Our laptop computer constantly opens pop windows with the following message:
Reminder
Your Computer Is Not Backed Up, Backup Your Files Online Today
FREE Computer Backup Available
The first Malwarebytes scan I ran last week had more than a thousand potentially unwanted programs. I removed them all. The last Malwarebytes scan did not find any problems.
The operating system is Windows XP Home Edition. We do not have access to a Windows Install disc or a Boot CD.
Also "TrustLoke Toolbar" is in the Add or Remove Programs list and cannot be removed.
Steve
--
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.25.2
Run by Britten McDowell at 11:13:46 on 2014-01-04
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1012.565 [GMT -7:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ================
.
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\MyPC Backup\BackupStack.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\PROGRA~1\PANASO~1\LocalCom\lmsrvnt.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\Program Files\Panasonic\MFStation\PCCMFSDM.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MyPC Backup\MyPC Backup.exe
C:\WINDOWS\system32\igfxext.exe
C:\DOCUME~1\BRITTE~1\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uSearch Bar = hxxp://inboxtoolbar.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0609&m=aoa150
mStart Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0609&m=aoa150
uInternet Connection Wizard,ShellNext = iexplore
mSearchAssistant = hxxp://inboxtoolbar.com/search/ie.aspx?tbid=80289
mCustomizeSearch = hxxp://inboxtoolbar.com/help/sa_customize.aspx?tbid=80289
uURLSearchHooks: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - <orphaned>
uURLSearchHooks: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - <orphaned>
uURLSearchHooks: <No Name>: {00A6FAF6-072E-44cf-8957-5838F569A31D} -
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DownloadTerms: {2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} - c:\documents and settings\eli mcdowell\local settings\application data\downloadterms\temp.dat
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: {7736C7FA-512D-11E2-B871-DEC36088709B} - <orphaned>
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.9012.1008\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: My Web Search: {07B18EA9-A523-4961-B6BB-170DE4475CCA} -
TB: My Web Search: {07B18EA9-A523-4961-B6BB-170DE4475CCA} -
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Desk 365] "c:\program files\desk 365\desk365.exe" /autorun
uRun: [Driver Pro] c:\program files\driver pro\DPLauncher.exe
uRun: [RDReminder] c:\program files\regclean pro\RegCleanPro.exe -rem
uRun: [SpeedUpMyPC] "c:\program files\uniblue\speedupmypc\launcher.exe" -d 20000
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil32_11_7_700_224_Plugin.exe -update plugin
mRun: [LaunchApp] Alaunch
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [AzMixerSel] c:\program files\realtek\audio\installshield\AzMixerSel.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [M3000Mnt] Rundll32.exe M3000Rmv.dll ,WinMainRmv /StartStillMnt
mRun: [LManager] c:\progra~1\launch~1\QtZgAcer.EXE
mRun: [eRecoveryService] c:\acer\empowering technology\erecovery\eRAgent.exe
mRun: [Panasonic Device Manager for Multi-Function Station software] c:\program files\panasonic\mfstation\PCCMFSDM.exe
mRun: [Panasonic PCFAX for Multi-Function Station software] c:\program files\panasonic\mfstation\KmPcFax.exe -1
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [MyWebSearch Email Plugin] c:\progra~1\mywebs~1\bar\1.bin\mwsoemon.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [ApnTBMon] "c:\program files\askpartnernetwork\toolbar\updater\TBNotifier.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRun: [SearchProtect] c:\windows\system32\config\systemprofile\application data\searchprotect\bin\cltmng.exe
StartupFolder: c:\docume~1\britte~1\startm~1\programs\startup\mypcba~1.lnk - c:\program files\mypc backup\MyPC Backup.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: &Search - <no file>
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1244859527375
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\31.0.1650.63\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\britten mcdowell\application data\mozilla\firefox\profiles\i7dpjn3u.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/search/search?q={searchTerms}&s_it=sgmao-ff&s_qt=sb&tb_uuid=814ACD5AACA947768C119C20F37B0477&tb_oid=30-10-2013&tb_mrud=09-12-2013
FF - component: c:\documents and settings\britten mcdowell\application data\mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@plpickle.com\components\pptlf.dll
FF - component: c:\documents and settings\britten mcdowell\application data\mozilla\firefox\profiles\i7dpjn3u.default\extensions\{2d922b81-34c7-4aab-9c5d-433e79fc9445}\components\RadioWMPCoreGecko10.dll
FF - component: c:\documents and settings\britten mcdowell\application data\mozilla\firefox\profiles\i7dpjn3u.default\extensions\{2d922b81-34c7-4aab-9c5d-433e79fc9445}\components\RadioWMPCoreGecko11.dll
FF - component: c:\documents and settings\britten mcdowell\application data\mozilla\firefox\profiles\i7dpjn3u.default\extensions\{2d922b81-34c7-4aab-9c5d-433e79fc9445}\components\RadioWMPCoreGecko12.dll
FF - component: c:\documents and settings\britten mcdowell\application data\mozilla\firefox\profiles\i7dpjn3u.default\extensions\{2d922b81-34c7-4aab-9c5d-433e79fc9445}\components\RadioWMPCoreGecko19.dll
FF - component: c:\documents and settings\britten mcdowell\application data\mozilla\firefox\profiles\i7dpjn3u.default\extensions\{2d922b81-34c7-4aab-9c5d-433e79fc9445}\components\RadioWMPCoreGecko5.dll
FF - component: c:\documents and settings\britten mcdowell\application data\mozilla\firefox\profiles\i7dpjn3u.default\extensions\{2d922b81-34c7-4aab-9c5d-433e79fc9445}\components\RadioWMPCoreGecko6.dll
FF - component: c:\documents and settings\britten mcdowell\application data\mozilla\firefox\profiles\i7dpjn3u.default\extensions\{2d922b81-34c7-4aab-9c5d-433e79fc9445}\components\RadioWMPCoreGecko7.dll
FF - component: c:\documents and settings\britten mcdowell\application data\mozilla\firefox\profiles\i7dpjn3u.default\extensions\{2d922b81-34c7-4aab-9c5d-433e79fc9445}\components\RadioWMPCoreGecko8.dll
FF - component: c:\documents and settings\britten mcdowell\application data\mozilla\firefox\profiles\i7dpjn3u.default\extensions\{2d922b81-34c7-4aab-9c5d-433e79fc9445}\components\RadioWMPCoreGecko9.dll
FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlhtml5videoshim.dll
FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlpepperflashvideoshim.dll
FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\npdlplugin.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: c:\program files\mywebsearch\bar\1.bin\NPMYWEBS.DLL
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_224.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - ExtSQL: 2013-12-12 11:41; ext@bettersurfplusv1.com; c:\program files\bettersurf\bettersurfplusv1\ff
FF - ExtSQL: 2013-12-12 12:16; webbooster@iminent.com; c:\documents and settings\britten mcdowell\application data\mozilla\firefox\profiles\i7dpjn3u.default\extensions\webbooster@iminent.com.xpi
FF - ExtSQL: 1969-12-31 17:00; {7affbfae-c4e2-4915-8c0f-00fa3ec610a1}; c:\documents and settings\britten mcdowell\application data\mozilla\firefox\profiles\i7dpjn3u.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
FF - ExtSQL: !HIDDEN! 2009-09-04 06:03; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - ExtSQL: !HIDDEN! 2011-11-08 21:23; m3ffxtbr@mywebsearch.com; c:\program files\mywebsearch\bar\1.bin
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.shownSelectionUI - true
.
FF - user.js: extentions.y2layers.installId - 7d786fdf-a0f6-45a7-96c2-cd83c80d33dd
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - f001c7b100000000000000242b23e7c3
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15937
FF - user.js: extensions.delta.vrsn - 1.8.24.6
FF - user.js: extensions.delta.vrsni - 1.8.24.6
FF - user.js: extensions.delta.vrsnTs - 1.8.24.616:48:19
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - affID=122786&tt=200813_246&tsp=4980
FF - user.js: extensions.delta_i.babExt -
FF - user.js: extensions.delta_i.srcExt - ss
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-8-30 214696]
R2 APNMCP;Ask Update Service;c:\program files\askpartnernetwork\toolbar\apnmcp.exe [2013-12-10 166352]
R2 BackupStack;Computer Backup (MyPC Backup);c:\program files\mypc backup\BackupStack.exe [2013-7-1 32808]
R2 Panasonic Local Printer Service;Panasonic Local Printer Service;c:\progra~1\panaso~1\localcom\lmsrvnt.exe [2009-7-16 36864]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2013-3-6 39056]
R3 M3000Srv;Acer Crystal Eye webcam Driver;c:\windows\system32\drivers\M3000KNT.sys [2008-5-5 151936]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 MyWebSearchService;My Web Search Service;c:\progra~1\mywebs~1\bar\1.bin\mwssvc.exe [2011-4-22 34320]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-1-8 161536]
S2 TorchCrashHandler;Torch Crash Handler;c:\documents and settings\em\local settings\application data\torch\update\torchcrashhandler.exe --> c:\documents and settings\em\local settings\application data\torch\update\TorchCrashHandler.exe [?]
S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2009-6-12 96856]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
.
=============== Created Last 30 ================
.
2014-01-04 17:35:06 -------- d--h--w- c:\windows\PIF
2014-01-04 06:36:05 62576 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{90204e40-6dc3-48df-8408-f9e73dc38c37}\offreg.dll
2014-01-03 07:00:58 7760024 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{90204e40-6dc3-48df-8408-f9e73dc38c37}\mpengine.dll
2014-01-01 22:55:57 7760024 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2014-01-01 22:42:28 -------- d-----w- c:\documents and settings\britten mcdowell\application data\Malwarebytes
2013-12-29 06:38:33 -------- d-----w- c:\windows\system32\MRT
2013-12-28 19:31:47 25088 -c----w- c:\windows\system32\dllcache\hidparse.sys
2013-12-28 18:35:24 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys
2013-12-28 18:18:20 5376 -c----w- c:\windows\system32\dllcache\usbd.sys
2013-12-28 17:51:20 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2013-12-28 17:51:20 3072 ------w- c:\windows\system32\iacenc.dll
2013-12-28 17:16:28 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2013-12-28 06:47:35 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2013-12-28 06:47:30 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-12-28 06:47:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-12-20 18:18:02 22370928 ----a-w- c:\program files\mozilla firefox\xul.dll
2013-12-20 18:18:02 108144 ----a-w- c:\program files\mozilla firefox\webapprt-stub.exe
2013-12-20 18:18:01 872352 ----a-w- c:\program files\mozilla firefox\uninstall\helper.exe
2013-12-20 18:18:01 276592 ----a-w- c:\program files\mozilla firefox\updater.exe
2013-12-20 18:18:01 170960 ----a-w- c:\program files\mozilla firefox\webapp-uninstaller.exe
2013-12-20 18:18:01 153712 ----a-w- c:\program files\mozilla firefox\softokn3.dll
2013-12-20 00:11:35 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2013-12-20 00:08:31 -------- d-----w- c:\program files\iPod
2013-12-20 00:08:04 -------- d-----w- c:\documents and settings\all users\application data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-12-20 00:08:03 -------- d-----w- c:\program files\iTunes
2013-12-20 00:04:52 -------- d-----w- c:\program files\Bonjour
2013-12-19 21:35:05 -------- d-----w- C:\video_out
2013-12-17 03:40:20 -------- d-----w- c:\program files\weDownload
2013-12-14 20:39:18 -------- d-----w- c:\program files\Amazon
2013-12-12 19:05:16 -------- d-----w- c:\documents and settings\britten mcdowell\local settings\application data\InternetHelper3.1
2013-12-09 22:06:35 -------- d-----w- c:\documents and settings\britten mcdowell\local settings\application data\SearchProtect
.
==================== Find3M ====================
.
2013-11-19 10:21:30 230048 ------w- c:\windows\system32\MpSigStub.exe
2013-11-13 02:59:42 150528 ----a-w- c:\windows\system32\imagehlp.dll
2013-11-07 05:38:51 591360 ----a-w- c:\windows\system32\rpcrt4.dll
2013-11-06 01:03:31 7168 ----a-w- c:\windows\system32\xpsp4res.dll
2013-10-30 02:26:17 1879040 ----a-w- c:\windows\system32\win32k.sys
2013-10-23 23:45:49 172032 ----a-w- c:\windows\system32\scrrun.dll
2013-10-12 15:56:19 278528 ----a-w- c:\windows\system32\oakley.dll
2013-10-09 13:12:48 287744 ----a-w- c:\windows\system32\gdi32.dll
2013-10-07 10:59:21 603136 ----a-w- c:\windows\system32\crypt32.dll
.
============= FINISH: 11:14:02.04 ===============
Reminder
Your Computer Is Not Backed Up, Backup Your Files Online Today
FREE Computer Backup Available
The first Malwarebytes scan I ran last week had more than a thousand potentially unwanted programs. I removed them all. The last Malwarebytes scan did not find any problems.
The operating system is Windows XP Home Edition. We do not have access to a Windows Install disc or a Boot CD.
Also "TrustLoke Toolbar" is in the Add or Remove Programs list and cannot be removed.
Steve
--
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.25.2
Run by Britten McDowell at 11:13:46 on 2014-01-04
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1012.565 [GMT -7:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ================
.
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\MyPC Backup\BackupStack.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\PROGRA~1\PANASO~1\LocalCom\lmsrvnt.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\Program Files\Panasonic\MFStation\PCCMFSDM.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MyPC Backup\MyPC Backup.exe
C:\WINDOWS\system32\igfxext.exe
C:\DOCUME~1\BRITTE~1\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uSearch Bar = hxxp://inboxtoolbar.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0609&m=aoa150
mStart Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0609&m=aoa150
uInternet Connection Wizard,ShellNext = iexplore
mSearchAssistant = hxxp://inboxtoolbar.com/search/ie.aspx?tbid=80289
mCustomizeSearch = hxxp://inboxtoolbar.com/help/sa_customize.aspx?tbid=80289
uURLSearchHooks: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - <orphaned>
uURLSearchHooks: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - <orphaned>
uURLSearchHooks: <No Name>: {00A6FAF6-072E-44cf-8957-5838F569A31D} -
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DownloadTerms: {2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} - c:\documents and settings\eli mcdowell\local settings\application data\downloadterms\temp.dat
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: {7736C7FA-512D-11E2-B871-DEC36088709B} - <orphaned>
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.9012.1008\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: My Web Search: {07B18EA9-A523-4961-B6BB-170DE4475CCA} -
TB: My Web Search: {07B18EA9-A523-4961-B6BB-170DE4475CCA} -
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Desk 365] "c:\program files\desk 365\desk365.exe" /autorun
uRun: [Driver Pro] c:\program files\driver pro\DPLauncher.exe
uRun: [RDReminder] c:\program files\regclean pro\RegCleanPro.exe -rem
uRun: [SpeedUpMyPC] "c:\program files\uniblue\speedupmypc\launcher.exe" -d 20000
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil32_11_7_700_224_Plugin.exe -update plugin
mRun: [LaunchApp] Alaunch
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [AzMixerSel] c:\program files\realtek\audio\installshield\AzMixerSel.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [M3000Mnt] Rundll32.exe M3000Rmv.dll ,WinMainRmv /StartStillMnt
mRun: [LManager] c:\progra~1\launch~1\QtZgAcer.EXE
mRun: [eRecoveryService] c:\acer\empowering technology\erecovery\eRAgent.exe
mRun: [Panasonic Device Manager for Multi-Function Station software] c:\program files\panasonic\mfstation\PCCMFSDM.exe
mRun: [Panasonic PCFAX for Multi-Function Station software] c:\program files\panasonic\mfstation\KmPcFax.exe -1
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [MyWebSearch Email Plugin] c:\progra~1\mywebs~1\bar\1.bin\mwsoemon.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [ApnTBMon] "c:\program files\askpartnernetwork\toolbar\updater\TBNotifier.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRun: [SearchProtect] c:\windows\system32\config\systemprofile\application data\searchprotect\bin\cltmng.exe
StartupFolder: c:\docume~1\britte~1\startm~1\programs\startup\mypcba~1.lnk - c:\program files\mypc backup\MyPC Backup.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: &Search - <no file>
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1244859527375
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\31.0.1650.63\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\britten mcdowell\application data\mozilla\firefox\profiles\i7dpjn3u.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/search/search?q={searchTerms}&s_it=sgmao-ff&s_qt=sb&tb_uuid=814ACD5AACA947768C119C20F37B0477&tb_oid=30-10-2013&tb_mrud=09-12-2013
FF - component: c:\documents and settings\britten mcdowell\application data\mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@plpickle.com\components\pptlf.dll
FF - component: c:\documents and settings\britten mcdowell\application data\mozilla\firefox\profiles\i7dpjn3u.default\extensions\{2d922b81-34c7-4aab-9c5d-433e79fc9445}\components\RadioWMPCoreGecko10.dll
FF - component: c:\documents and settings\britten mcdowell\application data\mozilla\firefox\profiles\i7dpjn3u.default\extensions\{2d922b81-34c7-4aab-9c5d-433e79fc9445}\components\RadioWMPCoreGecko11.dll
FF - component: c:\documents and settings\britten mcdowell\application data\mozilla\firefox\profiles\i7dpjn3u.default\extensions\{2d922b81-34c7-4aab-9c5d-433e79fc9445}\components\RadioWMPCoreGecko12.dll
FF - component: c:\documents and settings\britten mcdowell\application data\mozilla\firefox\profiles\i7dpjn3u.default\extensions\{2d922b81-34c7-4aab-9c5d-433e79fc9445}\components\RadioWMPCoreGecko19.dll
FF - component: c:\documents and settings\britten mcdowell\application data\mozilla\firefox\profiles\i7dpjn3u.default\extensions\{2d922b81-34c7-4aab-9c5d-433e79fc9445}\components\RadioWMPCoreGecko5.dll
FF - component: c:\documents and settings\britten mcdowell\application data\mozilla\firefox\profiles\i7dpjn3u.default\extensions\{2d922b81-34c7-4aab-9c5d-433e79fc9445}\components\RadioWMPCoreGecko6.dll
FF - component: c:\documents and settings\britten mcdowell\application data\mozilla\firefox\profiles\i7dpjn3u.default\extensions\{2d922b81-34c7-4aab-9c5d-433e79fc9445}\components\RadioWMPCoreGecko7.dll
FF - component: c:\documents and settings\britten mcdowell\application data\mozilla\firefox\profiles\i7dpjn3u.default\extensions\{2d922b81-34c7-4aab-9c5d-433e79fc9445}\components\RadioWMPCoreGecko8.dll
FF - component: c:\documents and settings\britten mcdowell\application data\mozilla\firefox\profiles\i7dpjn3u.default\extensions\{2d922b81-34c7-4aab-9c5d-433e79fc9445}\components\RadioWMPCoreGecko9.dll
FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlhtml5videoshim.dll
FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlpepperflashvideoshim.dll
FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\npdlplugin.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: c:\program files\mywebsearch\bar\1.bin\NPMYWEBS.DLL
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_224.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - ExtSQL: 2013-12-12 11:41; ext@bettersurfplusv1.com; c:\program files\bettersurf\bettersurfplusv1\ff
FF - ExtSQL: 2013-12-12 12:16; webbooster@iminent.com; c:\documents and settings\britten mcdowell\application data\mozilla\firefox\profiles\i7dpjn3u.default\extensions\webbooster@iminent.com.xpi
FF - ExtSQL: 1969-12-31 17:00; {7affbfae-c4e2-4915-8c0f-00fa3ec610a1}; c:\documents and settings\britten mcdowell\application data\mozilla\firefox\profiles\i7dpjn3u.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
FF - ExtSQL: !HIDDEN! 2009-09-04 06:03; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - ExtSQL: !HIDDEN! 2011-11-08 21:23; m3ffxtbr@mywebsearch.com; c:\program files\mywebsearch\bar\1.bin
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.shownSelectionUI - true
.
FF - user.js: extentions.y2layers.installId - 7d786fdf-a0f6-45a7-96c2-cd83c80d33dd
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - f001c7b100000000000000242b23e7c3
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15937
FF - user.js: extensions.delta.vrsn - 1.8.24.6
FF - user.js: extensions.delta.vrsni - 1.8.24.6
FF - user.js: extensions.delta.vrsnTs - 1.8.24.616:48:19
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - affID=122786&tt=200813_246&tsp=4980
FF - user.js: extensions.delta_i.babExt -
FF - user.js: extensions.delta_i.srcExt - ss
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-8-30 214696]
R2 APNMCP;Ask Update Service;c:\program files\askpartnernetwork\toolbar\apnmcp.exe [2013-12-10 166352]
R2 BackupStack;Computer Backup (MyPC Backup);c:\program files\mypc backup\BackupStack.exe [2013-7-1 32808]
R2 Panasonic Local Printer Service;Panasonic Local Printer Service;c:\progra~1\panaso~1\localcom\lmsrvnt.exe [2009-7-16 36864]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2013-3-6 39056]
R3 M3000Srv;Acer Crystal Eye webcam Driver;c:\windows\system32\drivers\M3000KNT.sys [2008-5-5 151936]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 MyWebSearchService;My Web Search Service;c:\progra~1\mywebs~1\bar\1.bin\mwssvc.exe [2011-4-22 34320]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-1-8 161536]
S2 TorchCrashHandler;Torch Crash Handler;c:\documents and settings\em\local settings\application data\torch\update\torchcrashhandler.exe --> c:\documents and settings\em\local settings\application data\torch\update\TorchCrashHandler.exe [?]
S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2009-6-12 96856]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
.
=============== Created Last 30 ================
.
2014-01-04 17:35:06 -------- d--h--w- c:\windows\PIF
2014-01-04 06:36:05 62576 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{90204e40-6dc3-48df-8408-f9e73dc38c37}\offreg.dll
2014-01-03 07:00:58 7760024 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{90204e40-6dc3-48df-8408-f9e73dc38c37}\mpengine.dll
2014-01-01 22:55:57 7760024 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2014-01-01 22:42:28 -------- d-----w- c:\documents and settings\britten mcdowell\application data\Malwarebytes
2013-12-29 06:38:33 -------- d-----w- c:\windows\system32\MRT
2013-12-28 19:31:47 25088 -c----w- c:\windows\system32\dllcache\hidparse.sys
2013-12-28 18:35:24 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys
2013-12-28 18:18:20 5376 -c----w- c:\windows\system32\dllcache\usbd.sys
2013-12-28 17:51:20 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2013-12-28 17:51:20 3072 ------w- c:\windows\system32\iacenc.dll
2013-12-28 17:16:28 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2013-12-28 06:47:35 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2013-12-28 06:47:30 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-12-28 06:47:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-12-20 18:18:02 22370928 ----a-w- c:\program files\mozilla firefox\xul.dll
2013-12-20 18:18:02 108144 ----a-w- c:\program files\mozilla firefox\webapprt-stub.exe
2013-12-20 18:18:01 872352 ----a-w- c:\program files\mozilla firefox\uninstall\helper.exe
2013-12-20 18:18:01 276592 ----a-w- c:\program files\mozilla firefox\updater.exe
2013-12-20 18:18:01 170960 ----a-w- c:\program files\mozilla firefox\webapp-uninstaller.exe
2013-12-20 18:18:01 153712 ----a-w- c:\program files\mozilla firefox\softokn3.dll
2013-12-20 00:11:35 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2013-12-20 00:08:31 -------- d-----w- c:\program files\iPod
2013-12-20 00:08:04 -------- d-----w- c:\documents and settings\all users\application data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-12-20 00:08:03 -------- d-----w- c:\program files\iTunes
2013-12-20 00:04:52 -------- d-----w- c:\program files\Bonjour
2013-12-19 21:35:05 -------- d-----w- C:\video_out
2013-12-17 03:40:20 -------- d-----w- c:\program files\weDownload
2013-12-14 20:39:18 -------- d-----w- c:\program files\Amazon
2013-12-12 19:05:16 -------- d-----w- c:\documents and settings\britten mcdowell\local settings\application data\InternetHelper3.1
2013-12-09 22:06:35 -------- d-----w- c:\documents and settings\britten mcdowell\local settings\application data\SearchProtect
.
==================== Find3M ====================
.
2013-11-19 10:21:30 230048 ------w- c:\windows\system32\MpSigStub.exe
2013-11-13 02:59:42 150528 ----a-w- c:\windows\system32\imagehlp.dll
2013-11-07 05:38:51 591360 ----a-w- c:\windows\system32\rpcrt4.dll
2013-11-06 01:03:31 7168 ----a-w- c:\windows\system32\xpsp4res.dll
2013-10-30 02:26:17 1879040 ----a-w- c:\windows\system32\win32k.sys
2013-10-23 23:45:49 172032 ----a-w- c:\windows\system32\scrrun.dll
2013-10-12 15:56:19 278528 ----a-w- c:\windows\system32\oakley.dll
2013-10-09 13:12:48 287744 ----a-w- c:\windows\system32\gdi32.dll
2013-10-07 10:59:21 603136 ----a-w- c:\windows\system32\crypt32.dll
.
============= FINISH: 11:14:02.04 ===============