dixiechs88

Members
  • Content count

    41
  • Joined

  • Last visited

About dixiechs88

  • Rank
    New Member
  1. they appear to be great! i am sorry for my late replies, i have been on and off work
  2. Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.08.19.05 Windows Vista Service Pack 2 x64 NTFS Internet Explorer 9.0.8112.16421 Amy :: TOP-BRASS [administrator] 8/19/2013 1:53:33 PM mbam-log-2013-08-19 (13-53-33).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 224083 Time elapsed: 4 minute(s), 15 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  3. Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.08.16.04 Windows Vista Service Pack 2 x64 NTFS Internet Explorer 9.0.8112.16421 Amy :: TOP-BRASS [administrator] 8/19/2013 9:49:49 AM mbam-log-2013-08-19 (09-49-49).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 223137 Time elapsed: 6 minute(s), 29 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  4. the mbam log seemed wierd... 2013/08/16 09:53:52 -0500 TOP-BRASS Amy MESSAGE Starting database refresh 2013/08/16 09:54:12 -0500 TOP-BRASS
  5. C:\Program Files (x86)\ConservativeTalkNow_4nEI\Installr\1.bin\4nEIPlug.dll Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined C:\Program Files (x86)\ConservativeTalkNow_4nEI\Installr\1.bin\4nEZSETP.dll a variant of Win32/Toolbar.MyWebSearch.Q application cleaned by deleting - quarantined C:\Program Files (x86)\ConservativeTalkNow_4nEI\Installr\1.bin\NP4nEISb.dll Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined C:\Users\Amy\AppData\Roaming\1O1L1I1PtF1F1C1N\Adobe Reader Free Download Packages\uninstaller.exe a variant of Win32/InstallCore.AZ application cleaned by deleting - quarantined C:\Users\Amy\Desktop\fix files\Setup.exe a variant of Win32/Adware.iBryte.G application cleaned by deleting - quarantined 2013/08/16 09:53:52 -0500 TOP-BRASS Amy MESSAGE Starting database refresh 2013/08/16 09:54:12 -0500 TOP-BRASS
  6. ComboFix 13-08-14.02 - Amy 08/15/2013 13:43:12.3.4 - x64 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.7934.5874 [GMT -5:00] Running from: c:\users\Amy\Desktop\ComboFix.exe Command switches used :: c:\users\Amy\Desktop\CFScript.txt AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892} FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9} SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2013-07-15 to 2013-08-15 ))))))))))))))))))))))))))))))) . . 2013-08-15 19:01 . 2013-08-15 19:01 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp 2013-08-15 19:01 . 2013-08-15 19:01 -------- d-----w- c:\users\Public\AppData\Local\temp 2013-08-15 19:01 . 2013-08-15 19:01 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-08-15 15:01 . 2013-08-15 19:01 -------- d-----w- c:\users\Amy\AppData\Local\temp 2013-08-09 17:57 . 2013-08-09 17:57 -------- d-----w- c:\users\Amy\AppData\Local\SwvUpdater 2013-08-09 17:22 . 2013-08-09 17:22 -------- d-----w- c:\windows\ERUNT 2013-08-07 14:33 . 2013-08-07 14:33 -------- d-----w- c:\users\Amy\AppData\Local\Windows Live 2013-08-06 15:37 . 2013-08-06 15:37 -------- d-----w- c:\windows\SysWow64\syncdb 2013-08-06 14:56 . 2013-08-06 14:56 -------- d-----w- c:\users\Amy\AppData\Roaming\1O1L1I1PtF1F1C1N 2013-07-30 16:01 . 2013-07-30 16:05 -------- d-----w- c:\windows\system32\MRT 2013-07-30 08:02 . 2013-07-30 08:02 -------- d-----w- C:\74bf217706d79f526b8726bf6b . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-06-24 05:57 . 2006-11-02 12:35 78277128 ----a-w- c:\windows\system32\mrt.exe 2013-06-11 19:09 . 2012-04-09 13:50 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-06-11 19:09 . 2011-09-12 13:20 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-06-04 02:03 . 2013-07-11 14:00 2775040 ----a-w- c:\windows\system32\win32k.sys 2013-06-01 04:19 . 2013-07-11 14:01 619008 ----a-w- c:\windows\system32\qedit.dll 2013-06-01 04:06 . 2013-07-11 14:01 505344 ----a-w- c:\windows\SysWow64\qedit.dll 2013-05-29 06:15 . 2013-07-12 08:04 17829376 ----a-w- c:\windows\system32\mshtml.dll 2013-05-29 05:50 . 2013-07-12 08:04 10926080 ----a-w- c:\windows\system32\ieframe.dll 2013-05-29 05:43 . 2013-07-12 08:04 2312704 ----a-w- c:\windows\system32\jscript9.dll 2013-05-29 05:36 . 2013-07-12 08:04 1346560 ----a-w- c:\windows\system32\urlmon.dll 2013-05-29 05:35 . 2013-07-12 08:04 1392128 ----a-w- c:\windows\system32\wininet.dll 2013-05-29 05:34 . 2013-07-12 08:04 1494528 ----a-w- c:\windows\system32\inetcpl.cpl 2013-05-29 05:33 . 2013-07-12 08:04 237056 ----a-w- c:\windows\system32\url.dll 2013-05-29 05:31 . 2013-07-12 08:04 85504 ----a-w- c:\windows\system32\jsproxy.dll 2013-05-29 05:29 . 2013-07-12 08:04 173056 ----a-w- c:\windows\system32\ieUnatt.exe 2013-05-29 05:29 . 2013-07-12 08:04 816640 ----a-w- c:\windows\system32\jscript.dll 2013-05-29 05:29 . 2013-07-12 08:04 599040 ----a-w- c:\windows\system32\vbscript.dll 2013-05-29 05:27 . 2013-07-12 08:04 729088 ----a-w- c:\windows\system32\msfeeds.dll 2013-05-29 05:27 . 2013-07-12 08:04 2147840 ----a-w- c:\windows\system32\iertutil.dll 2013-05-29 05:25 . 2013-07-12 08:04 96768 ----a-w- c:\windows\system32\mshtmled.dll 2013-05-29 05:25 . 2013-07-12 08:04 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2013-05-29 05:18 . 2013-07-12 08:04 248320 ----a-w- c:\windows\system32\ieui.dll 2013-05-29 01:50 . 2013-07-12 08:04 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll 2013-05-29 01:41 . 2013-07-12 08:04 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2013-05-29 01:41 . 2013-07-12 08:04 1129472 ----a-w- c:\windows\SysWow64\wininet.dll 2013-05-29 01:37 . 2013-07-12 08:04 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2013-05-29 01:36 . 2013-07-12 08:04 420864 ----a-w- c:\windows\SysWow64\vbscript.dll 2013-05-29 01:33 . 2013-07-12 08:04 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb . . (((((((((((((((((((((((((((((((((((((((((((( Look ))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . ---- Directory of c:\users\Amy\AppData\Roaming\1O1L1I1PtF1F1C1N ---- . 2013-08-06 14:56 . 2013-01-30 19:45 1114624 ----a-w- c:\users\Amy\AppData\Roaming\1O1L1I1PtF1F1C1N\Adobe Reader Free Download Packages\uninstaller.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn6\yt.dll" [2012-06-11 1524056] . [HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}] [HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1] [HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}] [HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] "ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240] "Akamai NetSession Interface"="c:\users\Amy\AppData\Local\Akamai\netsession_win.exe" [2013-06-05 4489472] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-30 61440] "Gateway Photo Frame"="c:\program files (x86)\Gateway Photo Frame\ButtonMonitor.exe" [2009-05-05 123904] "LchDrvKey"="LchDrvKey.exe" [2007-03-29 36864] "LedKey"="CNYHKey.exe" [2008-04-24 339968] "CLMLServer"="c:\program files (x86)\Cyberlink\Power2Go\CLMLSvc.exe" [2008-12-24 103720] "ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-03-18 421888] "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-03-13 1532992] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "Conime"="c:\windows\system32\conime.exe" [2009-04-11 69120] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-10-14 2111296] WDSmartWare.lnk - c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe View=show_in_tray [2009-10-14 9085760] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . --- Other Services/Drivers In Memory --- . *Deregistered* - mfeavfk01 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai . HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs Themes . Contents of the 'Scheduled Tasks' folder . 2013-08-15 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 19:09] . 2013-08-15 c:\windows\Tasks\AmiUpdXp.job - c:\users\Amy\AppData\Local\SwvUpdater\Updater.exe [2013-08-09 17:57] . 2013-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-03 14:21] . 2013-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-03 14:21] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-03-30 7574048] "Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-03-30 1833504] "DLCCCATS"="c:\windows\system32\spool\DRIVERS\x64\3\DLCCtime.dll" [2006-02-24 28672] "EKAIO2StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKAiO2MUI.exe" [2012-03-16 3240448] "MFNetworkScanUtility"="c:\program files\Canon\Canon MF Network Scan Utility\CNMFSUT6.EXE" [2009-12-15 508312] . ------- Supplementary Scan ------- . uStart Page = about:blank uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = <local> IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.254 CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll FF - ProfilePath - c:\users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\1eo4ssn2.default\ FF - prefs.js: browser.search.selectedEngine - Yahoo FF - ExtSQL: !HIDDEN! 2009-09-22 08:37; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension . - - - - ORPHANS REMOVED - - - - . Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) AddRemove-HASP Device Drivers - c:\windows\system32\UNWISE.EXE . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Akamai] "ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-1689078248-3964896573-4102054736-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*8*R%] @Class="Shell" . [HKEY_USERS\S-1-5-21-1689078248-3964896573-4102054736-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*8*R%\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-1689078248-3964896573-4102054736-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*8*R%] "0"=hex:57,25,02,25,24,25,f2,00,e5,00,6e,00,2d,00,a7,20,2e,00,38,00,52,25,00, 00,7a,00,36,00,00,00,00,00,00,00,00,00,00,00,57,25,02,25,24,25,f2,00,e5,00,\ "MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}] @Denied: (A 2) (Everyone) . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0] @="Shockwave Flash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}] @Denied: (A 2) (Everyone) @="" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0] @="FlashBroker" . [HKEY_LOCAL_MACHINE\software\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,4f,00,46,00,\ . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes] "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . Completion time: 2013-08-15 14:04:16 ComboFix-quarantined-files.txt 2013-08-15 19:04 ComboFix2.txt 2013-08-15 15:01 ComboFix3.txt 2012-07-12 17:56 . Pre-Run: 771,877,040,128 bytes free Post-Run: 771,814,985,728 bytes free . - - End Of File - - 6EC30C1B8CC0322DF2A4E9170A83AEBD EF932EAA6EF4C94E66A7F6CEEC7EB422
  7. ComboFix 13-08-14.02 - Amy 08/15/2013 9:14.2.4 - x64 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.7934.5378 [GMT -5:00] Running from: c:\users\Amy\Desktop\ComboFix.exe AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892} FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9} SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Public\Favorites\CORNERT-2.fs c:\users\Public\Favorites\newcomb1.fs c:\users\Public\Favorites\orazinee.fs c:\users\Public\Favorites\Untitled1.fs c:\users\Public\Favorites\Untitled11.fs c:\users\Public\Favorites\Untitled2.fs c:\users\Public\Favorites\Untitled3.fs c:\users\Public\Favorites\Untitled4.fs c:\users\Public\Favorites\Untitled5.fs . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_pcCMService . . ((((((((((((((((((((((((( Files Created from 2013-07-15 to 2013-08-15 ))))))))))))))))))))))))))))))) . . 2013-08-09 17:57 . 2013-08-09 17:57 -------- d-----w- c:\users\Amy\AppData\Local\SwvUpdater 2013-08-09 17:22 . 2013-08-09 17:22 -------- d-----w- c:\windows\ERUNT 2013-08-07 14:33 . 2013-08-07 14:33 -------- d-----w- c:\users\Amy\AppData\Local\Windows Live 2013-08-06 15:37 . 2013-08-06 15:37 -------- d-----w- c:\windows\SysWow64\syncdb 2013-08-06 14:56 . 2013-08-06 14:56 -------- d-----w- c:\users\Amy\AppData\Roaming\1O1L1I1PtF1F1C1N 2013-07-30 16:01 . 2013-07-30 16:05 -------- d-----w- c:\windows\system32\MRT 2013-07-30 08:02 . 2013-07-30 08:02 -------- d-----w- C:\74bf217706d79f526b8726bf6b . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-06-24 05:57 . 2006-11-02 12:35 78277128 ----a-w- c:\windows\system32\mrt.exe 2013-06-11 19:09 . 2012-04-09 13:50 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-06-11 19:09 . 2011-09-12 13:20 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-06-04 02:03 . 2013-07-11 14:00 2775040 ----a-w- c:\windows\system32\win32k.sys 2013-06-01 04:19 . 2013-07-11 14:01 619008 ----a-w- c:\windows\system32\qedit.dll 2013-06-01 04:06 . 2013-07-11 14:01 505344 ----a-w- c:\windows\SysWow64\qedit.dll 2013-05-29 06:15 . 2013-07-12 08:04 17829376 ----a-w- c:\windows\system32\mshtml.dll 2013-05-29 05:50 . 2013-07-12 08:04 10926080 ----a-w- c:\windows\system32\ieframe.dll 2013-05-29 05:43 . 2013-07-12 08:04 2312704 ----a-w- c:\windows\system32\jscript9.dll 2013-05-29 05:36 . 2013-07-12 08:04 1346560 ----a-w- c:\windows\system32\urlmon.dll 2013-05-29 05:35 . 2013-07-12 08:04 1392128 ----a-w- c:\windows\system32\wininet.dll 2013-05-29 05:34 . 2013-07-12 08:04 1494528 ----a-w- c:\windows\system32\inetcpl.cpl 2013-05-29 05:33 . 2013-07-12 08:04 237056 ----a-w- c:\windows\system32\url.dll 2013-05-29 05:31 . 2013-07-12 08:04 85504 ----a-w- c:\windows\system32\jsproxy.dll 2013-05-29 05:29 . 2013-07-12 08:04 173056 ----a-w- c:\windows\system32\ieUnatt.exe 2013-05-29 05:29 . 2013-07-12 08:04 816640 ----a-w- c:\windows\system32\jscript.dll 2013-05-29 05:29 . 2013-07-12 08:04 599040 ----a-w- c:\windows\system32\vbscript.dll 2013-05-29 05:27 . 2013-07-12 08:04 729088 ----a-w- c:\windows\system32\msfeeds.dll 2013-05-29 05:27 . 2013-07-12 08:04 2147840 ----a-w- c:\windows\system32\iertutil.dll 2013-05-29 05:25 . 2013-07-12 08:04 96768 ----a-w- c:\windows\system32\mshtmled.dll 2013-05-29 05:25 . 2013-07-12 08:04 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2013-05-29 05:18 . 2013-07-12 08:04 248320 ----a-w- c:\windows\system32\ieui.dll 2013-05-29 01:50 . 2013-07-12 08:04 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll 2013-05-29 01:41 . 2013-07-12 08:04 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2013-05-29 01:41 . 2013-07-12 08:04 1129472 ----a-w- c:\windows\SysWow64\wininet.dll 2013-05-29 01:37 . 2013-07-12 08:04 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2013-05-29 01:36 . 2013-07-12 08:04 420864 ----a-w- c:\windows\SysWow64\vbscript.dll 2013-05-29 01:33 . 2013-07-12 08:04 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn6\yt.dll" [2012-06-11 1524056] . [HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}] [HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1] [HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}] [HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] "ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240] "Akamai NetSession Interface"="c:\users\Amy\AppData\Local\Akamai\netsession_win.exe" [2013-06-05 4489472] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-30 61440] "Gateway Photo Frame"="c:\program files (x86)\Gateway Photo Frame\ButtonMonitor.exe" [2009-05-05 123904] "LchDrvKey"="LchDrvKey.exe" [2007-03-29 36864] "LedKey"="CNYHKey.exe" [2008-04-24 339968] "CLMLServer"="c:\program files (x86)\Cyberlink\Power2Go\CLMLSvc.exe" [2008-12-24 103720] "ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-03-18 421888] "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-03-13 1532992] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "Conime"="c:\windows\system32\conime.exe" [2009-04-11 69120] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-10-14 2111296] WDSmartWare.lnk - c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe View=show_in_tray [2009-10-14 9085760] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . --- Other Services/Drivers In Memory --- . *Deregistered* - mfeavfk01 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai . HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs Themes . Contents of the 'Scheduled Tasks' folder . 2013-08-15 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 19:09] . 2013-08-15 c:\windows\Tasks\AmiUpdXp.job - c:\users\Amy\AppData\Local\SwvUpdater\Updater.exe [2013-08-09 17:57] . 2013-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-03 14:21] . 2013-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-03 14:21] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-03-30 7574048] "Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-03-30 1833504] "DLCCCATS"="c:\windows\system32\spool\DRIVERS\x64\3\DLCCtime.dll" [2006-02-24 28672] "EKAIO2StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKAiO2MUI.exe" [2012-03-16 3240448] "MFNetworkScanUtility"="c:\program files\Canon\Canon MF Network Scan Utility\CNMFSUT6.EXE" [2009-12-15 508312] . ------- Supplementary Scan ------- . uStart Page = about:blank uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = <local> IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.254 CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll FF - ProfilePath - c:\users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\1eo4ssn2.default\ FF - prefs.js: browser.search.selectedEngine - Yahoo FF - ExtSQL: !HIDDEN! 2009-09-22 08:37; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension . - - - - ORPHANS REMOVED - - - - . Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) SafeBoot-WudfPf SafeBoot-WudfRd AddRemove-HASP Device Drivers - c:\windows\system32\UNWISE.EXE . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Akamai] "ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-1689078248-3964896573-4102054736-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*8*R%] @Class="Shell" . [HKEY_USERS\S-1-5-21-1689078248-3964896573-4102054736-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*8*R%\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-1689078248-3964896573-4102054736-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*8*R%] "0"=hex:57,25,02,25,24,25,f2,00,e5,00,6e,00,2d,00,a7,20,2e,00,38,00,52,25,00, 00,7a,00,36,00,00,00,00,00,00,00,00,00,00,00,57,25,02,25,24,25,f2,00,e5,00,\ "MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}] @Denied: (A 2) (Everyone) . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0] @="Shockwave Flash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}] @Denied: (A 2) (Everyone) @="" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0] @="FlashBroker" . [HKEY_LOCAL_MACHINE\software\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,4f,00,46,00,\ . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes] "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . ------------------------ Other Running Processes ------------------------ . c:\windows\MHotKey.exe c:\windows\ChiFuncExt.exe c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe c:\windows\SysWOW64\atashost.exe c:\program files (x86)\ATT\8.2.1.6\ma\bin\MAHostService.exe c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE c:\program files (x86)\ATT\8.2.1.6\ma\bin\node.exe c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe c:\windows\SysWOW64\rundll32.exe c:\program files (x86)\Common Files\Protexis\License Service\PSIService.exe c:\windows\SysWOW64\SAiAdmin.exe c:\program files (x86)\SAi\SAi Production Suite\Program\SAiDownloaderVistaUI.exe c:\windows\SysWOW64\SAiDownloaderVista.exe c:\windows\SysWOW64\SAiLicSvr.exe c:\program files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe c:\windows\CNYHKey.exe c:\windows\ModLedKey.exe . ************************************************************************** . Completion time: 2013-08-15 10:01:47 - machine was rebooted ComboFix-quarantined-files.txt 2013-08-15 15:01 ComboFix2.txt 2012-07-12 17:56 . Pre-Run: 773,082,562,560 bytes free Post-Run: 771,947,323,392 bytes free . - - End Of File - - 0C7C78CDF9294A14BFDF5C3128D2F8AD EF932EAA6EF4C94E66A7F6CEEC7EB422
  8. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-08-2013 01 Ran by Amy at 2013-08-14 14:08:18 Run:6 Running from K:\ Boot Mode: Normal ============================================== "C:\Program Files\Windows Defender" => Deleting reparse point and unlocking started. "C:\Program Files\Windows Defender\en-US" => Deleting reparse point and unlocking done. "C:\Program Files\Windows Defender\MpAsDesc.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Windows Defender\MpClient.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Windows Defender\MpCmdRun.exe" => Deleting reparse point and unlocking done. "C:\Program Files\Windows Defender\MpEvMsg.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Windows Defender\MpOAV.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Windows Defender\MpRtMon.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Windows Defender\MpRtPlug.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Windows Defender\MpSigDwn.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Windows Defender\MpSoftEx.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Windows Defender\MpSvc.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Windows Defender\MSASCui.exe" => Deleting reparse point and unlocking done. "C:\Program Files\Windows Defender\MsMpCom.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Windows Defender\MsMpLics.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Windows Defender\MsMpRes.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Windows Defender" => Deleting reparse point and unlocking completed. ========= netsh winsock reset ========= Sucessfully reset the Winsock Catalog. You must restart the computer in order to complete the reset. ========= End of CMD: =========
  9. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-08-2013 01 Ran by SYSTEM at 2013-08-14 09:01:57 Run:5 Running from E:\ Boot Mode: Recovery ============================================== Error: DeleteJunctionsIndirectory: C:\Program Files\Windows Defender => entry should be fixed outside recovery mode. ========= netsh winsock reset ========= The system cannot find the file specified. ========= End of CMD: ========= ==== End of Fixlog ====
  10. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-08-2013 01 Ran by SYSTEM on 13-08-2013 16:00:59 Running from E:\ Windows Vista Home Premium Service Pack 1 (X64) OS Language: English(US) Internet Explorer Version 9 Boot Mode: Recovery The current controlset is ControlSet001 ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log. ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7574048 2009-03-30] (Realtek Semiconductor) HKLM\...\Run: [skytel] - C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-03-30] (Realtek Semiconductor Corp.) HKLM\...\Run: [DLCCCATS] - C:\Windows\system32\spool\DRIVERS\x64\3\DLCCtime.dll [28672 2006-02-24] () HKLM\...\Run: [EKAIO2StatusMonitor] - C:\Windows\system32\spool\DRIVERS\x64\3\EKAiO2MUI.exe [3240448 2012-03-16] (Eastman Kodak Company) HKLM\...\Run: [MFNetworkScanUtility] - C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT6.EXE [508312 2009-12-14] (CANON INC.) HKLM-x32\...\Run: [startCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-08-29] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [Gateway Photo Frame] - C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe [123904 2009-05-05] (IOI) HKLM-x32\...\Run: [LchDrvKey] - LchDrvKey.exe [x] HKLM-x32\...\Run: [LedKey] - CNYHKey.exe [x] HKLM-x32\...\Run: [CLMLServer] - C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe [103720 2008-12-24] (CyberLink) HKLM-x32\...\Run: [iSUSScheduler] - C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-02-16] (InstallShield Software Corporation) HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2010-03-17] (Apple Inc.) HKLM-x32\...\Run: [mcui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [1532992 2013-03-13] (McAfee, Inc.) HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [Conime] - C:\Windows\SysWOW64\conime.exe [69120 2009-04-10] (Microsoft Corporation) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated) HKU\Amy\...\Run: [spybotSD TeaTimer] - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.) HKU\Amy\...\Run: [iSUSPM Startup] - C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [221184 2005-02-16] (InstallShield Software Corporation) HKU\Amy\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation) HKU\Amy\...\Run: [Akamai NetSession Interface] - C:\Users\Amy\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-04] (Akamai Technologies, Inc.) HKU\Default\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [2438656 2009-04-10] (Microsoft Corporation) HKU\Default\...\RunOnce: [scrSav] - C:\Windows\Screensavers\Gateway\run_Gateway.exe [155648 2009-04-03] () HKU\Default User\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [2438656 2009-04-10] (Microsoft Corporation) HKU\Default User\...\RunOnce: [scrSav] - C:\Windows\Screensavers\Gateway\run_Gateway.exe [155648 2009-04-03] () SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation) ==================== Services (Whitelisted) ================= S2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-01] (Akamai Technologies, Inc.) S2 ATT MAHostService; C:\Program Files (x86)\ATT\8.2.1.6\ma\bin\MAHostService.exe [319488 2013-03-26] (Alcatel-Lucent) S2 dlcc_device; C:\Windows\system32\dlcccoms.exe [566768 2007-02-14] ( ) S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) S2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [120592 2013-05-22] (McAfee, Inc.) S2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.) S2 mcmscsvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.) S2 McNaiAnn; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.) S2 McNASvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.) S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [383608 2012-11-16] (McAfee, Inc.) S2 McProxy; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.) S2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [241456 2013-02-19] (McAfee, Inc.) S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218760 2013-02-19] (McAfee, Inc.) S2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-02-19] (McAfee, Inc.) S2 pcCMService64; C:\Program Files\Common Files\Motive\pcCMService.exe [460288 2012-11-01] (Alcatel-Lucent) S2 ProtexisLicensing; C:\Program Files (x86)\Common Files\Protexis\License Service\PSIService.exe [174656 2006-11-02] () S2 SAiAdmin; C:\Windows\SysWOW64\SAiAdmin.exe [65536 2007-08-27] (TODO: <Company name>) S2 SAiDownloader; C:\Program Files (x86)\SAi\SAi Production Suite\Program\SAiDownloaderVistaUI.exe [417792 2007-09-11] (TODO: <Company name>) S2 SAiDownloaderVista; C:\Windows\SysWOW64\SAiDownloaderVista.exe [77824 2007-09-11] (TODO: <Company name>) S2 SAiLicSvr; C:\Windows\SysWOW64\SAiLicSvr.exe [86016 2007-12-19] (SA International) S2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.) S2 SentinelKeysServer; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [328992 2008-07-10] (SafeNet, Inc.) S2 yksvc; C:\Windows\System32\ykx64mpcoinst.dll [382464 2009-01-08] (Marvell) ==================== Drivers (Whitelisted) ==================== S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-02-19] (McAfee, Inc.) S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [13088 2011-03-02] () S2 Haspnt; C:\Windows\SysWow64\drivers\Haspnt.sys [47616 2009-09-17] (Aladdin Knowledge Systems) S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.) S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179280 2013-02-19] (McAfee, Inc.) S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [309840 2013-02-19] (McAfee, Inc.) S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [515968 2013-02-19] (McAfee, Inc.) S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [771536 2013-02-19] (McAfee, Inc.) S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106552 2013-02-19] (McAfee, Inc.) S1 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [340216 2013-02-19] (McAfee, Inc.) S3 MREMP50; C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [21248 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) S3 MREMP50; C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [21248 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) S3 MREMP50a64; C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [43008 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) S3 MRESP50; C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [20096 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) S3 MRESP50; C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [20096 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) S3 MRESP50a64; C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [40960 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) S2 Par1284; C:\Program Files (x86)\FlexiSIGN 7.5v5\Program\Par1284.sys [53344 2004-07-13] (Warp Nine Engineering) S2 Par1284; C:\Program Files (x86)\FlexiSIGN 7.5v5\Program\Par1284.sys [53344 2004-07-13] (Warp Nine Engineering) S3 RTL85n64; C:\Windows\System32\DRIVERS\RTL85n64.sys [444960 2008-05-08] (Realtek) S3 SNTUSB64; C:\Windows\System32\DRIVERS\SNTUSB64.SYS [58664 2008-07-11] (SafeNet, Inc.) S3 SydexFDD; C:\Windows\SysWOW64\Drivers\sydexfdd.sys [13359 2009-08-06] (Windows ® 2000 DDK provider) S3 SydexFDD; C:\Windows\SysWOW64\Drivers\sydexfdd.sys [13359 2009-08-06] (Windows ® 2000 DDK provider) S1 Beep; No ImagePath S3 catchme; \??\C:\ComboFix\catchme.sys [x] S2 Haspnt; \??\C:\Windows\system32\drivers\Haspnt.sys [x] S3 IpInIp; system32\DRIVERS\ipinip.sys [x] S3 mfeavfk01; No ImagePath S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [x] S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [x] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x] S2 wntpport; No ImagePath ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-08-13 07:24 - 2013-08-13 07:24 - 00000643 _____ C:\Users\Amy\Desktop\a.txt 2013-08-12 12:38 - 2013-08-12 12:38 - 00666624 _____ C:\Users\Amy\Desktop\pockets.fs 2013-08-12 12:38 - 2013-08-12 12:38 - 00078336 _____ C:\Users\Amy\Desktop\nj pocket.fs 2013-08-12 12:38 - 2013-08-12 12:38 - 00055296 _____ C:\Users\Amy\Desktop\rocketcrew.fs 2013-08-12 12:37 - 2013-08-13 12:08 - 00142848 _____ C:\Users\Amy\Desktop\helm flames.fs 2013-08-12 12:02 - 2013-08-12 12:03 - 08210262 _____ C:\Users\Amy\Desktop\3x4.zip 2013-08-12 06:35 - 2013-08-12 06:35 - 00037849 _____ C:\Users\Amy\Desktop\FRST.txt 2013-08-12 06:35 - 2013-08-12 06:35 - 00029126 _____ C:\Users\Amy\Desktop\Addition.txt 2013-08-12 06:30 - 2013-08-12 06:30 - 01575246 _____ (Farbar) C:\Users\Amy\Desktop\FRST64.exe 2013-08-09 13:22 - 2013-08-13 12:12 - 00330240 _____ C:\Users\Amy\Desktop\johnnyduckhunt.fs 2013-08-09 11:08 - 2013-08-09 11:26 - 00664064 _____ C:\Users\Amy\Desktop\bms.fs 2013-08-09 10:07 - 2013-08-09 10:07 - 00004954 _____ C:\Users\Amy\Desktop\RKreport[0]_S_08092013_130747.txt 2013-08-09 10:05 - 2013-08-13 07:25 - 00000000 ____D C:\Users\Amy\Desktop\RK_Quarantine 2013-08-09 10:05 - 2013-08-09 10:05 - 00920576 _____ C:\Users\Amy\Desktop\RogueKiller.exe 2013-08-09 09:57 - 2013-08-13 12:23 - 00000348 _____ C:\Windows\Tasks\AmiUpdXp.job 2013-08-09 09:57 - 2013-08-09 09:57 - 00003364 _____ C:\Windows\System32\Tasks\AmiUpdXp 2013-08-09 09:57 - 2013-08-09 09:57 - 00000000 ____D C:\Users\Amy\AppData\Local\SwvUpdater 2013-08-09 09:35 - 2013-08-09 09:35 - 00002509 _____ C:\AdwCleaner[s1].txt 2013-08-09 09:34 - 2013-08-09 09:34 - 00017910 _____ C:\Users\Amy\Desktop\Wildcat11.dst 2013-08-09 09:32 - 2013-08-09 09:32 - 00004700 _____ C:\Users\Amy\Desktop\JRT.txt 2013-08-09 09:25 - 2013-08-09 09:25 - 01066136 _____ C:\Users\Amy\Desktop\Setup.exe 2013-08-09 09:23 - 2013-08-09 09:23 - 00666633 _____ C:\Users\Amy\Desktop\AdwCleaner.exe 2013-08-09 09:22 - 2013-08-09 09:22 - 00000000 ____D C:\Windows\ERUNT 2013-08-09 09:21 - 2013-08-09 09:21 - 00958036 _____ (Oleg N. Scherbakov) C:\Users\Amy\Desktop\JRT.exe 2013-08-09 08:25 - 2013-08-09 08:25 - 00211924 _____ C:\Users\Amy\Desktop\Football 1.EPS 2013-08-09 06:26 - 2013-08-09 06:26 - 00010138 _____ C:\Users\Amy\Desktop\attach.txt 2013-08-09 06:26 - 2013-08-09 06:21 - 00024109 _____ C:\Users\Amy\Desktop\dds.txt 2013-08-09 06:23 - 2013-08-09 06:25 - 00000000 ____D C:\Users\Amy\Desktop\New Folder 2013-08-09 06:15 - 2013-08-09 06:15 - 00000927 _____ C:\Users\Amy\Desktop\mbam.txt 2013-08-09 06:06 - 2013-08-09 06:06 - 00688992 ____R (Swearware) C:\Users\Amy\Desktop\dds.scr 2013-08-07 06:33 - 2013-08-07 06:33 - 00000000 ____D C:\Users\Amy\AppData\Local\Windows Live 2013-08-06 07:37 - 2013-08-06 07:37 - 00000000 ____D C:\Windows\SysWOW64\syncdb 2013-08-06 06:59 - 2013-08-06 06:59 - 00001924 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk 2013-08-06 06:56 - 2013-08-06 06:56 - 00000000 ____D C:\Users\Amy\AppData\Roaming\1O1L1I1PtF1F1C1N 2013-08-06 06:55 - 2013-08-06 06:54 - 01037120 _____ (Solid State Networks) C:\Users\Amy\Downloads\AdobeReaderSetup.exe 2013-08-06 06:09 - 2013-08-06 06:09 - 00274504 _____ C:\Windows\Minidump\Mini080613-01.dmp 2013-08-02 07:02 - 2013-08-02 07:02 - 00000000 ____D C:\Users\Amy\Documents\Add-in Express 2013-07-31 08:55 - 2013-08-09 06:20 - 00000000 ____D C:\Users\Amy\Desktop\amy 2013-07-30 08:01 - 2013-07-30 08:05 - 00000000 ____D C:\Windows\System32\MRT 2013-07-30 00:02 - 2013-07-30 00:02 - 00000000 ____D C:\74bf217706d79f526b8726bf6b 2013-07-22 09:37 - 2013-07-22 09:37 - 02818886 _____ C:\Users\Amy\Downloads\tyshayouth rev.eps ==================== One Month Modified Files and Folders ======= 2013-08-13 12:57 - 2009-07-06 07:42 - 02016940 _____ C:\Windows\WindowsUpdate.log 2013-08-13 12:57 - 2006-11-02 07:42 - 00032580 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2013-08-13 12:57 - 2006-11-02 07:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-08-13 12:57 - 2006-11-02 07:22 - 00003216 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2013-08-13 12:57 - 2006-11-02 07:22 - 00003216 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2013-08-13 12:50 - 2006-11-02 04:46 - 00709582 _____ C:\Windows\System32\PerfStringBackup.INI 2013-08-13 12:47 - 2010-02-03 06:22 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-08-13 12:23 - 2013-08-09 09:57 - 00000348 _____ C:\Windows\Tasks\AmiUpdXp.job 2013-08-13 12:23 - 2012-04-20 06:56 - 00000000 ____D C:\ProgramData\Kodak 2013-08-13 12:23 - 2010-02-03 06:22 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-08-13 12:12 - 2013-08-09 13:22 - 00330240 _____ C:\Users\Amy\Desktop\johnnyduckhunt.fs 2013-08-13 12:09 - 2012-04-09 05:50 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-08-13 12:08 - 2013-08-12 12:37 - 00142848 _____ C:\Users\Amy\Desktop\helm flames.fs 2013-08-13 11:29 - 2012-01-05 12:53 - 00000000 ____D C:\Users\Amy\AppData\Roaming\Clip Art Collection 2013-08-13 08:12 - 2013-08-13 08:12 - 00306158 _____ C:\Users\Amy\Desktop\alcorn.eps 2013-08-13 07:25 - 2013-08-09 10:05 - 00000000 ____D C:\Users\Amy\Desktop\RK_Quarantine 2013-08-13 07:24 - 2013-08-13 07:24 - 00000643 _____ C:\Users\Amy\Desktop\a.txt 2013-08-12 12:38 - 2013-08-12 12:38 - 00666624 _____ C:\Users\Amy\Desktop\pockets.fs 2013-08-12 12:38 - 2013-08-12 12:38 - 00078336 _____ C:\Users\Amy\Desktop\nj pocket.fs 2013-08-12 12:38 - 2013-08-12 12:38 - 00055296 _____ C:\Users\Amy\Desktop\rocketcrew.fs 2013-08-12 12:03 - 2013-08-12 12:02 - 08210262 _____ C:\Users\Amy\Desktop\3x4.zip 2013-08-12 06:35 - 2013-08-12 06:35 - 00037849 _____ C:\Users\Amy\Desktop\FRST.txt 2013-08-12 06:35 - 2013-08-12 06:35 - 00029126 _____ C:\Users\Amy\Desktop\Addition.txt 2013-08-12 06:30 - 2013-08-12 06:30 - 01575246 _____ (Farbar) C:\Users\Amy\Desktop\FRST64.exe 2013-08-09 13:28 - 2009-09-21 11:11 - 00021878 _____ C:\Windows\winltr.ini 2013-08-09 13:02 - 2009-09-21 11:10 - 00000000 ____D C:\Fantastic Fonts for Embroidery 2013-08-09 12:42 - 2010-02-12 09:14 - 00002655 _____ C:\Users\Amy\Desktop\CorelDRAW 12.lnk 2013-08-09 11:26 - 2013-08-09 11:08 - 00664064 _____ C:\Users\Amy\Desktop\bms.fs 2013-08-09 10:07 - 2013-08-09 10:07 - 00004954 _____ C:\Users\Amy\Desktop\RKreport[0]_S_08092013_130747.txt 2013-08-09 10:05 - 2013-08-09 10:05 - 00920576 _____ C:\Users\Amy\Desktop\RogueKiller.exe 2013-08-09 09:57 - 2013-08-09 09:57 - 00003364 _____ C:\Windows\System32\Tasks\AmiUpdXp 2013-08-09 09:57 - 2013-08-09 09:57 - 00000000 ____D C:\Users\Amy\AppData\Local\SwvUpdater 2013-08-09 09:37 - 2008-01-20 19:26 - 00451008 _____ C:\Windows\PFRO.log 2013-08-09 09:35 - 2013-08-09 09:35 - 00002509 _____ C:\AdwCleaner[s1].txt 2013-08-09 09:34 - 2013-08-09 09:34 - 00017910 _____ C:\Users\Amy\Desktop\Wildcat11.dst 2013-08-09 09:32 - 2013-08-09 09:32 - 00004700 _____ C:\Users\Amy\Desktop\JRT.txt 2013-08-09 09:25 - 2013-08-09 09:25 - 01066136 _____ C:\Users\Amy\Desktop\Setup.exe 2013-08-09 09:23 - 2013-08-09 09:23 - 00666633 _____ C:\Users\Amy\Desktop\AdwCleaner.exe 2013-08-09 09:22 - 2013-08-09 09:22 - 00000000 ____D C:\Windows\ERUNT 2013-08-09 09:21 - 2013-08-09 09:21 - 00958036 _____ (Oleg N. Scherbakov) C:\Users\Amy\Desktop\JRT.exe 2013-08-09 09:08 - 2009-09-25 12:25 - 00000000 ____D C:\Users\Amy\Documents\Flexi art 2013-08-09 08:25 - 2013-08-09 08:25 - 00211924 _____ C:\Users\Amy\Desktop\Football 1.EPS 2013-08-09 06:26 - 2013-08-09 06:26 - 00010138 _____ C:\Users\Amy\Desktop\attach.txt 2013-08-09 06:25 - 2013-08-09 06:23 - 00000000 ____D C:\Users\Amy\Desktop\New Folder 2013-08-09 06:21 - 2013-08-09 06:26 - 00024109 _____ C:\Users\Amy\Desktop\dds.txt 2013-08-09 06:20 - 2013-07-31 08:55 - 00000000 ____D C:\Users\Amy\Desktop\amy 2013-08-09 06:15 - 2013-08-09 06:15 - 00000927 _____ C:\Users\Amy\Desktop\mbam.txt 2013-08-09 06:06 - 2013-08-09 06:06 - 00688992 ____R (Swearware) C:\Users\Amy\Desktop\dds.scr 2013-08-08 06:06 - 2012-07-11 05:42 - 00000950 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2013-08-08 06:06 - 2012-07-11 05:42 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-08-08 06:01 - 2011-07-28 08:15 - 00000000 ____D C:\Users\Amy\AppData\Local\Meebo 2013-08-08 05:52 - 2009-12-11 06:34 - 00000000 ____D C:\Windows\Minidump 2013-08-08 05:52 - 2009-12-11 06:33 - 781185219 _____ C:\Windows\MEMORY.DMP 2013-08-07 12:38 - 2006-11-02 07:27 - 00172142 _____ C:\Windows\setupact.log 2013-08-07 12:07 - 2012-03-22 09:44 - 00000000 ____D C:\Users\Amy\AppData\Roaming\Audacity 2013-08-07 12:07 - 2011-11-09 16:23 - 00000000 ____D C:\Users\Amy\AppData\Local\Akamai 2013-08-07 12:07 - 2011-06-15 06:56 - 00000000 ____D C:\Users\Amy\AppData\Roaming\Skype 2013-08-07 12:07 - 2009-09-21 06:25 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy 2013-08-07 12:07 - 2009-04-09 21:45 - 00000000 ____D C:\Program Files (x86)\Windows Live SkyDrive 2013-08-07 12:07 - 2009-04-09 21:45 - 00000000 ____D C:\Program Files (x86)\Windows Live 2013-08-07 12:07 - 2006-11-02 05:34 - 00000000 ____D C:\Windows\System32\spool 2013-08-07 12:07 - 2006-11-02 05:34 - 00000000 ____D C:\Windows\System32\Msdtc 2013-08-07 12:07 - 2006-11-02 05:33 - 00000000 ____D C:\Windows\rescache 2013-08-07 12:07 - 2006-11-02 05:33 - 00000000 ____D C:\Windows\registration 2013-08-07 12:07 - 2006-11-02 04:33 - 77594624 _____ C:\Windows\System32\config\software_previous 2013-08-07 12:07 - 2006-11-02 04:33 - 37748736 _____ C:\Windows\System32\config\system_previous 2013-08-07 12:06 - 2012-04-20 07:01 - 00000000 ____D C:\Windows\SysWOW64\kodak 2013-08-07 12:05 - 2009-07-06 08:03 - 00000000 ____D C:\ProgramData\CyberLink 2013-08-07 12:03 - 2011-09-26 07:40 - 00000000 ____D C:\Program Files (x86)\GIMP-2.0 2013-08-07 12:02 - 2009-07-06 08:02 - 00000000 ____D C:\Program Files (x86)\Cyberlink 2013-08-07 11:53 - 2006-11-02 04:33 - 54525952 _____ C:\Windows\System32\config\components_previous 2013-08-07 11:53 - 2006-11-02 04:33 - 00057344 _____ C:\Windows\System32\config\sam_previous 2013-08-07 09:34 - 2009-09-16 09:03 - 00376680 _____ C:\Users\Amy\AppData\Local\GDIPFONTCACHEV1.DAT 2013-08-07 09:19 - 2012-07-10 13:11 - 00000000 ____D C:\Windows\18F97AF04F884494AFE25A5702E142CC.TMP 2013-08-07 09:11 - 2013-05-15 08:18 - 00376680 _____ C:\Windows\System32\GDIPFONTCACHEV1.DAT 2013-08-07 09:09 - 2009-09-16 09:00 - 00000000 ____D C:\users\Amy 2013-08-07 08:49 - 2006-11-02 04:33 - 00786432 _____ C:\Windows\System32\config\default_previous 2013-08-07 08:49 - 2006-11-02 04:33 - 00020480 _____ C:\Windows\System32\config\security_previous 2013-08-07 07:38 - 2009-04-09 21:23 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2013-08-07 07:33 - 2012-04-20 07:03 - 00000000 ____D C:\Users\Amy\AppData\Local\Eastman_Kodak_Company 2013-08-07 07:32 - 2012-04-20 06:58 - 00000000 ____D C:\Program Files (x86)\Kodak 2013-08-07 06:35 - 2006-11-02 05:33 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared 2013-08-07 06:34 - 2009-04-09 21:47 - 00063470 _____ C:\Windows\DirectX.log 2013-08-07 06:33 - 2013-08-07 06:33 - 00000000 ____D C:\Users\Amy\AppData\Local\Windows Live 2013-08-07 06:01 - 2006-11-02 07:21 - 01069544 _____ C:\Windows\System32\FNTCACHE.DAT 2013-08-06 07:43 - 2009-04-09 21:49 - 00000000 ____D C:\ProgramData\Adobe 2013-08-06 07:43 - 2009-04-09 21:49 - 00000000 ____D C:\Program Files (x86)\Adobe 2013-08-06 07:37 - 2013-08-06 07:37 - 00000000 ____D C:\Windows\SysWOW64\syncdb 2013-08-06 07:14 - 2009-09-28 07:00 - 00000000 ____D C:\Program Files (x86)\Corel 2013-08-06 07:03 - 2011-06-15 06:56 - 00000000 ____D C:\ProgramData\Skype 2013-08-06 07:02 - 2009-09-21 10:35 - 00000000 ____D C:\Users\Amy\AppData\Local\Adobe 2013-08-06 06:59 - 2013-08-06 06:59 - 00001924 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk 2013-08-06 06:56 - 2013-08-06 06:56 - 00000000 ____D C:\Users\Amy\AppData\Roaming\1O1L1I1PtF1F1C1N 2013-08-06 06:54 - 2013-08-06 06:55 - 01037120 _____ (Solid State Networks) C:\Users\Amy\Downloads\AdobeReaderSetup.exe 2013-08-06 06:09 - 2013-08-06 06:09 - 00274504 _____ C:\Windows\Minidump\Mini080613-01.dmp 2013-08-02 07:02 - 2013-08-02 07:02 - 00000000 ____D C:\Users\Amy\Documents\Add-in Express 2013-08-02 07:02 - 2010-05-25 07:16 - 00000000 ____D C:\ProgramData\WinZip 2013-07-31 08:29 - 2009-09-17 12:33 - 00000000 ____D C:\Program Files (x86)\Yahoo! 2013-07-30 08:05 - 2013-07-30 08:01 - 00000000 ____D C:\Windows\System32\MRT 2013-07-30 00:02 - 2013-07-30 00:02 - 00000000 ____D C:\74bf217706d79f526b8726bf6b 2013-07-26 07:34 - 2009-09-16 09:00 - 00000000 ____D C:\Program Files (x86)\Google 2013-07-24 08:02 - 2009-09-17 10:46 - 00000000 ____D C:\Users\Amy\AppData\Local\Google 2013-07-22 09:37 - 2013-07-22 09:37 - 02818886 _____ C:\Users\Amy\Downloads\tyshayouth rev.eps 2013-07-17 08:05 - 2009-09-28 07:04 - 00002984 ___SH C:\Windows\SysWOW64\KGyGaAvL.sys 2013-07-17 08:05 - 2009-09-28 07:04 - 00000088 __RSH C:\Windows\SysWOW64\8901C0D7E9.sys 2013-07-15 10:42 - 2010-02-03 06:22 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2013-07-15 10:42 - 2010-02-03 06:22 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2013-06-04 00:59:50 Restore point made on: 2013-06-05 14:10:15 Restore point made on: 2013-06-07 09:46:01 Restore point made on: 2013-06-10 09:26:15 Restore point made on: 2013-06-12 12:46:01 Restore point made on: 2013-06-13 00:01:59 Restore point made on: 2013-06-14 09:41:54 Restore point made on: 2013-06-17 12:28:57 Restore point made on: 2013-06-19 12:22:24 Restore point made on: 2013-06-20 13:57:50 Restore point made on: 2013-06-21 13:44:08 Restore point made on: 2013-06-22 00:02:03 Restore point made on: 2013-06-24 06:16:47 Restore point made on: 2013-06-25 00:00:55 Restore point made on: 2013-06-26 14:02:43 Restore point made on: 2013-07-03 08:44:22 Restore point made on: 2013-07-08 08:11:13 Restore point made on: 2013-07-09 12:23:10 Restore point made on: 2013-07-10 05:43:41 Restore point made on: 2013-07-11 05:51:38 Restore point made on: 2013-07-12 00:01:57 Restore point made on: 2013-07-15 11:49:44 Restore point made on: 2013-07-16 05:43:26 Restore point made on: 2013-07-17 14:02:26 Restore point made on: 2013-07-18 13:19:26 Restore point made on: 2013-07-19 11:40:08 Restore point made on: 2013-07-22 13:30:54 Restore point made on: 2013-07-24 12:53:11 Restore point made on: 2013-07-25 09:17:55 Restore point made on: 2013-07-29 12:15:54 Restore point made on: 2013-07-30 00:01:10 Restore point made on: 2013-07-30 07:50:53 Restore point made on: 2013-07-31 08:30:21 Restore point made on: 2013-08-01 12:38:26 Restore point made on: 2013-08-02 07:00:48 Restore point made on: 2013-08-05 12:54:32 Restore point made on: 2013-08-06 06:21:48 Restore point made on: 2013-08-06 07:02:15 Restore point made on: 2013-08-06 07:07:23 Restore point made on: 2013-08-06 07:12:24 Restore point made on: 2013-08-06 07:19:55 Restore point made on: 2013-08-07 06:31:27 Restore point made on: 2013-08-07 07:34:53 Restore point made on: 2013-08-07 09:19:16 Restore point made on: 2013-08-08 05:59:21 Restore point made on: 2013-08-09 14:19:40 Restore point made on: 2013-08-10 21:00:27 Restore point made on: 2013-08-11 16:00:11 Restore point made on: 2013-08-12 21:00:27 ==================== Memory info =========================== Percentage of memory in use: 8% Total physical RAM: 7934.26 MB Available physical RAM: 7264.62 MB Total Pagefile: 7693.14 MB Available Pagefile: 7250 MB Total Virtual: 8192 MB Available Virtual: 8191.89 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:916.86 GB) (Free:721.43 GB) NTFS (Disk=0 Partition=2) ==>[Drive with boot components (obtained from BCD)] Drive d: (040722_1136) (CDROM) (Total:0.57 GB) (Free:0 GB) CDFS Drive e: () (Removable) (Total:3.72 GB) (Free:3.68 GB) FAT32 (Disk=1 Partition=1) Drive f: (WD SmartWare) (CDROM) (Total:0.63 GB) (Free:0 GB) UDF Drive g: (My Passport) (Fixed) (Total:232.23 GB) (Free:223.72 GB) NTFS (Disk=2 Partition=1) Drive x: (PQSERVICE) (Fixed) (Total:14.65 GB) (Free:4.49 GB) NTFS (Disk=0 Partition=1) ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 932 GB) (Disk ID: 5052995B) Partition 1: (Not Active) - (Size=15 GB) - (Type=27) Partition 2: (Active) - (Size=917 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 4 GB) (Disk ID: 00000000) Partition 1: (Not Active) - (Size=4 GB) - (Type=0B) ======================================================== Disk: 2 (MBR Code: Windows XP) (Size: 232 GB) (Disk ID: 0006B2D9) Partition 1: (Not Active) - (Size=232 GB) - (Type=07 NTFS) LastRegBack: 2013-08-13 12:32 ==================== End Of Log ============================
  11. ok Borislav! i am SOO sorry i have tried to follow your instructions, but i am unclear on what Exactly to type once the command prompt is up. the way i read your instructions was to type FRST64 but that did not work can you please give me a step by step for computer dummies?
  12. how do i get to System Recovery Options?
  13. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-08-2013 02 Ran by Amy (administrator) on 12-08-2013 09:31:59 Running from C:\Users\Amy\Desktop Windows Vista Home Premium Service Pack 2 (X64) OS Language: English(US) Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\system32\atiesrxx.exe (Microsoft Corporation) C:\Windows\system32\SLsvc.exe (AMD) C:\Windows\system32\atieclxx.exe (Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (CANON INC.) C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT6.EXE (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Microsoft Corporation) C:\Windows\ehome\ehtray.exe (Akamai Technologies, Inc.) C:\Users\Amy\AppData\Local\Akamai\netsession_win.exe (WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (Western Digital) C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (IOI) C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (CyberLink) C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe (InstallShield Software Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe (Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Akamai Technologies, Inc.) C:\Users\Amy\AppData\Local\Akamai\netsession_win.exe (Agere Systems) C:\Windows\system32\agr64svc.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Cisco WebEx LLC) C:\Windows\SysWOW64\atashost.exe (Alcatel-Lucent) C:\Program Files (x86)\ATT\8.2.1.6\ma\bin\MAHostService.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Joyent, Inc) C:\Program Files (x86)\ATT\8.2.1.6\ma\bin\node.exe ( ) C:\Windows\system32\dlcccoms.exe (Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.) C:\Windows\system32\mfevtps.exe (Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\pcCMService.exe (Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe () C:\Program Files (x86)\Common Files\Protexis\License Service\PSIService.exe (Microsoft Corporation) C:\Windows\system32\locator.exe (TODO: <Company name>) C:\Windows\SysWOW64\SAiAdmin.exe (TODO: <Company name>) C:\Program Files (x86)\SAi\SAi Production Suite\Program\SAiDownloaderVistaUI.exe (TODO: <Company name>) C:\Windows\SysWOW64\SAiDownloaderVista.exe (SA International) C:\Windows\SysWOW64\SAiLicSvr.exe (SafeNet, Inc.) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe (WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (Memeo) C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe (Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe (Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe () C:\Users\Amy\Desktop\RogueKiller.exe (Microsoft Corporation) C:\Windows\splwow64.exe (McAfee, Inc.) c:\PROGRA~2\mcafee\SITEAD~1\saui.exe (Microsoft Corporation) C:\Windows\system32\sdclt.exe (McAfee, Inc.) C:\Program Files\McAfee.com\Agent\mcagent.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7574048 2009-03-30] (Realtek Semiconductor) HKLM\...\Run: [skytel] - C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-03-30] (Realtek Semiconductor Corp.) HKLM\...\Run: [DLCCCATS] - C:\Windows\system32\spool\DRIVERS\x64\3\DLCCtime.dll [28672 2006-02-24] () HKLM\...\Run: [EKAIO2StatusMonitor] - C:\Windows\system32\spool\DRIVERS\x64\3\EKAiO2MUI.exe [3240448 2012-03-16] (Eastman Kodak Company) HKLM\...\Run: [MFNetworkScanUtility] - C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT6.EXE [508312 2009-12-14] (CANON INC.) HKCU\...\Run: [spybotSD TeaTimer] - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.) HKCU\...\Run: [iSUSPM Startup] - C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [221184 2005-02-16] (InstallShield Software Corporation) HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation) HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\Amy\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.) HKCU\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe -update activex [814472 2013-06-11] (Adobe Systems Incorporated) HKLM-x32\...\Run: [startCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-08-29] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [Gateway Photo Frame] - C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe [123904 2009-05-05] (IOI) HKLM-x32\...\Run: [LchDrvKey] - LchDrvKey.exe [x] HKLM-x32\...\Run: [LedKey] - CNYHKey.exe [x] HKLM-x32\...\Run: [CLMLServer] - C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe [103720 2008-12-24] (CyberLink) HKLM-x32\...\Run: [iSUSScheduler] - C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-02-16] (InstallShield Software Corporation) HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2010-03-17] (Apple Inc.) HKLM-x32\...\Run: [mcui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [1532992 2013-03-13] (McAfee, Inc.) HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [Conime] - C:\Windows\SysWOW64\conime.exe [69120 2009-04-11] (Microsoft Corporation) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated) HKU\Default\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [2438656 2009-04-11] (Microsoft Corporation) HKU\Default\...\RunOnce: [scrSav] - C:\Windows\Screensavers\Gateway\run_Gateway.exe [155648 2009-04-03] () HKU\Default User\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [2438656 2009-04-11] (Microsoft Corporation) HKU\Default User\...\RunOnce: [scrSav] - C:\Windows\Screensavers\Gateway\run_Gateway.exe [155648 2009-04-03] () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk ShortcutTarget: WDDMStatus.lnk -> C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDSmartWare.lnk ShortcutTarget: WDSmartWare.lnk -> C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital) SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation) SSODL-x32: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWOW64\webcheck.dll (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://att.net HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4300&r=1v3607099306p0325vqk5k46j15206 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4300&r=1v3607099306p0325vqk5k46j15206 URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) URLSearchHook: YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No File StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKCU - DefaultScope {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://search.yahoo.com/search?p={searchTerms}&fr=chr-rog SearchScopes: HKCU - {86EA8B23-520D-4E3F-BCD4-D4AEB586AF18} URL = http://www.flickr.com/search/?q={searchTerms} SearchScopes: HKCU - {AB2D7FD7-7580-410E-B623-82F3A63D8002} URL = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avgb-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms} SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://search.yahoo.com/search?p={searchTerms}&fr=chr-rog SearchScopes: HKCU - {E5156248-9F66-4F64-8B27-5592AB3114A2} URL = http://delicious.com/search?p={searchTerms} BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120625090711.dll (McAfee, Inc.) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) BHO-x32: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120625090711.dll (McAfee, Inc.) BHO-x32: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO-x32: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\YTSingleInstance.dll (Yahoo! Inc) Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKLM-x32 - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://kodak.webex.com/client/T27L10NSP25/support/ieatgpc1.cab Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - No File Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\syswow64\urlmon.dll (Microsoft Corporation) Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) Handler-x32: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~1\mcafee\msc\MCSNIE~1.DLL (McAfee, Inc.) Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dll (McAfee, Inc.) Winsock: Catalog5 01 %SystemRoot%\System32\mswsock.dll [223232] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll" Winsock: Catalog5-x64 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll" Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 FireFox: ======== FF ProfilePath: C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\1eo4ssn2.default FF SelectedSearchEngine: Yahoo FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll () FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL () FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF Plugin-x32: @ei.ConservativeTalkNow_4n.com/Plugin - C:\Program Files (x86)\ConservativeTalkNow_4nEI\Installr\1.bin\NP4nEISB.dll (ConservativeTalkNow) FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL () FF Plugin-x32: @mcafee.com/MVT - C:\Program Files (x86)\McAfee\Supportability\MVT\npmvtplugin.dll (McAfee, Inc.) FF Plugin-x32: @mcafee.com/SAFFPlugin - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin-x32: @Motive.com/NpMotive,version=1.0 - C:\Program Files (x86)\ATT\8.2.1.6\ma\bin\npMotive.dll (Alcatel-Lucent) FF Plugin-x32: @Motive.com/npMotiveRequest,version=1.0 - C:\Program Files (x86)\Common Files\Motive\npMotiveRequest.dll (Alcatel-Lucent) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @yahoo.com/BrowserPlus,version=2.9.8 - C:\Users\Amy\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.) FF Extension: No Name - C:\Users\Amy\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} FF Extension: Microsoft .NET Framework Assistant - C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\1eo4ssn2.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} FF Extension: Yahoo! Toolbar - C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\1eo4ssn2.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} FF Extension: mcciwbch - C:\Program Files (x86)\Mozilla Firefox\extensions\mcciwbch@motive.com.xpi FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] C:\Program Files (x86)\McAfee\SiteAdvisor FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] C:\Program Files (x86)\Common Files\McAfee\SystemCore FF Extension: No Name - C:\Program Files (x86)\Common Files\McAfee\SystemCore Chrome: ======= CHR HKLM-x32\...\Chrome\Extension: [edmgmpmklgfbohogafcfobonnkogchec] - C:\Program Files (x86)\Common Files\Motive\extensions\MotiveRequest.crx CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx ==================== Services (Whitelisted) ================= R2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-01] (Akamai Technologies, Inc.) R2 ATT MAHostService; C:\Program Files (x86)\ATT\8.2.1.6\ma\bin\MAHostService.exe [319488 2013-03-26] (Alcatel-Lucent) R2 dlcc_device; C:\Windows\system32\dlcccoms.exe [566768 2007-02-14] ( ) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [120592 2013-05-22] (McAfee, Inc.) R2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.) R2 mcmscsvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.) R2 McNaiAnn; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.) R2 McNASvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.) S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [383608 2012-11-16] (McAfee, Inc.) R2 McProxy; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.) R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [241456 2013-02-19] (McAfee, Inc.) R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218760 2013-02-19] (McAfee, Inc.) R2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-02-19] (McAfee, Inc.) R2 pcCMService64; C:\Program Files\Common Files\Motive\pcCMService.exe [460288 2012-11-01] (Alcatel-Lucent) R2 ProtexisLicensing; C:\Program Files (x86)\Common Files\Protexis\License Service\PSIService.exe [174656 2006-11-02] () R2 SAiAdmin; C:\Windows\SysWOW64\SAiAdmin.exe [65536 2007-08-27] (TODO: <Company name>) R2 SAiDownloader; C:\Program Files (x86)\SAi\SAi Production Suite\Program\SAiDownloaderVistaUI.exe [417792 2007-09-11] (TODO: <Company name>) R2 SAiDownloaderVista; C:\Windows\SysWOW64\SAiDownloaderVista.exe [77824 2007-09-11] (TODO: <Company name>) R2 SAiLicSvr; C:\Windows\SysWOW64\SAiLicSvr.exe [86016 2007-12-19] (SA International) R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.) R2 SentinelKeysServer; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [328992 2008-07-11] (SafeNet, Inc.) R2 yksvc; C:\Windows\System32\ykx64mpcoinst.dll [382464 2009-01-08] (Marvell) ==================== Drivers (Whitelisted) ==================== R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-02-19] (McAfee, Inc.) R3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [13088 2011-03-02] () S2 Haspnt; C:\Windows\SysWow64\drivers\Haspnt.sys [47616 2009-09-17] (Aladdin Knowledge Systems) S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179280 2013-02-19] (McAfee, Inc.) R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [309840 2013-02-19] (McAfee, Inc.) R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [515968 2013-02-19] (McAfee, Inc.) R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [771536 2013-02-19] (McAfee, Inc.) S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106552 2013-02-19] (McAfee, Inc.) R1 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [340216 2013-02-19] (McAfee, Inc.) S3 MREMP50; C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [21248 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) S3 MREMP50; C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [21248 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) S3 MREMP50a64; C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [43008 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) S3 MRESP50; C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [20096 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) S3 MRESP50; C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [20096 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) S3 MRESP50a64; C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [40960 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) S2 Par1284; C:\Program Files (x86)\FlexiSIGN 7.5v5\Program\Par1284.sys [53344 2004-07-13] (Warp Nine Engineering) S2 Par1284; C:\Program Files (x86)\FlexiSIGN 7.5v5\Program\Par1284.sys [53344 2004-07-13] (Warp Nine Engineering) R3 RTL85n64; C:\Windows\System32\DRIVERS\RTL85n64.sys [444960 2008-05-09] (Realtek) R3 SNTUSB64; C:\Windows\System32\DRIVERS\SNTUSB64.SYS [58664 2008-07-11] (SafeNet, Inc.) S3 SydexFDD; C:\Windows\SysWOW64\Drivers\sydexfdd.sys [13359 2009-08-06] (Windows ® 2000 DDK provider) S3 SydexFDD; C:\Windows\SysWOW64\Drivers\sydexfdd.sys [13359 2009-08-06] (Windows ® 2000 DDK provider) S1 Beep; No ImagePath S3 catchme; \??\C:\ComboFix\catchme.sys [x] S2 Haspnt; \??\C:\Windows\system32\drivers\Haspnt.sys [x] S3 IpInIp; system32\DRIVERS\ipinip.sys [x] U3 mfeavfk01; No ImagePath S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [x] S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [x] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x] S2 wntpport; No ImagePath ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-08-09 16:22 - 2013-08-09 16:22 - 00329216 _____ C:\Users\Amy\Desktop\johnnyduckhunt.fs 2013-08-09 14:08 - 2013-08-09 14:26 - 00664064 _____ C:\Users\Amy\Desktop\bms.fs 2013-08-09 13:07 - 2013-08-09 13:07 - 00004954 _____ C:\Users\Amy\Desktop\RKreport[0]_S_08092013_130747.txt 2013-08-09 13:05 - 2013-08-09 13:07 - 00000000 ____D C:\Users\Amy\Desktop\RK_Quarantine 2013-08-09 13:05 - 2013-08-09 13:05 - 00920576 _____ C:\Users\Amy\Desktop\RogueKiller.exe 2013-08-09 12:57 - 2013-08-12 09:08 - 00000348 _____ C:\Windows\Tasks\AmiUpdXp.job 2013-08-09 12:57 - 2013-08-09 12:57 - 00003364 _____ C:\Windows\System32\Tasks\AmiUpdXp 2013-08-09 12:57 - 2013-08-09 12:57 - 00000000 ____D C:\Users\Amy\AppData\Local\SwvUpdater 2013-08-09 12:35 - 2013-08-09 12:35 - 00002509 _____ C:\AdwCleaner[s1].txt 2013-08-09 12:34 - 2013-08-09 12:34 - 00017910 _____ C:\Users\Amy\Desktop\Wildcat11.dst 2013-08-09 12:32 - 2013-08-09 12:32 - 00004700 _____ C:\Users\Amy\Desktop\JRT.txt 2013-08-09 12:25 - 2013-08-09 12:25 - 01066136 _____ C:\Users\Amy\Desktop\Setup.exe 2013-08-09 12:23 - 2013-08-09 12:23 - 00666633 _____ C:\Users\Amy\Desktop\AdwCleaner.exe 2013-08-09 12:22 - 2013-08-09 12:22 - 00000000 ____D C:\Windows\ERUNT 2013-08-09 12:21 - 2013-08-09 12:21 - 00958036 _____ (Oleg N. Scherbakov) C:\Users\Amy\Desktop\JRT.exe 2013-08-09 11:25 - 2013-08-09 11:25 - 00211924 _____ C:\Users\Amy\Desktop\Football 1.EPS 2013-08-09 09:26 - 2013-08-09 09:26 - 00010138 _____ C:\Users\Amy\Desktop\attach.txt 2013-08-09 09:26 - 2013-08-09 09:21 - 00024109 _____ C:\Users\Amy\Desktop\dds.txt 2013-08-09 09:23 - 2013-08-09 09:25 - 00000000 ____D C:\Users\Amy\Desktop\New Folder 2013-08-09 09:15 - 2013-08-09 09:15 - 00000927 _____ C:\Users\Amy\Desktop\mbam.txt 2013-08-09 09:06 - 2013-08-09 09:06 - 00688992 ____R (Swearware) C:\Users\Amy\Desktop\dds.scr 2013-08-07 09:33 - 2013-08-07 09:33 - 00000000 ____D C:\Users\Amy\AppData\Local\Windows Live 2013-08-06 10:37 - 2013-08-06 10:37 - 00000000 ____D C:\Windows\SysWOW64\syncdb 2013-08-06 09:59 - 2013-08-06 09:59 - 00001924 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk 2013-08-06 09:56 - 2013-08-06 09:56 - 00000000 ____D C:\Users\Amy\AppData\Roaming\1O1L1I1PtF1F1C1N 2013-08-06 09:55 - 2013-08-06 09:54 - 01037120 _____ (Solid State Networks) C:\Users\Amy\Downloads\AdobeReaderSetup.exe 2013-08-06 09:09 - 2013-08-06 09:09 - 00274504 _____ C:\Windows\Minidump\Mini080613-01.dmp 2013-08-02 10:02 - 2013-08-02 10:02 - 00000000 ____D C:\Users\Amy\Documents\Add-in Express 2013-07-31 11:55 - 2013-08-09 09:20 - 00000000 ____D C:\Users\Amy\Desktop\amy 2013-07-30 11:01 - 2013-07-30 11:05 - 00000000 ____D C:\Windows\system32\MRT 2013-07-30 03:02 - 2013-07-30 03:02 - 00000000 ____D C:\74bf217706d79f526b8726bf6b 2013-07-22 12:37 - 2013-07-22 12:37 - 02818886 _____ C:\Users\Amy\Downloads\tyshayouth rev.eps ==================== One Month Modified Files and Folders ======= 2013-08-12 09:30 - 2013-08-12 09:30 - 01575246 _____ (Farbar) C:\Users\Amy\Desktop\FRST64.exe 2013-08-12 09:30 - 2006-11-02 10:22 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2013-08-12 09:30 - 2006-11-02 10:22 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2013-08-12 09:27 - 2012-01-05 15:53 - 00000000 ____D C:\Users\Amy\AppData\Roaming\Clip Art Collection 2013-08-12 09:12 - 2012-04-20 09:56 - 00000000 ____D C:\ProgramData\Kodak 2013-08-12 09:09 - 2012-04-09 08:50 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-08-12 09:08 - 2013-08-09 12:57 - 00000348 _____ C:\Windows\Tasks\AmiUpdXp.job 2013-08-12 08:47 - 2010-02-03 09:22 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-08-11 13:47 - 2010-02-03 09:22 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-08-09 16:28 - 2009-09-21 14:11 - 00021878 _____ C:\Windows\winltr.ini 2013-08-09 16:22 - 2013-08-09 16:22 - 00329216 _____ C:\Users\Amy\Desktop\johnnyduckhunt.fs 2013-08-09 16:02 - 2009-09-21 14:10 - 00000000 ____D C:\Fantastic Fonts for Embroidery 2013-08-09 16:02 - 2006-11-02 07:46 - 00709582 _____ C:\Windows\system32\PerfStringBackup.INI 2013-08-09 15:42 - 2010-02-12 12:14 - 00002655 _____ C:\Users\Amy\Desktop\CorelDRAW 12.lnk 2013-08-09 14:26 - 2013-08-09 14:08 - 00664064 _____ C:\Users\Amy\Desktop\bms.fs 2013-08-09 13:07 - 2013-08-09 13:07 - 00004954 _____ C:\Users\Amy\Desktop\RKreport[0]_S_08092013_130747.txt 2013-08-09 13:07 - 2013-08-09 13:05 - 00000000 ____D C:\Users\Amy\Desktop\RK_Quarantine 2013-08-09 13:05 - 2013-08-09 13:05 - 00920576 _____ C:\Users\Amy\Desktop\RogueKiller.exe 2013-08-09 12:57 - 2013-08-09 12:57 - 00003364 _____ C:\Windows\System32\Tasks\AmiUpdXp 2013-08-09 12:57 - 2013-08-09 12:57 - 00000000 ____D C:\Users\Amy\AppData\Local\SwvUpdater 2013-08-09 12:43 - 2009-07-06 10:42 - 01987637 _____ C:\Windows\WindowsUpdate.log 2013-08-09 12:38 - 2006-11-02 10:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-08-09 12:37 - 2008-01-20 22:26 - 00451008 _____ C:\Windows\PFRO.log 2013-08-09 12:35 - 2013-08-09 12:35 - 00002509 _____ C:\AdwCleaner[s1].txt 2013-08-09 12:35 - 2006-11-02 10:42 - 00032580 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2013-08-09 12:34 - 2013-08-09 12:34 - 00017910 _____ C:\Users\Amy\Desktop\Wildcat11.dst 2013-08-09 12:32 - 2013-08-09 12:32 - 00004700 _____ C:\Users\Amy\Desktop\JRT.txt 2013-08-09 12:25 - 2013-08-09 12:25 - 01066136 _____ C:\Users\Amy\Desktop\Setup.exe 2013-08-09 12:23 - 2013-08-09 12:23 - 00666633 _____ C:\Users\Amy\Desktop\AdwCleaner.exe 2013-08-09 12:22 - 2013-08-09 12:22 - 00000000 ____D C:\Windows\ERUNT 2013-08-09 12:21 - 2013-08-09 12:21 - 00958036 _____ (Oleg N. Scherbakov) C:\Users\Amy\Desktop\JRT.exe 2013-08-09 12:08 - 2009-09-25 15:25 - 00000000 ____D C:\Users\Amy\Documents\Flexi art 2013-08-09 11:25 - 2013-08-09 11:25 - 00211924 _____ C:\Users\Amy\Desktop\Football 1.EPS 2013-08-09 09:26 - 2013-08-09 09:26 - 00010138 _____ C:\Users\Amy\Desktop\attach.txt 2013-08-09 09:25 - 2013-08-09 09:23 - 00000000 ____D C:\Users\Amy\Desktop\New Folder 2013-08-09 09:21 - 2013-08-09 09:26 - 00024109 _____ C:\Users\Amy\Desktop\dds.txt 2013-08-09 09:20 - 2013-07-31 11:55 - 00000000 ____D C:\Users\Amy\Desktop\amy 2013-08-09 09:15 - 2013-08-09 09:15 - 00000927 _____ C:\Users\Amy\Desktop\mbam.txt 2013-08-09 09:06 - 2013-08-09 09:06 - 00688992 ____R (Swearware) C:\Users\Amy\Desktop\dds.scr 2013-08-08 09:06 - 2012-07-11 08:42 - 00000950 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2013-08-08 09:06 - 2012-07-11 08:42 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-08-08 09:01 - 2011-07-28 11:15 - 00000000 ____D C:\Users\Amy\AppData\Local\Meebo 2013-08-08 08:52 - 2009-12-11 09:34 - 00000000 ____D C:\Windows\Minidump 2013-08-08 08:52 - 2009-12-11 09:33 - 781185219 _____ C:\Windows\MEMORY.DMP 2013-08-07 15:38 - 2006-11-02 10:27 - 00172142 _____ C:\Windows\setupact.log 2013-08-07 15:07 - 2012-03-22 12:44 - 00000000 ____D C:\Users\Amy\AppData\Roaming\Audacity 2013-08-07 15:07 - 2011-11-09 19:23 - 00000000 ____D C:\Users\Amy\AppData\Local\Akamai 2013-08-07 15:07 - 2011-09-26 10:39 - 00000000 ____D C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Shop to Win 12 2013-08-07 15:07 - 2011-06-15 09:56 - 00000000 ____D C:\Users\Amy\AppData\Roaming\Skype 2013-08-07 15:07 - 2009-09-21 09:25 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy 2013-08-07 15:07 - 2009-09-16 12:00 - 00000000 ____D C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Power2Go 2013-08-07 15:07 - 2009-04-10 00:45 - 00000000 ____D C:\Program Files (x86)\Windows Live SkyDrive 2013-08-07 15:07 - 2009-04-10 00:45 - 00000000 ____D C:\Program Files (x86)\Windows Live 2013-08-07 15:07 - 2006-11-02 08:34 - 00000000 ____D C:\Windows\system32\spool 2013-08-07 15:07 - 2006-11-02 08:34 - 00000000 ____D C:\Windows\system32\Msdtc 2013-08-07 15:07 - 2006-11-02 08:33 - 00000000 ____D C:\Windows\rescache 2013-08-07 15:07 - 2006-11-02 08:33 - 00000000 ____D C:\Windows\registration 2013-08-07 15:07 - 2006-11-02 07:33 - 77594624 _____ C:\Windows\system32\config\software_previous 2013-08-07 15:07 - 2006-11-02 07:33 - 37748736 _____ C:\Windows\system32\config\system_previous 2013-08-07 15:06 - 2012-04-20 10:01 - 00000000 ____D C:\Windows\SysWOW64\kodak 2013-08-07 15:05 - 2009-07-06 11:03 - 00000000 ____D C:\ProgramData\CyberLink 2013-08-07 15:03 - 2011-09-26 10:40 - 00000000 ____D C:\Program Files (x86)\GIMP-2.0 2013-08-07 15:02 - 2009-07-06 11:02 - 00000000 ____D C:\Program Files (x86)\Cyberlink 2013-08-07 14:53 - 2006-11-02 07:33 - 54525952 _____ C:\Windows\system32\config\components_previous 2013-08-07 14:53 - 2006-11-02 07:33 - 00057344 _____ C:\Windows\system32\config\sam_previous 2013-08-07 12:34 - 2009-09-16 12:03 - 00376680 _____ C:\Users\Amy\AppData\Local\GDIPFONTCACHEV1.DAT 2013-08-07 12:19 - 2012-07-10 16:11 - 00000000 ____D C:\Windows\18F97AF04F884494AFE25A5702E142CC.TMP 2013-08-07 12:11 - 2013-05-15 11:18 - 00376680 _____ C:\Windows\system32\GDIPFONTCACHEV1.DAT 2013-08-07 12:09 - 2009-09-16 12:00 - 00000000 ____D C:\Users\Amy 2013-08-07 11:49 - 2006-11-02 07:33 - 00786432 _____ C:\Windows\system32\config\default_previous 2013-08-07 11:49 - 2006-11-02 07:33 - 00020480 _____ C:\Windows\system32\config\security_previous 2013-08-07 10:38 - 2009-04-10 00:23 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2013-08-07 10:33 - 2012-04-20 10:03 - 00000000 ____D C:\Users\Amy\AppData\Local\Eastman_Kodak_Company 2013-08-07 10:32 - 2012-04-20 09:58 - 00000000 ____D C:\Program Files (x86)\Kodak 2013-08-07 09:35 - 2006-11-02 08:33 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared 2013-08-07 09:34 - 2009-04-10 00:47 - 00063470 _____ C:\Windows\DirectX.log 2013-08-07 09:33 - 2013-08-07 09:33 - 00000000 ____D C:\Users\Amy\AppData\Local\Windows Live 2013-08-07 09:01 - 2006-11-02 10:21 - 01069544 _____ C:\Windows\system32\FNTCACHE.DAT 2013-08-06 10:43 - 2009-04-10 00:49 - 00000000 ____D C:\ProgramData\Adobe 2013-08-06 10:43 - 2009-04-10 00:49 - 00000000 ____D C:\Program Files (x86)\Adobe 2013-08-06 10:37 - 2013-08-06 10:37 - 00000000 ____D C:\Windows\SysWOW64\syncdb 2013-08-06 10:14 - 2009-09-28 10:00 - 00000000 ____D C:\Program Files (x86)\Corel 2013-08-06 10:03 - 2011-06-15 09:56 - 00000000 ____D C:\ProgramData\Skype 2013-08-06 10:02 - 2009-09-21 13:35 - 00000000 ____D C:\Users\Amy\AppData\Local\Adobe 2013-08-06 09:59 - 2013-08-06 09:59 - 00001924 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk 2013-08-06 09:56 - 2013-08-06 09:56 - 00000000 ____D C:\Users\Amy\AppData\Roaming\1O1L1I1PtF1F1C1N 2013-08-06 09:54 - 2013-08-06 09:55 - 01037120 _____ (Solid State Networks) C:\Users\Amy\Downloads\AdobeReaderSetup.exe 2013-08-06 09:09 - 2013-08-06 09:09 - 00274504 _____ C:\Windows\Minidump\Mini080613-01.dmp 2013-08-02 10:02 - 2013-08-02 10:02 - 00000000 ____D C:\Users\Amy\Documents\Add-in Express 2013-08-02 10:02 - 2010-05-25 10:16 - 00000000 ____D C:\ProgramData\WinZip 2013-07-31 11:29 - 2009-09-17 15:33 - 00000000 ____D C:\Program Files (x86)\Yahoo! 2013-07-30 11:05 - 2013-07-30 11:01 - 00000000 ____D C:\Windows\system32\MRT 2013-07-30 03:02 - 2013-07-30 03:02 - 00000000 ____D C:\74bf217706d79f526b8726bf6b 2013-07-26 10:34 - 2009-09-16 12:00 - 00000000 ____D C:\Program Files (x86)\Google 2013-07-24 11:02 - 2009-09-17 13:46 - 00000000 ____D C:\Users\Amy\AppData\Local\Google 2013-07-22 12:37 - 2013-07-22 12:37 - 02818886 _____ C:\Users\Amy\Downloads\tyshayouth rev.eps 2013-07-17 11:05 - 2009-09-28 10:04 - 00002984 ___SH C:\Windows\SysWOW64\KGyGaAvL.sys 2013-07-17 11:05 - 2009-09-28 10:04 - 00000088 __RSH C:\Windows\SysWOW64\8901C0D7E9.sys 2013-07-15 13:42 - 2010-02-03 09:22 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2013-07-15 13:42 - 2010-02-03 09:22 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender LastRegBack: 2013-08-12 01:28 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-08-2013 02 Ran by Amy at 2013-08-12 09:35:00 Running from C:\Users\Amy\Desktop Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= Update for Microsoft Office 2007 (KB2508958) (x32) Acrobat.com (x32 Version: 0.0.0) Acrobat.com (x32 Version: 1.1.377) Adobe AIR (x32 Version: 2.5.1.17730) Adobe Community Help (x32 Version: 3.2.1) Adobe Community Help (x32 Version: 3.2.1.650) Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224) Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224) Adobe Reader Free Download Packages (HKCU) Adobe Reader XI (11.0.03) (x32 Version: 11.0.03) aioscnnr (x32 Version: 7.3.4.0) Akamai NetSession Interface (HKCU) Akamai NetSession Interface Service (x32) Apple Application Support (x32 Version: 1.2.1) Apple Software Update (x32 Version: 2.1.1.116) ATI Catalyst Install Manager (Version: 3.0.704.0) ATT Management Agent (x32 Version: 8.2.1.6) Bing Bar (x32 Version: 7.0.822.0) C4USelfUpdater (x32 Version: 1.00.0000) Canon MF Toolbox 4.9.1.1.mf12 (x32 Version: 4.9.1.1.mf12) Canon MF4500w Series (Version: 3.9.0.0) Catalyst Control Center - Branding (x32 Version: 1.00.0000) Catalyst Control Center Core Implementation (x32 Version: 2008.1210.1623.29379) Catalyst Control Center Graphics Full Existing (x32 Version: 2008.1210.1623.29379) Catalyst Control Center Graphics Full New (x32 Version: 2008.1210.1623.29379) Catalyst Control Center Graphics Light (x32 Version: 2008.1210.1623.29379) Catalyst Control Center Graphics Previews Vista (x32 Version: 2008.1210.1623.29379) Catalyst Control Center InstallProxy (x32 Version: 2008.1210.1623.29379) Catalyst Control Center Localization Danish (x32 Version: 2008.1210.1623.29379) Catalyst Control Center Localization Dutch (x32 Version: 2008.1210.1623.29379) Catalyst Control Center Localization Finnish (x32 Version: 2008.1210.1623.29379) Catalyst Control Center Localization French (x32 Version: 2008.1210.1623.29379) Catalyst Control Center Localization German (x32 Version: 2008.1210.1623.29379) Catalyst Control Center Localization Italian (x32 Version: 2008.1210.1623.29379) Catalyst Control Center Localization Japanese (x32 Version: 2008.1210.1623.29379) Catalyst Control Center Localization Norwegian (x32 Version: 2008.1210.1623.29379) Catalyst Control Center Localization Spanish (x32 Version: 2008.1210.1623.29379) Catalyst Control Center Localization Swedish (x32 Version: 2008.1210.1623.29379) CCC Help Danish (x32 Version: 2008.1210.1622.29379) CCC Help Dutch (x32 Version: 2008.1210.1622.29379) CCC Help English (x32 Version: 2008.1210.1622.29379) CCC Help Finnish (x32 Version: 2008.1210.1622.29379) CCC Help French (x32 Version: 2008.1210.1622.29379) CCC Help German (x32 Version: 2008.1210.1622.29379) CCC Help Italian (x32 Version: 2008.1210.1622.29379) CCC Help Japanese (x32 Version: 2008.1210.1622.29379) CCC Help Norwegian (x32 Version: 2008.1210.1622.29379) CCC Help Spanish (x32 Version: 2008.1210.1622.29379) CCC Help Swedish (x32 Version: 2008.1210.1622.29379) ccc-core-static (x32 Version: 2008.1210.1623.29379) ccc-utility64 (Version: 2008.1210.1623.29379) center (x32 Version: 6.2.5.0) Clip Art Collection (x32 Version: 1.0.0.0) Compatibility Pack for the 2007 Office system (x32 Version: 12.0.6612.1000) CorelDRAW Graphics Suite 12 (x32 Version: 12.0.0.458) CyberLink Power2Go (x32 Version: 6.0.2705) Embroidery Fonts Plus (x32 Version: 2.0.0000) essentials (x32 Version: 6.0.14.0) EZ Fonts (x32 Version: 1.0.0) EZgram Home Edition (x32) Fantastic Fonts for Embroidery (x32) File Type Assistant (x32) FlexiSIGN 7.5v5 (x32) Gateway Games (x32 Version: 1.0.0.52) Gateway Photo Frame 4.2.3.6 (x32 Version: 4.2.3.6) Gateway Recovery Management (x32 Version: 4.00.3008) Gateway ScreenSaver (x32 Version: 1.0.0.413) GIMP 2.6.11 (x32 Version: 2.6.11) Google Toolbar for Internet Explorer (x32 Version: 1.0.0) Google Toolbar for Internet Explorer (x32 Version: 7.5.4209.2358) Google Update Helper (x32 Version: 1.3.21.153) HASP Device Drivers (x32) Java Auto Updater (x32 Version: 2.0.7.1) Java 6 Update 31 (x32 Version: 6.0.310) Java 6 Update 5 (x32 Version: 1.6.0.50) Junk Mail filter update (x32 Version: 14.0.8089.726) KB0817 Keyboard Driver (x32 Version: 1.30.0000) Kodak AIO Printer (Version: 7.4.0.0) KODAK AiO Software (x32 Version: 7.4.5.40) Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300) Marvell Miniport Driver (x32 Version: 10.67.3.3) McAfee SecurityCenter (x32 Version: 11.6.511) McAfee Virtual Technician (x32 Version: 7.1.0.2483) Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft Application Error Reporting (Version: 12.0.6015.5000) Microsoft Choice Guard (x32 Version: 2.0.48.0) Microsoft Money Essentials (x32 Version: 16) Microsoft Money Shared Libraries (x32 Version: 16.0.0.705) Microsoft Office 2007 Service Pack 3 (SP3) (x32) Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003) Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000) Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office PowerPoint Viewer 2007 (English) (x32 Version: 12.0.6612.1000) Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014) Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32) Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000) Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000) Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Suite Activation Assistant (x32 Version: 2.9) Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000) Microsoft Silverlight (x32 Version: 5.1.20513.0) Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000) Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.50727.42) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000) Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161) Microsoft Works (x32 Version: 9.7.0621) Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053) Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053) Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053) Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000) Mozilla Firefox 22.0 (x86 en-US) (x32 Version: 22.0) Mozilla Maintenance Service (x32 Version: 22.0) MSVCRT (x32 Version: 14.0.1468.721) MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0) NVIDIA Drivers ocr (x32 Version: 6.2.3.50) PL-2303 USB-to-Serial (x32 Version: 1.00.000) PreReq (x32 Version: 6.2.3.0) QuickTime (x32 Version: 7.66.71.0) re Systems PCI-SV92PP Soft Modem Realtek High Definition Audio Driver (x32 Version: 6.0.1.5821) SAi Production Suite (x32 Version: 1.00.0000) Scrapbook Factory (x32 Version: 2.00.0004) Sentinel Protection Installer 7.5.0 (x32 Version: 7.5.0) Shared C Run-time for x64 (Version: 10.0.0) Skins (x32 Version: 2008.1210.1623.29379) Smart Sizer Platinum (HKCU Version: 3.2.6.4) Smart Sizer Platinum (x32 Version: 3.2.6.4) Software Version Updater (x32 Version: 1.1.3.8) Spybot - Search & Destroy (x32 Version: 1.6.2) SpyHunter (Version: 4.9.11.3987) Update for 2007 Microsoft Office System (KB967642) (x32) Update for Microsoft .NET Framework 3.5 SP1 (KB2836940) (x32 Version: 1) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1) Update for Microsoft Office 2007 Help for Common Features (KB963673) (x32) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32) Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (x32) Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (x32) Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32) Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32) Update for Microsoft Office Excel 2007 Help (KB963678) (x32) Update for Microsoft Office OneNote 2007 Help (KB963670) (x32) Update for Microsoft Office Powerpoint 2007 Help (KB963669) (x32) Update for Microsoft Office Script Editor Help (KB963671) (x32) Update for Microsoft Office Word 2007 Help (KB963665) (x32) Update Manager (x32 Version: 4.60) Visual C++ 8.0 Runtime Setup Package (x64) (x32 Version: 9.0.0.623) WD SmartWare (Version: 1.1.1.6) WebEx (x32) Wilcom TrueSizer (x32 Version: 12.0.0004) Windows Driver Package - YUAN TV DRIVER (cxpl_mhd) Media (03/21/2009 6.0.64.0057) (Version: 03/21/2009 6.0.64.0057) Windows Live Call (x32 Version: 14.0.8064.0206) Windows Live Communications Platform (x32 Version: 14.0.8064.206) Windows Live Essentials (x32 Version: 14.0.8089.0726) Windows Live Essentials (x32 Version: 14.0.8089.726) Windows Live Mail (x32 Version: 14.0.8089.0726) Windows Live Messenger (x32 Version: 14.0.8089.0726) Windows Live Photo Gallery (x32 Version: 14.0.8081.709) Windows Live Sign-in Assistant (x32 Version: 5.000.818.6) Windows Live Sync (x32 Version: 14.0.8089.726) Windows Live Upload Tool (x32 Version: 14.0.8014.1029) Windows Live Writer (x32 Version: 14.0.8089.0726) Yahoo! BrowserPlus 2.9.8 (HKCU) Yahoo! Software Update (x32) Yahoo! Toolbar (x32) ==================== Restore Points ========================= 31-05-2013 17:39:40 Scheduled Checkpoint 04-06-2013 08:59:26 Scheduled Checkpoint 05-06-2013 22:09:54 Scheduled Checkpoint 07-06-2013 17:45:30 Scheduled Checkpoint 10-06-2013 17:26:04 Scheduled Checkpoint 12-06-2013 20:45:29 Scheduled Checkpoint 13-06-2013 08:01:23 Windows Update 14-06-2013 17:41:27 Scheduled Checkpoint 17-06-2013 20:28:29 Scheduled Checkpoint 19-06-2013 20:21:57 Scheduled Checkpoint 20-06-2013 21:57:17 Scheduled Checkpoint 21-06-2013 21:43:38 Scheduled Checkpoint 22-06-2013 08:01:26 Windows Update 24-06-2013 14:15:02 Windows Update 25-06-2013 08:00:29 Windows Update 26-06-2013 22:02:08 Scheduled Checkpoint 03-07-2013 16:44:04 Scheduled Checkpoint 08-07-2013 16:10:48 Scheduled Checkpoint 09-07-2013 20:22:48 Scheduled Checkpoint 10-07-2013 13:43:14 Scheduled Checkpoint 11-07-2013 13:51:28 Scheduled Checkpoint 12-07-2013 08:01:33 Windows Update 15-07-2013 19:49:18 Scheduled Checkpoint 16-07-2013 13:42:55 Scheduled Checkpoint 17-07-2013 22:01:56 Scheduled Checkpoint 18-07-2013 21:18:58 Scheduled Checkpoint 19-07-2013 19:39:39 Scheduled Checkpoint 22-07-2013 21:30:24 Scheduled Checkpoint 24-07-2013 20:52:39 Scheduled Checkpoint 25-07-2013 17:17:26 Scheduled Checkpoint 29-07-2013 20:15:21 Scheduled Checkpoint 30-07-2013 08:00:54 Windows Update 30-07-2013 15:47:45 Windows Update 31-07-2013 16:29:54 Removed SpyHunter 01-08-2013 20:37:41 Scheduled Checkpoint 02-08-2013 15:00:29 Removed WinZip 17.5 05-08-2013 20:53:58 Scheduled Checkpoint 06-08-2013 14:18:24 Windows Backup 06-08-2013 15:02:02 Removed Skype™ 5.10 06-08-2013 15:06:10 Removed Skype Toolbars 06-08-2013 15:11:27 Removed CorelDRAW Graphics Suite X3 06-08-2013 15:19:46 Removed Adobe Photoshop Elements 9. 07-08-2013 14:28:50 Windows Update 07-08-2013 15:34:24 Configured Power2Go 07-08-2013 17:17:15 Removed SpyHunter 08-08-2013 13:56:11 Removed SpyHunter 09-08-2013 22:19:19 Scheduled Checkpoint 11-08-2013 05:00:03 Scheduled Checkpoint 12-08-2013 00:00:06 Windows Backup ==================== Hosts content: ========================== 2006-11-02 07:34 - 2012-07-12 12:48 - 00000027 ____N C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} - System32\Tasks\Microsoft\Windows\MobilePC\TMM Task: {192DDA2D-5815-47B8-983F-65744FEEC03A} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages Task: {254095AE-FB97-48EA-94A5-D8BF2AB79714} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation) Task: {39771AF2-351D-45E1-8B56-9A6BCF6D9586} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2008-07-30] (Apple Inc.) Task: {4A8468AF-E05E-4FCE-9073-87AF93DD1791} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-02-03] (Google Inc.) Task: {77DFEF52-C0ED-4B0E-AA70-6FAA3D9A6D8B} - System32\Tasks\Acer\Burn Notification => C:\Program Files\Gateway\Gateway Recovery Management\NotificationCenter\Notification.exe [2009-04-20] (Acer) Task: {7C638E5B-ECE5-4424-A7E5-2C913CA682E9} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI Task: {829383F5-9360-41DD-B194-52F5D2F310BE} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\system32\rundll32.exe [2006-11-02] (Microsoft Corporation) Task: {8540A123-EA65-4272-9A21-F9E2CE6449F2} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\schtasks.exe [2008-01-20] (Microsoft Corporation) Task: {873FDFBB-D3EF-492D-8AC0-9A5A7F3B3582} - System32\Tasks\Microsoft\Windows\WindowsBackup\CheckFull => C:\Windows\System32\sdclt.exe [2010-12-14] (Microsoft Corporation) Task: {8F5110A8-B304-42E7-8C4E-7E32B5B99B8E} - System32\Tasks\ProgramUpdateCheck => C:\Program Files (x86)\File Type Assistant\TSAssist.exe [2012-02-28] (Trusted Software ApS) Task: {A11D9B14-135D-413F-A40F-C2DA520E449D} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Amy => C:\Program Files\Windows Calendar\WinCal.exe [2008-01-20] (Microsoft Corporation) Task: {A9683382-0125-42BE-A29E-E39819CD3AF7} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\OptinNotification => C:\Windows\System32\wsqmcons.exe [2008-01-20] (Microsoft Corporation) Task: {B2471C96-6082-4AFB-A4D3-24B8AE499EF1} - System32\Tasks\{403568FF-F792-4EF3-BE96-61C384524891} => C:\Program Files (x86)\Skype\\Phone\Skype.exe No File Task: {BB87A277-8333-4F80-89BE-CE6813F18410} - System32\Tasks\AmiUpdXp => C:\Users\Amy\AppData\Local\SwvUpdater\Updater.exe [2013-08-09] (Amonetize ltd.) Task: {C77E7BE4-FEAE-4AA4-A6A9-FD67AE703E03} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-11] (Adobe Systems Incorporated) Task: {D11B4B08-A2F5-4573-9B06-1B586821335C} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe [2012-06-02] (Enigma Software Group USA, LLC.) Task: {DFB08081-4C2B-457F-BA47-B236CD2CF97A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-02-03] (Google Inc.) Task: {E5014A45-9172-4A85-BEB2-4F4BDD6BF13E} - System32\Tasks\MHotkey => C:\Windows\MHotKey.exe [2008-05-30] () Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] () Task: {EE2517D5-479F-41D8-AAB0-6499BB6E775F} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\System32\sdclt.exe [2010-12-14] (Microsoft Corporation) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\AmiUpdXp.job => C:\Users\Amy\AppData\Local\SwvUpdater\Updater.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Faulty Device Manager Devices ============= Name: Microsoft Tun Miniport Adapter #2 Description: Microsoft Tun Miniport Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunmp Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: Microsoft PS/2 Mouse Description: Microsoft PS/2 Mouse Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: i8042prt Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== Error: (08/12/2013 01:01:43 AM) (Source: Windows Search Service) (User: ) Description: The entry <C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\MCAFEE\MCAFEE SECURITYCENTER.LNK> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Error: (08/12/2013 01:01:43 AM) (Source: Windows Search Service) (User: ) Description: The entry <C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\MCAFEE\MCAFEE SECURITYCENTER.LNK> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Error: (08/09/2013 04:32:21 PM) (Source: Application Hang) (User: ) Description: The program App.exe version 8.0.0.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: 13bc Start Time: 01ce952ce5d42cd6 Termination Time: 31 Error: (08/09/2013 00:38:44 PM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1". Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (08/09/2013 00:38:44 PM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1". Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (08/09/2013 00:38:43 PM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1". Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (08/09/2013 00:38:43 PM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1". Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (08/09/2013 00:38:43 PM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1". Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (08/09/2013 00:38:43 PM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1". Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (08/09/2013 00:38:43 PM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1". Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found. Please use sxstrace.exe for detailed diagnosis. System errors: ============= Error: (08/09/2013 04:05:45 PM) (Source: Print) (User: Top-Brass) Description: The document terri, owned by Amy, failed to print on printer HP LaserJet 5Si. Try to print the document again, or restart the print spooler. Data type: NT EMF 1.008. Size of the spool file in bytes: 81004. Number of bytes printed: 0. Total number of pages in the document: 1. Number of pages printed: 0. Client computer: \\TOP-BRASS. Win32 error code returned by the print processor: terri0. terri1 Error: (08/09/2013 00:38:47 PM) (Source: Service Control Manager) (User: ) Description: Beep Error: (08/09/2013 00:38:41 PM) (Source: Service Control Manager) (User: ) Description: Par1284%%1275 Error: (08/09/2013 00:38:41 PM) (Source: Service Control Manager) (User: ) Description: wntpport%%2 Error: (08/09/2013 00:38:41 PM) (Source: Service Control Manager) (User: ) Description: Haspnt%%1275 Error: (08/09/2013 00:38:41 PM) (Source: Service Control Manager) (User: ) Description: Windows Firewall5 (0x5) Error: (08/09/2013 00:38:33 PM) (Source: Application Popup) (User: ) Description: \??\C:\Program Files (x86)\FlexiSIGN 7.5v5\Program\Par1284.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error: (08/09/2013 00:38:24 PM) (Source: Application Popup) (User: ) Description: \??\C:\Windows\SysWow64\drivers\Haspnt.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error: (08/09/2013 00:35:36 PM) (Source: DCOM) (User: ) Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} Microsoft Office Sessions: ========================= CodeIntegrity Errors: =================================== Date: 2013-08-09 12:38:33.229 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\FlexiSIGN 7.5v5\Program\Par1284.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-08-09 12:38:32.870 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\FlexiSIGN 7.5v5\Program\Par1284.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-08-08 12:04:33.029 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\drivers\SYDEXFDD.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-08-08 12:04:32.764 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\drivers\SYDEXFDD.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-08-08 09:38:08.417 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\FlexiSIGN 7.5v5\Program\Par1284.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-08-08 09:38:08.105 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\FlexiSIGN 7.5v5\Program\Par1284.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-08-08 08:53:05.001 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\FlexiSIGN 7.5v5\Program\Par1284.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-08-08 08:53:04.657 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\FlexiSIGN 7.5v5\Program\Par1284.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-08-07 12:38:56.996 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\drivers\SYDEXFDD.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-08-07 12:38:56.721 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\drivers\SYDEXFDD.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Percentage of memory in use: 33% Total physical RAM: 7934.26 MB Available physical RAM: 5310.97 MB Total Pagefile: 16057.04 MB Available Pagefile: 11715.3 MB Total Virtual: 8192 MB Available Virtual: 8191.84 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:916.86 GB) (Free:721.59 GB) NTFS (Disk=0 Partition=2) ==>[Drive with boot components (obtained from BCD)] Drive d: (040722_1136) (CDROM) (Total:0.57 GB) (Free:0 GB) CDFS Drive k: (WD SmartWare) (CDROM) (Total:0.63 GB) (Free:0 GB) UDF Drive l: (My Passport) (Fixed) (Total:232.23 GB) (Free:223.72 GB) NTFS (Disk=6 Partition=1) ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 932 GB) (Disk ID: 5052995B) Partition 1: (Not Active) - (Size=15 GB) - (Type=27) Partition 2: (Active) - (Size=917 GB) - (Type=07 NTFS) ======================================================== Disk: 6 (MBR Code: Windows XP) (Size: 232 GB) (Disk ID: 0006B2D9) Partition 1: (Not Active) - (Size=232 GB) - (Type=07 NTFS) ==================== End Of Log ============================ **side note..i will never understand how you make heads or tails of all that^^^ LOL
  14. i guess i am asking if you would try to clean it first, rather than wiping it first?
  15. sorry for the late reply, this is my work computer! if i back up all my files and programs to re format, is there a chance they will be infected? what would you personally reccomend? if i were to change all passwords from a clean computer, and not use this one for that kind of activity again, would that be ok?