tool because a lot of nasties can now hide from its scan.

There are other diagnostic tools out there that are also good like Runscanner, some tools like combofix also generate a log which can really help.
Another diagnostic tool which is like a replacement for Hijackthis is OTL.exe. It' very similar to Hijackthis and does a lot more, the author had stated it's a Hijackthis on steroid.

OTL Tutorial:
http://www.geekstogo.com/forum/topic/277391-otl-tutorial-how-to-use-oldtimer-listit/


If google searches are redirected then try TDSSKiller, there's an article for it here.
“Google Hijack” — Google Search Gets Redirected
http://www.experts-exchange.com/Virus_and_Spyware/Latest_Threats/A_3299-Google-Hijack-Google-Search-Gets-Redirected.html
0
 
GetRdoneAuthor Commented:
I downloaded Malwarebytes and this may have done the trick. It found and disabled a Trojan.BlurInit.sgen that my AV did not locate. I will update and award points in a couple of days when I confirm this did the trick.
Thanks to all for the assistance!
0
 
younghvCommented:
GetRdone,
Please re-consider your actions.

It is very common for the 'symptoms' to be removed, but not the underlying malware.

Malwarebytes is a fantastic applications, but it does not (nothing does) provide 100% detection and removal of all malware variants.

Please run the programs that 'rpggamergirl' and I have suggested and post the logs that are generated. Whenever you are trying to resolve malware infections, it is much better to be safe than sorry.
0
 
GetRdoneAuthor Commented:
OK Here it is
Thanks in Advance.

ComboFix 11-10-11.02 - timg 10/13/2011  20:03:50.1.4 - x64
Microsoft Windows 7 Professional   6.1.7600.0.1252.1.1033.18.6005.4491 [GMT -5:00]
Running from: c:\users\timg\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\timg\g2mdlhlpx.exe
c:\users\timg\GoToAssistDownloadHelper.exe
c:\windows\MSXML4-KB973685-ENU.EXE
c:\windows\MSXML4-KB973688-ENU.EXE
D:\Autorun.inf
.
.
(((((((((((((((((((((((((   Files Created from 2011-09-14 to 2011-10-14  )))))))))))))))))))))))))))))))
.
.
2011-10-12 19:35 . 2011-10-12 19:35      --------      d-----w-      c:\users\timg\AppData\Roaming\Malwarebytes
2011-10-12 19:35 . 2011-10-12 19:35      --------      d-----w-      c:\programdata\Malwarebytes
2011-10-12 19:35 . 2011-08-31 22:00      25416      ----a-w-      c:\windows\system32\drivers\mbam.sys
2011-10-12 19:35 . 2011-10-12 19:35      --------      d-----w-      c:\program files (x86)\Malwarebytes' Anti-Malware
2011-10-11 23:55 . 2011-10-12 00:23      --------      d-----w-      c:\programdata\Spybot - Search & Destroy
2011-10-11 23:55 . 2011-10-11 23:55      --------      d-----w-      c:\program files (x86)\Spybot - Search & Destroy
2011-10-11 23:43 . 2011-10-11 23:43      --------      d-----w-      c:\programdata\NortonInstaller
2011-10-11 23:16 . 2011-10-11 23:16      --------      d-----w-      c:\programdata\Citrix
2011-10-11 23:09 . 2011-10-11 23:09      --------      d-----w-      c:\users\timg\AppData\Local\Citrix
2011-10-11 23:01 . 2011-10-11 23:01      --------      d-----w-      c:\users\timg\AppData\Roaming\McAfee
2011-10-11 16:13 . 2011-10-06 21:42      28504      ----a-w-      c:\program files (x86)\Mozilla Firefox\distribution\bundles\{D19CA586-DD6C-4a0a-96F8-14644F340D60}\components\scriptff.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-11 22:24 . 2011-06-21 11:22      414368      ----a-w-      c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-08-15 15:00 . 2010-05-15 19:00      9984      ----a-w-      c:\windows\system32\drivers\mfeclnk.sys
2011-08-15 15:00 . 2010-05-15 18:59      75672      ----a-w-      c:\windows\system32\drivers\mfenlfk.sys
2011-08-15 15:00 . 2010-05-15 18:59      65128      ----a-w-      c:\windows\system32\drivers\cfwids.sys
2011-08-15 15:00 . 2010-05-15 18:59      481504      ----a-w-      c:\windows\system32\drivers\mfefirek.sys
2011-08-15 15:00 . 2010-05-15 18:59      283744      ----a-w-      c:\windows\system32\drivers\mfewfpk.sys
2011-08-15 15:00 . 2010-05-15 18:59      228752      ----a-w-      c:\windows\system32\drivers\mfeavfk.sys
2011-08-15 15:00 . 2010-05-15 18:59      100904      ----a-w-      c:\windows\system32\drivers\mferkdet.sys
2011-08-15 15:00 . 2010-01-05 23:04      642824      ----a-w-      c:\windows\system32\drivers\mfehidk.sys
2011-08-15 15:00 . 2010-01-05 23:04      158584      ----a-w-      c:\windows\system32\drivers\mfeapfk.sys
2011-07-22 05:35 . 2011-08-20 20:54      1638912      ----a-w-      c:\windows\system32\mshtml.tlb
2011-07-22 04:56 . 2011-08-20 20:54      1638912      ----a-w-      c:\windows\SysWow64\mshtml.tlb
2011-07-16 05:26 . 2011-08-20 20:54      362496      ----a-w-      c:\windows\system32\wow64win.dll
2011-07-16 05:26 . 2011-08-20 20:54      243200      ----a-w-      c:\windows\system32\wow64.dll
2011-07-16 05:26 . 2011-08-20 20:54      13312      ----a-w-      c:\windows\system32\wow64cpu.dll
2011-07-16 05:26 . 2011-08-20 20:54      214528      ----a-w-      c:\windows\system32\winsrv.dll
2011-07-16 05:24 . 2011-08-20 20:54      16384      ----a-w-      c:\windows\system32\ntvdm64.dll
2011-07-16 05:21 . 2011-08-20 20:54      422400      ----a-w-      c:\windows\system32\KernelBase.dll
2011-07-16 05:17 . 2011-08-20 20:54      338432      ----a-w-      c:\windows\system32\conhost.exe
2011-07-16 05:04 . 2011-08-20 20:54      5120      ---ha-w-      c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-07-16 05:04 . 2011-08-20 20:54      4608      ---ha-w-      c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 05:04 . 2011-08-20 20:54      4608      ---ha-w-      c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-16 05:04 . 2011-08-20 20:54      4096      ---ha-w-      c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-16 05:04 . 2011-08-20 20:54      4096      ---ha-w-      c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-07-16 05:04 . 2011-08-20 20:54      3584      ---ha-w-      c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-16 05:04 . 2011-08-20 20:54      3584      ---ha-w-      c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-16 05:04 . 2011-08-20 20:54      3584      ---ha-w-      c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-07-16 05:04 . 2011-08-20 20:54      3584      ---ha-w-      c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-16 05:04 . 2011-08-20 20:54      3072      ---ha-w-      c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 05:04 . 2011-08-20 20:54      3072      ---ha-w-      c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-16 05:04 . 2011-08-20 20:54      3072      ---ha-w-      c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-07-16 05:04 . 2011-08-20 20:54      3072      ---ha-w-      c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-07-16 05:04 . 2011-08-20 20:54      3072      ---ha-w-      c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-16 05:04 . 2011-08-20 20:54      3072      ---ha-w-      c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-16 05:04 . 2011-08-20 20:54      3072      ---ha-w-      c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-07-16 05:04 . 2011-08-20 20:54      6144      ---ha-w-      c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-16 05:04 . 2011-08-20 20:54      4096      ---ha-w-      c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-16 05:04 . 2011-08-20 20:54      4096      ---ha-w-      c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-07-16 05:04 . 2011-08-20 20:54      3584      ---ha-w-      c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-16 05:04 . 2011-08-20 20:54      3584      ---ha-w-      c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-07-16 05:04 . 2011-08-20 20:54      3584      ---ha-w-      c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-07-16 05:04 . 2011-08-20 20:54      3072      ---ha-w-      c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-07-16 05:04 . 2011-08-20 20:54      3072      ---ha-w-      c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-07-16 05:04 . 2011-08-20 20:54      3072      ---ha-w-      c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-07-16 05:04 . 2011-08-20 20:54      3072      ---ha-w-      c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-07-16 05:04 . 2011-08-20 20:54      3072      ---ha-w-      c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-07-16 05:04 . 2011-08-20 20:54      3072      ---ha-w-      c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-07-16 04:36 . 2011-08-20 20:54      14336      ----a-w-      c:\windows\SysWow64\ntvdm64.dll
2011-07-16 04:32 . 2011-08-20 20:54      44032      ----a-w-      c:\windows\apppatch\acwow64.dll
2011-07-16 04:31 . 2011-08-20 20:54      25600      ----a-w-      c:\windows\SysWow64\setup16.exe
2011-07-16 04:30 . 2011-08-20 20:54      5120      ----a-w-      c:\windows\SysWow64\wow32.dll
2011-07-16 04:30 . 2011-08-20 20:54      272384      ----a-w-      c:\windows\SysWow64\KernelBase.dll
2011-07-16 04:19 . 2011-08-20 20:54      5120      ---ha-w-      c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2011-07-16 04:19 . 2011-08-20 20:54      4608      ---ha-w-      c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-16 04:19 . 2011-08-20 20:54      4096      ---ha-w-      c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-16 04:19 . 2011-08-20 20:54      4096      ---ha-w-      c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2011-07-16 04:19 . 2011-08-20 20:54      3584      ---ha-w-      c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-16 04:19 . 2011-08-20 20:54      3584      ---ha-w-      c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-16 04:19 . 2011-08-20 20:54      3584      ---ha-w-      c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-16 04:19 . 2011-08-20 20:54      3072      ---ha-w-      c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2011-07-16 04:19 . 2011-08-20 20:54      3072      ---ha-w-      c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2011-07-16 04:19 . 2011-08-20 20:54      3072      ---ha-w-      c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-16 04:19 . 2011-08-20 20:54      3072      ---ha-w-      c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
2011-07-16 04:19 . 2011-08-20 20:54      4096      ---ha-w-      c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-16 04:19 . 2011-08-20 20:54      4096      ---ha-w-      c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2011-07-16 04:19 . 2011-08-20 20:54      4096      ---ha-w-      c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2011-07-16 04:19 . 2011-08-20 20:54      3584      ---ha-w-      c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-16 04:19 . 2011-08-20 20:54      3584      ---ha-w-      c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2011-07-16 04:19 . 2011-08-20 20:54      3584      ---ha-w-      c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2011-07-16 04:19 . 2011-08-20 20:54      3072      ---ha-w-      c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-16 04:19 . 2011-08-20 20:54      3072      ---ha-w-      c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2011-07-16 04:19 . 2011-08-20 20:54      3072      ---ha-w-      c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2011-07-16 04:19 . 2011-08-20 20:54      3072      ---ha-w-      c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
2011-07-16 04:19 . 2011-08-20 20:54      3072      ---ha-w-      c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
2011-07-16 04:19 . 2011-08-20 20:54      3072      ---ha-w-      c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
2011-07-16 04:19 . 2011-08-20 20:54      3072      ---ha-w-      c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
2011-07-16 02:26 . 2011-08-20 20:54      7680      ----a-w-      c:\windows\SysWow64\instnm.exe
2011-07-16 02:26 . 2011-08-20 20:54      2048      ----a-w-      c:\windows\SysWow64\user.exe
2011-07-16 02:21 . 2011-08-20 20:54      4608      ---ha-w-      c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:21 . 2011-08-20 20:54      3072      ---ha-w-      c:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-07-16 02:21 . 2011-08-20 20:54      6144      ---ha-w-      c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:21 . 2011-08-20 20:54      3584      ---ha-w-      c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"GoToMeeting"="c:\program files (x86)\Citrix\GoToMeeting\799\g2mstart.exe" [2011-09-19 39816]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [2009-06-10 244208]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-09-10 1671824]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"SAOB Monitor"="c:\program files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe" [2010-11-16 2536448]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2011-02-02 5546376]
"V0350Mon.exe"="c:\windows\V0350Mon.exe" [2007-08-23 28672]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Start WebEx MeetMeNow.lnk - c:\programdata\webex\MyWebEx\419\mwmPad.exe [2010-11-18 435528]
.
c:\users\timg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Capture Express.lnk - c:\program files (x86)\Capture Express\capexp.exe [2011-2-14 5373952]
Start WebEx MeetMeNow.lnk - c:\programdata\webex\MyWebEx\419\mwmPad.exe [2010-11-18 435528]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2009-06-10 309744]
R2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2009-06-10 166384]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-10 1124848]
R3 VF0350Afx;VF0350 Audio FX;c:\windows\system32\Drivers\V0350Afx.sys [x]
R3 VF0350Vfx;VF0350 Video FX;c:\windows\system32\DRIVERS\V0350VFx.sys [x]
R3 VF0350Vid;Live! Cam Video IM (VF0350);c:\windows\system32\DRIVERS\V0350Vid.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S1 MOBKFilter;MOBKFilter;c:\windows\system32\DRIVERS\MOBK.sys [x]
S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2011-03-05 3246040]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-08-19 208272]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2011-08-19 158832]
S2 MOBKbackup;McAfee Online Backup;c:\program files (x86)\McAfee Online Backup\MOBKbackup.exe [2010-02-06 231224]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-12-09 2320920]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-12-17 497856]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-825038239-1614952098-6498272-1004Core.job
- c:\users\timg\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-27 18:44]
.
2011-10-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-825038239-1614952098-6498272-1004UA.job
- c:\users\timg\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-27 18:44]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]
@="{3c3f3c1a-9153-7c05-f938-622e7003894d}"
[HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]
2010-02-06 02:14      3816248      ----a-w-      c:\program files (x86)\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]
@="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"
[HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]
2010-02-06 02:14      3816248      ----a-w-      c:\program files (x86)\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]
@="{b4caf489-1eec-c617-49ad-8d7088598c06}"
[HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]
2010-02-06 02:14      3816248      ----a-w-      c:\program files (x86)\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-22 8306208]
"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2010-12-06 390728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
Trusted Zone: internet
Trusted Zone: mcafee.com
TCP: DhcpNameServer = 216.195.100.100 216.195.101.101
DPF: {1241F20B-0688-45A5-ADB2-208AFE4A5DDC} - hxxp://goldmine/plugins/igm-activex.cab
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://64.6.49.26/CACHE/stc/1/binaries/vpnweb.cab
FF - ProfilePath - c:\users\timg\AppData\Roaming\Mozilla\Firefox\Profiles\tlfdyy17.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Office Black: Office2007Black@JBBS - %profile%\extensions\Office2007Black@JBBS
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Solar Eclipse - eclipse - c:\windows\system32\javaws.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.bin
.
**************************************************************************
.
Completion time: 2011-10-13  20:11:52 - machine was rebooted
ComboFix-quarantined-files.txt  2011-10-14 01:11
.
Pre-Run: 387,008,393,216 bytes free
Post-Run: 386,945,785,856 bytes free
.
- - End Of File - - 87966E5A4C60B8847AC60A080E6A53C7
0
 
GetRdoneAuthor Commented:
Thanks for the assistance!
0
 
rpggamergirlCommented:
My apology for not being here.....
I was mostly offline for weeks, sorry.
0
  • 4
  • 4
  • 3
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now