Recently my email account (I access via yahoo mail) was hijacked. Somehow the culprit was able to access all my contacts and send an email from me to my contacts, with a link to a fraudulent company called Canadian Pharmacy. I Googled this firm and found many others have been victimized.
It also appears that the same culprit is actually reading my emails as my emails show as read before I actually read them. my email is [email protected]
I have contacted banks to shut down online access to accounts.
I have a netbook ...so no boot or recovery disc.
Thanks so much for the help, you guys are great...Larry Miller
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_24
Run by Larry Miller at 17:30:41 on 2012-01-08
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.341 [GMT -8:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\real\realplayer\update\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\WebCam\M3000\M3000Mnt.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\System32\ping.exe
C:\WINDOWS\system32\NOTEPAD.EXE
.
============== Pseudo HJT Report ===============
.
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - c:\program files\youtube downloader toolbar\ie\4.6\youtubedownloaderToolbarIE.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7018.1622\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - c:\program files\youtube downloader toolbar\ie\4.6\youtubedownloaderToolbarIE.dll
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo layers\YontooIEClient.dll
TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
TB: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - c:\program files\youtube downloader toolbar\ie\4.6\youtubedownloaderToolbarIE.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [M3000Mnt] Rundll32.exe M3000Rmv.dll ,WinMainRmv /StartStillMnt
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVWSzItQUxZTUYtU0xLTFUtQVoyVUItNkdPS0ItSkhGTkg"&"inst=NzctNDczNDY4MTYzLUtWMys3LVQzLUZQOSs2LUJBUjlHKzEtVEI5KzItRkwrOS1GMTBNKzUtWDIwMTArMi1RSVgxKzQtRjEwTTEwRCsx"&"prod=90"&"ver=10.0.1187
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
mPolicies-explorer: <NO NAME> =
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{0BB62A1A-34D2-4F74-9E0F-0F976318A993} : DhcpNameServer = 192.168.0.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\larry miller\application data\mozilla\firefox\profiles\gll9k20f.default\
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - component: c:\documents and settings\larry miller\application data\mozilla\firefox\profiles\gll9k20f.default\extensions\{22e03916-85c5-44b0-8dc9-1830c11238d9}\components\RadioWMPCoreGecko19.dll
FF - component: c:\documents and settings\larry miller\application data\mozilla\firefox\profiles\gll9k20f.default\extensions\{22e03916-85c5-44b0-8dc9-1830c11238d9}\components\RadioWMPCoreGecko5.dll
FF - component: c:\documents and settings\larry miller\application data\mozilla\firefox\profiles\gll9k20f.default\extensions\{22e03916-85c5-44b0-8dc9-1830c11238d9}\components\RadioWMPCoreGecko6.dll
FF - component: c:\documents and settings\larry miller\application data\mozilla\firefox\profiles\gll9k20f.default\extensions\{22e03916-85c5-44b0-8dc9-1830c11238d9}\components\RadioWMPCoreGecko7.dll
FF - component: c:\documents and settings\larry miller\application data\mozilla\firefox\profiles\gll9k20f.default\extensions\{22e03916-85c5-44b0-8dc9-1830c11238d9}\components\RadioWMPCoreGecko8.dll
FF - component: c:\documents and settings\larry miller\application data\mozilla\firefox\profiles\gll9k20f.default\extensions\{22e03916-85c5-44b0-8dc9-1830c11238d9}\components\RadioWMPCoreGecko9.dll
FF - component: c:\documents and settings\larry miller\application data\mozilla\firefox\profiles\gll9k20f.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\RadioWMPCoreGecko19.dll
FF - component: c:\documents and settings\larry miller\application data\mozilla\firefox\profiles\gll9k20f.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\RadioWMPCoreGecko5.dll
FF - component: c:\documents and settings\larry miller\application data\mozilla\firefox\profiles\gll9k20f.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\RadioWMPCoreGecko6.dll
FF - component: c:\documents and settings\larry miller\application data\mozilla\firefox\profiles\gll9k20f.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\RadioWMPCoreGecko7.dll
FF - component: c:\documents and settings\larry miller\application data\mozilla\firefox\profiles\gll9k20f.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\RadioWMPCoreGecko8.dll
FF - component: c:\documents and settings\larry miller\application data\mozilla\firefox\profiles\gll9k20f.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\RadioWMPCoreGecko9.dll
FF - component: c:\documents and settings\larry miller\application data\mozilla\firefox\profiles\gll9k20f.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko19.dll
FF - component: c:\documents and settings\larry miller\application data\mozilla\firefox\profiles\gll9k20f.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko5.dll
FF - component: c:\documents and settings\larry miller\application data\mozilla\firefox\profiles\gll9k20f.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko6.dll
FF - component: c:\documents and settings\larry miller\application data\mozilla\firefox\profiles\gll9k20f.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko7.dll
FF - component: c:\documents and settings\larry miller\application data\mozilla\firefox\profiles\gll9k20f.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko8.dll
FF - component: c:\documents and settings\larry miller\application data\mozilla\firefox\profiles\gll9k20f.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko9.dll
FF - component: c:\documents and settings\larry miller\application data\mozilla\firefox\profiles\gll9k20f.default\extensions\[email protected]\components\RadioWMPCore.dll
FF - component: c:\documents and settings\larry miller\application data\mozilla\firefox\profiles\gll9k20f.default\extensions\[email protected]\components\RadioWMPCoreGecko19.dll
FF - component: c:\program files\common files\spigot\wtxpcom\components\WidgiToolbarFF.dll
FF - component: c:\program files\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\components\BRNstFF.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\larry miller\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\larry miller\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\larry miller\local settings\application data\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: ScanQuery: {DE9265D8-D55D-4286-9DC4-F8D8A0CA2F64} - c:\program files\mozilla firefox\extensions\{DE9265D8-D55D-4286-9DC4-F8D8A0CA2F64}
FF - Ext: Conduit Engine : [email protected] - %profile%\extensions\[email protected]
FF - Ext: Yontoo Layers: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Search Toolbar: [email protected] - %profile%\extensions\[email protected]
FF - Ext: vShare: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Elf 1 Community Toolbar: {22e03916-85c5-44b0-8dc9-1830c11238d9} - %profile%\extensions\{22e03916-85c5-44b0-8dc9-1830c11238d9}
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Ext: myBabylon EnglishBB Community Toolbar: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - %profile%\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}
FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: ShopperReports: [email protected] - c:\program files\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions
FF - Ext: ClickPotatoLite Component: [email protected] - c:\program files\clickpotatolite\bin\10.0.673.0\firefox\extensions
FF - Ext: Java Quick Starter: [email protected] - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\Ext
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R1 MpKslb26c3598;MpKslb26c3598;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5009b75d-4249-4536-8f1b-c7acfee797d9}\MpKslb26c3598.sys [2012-1-8 29904]
R2 FlipShareServer;FlipShare Server;c:\program files\flip video\flipshareserver\FlipShareServer.exe [2010-12-15 1085440]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2009-3-3 38912]
R3 M3000Srv;USB2.0 UVC WebCam Driver;c:\windows\system32\drivers\M3000KNT.sys [2009-6-5 145408]
S1 cfroihtm;cfroihtm;\??\c:\windows\system32\drivers\cfroihtm.sys --> c:\windows\system32\drivers\cfroihtm.sys [?]
S1 MpKsl111a0165;MpKsl111a0165;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{6e4dc1c5-07b3-40d0-9191-b00c1e067212}\mpksl111a0165.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{6e4dc1c5-07b3-40d0-9191-b00c1e067212}\MpKsl111a0165.sys [?]
S1 MpKsl6fc223d0;MpKsl6fc223d0;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e425ce1b-679a-4996-820a-8272e1fe6be0}\mpksl6fc223d0.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e425ce1b-679a-4996-820a-8272e1fe6be0}\MpKsl6fc223d0.sys [?]
S1 MpKsl87bfc085;MpKsl87bfc085;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1f52a797-51c0-4218-882d-f60ee488900f}\mpksl87bfc085.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1f52a797-51c0-4218-882d-f60ee488900f}\MpKsl87bfc085.sys [?]
S1 otrtmhhi;otrtmhhi;\??\c:\windows\system32\drivers\otrtmhhi.sys --> c:\windows\system32\drivers\otrtmhhi.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-11-30 136176]
S2 RS_Service;Raw Socket Service;c:\program files\acer\acer vcm\RS_Service.exe [2009-3-11 237568]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-3-11 1684736]
S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [2009-9-7 2944]
S3 BrSerWDM;Brother WDM Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [2009-9-7 60416]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\BrUsbMdm.sys [2009-9-7 11008]
S3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [2009-9-7 10368]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-11-30 136176]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\rts5121.sys --> c:\windows\system32\drivers\RTS5121.sys [?]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\drivers\rts516xir.sys --> c:\windows\system32\drivers\Rts516xIR.sys [?]
UnknownUnknown sijponzr;sijponzr; [x]
.
=============== Created Last 30 ================
.
2012-01-08 20:49:58 -------- d-----w- c:\documents and settings\all users\application data\McAfee Security Scan
2012-01-08 20:49:53 -------- d-----w- c:\program files\McAfee Security Scan
2012-01-08 18:34:21 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5009b75d-4249-4536-8f1b-c7acfee797d9}\MpKslb26c3598.sys
2012-01-08 18:34:16 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5009b75d-4249-4536-8f1b-c7acfee797d9}\offreg.dll
2012-01-08 16:43:13 6823496 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5009b75d-4249-4536-8f1b-c7acfee797d9}\mpengine.dll
2012-01-06 16:26:16 719832 ----a-w- c:\program files\mozilla firefox\mozcpp19.dll
2012-01-05 03:57:26 25560 ----a-w- c:\program files\mozilla firefox\components\browserdirprovider.dll
2012-01-05 03:57:26 140760 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2012-01-05 03:57:25 67032 ----a-w- c:\program files\mozilla firefox\plugins\npnul32.dll
2012-01-05 03:57:24 849368 ----a-w- c:\program files\mozilla firefox\js3250.dll
2012-01-05 03:57:24 719832 ----a-w- c:\program files\mozilla firefox\mozcrt19.dll
2012-01-05 03:57:24 505816 ----a-w- c:\program files\mozilla firefox\sqlite3.dll
2012-01-05 03:44:24 43992 ----a-w- c:\program files\mozilla firefox\mozutils.dll
2011-12-27 04:05:59 -------- d-----w- c:\documents and settings\larry miller\application data\RealNetworks
2011-12-24 20:23:23 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-12-24 20:23:23 -------- d-----w- c:\windows\system32\wbem\Repository
.
==================== Find3M ====================
.
2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 18:10:00 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-11-18 18:10:00 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-31 23:43:21 832512 ----a-w- c:\windows\system32\wininet.dll
2011-10-31 23:43:21 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-10-31 23:43:21 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2011-10-31 23:43:20 17408 ----a-w- c:\windows\system32\corpol.dll
2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:37:08 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52:02 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-19 03:15:05 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-18 11:13:22 186880 ----a-w- c:\windows\system32\encdec.dll
.
============= FINISH: 17:31:24.42 ===============
It also appears that the same culprit is actually reading my emails as my emails show as read before I actually read them. my email is [email protected]
I have contacted banks to shut down online access to accounts.
I have a netbook ...so no boot or recovery disc.
Thanks so much for the help, you guys are great...Larry Miller
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_24
Run by Larry Miller at 17:30:41 on 2012-01-08
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.341 [GMT -8:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\real\realplayer\update\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\WebCam\M3000\M3000Mnt.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\System32\ping.exe
C:\WINDOWS\system32\NOTEPAD.EXE
.
============== Pseudo HJT Report ===============
.
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - c:\program files\youtube downloader toolbar\ie\4.6\youtubedownloaderToolbarIE.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7018.1622\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - c:\program files\youtube downloader toolbar\ie\4.6\youtubedownloaderToolbarIE.dll
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo layers\YontooIEClient.dll
TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
TB: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - c:\program files\youtube downloader toolbar\ie\4.6\youtubedownloaderToolbarIE.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [M3000Mnt] Rundll32.exe M3000Rmv.dll ,WinMainRmv /StartStillMnt
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVWSzItQUxZTUYtU0xLTFUtQVoyVUItNkdPS0ItSkhGTkg"&"inst=NzctNDczNDY4MTYzLUtWMys3LVQzLUZQOSs2LUJBUjlHKzEtVEI5KzItRkwrOS1GMTBNKzUtWDIwMTArMi1RSVgxKzQtRjEwTTEwRCsx"&"prod=90"&"ver=10.0.1187
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
mPolicies-explorer: <NO NAME> =
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{0BB62A1A-34D2-4F74-9E0F-0F976318A993} : DhcpNameServer = 192.168.0.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\larry miller\application data\mozilla\firefox\profiles\gll9k20f.default\
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - component: c:\documents and settings\larry miller\application data\mozilla\firefox\profiles\gll9k20f.default\extensions\{22e03916-85c5-44b0-8dc9-1830c11238d9}\components\RadioWMPCoreGecko19.dll
FF - component: c:\documents and settings\larry miller\application data\mozilla\firefox\profiles\gll9k20f.default\extensions\{22e03916-85c5-44b0-8dc9-1830c11238d9}\components\RadioWMPCoreGecko5.dll
FF - component: c:\documents and settings\larry miller\application data\mozilla\firefox\profiles\gll9k20f.default\extensions\{22e03916-85c5-44b0-8dc9-1830c11238d9}\components\RadioWMPCoreGecko6.dll
FF - component: c:\documents and settings\larry miller\application data\mozilla\firefox\profiles\gll9k20f.default\extensions\{22e03916-85c5-44b0-8dc9-1830c11238d9}\components\RadioWMPCoreGecko7.dll
FF - component: c:\documents and settings\larry miller\application data\mozilla\firefox\profiles\gll9k20f.default\extensions\{22e03916-85c5-44b0-8dc9-1830c11238d9}\components\RadioWMPCoreGecko8.dll
FF - component: c:\documents and settings\larry miller\application data\mozilla\firefox\profiles\gll9k20f.default\extensions\{22e03916-85c5-44b0-8dc9-1830c11238d9}\components\RadioWMPCoreGecko9.dll
FF - component: c:\documents and settings\larry miller\application data\mozilla\firefox\profiles\gll9k20f.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\RadioWMPCoreGecko19.dll
FF - component: c:\documents and settings\larry miller\application data\mozilla\firefox\profiles\gll9k20f.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\RadioWMPCoreGecko5.dll
FF - component: c:\documents and settings\larry miller\application data\mozilla\firefox\profiles\gll9k20f.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\RadioWMPCoreGecko6.dll
FF - component: c:\documents and settings\larry miller\application data\mozilla\firefox\profiles\gll9k20f.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\RadioWMPCoreGecko7.dll
FF - component: c:\documents and settings\larry miller\application data\mozilla\firefox\profiles\gll9k20f.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\RadioWMPCoreGecko8.dll
FF - component: c:\documents and settings\larry miller\application data\mozilla\firefox\profiles\gll9k20f.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\RadioWMPCoreGecko9.dll
FF - component: c:\documents and settings\larry miller\application data\mozilla\firefox\profiles\gll9k20f.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko19.dll
FF - component: c:\documents and settings\larry miller\application data\mozilla\firefox\profiles\gll9k20f.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko5.dll
FF - component: c:\documents and settings\larry miller\application data\mozilla\firefox\profiles\gll9k20f.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko6.dll
FF - component: c:\documents and settings\larry miller\application data\mozilla\firefox\profiles\gll9k20f.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko7.dll
FF - component: c:\documents and settings\larry miller\application data\mozilla\firefox\profiles\gll9k20f.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko8.dll
FF - component: c:\documents and settings\larry miller\application data\mozilla\firefox\profiles\gll9k20f.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko9.dll
FF - component: c:\documents and settings\larry miller\application data\mozilla\firefox\profiles\gll9k20f.default\extensions\[email protected]\components\RadioWMPCore.dll
FF - component: c:\documents and settings\larry miller\application data\mozilla\firefox\profiles\gll9k20f.default\extensions\[email protected]\components\RadioWMPCoreGecko19.dll
FF - component: c:\program files\common files\spigot\wtxpcom\components\WidgiToolbarFF.dll
FF - component: c:\program files\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\components\BRNstFF.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\larry miller\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\larry miller\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\larry miller\local settings\application data\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: ScanQuery: {DE9265D8-D55D-4286-9DC4-F8D8A0CA2F64} - c:\program files\mozilla firefox\extensions\{DE9265D8-D55D-4286-9DC4-F8D8A0CA2F64}
FF - Ext: Conduit Engine : [email protected] - %profile%\extensions\[email protected]
FF - Ext: Yontoo Layers: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Search Toolbar: [email protected] - %profile%\extensions\[email protected]
FF - Ext: vShare: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Elf 1 Community Toolbar: {22e03916-85c5-44b0-8dc9-1830c11238d9} - %profile%\extensions\{22e03916-85c5-44b0-8dc9-1830c11238d9}
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Ext: myBabylon EnglishBB Community Toolbar: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - %profile%\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}
FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: ShopperReports: [email protected] - c:\program files\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions
FF - Ext: ClickPotatoLite Component: [email protected] - c:\program files\clickpotatolite\bin\10.0.673.0\firefox\extensions
FF - Ext: Java Quick Starter: [email protected] - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\Ext
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R1 MpKslb26c3598;MpKslb26c3598;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5009b75d-4249-4536-8f1b-c7acfee797d9}\MpKslb26c3598.sys [2012-1-8 29904]
R2 FlipShareServer;FlipShare Server;c:\program files\flip video\flipshareserver\FlipShareServer.exe [2010-12-15 1085440]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2009-3-3 38912]
R3 M3000Srv;USB2.0 UVC WebCam Driver;c:\windows\system32\drivers\M3000KNT.sys [2009-6-5 145408]
S1 cfroihtm;cfroihtm;\??\c:\windows\system32\drivers\cfroihtm.sys --> c:\windows\system32\drivers\cfroihtm.sys [?]
S1 MpKsl111a0165;MpKsl111a0165;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{6e4dc1c5-07b3-40d0-9191-b00c1e067212}\mpksl111a0165.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{6e4dc1c5-07b3-40d0-9191-b00c1e067212}\MpKsl111a0165.sys [?]
S1 MpKsl6fc223d0;MpKsl6fc223d0;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e425ce1b-679a-4996-820a-8272e1fe6be0}\mpksl6fc223d0.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e425ce1b-679a-4996-820a-8272e1fe6be0}\MpKsl6fc223d0.sys [?]
S1 MpKsl87bfc085;MpKsl87bfc085;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1f52a797-51c0-4218-882d-f60ee488900f}\mpksl87bfc085.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1f52a797-51c0-4218-882d-f60ee488900f}\MpKsl87bfc085.sys [?]
S1 otrtmhhi;otrtmhhi;\??\c:\windows\system32\drivers\otrtmhhi.sys --> c:\windows\system32\drivers\otrtmhhi.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-11-30 136176]
S2 RS_Service;Raw Socket Service;c:\program files\acer\acer vcm\RS_Service.exe [2009-3-11 237568]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-3-11 1684736]
S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [2009-9-7 2944]
S3 BrSerWDM;Brother WDM Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [2009-9-7 60416]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\BrUsbMdm.sys [2009-9-7 11008]
S3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [2009-9-7 10368]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-11-30 136176]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\rts5121.sys --> c:\windows\system32\drivers\RTS5121.sys [?]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\drivers\rts516xir.sys --> c:\windows\system32\drivers\Rts516xIR.sys [?]
UnknownUnknown sijponzr;sijponzr; [x]
.
=============== Created Last 30 ================
.
2012-01-08 20:49:58 -------- d-----w- c:\documents and settings\all users\application data\McAfee Security Scan
2012-01-08 20:49:53 -------- d-----w- c:\program files\McAfee Security Scan
2012-01-08 18:34:21 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5009b75d-4249-4536-8f1b-c7acfee797d9}\MpKslb26c3598.sys
2012-01-08 18:34:16 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5009b75d-4249-4536-8f1b-c7acfee797d9}\offreg.dll
2012-01-08 16:43:13 6823496 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5009b75d-4249-4536-8f1b-c7acfee797d9}\mpengine.dll
2012-01-06 16:26:16 719832 ----a-w- c:\program files\mozilla firefox\mozcpp19.dll
2012-01-05 03:57:26 25560 ----a-w- c:\program files\mozilla firefox\components\browserdirprovider.dll
2012-01-05 03:57:26 140760 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2012-01-05 03:57:25 67032 ----a-w- c:\program files\mozilla firefox\plugins\npnul32.dll
2012-01-05 03:57:24 849368 ----a-w- c:\program files\mozilla firefox\js3250.dll
2012-01-05 03:57:24 719832 ----a-w- c:\program files\mozilla firefox\mozcrt19.dll
2012-01-05 03:57:24 505816 ----a-w- c:\program files\mozilla firefox\sqlite3.dll
2012-01-05 03:44:24 43992 ----a-w- c:\program files\mozilla firefox\mozutils.dll
2011-12-27 04:05:59 -------- d-----w- c:\documents and settings\larry miller\application data\RealNetworks
2011-12-24 20:23:23 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-12-24 20:23:23 -------- d-----w- c:\windows\system32\wbem\Repository
.
==================== Find3M ====================
.
2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 18:10:00 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-11-18 18:10:00 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-31 23:43:21 832512 ----a-w- c:\windows\system32\wininet.dll
2011-10-31 23:43:21 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-10-31 23:43:21 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2011-10-31 23:43:20 17408 ----a-w- c:\windows\system32\corpol.dll
2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:37:08 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52:02 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-19 03:15:05 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-18 11:13:22 186880 ----a-w- c:\windows\system32\encdec.dll
.
============= FINISH: 17:31:24.42 ===============
