dixiechs88

Honorary Members

View Profile See their activity

Posts
41
Joined
July 11, 2012
Last visited
August 20, 2013

Content Type

All Activity

Events

Profiles

Forums

Topics
Posts

Everything posted by dixiechs88

am i infected?!

dixiechs88 replied to dixiechs88's topic in Resolved Malware Removal Logs

they appear to be great! i am sorry for my late replies, i have been on and off work
- August 20, 2013
- 39 replies
am i infected?!

dixiechs88 replied to dixiechs88's topic in Resolved Malware Removal Logs

Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.08.19.05 Windows Vista Service Pack 2 x64 NTFS Internet Explorer 9.0.8112.16421 Amy :: TOP-BRASS [administrator] 8/19/2013 1:53:33 PM mbam-log-2013-08-19 (13-53-33).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 224083 Time elapsed: 4 minute(s), 15 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
- August 19, 2013
- 39 replies
am i infected?!

dixiechs88 replied to dixiechs88's topic in Resolved Malware Removal Logs

Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.08.16.04 Windows Vista Service Pack 2 x64 NTFS Internet Explorer 9.0.8112.16421 Amy :: TOP-BRASS [administrator] 8/19/2013 9:49:49 AM mbam-log-2013-08-19 (09-49-49).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 223137 Time elapsed: 6 minute(s), 29 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
- August 19, 2013
- 39 replies
am i infected?!

dixiechs88 replied to dixiechs88's topic in Resolved Malware Removal Logs

the mbam log seemed wierd... 2013/08/16 09:53:52 -0500 TOP-BRASS Amy MESSAGE Starting database refresh 2013/08/16 09:54:12 -0500 TOP-BRASS
- August 16, 2013
- 39 replies
am i infected?!

dixiechs88 replied to dixiechs88's topic in Resolved Malware Removal Logs

C:\Program Files (x86)\ConservativeTalkNow_4nEI\Installr\1.bin\4nEIPlug.dll Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined C:\Program Files (x86)\ConservativeTalkNow_4nEI\Installr\1.bin\4nEZSETP.dll a variant of Win32/Toolbar.MyWebSearch.Q application cleaned by deleting - quarantined C:\Program Files (x86)\ConservativeTalkNow_4nEI\Installr\1.bin\NP4nEISb.dll Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined C:\Users\Amy\AppData\Roaming\1O1L1I1PtF1F1C1N\Adobe Reader Free Download Packages\uninstaller.exe a variant of Win32/InstallCore.AZ application cleaned by deleting - quarantined C:\Users\Amy\Desktop\fix files\Setup.exe a variant of Win32/Adware.iBryte.G application cleaned by deleting - quarantined 2013/08/16 09:53:52 -0500 TOP-BRASS Amy MESSAGE Starting database refresh 2013/08/16 09:54:12 -0500 TOP-BRASS
- August 16, 2013
- 39 replies
am i infected?!

dixiechs88 replied to dixiechs88's topic in Resolved Malware Removal Logs

ComboFix 13-08-14.02 - Amy 08/15/2013 13:43:12.3.4 - x64 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.7934.5874 [GMT -5:00] Running from: c:\users\Amy\Desktop\ComboFix.exe Command switches used :: c:\users\Amy\Desktop\CFScript.txt AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892} FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9} SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2013-07-15 to 2013-08-15 ))))))))))))))))))))))))))))))) . . 2013-08-15 19:01 . 2013-08-15 19:01 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp 2013-08-15 19:01 . 2013-08-15 19:01 -------- d-----w- c:\users\Public\AppData\Local\temp 2013-08-15 19:01 . 2013-08-15 19:01 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-08-15 15:01 . 2013-08-15 19:01 -------- d-----w- c:\users\Amy\AppData\Local\temp 2013-08-09 17:57 . 2013-08-09 17:57 -------- d-----w- c:\users\Amy\AppData\Local\SwvUpdater 2013-08-09 17:22 . 2013-08-09 17:22 -------- d-----w- c:\windows\ERUNT 2013-08-07 14:33 . 2013-08-07 14:33 -------- d-----w- c:\users\Amy\AppData\Local\Windows Live 2013-08-06 15:37 . 2013-08-06 15:37 -------- d-----w- c:\windows\SysWow64\syncdb 2013-08-06 14:56 . 2013-08-06 14:56 -------- d-----w- c:\users\Amy\AppData\Roaming\1O1L1I1PtF1F1C1N 2013-07-30 16:01 . 2013-07-30 16:05 -------- d-----w- c:\windows\system32\MRT 2013-07-30 08:02 . 2013-07-30 08:02 -------- d-----w- C:\74bf217706d79f526b8726bf6b . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-06-24 05:57 . 2006-11-02 12:35 78277128 ----a-w- c:\windows\system32\mrt.exe 2013-06-11 19:09 . 2012-04-09 13:50 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-06-11 19:09 . 2011-09-12 13:20 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-06-04 02:03 . 2013-07-11 14:00 2775040 ----a-w- c:\windows\system32\win32k.sys 2013-06-01 04:19 . 2013-07-11 14:01 619008 ----a-w- c:\windows\system32\qedit.dll 2013-06-01 04:06 . 2013-07-11 14:01 505344 ----a-w- c:\windows\SysWow64\qedit.dll 2013-05-29 06:15 . 2013-07-12 08:04 17829376 ----a-w- c:\windows\system32\mshtml.dll 2013-05-29 05:50 . 2013-07-12 08:04 10926080 ----a-w- c:\windows\system32\ieframe.dll 2013-05-29 05:43 . 2013-07-12 08:04 2312704 ----a-w- c:\windows\system32\jscript9.dll 2013-05-29 05:36 . 2013-07-12 08:04 1346560 ----a-w- c:\windows\system32\urlmon.dll 2013-05-29 05:35 . 2013-07-12 08:04 1392128 ----a-w- c:\windows\system32\wininet.dll 2013-05-29 05:34 . 2013-07-12 08:04 1494528 ----a-w- c:\windows\system32\inetcpl.cpl 2013-05-29 05:33 . 2013-07-12 08:04 237056 ----a-w- c:\windows\system32\url.dll 2013-05-29 05:31 . 2013-07-12 08:04 85504 ----a-w- c:\windows\system32\jsproxy.dll 2013-05-29 05:29 . 2013-07-12 08:04 173056 ----a-w- c:\windows\system32\ieUnatt.exe 2013-05-29 05:29 . 2013-07-12 08:04 816640 ----a-w- c:\windows\system32\jscript.dll 2013-05-29 05:29 . 2013-07-12 08:04 599040 ----a-w- c:\windows\system32\vbscript.dll 2013-05-29 05:27 . 2013-07-12 08:04 729088 ----a-w- c:\windows\system32\msfeeds.dll 2013-05-29 05:27 . 2013-07-12 08:04 2147840 ----a-w- c:\windows\system32\iertutil.dll 2013-05-29 05:25 . 2013-07-12 08:04 96768 ----a-w- c:\windows\system32\mshtmled.dll 2013-05-29 05:25 . 2013-07-12 08:04 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2013-05-29 05:18 . 2013-07-12 08:04 248320 ----a-w- c:\windows\system32\ieui.dll 2013-05-29 01:50 . 2013-07-12 08:04 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll 2013-05-29 01:41 . 2013-07-12 08:04 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2013-05-29 01:41 . 2013-07-12 08:04 1129472 ----a-w- c:\windows\SysWow64\wininet.dll 2013-05-29 01:37 . 2013-07-12 08:04 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2013-05-29 01:36 . 2013-07-12 08:04 420864 ----a-w- c:\windows\SysWow64\vbscript.dll 2013-05-29 01:33 . 2013-07-12 08:04 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb . . (((((((((((((((((((((((((((((((((((((((((((( Look ))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . ---- Directory of c:\users\Amy\AppData\Roaming\1O1L1I1PtF1F1C1N ---- . 2013-08-06 14:56 . 2013-01-30 19:45 1114624 ----a-w- c:\users\Amy\AppData\Roaming\1O1L1I1PtF1F1C1N\Adobe Reader Free Download Packages\uninstaller.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn6\yt.dll" [2012-06-11 1524056] . [HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}] [HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1] [HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}] [HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] "ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240] "Akamai NetSession Interface"="c:\users\Amy\AppData\Local\Akamai\netsession_win.exe" [2013-06-05 4489472] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-30 61440] "Gateway Photo Frame"="c:\program files (x86)\Gateway Photo Frame\ButtonMonitor.exe" [2009-05-05 123904] "LchDrvKey"="LchDrvKey.exe" [2007-03-29 36864] "LedKey"="CNYHKey.exe" [2008-04-24 339968] "CLMLServer"="c:\program files (x86)\Cyberlink\Power2Go\CLMLSvc.exe" [2008-12-24 103720] "ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-03-18 421888] "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-03-13 1532992] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "Conime"="c:\windows\system32\conime.exe" [2009-04-11 69120] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-10-14 2111296] WDSmartWare.lnk - c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe View=show_in_tray [2009-10-14 9085760] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . --- Other Services/Drivers In Memory --- . *Deregistered* - mfeavfk01 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai . HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs Themes . Contents of the 'Scheduled Tasks' folder . 2013-08-15 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 19:09] . 2013-08-15 c:\windows\Tasks\AmiUpdXp.job - c:\users\Amy\AppData\Local\SwvUpdater\Updater.exe [2013-08-09 17:57] . 2013-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-03 14:21] . 2013-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-03 14:21] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-03-30 7574048] "Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-03-30 1833504] "DLCCCATS"="c:\windows\system32\spool\DRIVERS\x64\3\DLCCtime.dll" [2006-02-24 28672] "EKAIO2StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKAiO2MUI.exe" [2012-03-16 3240448] "MFNetworkScanUtility"="c:\program files\Canon\Canon MF Network Scan Utility\CNMFSUT6.EXE" [2009-12-15 508312] . ------- Supplementary Scan ------- . uStart Page = about:blank uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = <local> IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.254 CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll FF - ProfilePath - c:\users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\1eo4ssn2.default\ FF - prefs.js: browser.search.selectedEngine - Yahoo FF - ExtSQL: !HIDDEN! 2009-09-22 08:37; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension . - - - - ORPHANS REMOVED - - - - . Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) AddRemove-HASP Device Drivers - c:\windows\system32\UNWISE.EXE . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Akamai] "ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-1689078248-3964896573-4102054736-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*8*R%] @Class="Shell" . [HKEY_USERS\S-1-5-21-1689078248-3964896573-4102054736-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*8*R%\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-1689078248-3964896573-4102054736-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*8*R%] "0"=hex:57,25,02,25,24,25,f2,00,e5,00,6e,00,2d,00,a7,20,2e,00,38,00,52,25,00, 00,7a,00,36,00,00,00,00,00,00,00,00,00,00,00,57,25,02,25,24,25,f2,00,e5,00,\ "MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}] @Denied: (A 2) (Everyone) . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0] @="Shockwave Flash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}] @Denied: (A 2) (Everyone) @="" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0] @="FlashBroker" . [HKEY_LOCAL_MACHINE\software\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,4f,00,46,00,\ . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes] "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . Completion time: 2013-08-15 14:04:16 ComboFix-quarantined-files.txt 2013-08-15 19:04 ComboFix2.txt 2013-08-15 15:01 ComboFix3.txt 2012-07-12 17:56 . Pre-Run: 771,877,040,128 bytes free Post-Run: 771,814,985,728 bytes free . - - End Of File - - 6EC30C1B8CC0322DF2A4E9170A83AEBD EF932EAA6EF4C94E66A7F6CEEC7EB422
- August 15, 2013
- 39 replies
am i infected?!

dixiechs88 replied to dixiechs88's topic in Resolved Malware Removal Logs

ComboFix 13-08-14.02 - Amy 08/15/2013 9:14.2.4 - x64 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.7934.5378 [GMT -5:00] Running from: c:\users\Amy\Desktop\ComboFix.exe AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892} FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9} SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Public\Favorites\CORNERT-2.fs c:\users\Public\Favorites\newcomb1.fs c:\users\Public\Favorites\orazinee.fs c:\users\Public\Favorites\Untitled1.fs c:\users\Public\Favorites\Untitled11.fs c:\users\Public\Favorites\Untitled2.fs c:\users\Public\Favorites\Untitled3.fs c:\users\Public\Favorites\Untitled4.fs c:\users\Public\Favorites\Untitled5.fs . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_pcCMService . . ((((((((((((((((((((((((( Files Created from 2013-07-15 to 2013-08-15 ))))))))))))))))))))))))))))))) . . 2013-08-09 17:57 . 2013-08-09 17:57 -------- d-----w- c:\users\Amy\AppData\Local\SwvUpdater 2013-08-09 17:22 . 2013-08-09 17:22 -------- d-----w- c:\windows\ERUNT 2013-08-07 14:33 . 2013-08-07 14:33 -------- d-----w- c:\users\Amy\AppData\Local\Windows Live 2013-08-06 15:37 . 2013-08-06 15:37 -------- d-----w- c:\windows\SysWow64\syncdb 2013-08-06 14:56 . 2013-08-06 14:56 -------- d-----w- c:\users\Amy\AppData\Roaming\1O1L1I1PtF1F1C1N 2013-07-30 16:01 . 2013-07-30 16:05 -------- d-----w- c:\windows\system32\MRT 2013-07-30 08:02 . 2013-07-30 08:02 -------- d-----w- C:\74bf217706d79f526b8726bf6b . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-06-24 05:57 . 2006-11-02 12:35 78277128 ----a-w- c:\windows\system32\mrt.exe 2013-06-11 19:09 . 2012-04-09 13:50 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-06-11 19:09 . 2011-09-12 13:20 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-06-04 02:03 . 2013-07-11 14:00 2775040 ----a-w- c:\windows\system32\win32k.sys 2013-06-01 04:19 . 2013-07-11 14:01 619008 ----a-w- c:\windows\system32\qedit.dll 2013-06-01 04:06 . 2013-07-11 14:01 505344 ----a-w- c:\windows\SysWow64\qedit.dll 2013-05-29 06:15 . 2013-07-12 08:04 17829376 ----a-w- c:\windows\system32\mshtml.dll 2013-05-29 05:50 . 2013-07-12 08:04 10926080 ----a-w- c:\windows\system32\ieframe.dll 2013-05-29 05:43 . 2013-07-12 08:04 2312704 ----a-w- c:\windows\system32\jscript9.dll 2013-05-29 05:36 . 2013-07-12 08:04 1346560 ----a-w- c:\windows\system32\urlmon.dll 2013-05-29 05:35 . 2013-07-12 08:04 1392128 ----a-w- c:\windows\system32\wininet.dll 2013-05-29 05:34 . 2013-07-12 08:04 1494528 ----a-w- c:\windows\system32\inetcpl.cpl 2013-05-29 05:33 . 2013-07-12 08:04 237056 ----a-w- c:\windows\system32\url.dll 2013-05-29 05:31 . 2013-07-12 08:04 85504 ----a-w- c:\windows\system32\jsproxy.dll 2013-05-29 05:29 . 2013-07-12 08:04 173056 ----a-w- c:\windows\system32\ieUnatt.exe 2013-05-29 05:29 . 2013-07-12 08:04 816640 ----a-w- c:\windows\system32\jscript.dll 2013-05-29 05:29 . 2013-07-12 08:04 599040 ----a-w- c:\windows\system32\vbscript.dll 2013-05-29 05:27 . 2013-07-12 08:04 729088 ----a-w- c:\windows\system32\msfeeds.dll 2013-05-29 05:27 . 2013-07-12 08:04 2147840 ----a-w- c:\windows\system32\iertutil.dll 2013-05-29 05:25 . 2013-07-12 08:04 96768 ----a-w- c:\windows\system32\mshtmled.dll 2013-05-29 05:25 . 2013-07-12 08:04 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2013-05-29 05:18 . 2013-07-12 08:04 248320 ----a-w- c:\windows\system32\ieui.dll 2013-05-29 01:50 . 2013-07-12 08:04 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll 2013-05-29 01:41 . 2013-07-12 08:04 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2013-05-29 01:41 . 2013-07-12 08:04 1129472 ----a-w- c:\windows\SysWow64\wininet.dll 2013-05-29 01:37 . 2013-07-12 08:04 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2013-05-29 01:36 . 2013-07-12 08:04 420864 ----a-w- c:\windows\SysWow64\vbscript.dll 2013-05-29 01:33 . 2013-07-12 08:04 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn6\yt.dll" [2012-06-11 1524056] . [HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}] [HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1] [HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}] [HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] "ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240] "Akamai NetSession Interface"="c:\users\Amy\AppData\Local\Akamai\netsession_win.exe" [2013-06-05 4489472] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-30 61440] "Gateway Photo Frame"="c:\program files (x86)\Gateway Photo Frame\ButtonMonitor.exe" [2009-05-05 123904] "LchDrvKey"="LchDrvKey.exe" [2007-03-29 36864] "LedKey"="CNYHKey.exe" [2008-04-24 339968] "CLMLServer"="c:\program files (x86)\Cyberlink\Power2Go\CLMLSvc.exe" [2008-12-24 103720] "ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-03-18 421888] "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-03-13 1532992] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "Conime"="c:\windows\system32\conime.exe" [2009-04-11 69120] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-10-14 2111296] WDSmartWare.lnk - c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe View=show_in_tray [2009-10-14 9085760] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . --- Other Services/Drivers In Memory --- . *Deregistered* - mfeavfk01 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai . HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs Themes . Contents of the 'Scheduled Tasks' folder . 2013-08-15 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 19:09] . 2013-08-15 c:\windows\Tasks\AmiUpdXp.job - c:\users\Amy\AppData\Local\SwvUpdater\Updater.exe [2013-08-09 17:57] . 2013-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-03 14:21] . 2013-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-03 14:21] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-03-30 7574048] "Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-03-30 1833504] "DLCCCATS"="c:\windows\system32\spool\DRIVERS\x64\3\DLCCtime.dll" [2006-02-24 28672] "EKAIO2StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKAiO2MUI.exe" [2012-03-16 3240448] "MFNetworkScanUtility"="c:\program files\Canon\Canon MF Network Scan Utility\CNMFSUT6.EXE" [2009-12-15 508312] . ------- Supplementary Scan ------- . uStart Page = about:blank uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = <local> IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.254 CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll FF - ProfilePath - c:\users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\1eo4ssn2.default\ FF - prefs.js: browser.search.selectedEngine - Yahoo FF - ExtSQL: !HIDDEN! 2009-09-22 08:37; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension . - - - - ORPHANS REMOVED - - - - . Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) SafeBoot-WudfPf SafeBoot-WudfRd AddRemove-HASP Device Drivers - c:\windows\system32\UNWISE.EXE . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Akamai] "ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-1689078248-3964896573-4102054736-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*8*R%] @Class="Shell" . [HKEY_USERS\S-1-5-21-1689078248-3964896573-4102054736-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*8*R%\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-1689078248-3964896573-4102054736-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*8*R%] "0"=hex:57,25,02,25,24,25,f2,00,e5,00,6e,00,2d,00,a7,20,2e,00,38,00,52,25,00, 00,7a,00,36,00,00,00,00,00,00,00,00,00,00,00,57,25,02,25,24,25,f2,00,e5,00,\ "MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}] @Denied: (A 2) (Everyone) . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0] @="Shockwave Flash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}] @Denied: (A 2) (Everyone) @="" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0] @="FlashBroker" . [HKEY_LOCAL_MACHINE\software\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,4f,00,46,00,\ . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes] "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . ------------------------ Other Running Processes ------------------------ . c:\windows\MHotKey.exe c:\windows\ChiFuncExt.exe c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe c:\windows\SysWOW64\atashost.exe c:\program files (x86)\ATT\8.2.1.6\ma\bin\MAHostService.exe c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE c:\program files (x86)\ATT\8.2.1.6\ma\bin\node.exe c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe c:\windows\SysWOW64\rundll32.exe c:\program files (x86)\Common Files\Protexis\License Service\PSIService.exe c:\windows\SysWOW64\SAiAdmin.exe c:\program files (x86)\SAi\SAi Production Suite\Program\SAiDownloaderVistaUI.exe c:\windows\SysWOW64\SAiDownloaderVista.exe c:\windows\SysWOW64\SAiLicSvr.exe c:\program files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe c:\windows\CNYHKey.exe c:\windows\ModLedKey.exe . ************************************************************************** . Completion time: 2013-08-15 10:01:47 - machine was rebooted ComboFix-quarantined-files.txt 2013-08-15 15:01 ComboFix2.txt 2012-07-12 17:56 . Pre-Run: 773,082,562,560 bytes free Post-Run: 771,947,323,392 bytes free . - - End Of File - - 0C7C78CDF9294A14BFDF5C3128D2F8AD EF932EAA6EF4C94E66A7F6CEEC7EB422
- August 15, 2013
- 39 replies
am i infected?!

dixiechs88 replied to dixiechs88's topic in Resolved Malware Removal Logs

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-08-2013 01 Ran by Amy at 2013-08-14 14:08:18 Run:6 Running from K:\ Boot Mode: Normal ============================================== "C:\Program Files\Windows Defender" => Deleting reparse point and unlocking started. "C:\Program Files\Windows Defender\en-US" => Deleting reparse point and unlocking done. "C:\Program Files\Windows Defender\MpAsDesc.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Windows Defender\MpClient.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Windows Defender\MpCmdRun.exe" => Deleting reparse point and unlocking done. "C:\Program Files\Windows Defender\MpEvMsg.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Windows Defender\MpOAV.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Windows Defender\MpRtMon.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Windows Defender\MpRtPlug.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Windows Defender\MpSigDwn.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Windows Defender\MpSoftEx.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Windows Defender\MpSvc.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Windows Defender\MSASCui.exe" => Deleting reparse point and unlocking done. "C:\Program Files\Windows Defender\MsMpCom.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Windows Defender\MsMpLics.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Windows Defender\MsMpRes.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Windows Defender" => Deleting reparse point and unlocking completed. ========= netsh winsock reset ========= Sucessfully reset the Winsock Catalog. You must restart the computer in order to complete the reset. ========= End of CMD: =========
- August 14, 2013
- 39 replies
am i infected?!

dixiechs88 replied to dixiechs88's topic in Resolved Malware Removal Logs

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-08-2013 01 Ran by SYSTEM at 2013-08-14 09:01:57 Run:5 Running from E:\ Boot Mode: Recovery ============================================== Error: DeleteJunctionsIndirectory: C:\Program Files\Windows Defender => entry should be fixed outside recovery mode. ========= netsh winsock reset ========= The system cannot find the file specified. ========= End of CMD: ========= ==== End of Fixlog ====
- August 14, 2013
- 39 replies
am i infected?!

dixiechs88 replied to dixiechs88's topic in Resolved Malware Removal Logs

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-08-2013 01 Ran by SYSTEM on 13-08-2013 16:00:59 Running from E:\ Windows Vista Home Premium Service Pack 1 (X64) OS Language: English(US) Internet Explorer Version 9 Boot Mode: Recovery The current controlset is ControlSet001 ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log. ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7574048 2009-03-30] (Realtek Semiconductor) HKLM\...\Run: [skytel] - C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-03-30] (Realtek Semiconductor Corp.) HKLM\...\Run: [DLCCCATS] - C:\Windows\system32\spool\DRIVERS\x64\3\DLCCtime.dll [28672 2006-02-24] () HKLM\...\Run: [EKAIO2StatusMonitor] - C:\Windows\system32\spool\DRIVERS\x64\3\EKAiO2MUI.exe [3240448 2012-03-16] (Eastman Kodak Company) HKLM\...\Run: [MFNetworkScanUtility] - C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT6.EXE [508312 2009-12-14] (CANON INC.) HKLM-x32\...\Run: [startCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-08-29] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [Gateway Photo Frame] - C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe [123904 2009-05-05] (IOI) HKLM-x32\...\Run: [LchDrvKey] - LchDrvKey.exe [x] HKLM-x32\...\Run: [LedKey] - CNYHKey.exe [x] HKLM-x32\...\Run: [CLMLServer] - C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe [103720 2008-12-24] (CyberLink) HKLM-x32\...\Run: [iSUSScheduler] - C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-02-16] (InstallShield Software Corporation) HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2010-03-17] (Apple Inc.) HKLM-x32\...\Run: [mcui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [1532992 2013-03-13] (McAfee, Inc.) HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [Conime] - C:\Windows\SysWOW64\conime.exe [69120 2009-04-10] (Microsoft Corporation) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated) HKU\Amy\...\Run: [spybotSD TeaTimer] - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.) HKU\Amy\...\Run: [iSUSPM Startup] - C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [221184 2005-02-16] (InstallShield Software Corporation) HKU\Amy\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation) HKU\Amy\...\Run: [Akamai NetSession Interface] - C:\Users\Amy\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-04] (Akamai Technologies, Inc.) HKU\Default\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [2438656 2009-04-10] (Microsoft Corporation) HKU\Default\...\RunOnce: [scrSav] - C:\Windows\Screensavers\Gateway\run_Gateway.exe [155648 2009-04-03] () HKU\Default User\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [2438656 2009-04-10] (Microsoft Corporation) HKU\Default User\...\RunOnce: [scrSav] - C:\Windows\Screensavers\Gateway\run_Gateway.exe [155648 2009-04-03] () SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation) ==================== Services (Whitelisted) ================= S2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-01] (Akamai Technologies, Inc.) S2 ATT MAHostService; C:\Program Files (x86)\ATT\8.2.1.6\ma\bin\MAHostService.exe [319488 2013-03-26] (Alcatel-Lucent) S2 dlcc_device; C:\Windows\system32\dlcccoms.exe [566768 2007-02-14] ( ) S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) S2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [120592 2013-05-22] (McAfee, Inc.) S2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.) S2 mcmscsvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.) S2 McNaiAnn; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.) S2 McNASvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.) S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [383608 2012-11-16] (McAfee, Inc.) S2 McProxy; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.) S2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [241456 2013-02-19] (McAfee, Inc.) S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218760 2013-02-19] (McAfee, Inc.) S2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-02-19] (McAfee, Inc.) S2 pcCMService64; C:\Program Files\Common Files\Motive\pcCMService.exe [460288 2012-11-01] (Alcatel-Lucent) S2 ProtexisLicensing; C:\Program Files (x86)\Common Files\Protexis\License Service\PSIService.exe [174656 2006-11-02] () S2 SAiAdmin; C:\Windows\SysWOW64\SAiAdmin.exe [65536 2007-08-27] (TODO: <Company name>) S2 SAiDownloader; C:\Program Files (x86)\SAi\SAi Production Suite\Program\SAiDownloaderVistaUI.exe [417792 2007-09-11] (TODO: <Company name>) S2 SAiDownloaderVista; C:\Windows\SysWOW64\SAiDownloaderVista.exe [77824 2007-09-11] (TODO: <Company name>) S2 SAiLicSvr; C:\Windows\SysWOW64\SAiLicSvr.exe [86016 2007-12-19] (SA International) S2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.) S2 SentinelKeysServer; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [328992 2008-07-10] (SafeNet, Inc.) S2 yksvc; C:\Windows\System32\ykx64mpcoinst.dll [382464 2009-01-08] (Marvell) ==================== Drivers (Whitelisted) ==================== S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-02-19] (McAfee, Inc.) S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [13088 2011-03-02] () S2 Haspnt; C:\Windows\SysWow64\drivers\Haspnt.sys [47616 2009-09-17] (Aladdin Knowledge Systems) S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.) S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179280 2013-02-19] (McAfee, Inc.) S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [309840 2013-02-19] (McAfee, Inc.) S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [515968 2013-02-19] (McAfee, Inc.) S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [771536 2013-02-19] (McAfee, Inc.) S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106552 2013-02-19] (McAfee, Inc.) S1 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [340216 2013-02-19] (McAfee, Inc.) S3 MREMP50; C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [21248 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) S3 MREMP50; C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [21248 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) S3 MREMP50a64; C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [43008 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) S3 MRESP50; C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [20096 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) S3 MRESP50; C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [20096 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) S3 MRESP50a64; C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [40960 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) S2 Par1284; C:\Program Files (x86)\FlexiSIGN 7.5v5\Program\Par1284.sys [53344 2004-07-13] (Warp Nine Engineering) S2 Par1284; C:\Program Files (x86)\FlexiSIGN 7.5v5\Program\Par1284.sys [53344 2004-07-13] (Warp Nine Engineering) S3 RTL85n64; C:\Windows\System32\DRIVERS\RTL85n64.sys [444960 2008-05-08] (Realtek) S3 SNTUSB64; C:\Windows\System32\DRIVERS\SNTUSB64.SYS [58664 2008-07-11] (SafeNet, Inc.) S3 SydexFDD; C:\Windows\SysWOW64\Drivers\sydexfdd.sys [13359 2009-08-06] (Windows ® 2000 DDK provider) S3 SydexFDD; C:\Windows\SysWOW64\Drivers\sydexfdd.sys [13359 2009-08-06] (Windows ® 2000 DDK provider) S1 Beep; No ImagePath S3 catchme; \??\C:\ComboFix\catchme.sys [x] S2 Haspnt; \??\C:\Windows\system32\drivers\Haspnt.sys [x] S3 IpInIp; system32\DRIVERS\ipinip.sys [x] S3 mfeavfk01; No ImagePath S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [x] S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [x] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x] S2 wntpport; No ImagePath ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-08-13 07:24 - 2013-08-13 07:24 - 00000643 _____ C:\Users\Amy\Desktop\a.txt 2013-08-12 12:38 - 2013-08-12 12:38 - 00666624 _____ C:\Users\Amy\Desktop\pockets.fs 2013-08-12 12:38 - 2013-08-12 12:38 - 00078336 _____ C:\Users\Amy\Desktop\nj pocket.fs 2013-08-12 12:38 - 2013-08-12 12:38 - 00055296 _____ C:\Users\Amy\Desktop\rocketcrew.fs 2013-08-12 12:37 - 2013-08-13 12:08 - 00142848 _____ C:\Users\Amy\Desktop\helm flames.fs 2013-08-12 12:02 - 2013-08-12 12:03 - 08210262 _____ C:\Users\Amy\Desktop\3x4.zip 2013-08-12 06:35 - 2013-08-12 06:35 - 00037849 _____ C:\Users\Amy\Desktop\FRST.txt 2013-08-12 06:35 - 2013-08-12 06:35 - 00029126 _____ C:\Users\Amy\Desktop\Addition.txt 2013-08-12 06:30 - 2013-08-12 06:30 - 01575246 _____ (Farbar) C:\Users\Amy\Desktop\FRST64.exe 2013-08-09 13:22 - 2013-08-13 12:12 - 00330240 _____ C:\Users\Amy\Desktop\johnnyduckhunt.fs 2013-08-09 11:08 - 2013-08-09 11:26 - 00664064 _____ C:\Users\Amy\Desktop\bms.fs 2013-08-09 10:07 - 2013-08-09 10:07 - 00004954 _____ C:\Users\Amy\Desktop\RKreport[0]_S_08092013_130747.txt 2013-08-09 10:05 - 2013-08-13 07:25 - 00000000 ____D C:\Users\Amy\Desktop\RK_Quarantine 2013-08-09 10:05 - 2013-08-09 10:05 - 00920576 _____ C:\Users\Amy\Desktop\RogueKiller.exe 2013-08-09 09:57 - 2013-08-13 12:23 - 00000348 _____ C:\Windows\Tasks\AmiUpdXp.job 2013-08-09 09:57 - 2013-08-09 09:57 - 00003364 _____ C:\Windows\System32\Tasks\AmiUpdXp 2013-08-09 09:57 - 2013-08-09 09:57 - 00000000 ____D C:\Users\Amy\AppData\Local\SwvUpdater 2013-08-09 09:35 - 2013-08-09 09:35 - 00002509 _____ C:\AdwCleaner[s1].txt 2013-08-09 09:34 - 2013-08-09 09:34 - 00017910 _____ C:\Users\Amy\Desktop\Wildcat11.dst 2013-08-09 09:32 - 2013-08-09 09:32 - 00004700 _____ C:\Users\Amy\Desktop\JRT.txt 2013-08-09 09:25 - 2013-08-09 09:25 - 01066136 _____ C:\Users\Amy\Desktop\Setup.exe 2013-08-09 09:23 - 2013-08-09 09:23 - 00666633 _____ C:\Users\Amy\Desktop\AdwCleaner.exe 2013-08-09 09:22 - 2013-08-09 09:22 - 00000000 ____D C:\Windows\ERUNT 2013-08-09 09:21 - 2013-08-09 09:21 - 00958036 _____ (Oleg N. Scherbakov) C:\Users\Amy\Desktop\JRT.exe 2013-08-09 08:25 - 2013-08-09 08:25 - 00211924 _____ C:\Users\Amy\Desktop\Football 1.EPS 2013-08-09 06:26 - 2013-08-09 06:26 - 00010138 _____ C:\Users\Amy\Desktop\attach.txt 2013-08-09 06:26 - 2013-08-09 06:21 - 00024109 _____ C:\Users\Amy\Desktop\dds.txt 2013-08-09 06:23 - 2013-08-09 06:25 - 00000000 ____D C:\Users\Amy\Desktop\New Folder 2013-08-09 06:15 - 2013-08-09 06:15 - 00000927 _____ C:\Users\Amy\Desktop\mbam.txt 2013-08-09 06:06 - 2013-08-09 06:06 - 00688992 ____R (Swearware) C:\Users\Amy\Desktop\dds.scr 2013-08-07 06:33 - 2013-08-07 06:33 - 00000000 ____D C:\Users\Amy\AppData\Local\Windows Live 2013-08-06 07:37 - 2013-08-06 07:37 - 00000000 ____D C:\Windows\SysWOW64\syncdb 2013-08-06 06:59 - 2013-08-06 06:59 - 00001924 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk 2013-08-06 06:56 - 2013-08-06 06:56 - 00000000 ____D C:\Users\Amy\AppData\Roaming\1O1L1I1PtF1F1C1N 2013-08-06 06:55 - 2013-08-06 06:54 - 01037120 _____ (Solid State Networks) C:\Users\Amy\Downloads\AdobeReaderSetup.exe 2013-08-06 06:09 - 2013-08-06 06:09 - 00274504 _____ C:\Windows\Minidump\Mini080613-01.dmp 2013-08-02 07:02 - 2013-08-02 07:02 - 00000000 ____D C:\Users\Amy\Documents\Add-in Express 2013-07-31 08:55 - 2013-08-09 06:20 - 00000000 ____D C:\Users\Amy\Desktop\amy 2013-07-30 08:01 - 2013-07-30 08:05 - 00000000 ____D C:\Windows\System32\MRT 2013-07-30 00:02 - 2013-07-30 00:02 - 00000000 ____D C:\74bf217706d79f526b8726bf6b 2013-07-22 09:37 - 2013-07-22 09:37 - 02818886 _____ C:\Users\Amy\Downloads\tyshayouth rev.eps ==================== One Month Modified Files and Folders ======= 2013-08-13 12:57 - 2009-07-06 07:42 - 02016940 _____ C:\Windows\WindowsUpdate.log 2013-08-13 12:57 - 2006-11-02 07:42 - 00032580 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2013-08-13 12:57 - 2006-11-02 07:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-08-13 12:57 - 2006-11-02 07:22 - 00003216 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2013-08-13 12:57 - 2006-11-02 07:22 - 00003216 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2013-08-13 12:50 - 2006-11-02 04:46 - 00709582 _____ C:\Windows\System32\PerfStringBackup.INI 2013-08-13 12:47 - 2010-02-03 06:22 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-08-13 12:23 - 2013-08-09 09:57 - 00000348 _____ C:\Windows\Tasks\AmiUpdXp.job 2013-08-13 12:23 - 2012-04-20 06:56 - 00000000 ____D C:\ProgramData\Kodak 2013-08-13 12:23 - 2010-02-03 06:22 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-08-13 12:12 - 2013-08-09 13:22 - 00330240 _____ C:\Users\Amy\Desktop\johnnyduckhunt.fs 2013-08-13 12:09 - 2012-04-09 05:50 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-08-13 12:08 - 2013-08-12 12:37 - 00142848 _____ C:\Users\Amy\Desktop\helm flames.fs 2013-08-13 11:29 - 2012-01-05 12:53 - 00000000 ____D C:\Users\Amy\AppData\Roaming\Clip Art Collection 2013-08-13 08:12 - 2013-08-13 08:12 - 00306158 _____ C:\Users\Amy\Desktop\alcorn.eps 2013-08-13 07:25 - 2013-08-09 10:05 - 00000000 ____D C:\Users\Amy\Desktop\RK_Quarantine 2013-08-13 07:24 - 2013-08-13 07:24 - 00000643 _____ C:\Users\Amy\Desktop\a.txt 2013-08-12 12:38 - 2013-08-12 12:38 - 00666624 _____ C:\Users\Amy\Desktop\pockets.fs 2013-08-12 12:38 - 2013-08-12 12:38 - 00078336 _____ C:\Users\Amy\Desktop\nj pocket.fs 2013-08-12 12:38 - 2013-08-12 12:38 - 00055296 _____ C:\Users\Amy\Desktop\rocketcrew.fs 2013-08-12 12:03 - 2013-08-12 12:02 - 08210262 _____ C:\Users\Amy\Desktop\3x4.zip 2013-08-12 06:35 - 2013-08-12 06:35 - 00037849 _____ C:\Users\Amy\Desktop\FRST.txt 2013-08-12 06:35 - 2013-08-12 06:35 - 00029126 _____ C:\Users\Amy\Desktop\Addition.txt 2013-08-12 06:30 - 2013-08-12 06:30 - 01575246 _____ (Farbar) C:\Users\Amy\Desktop\FRST64.exe 2013-08-09 13:28 - 2009-09-21 11:11 - 00021878 _____ C:\Windows\winltr.ini 2013-08-09 13:02 - 2009-09-21 11:10 - 00000000 ____D C:\Fantastic Fonts for Embroidery 2013-08-09 12:42 - 2010-02-12 09:14 - 00002655 _____ C:\Users\Amy\Desktop\CorelDRAW 12.lnk 2013-08-09 11:26 - 2013-08-09 11:08 - 00664064 _____ C:\Users\Amy\Desktop\bms.fs 2013-08-09 10:07 - 2013-08-09 10:07 - 00004954 _____ C:\Users\Amy\Desktop\RKreport[0]_S_08092013_130747.txt 2013-08-09 10:05 - 2013-08-09 10:05 - 00920576 _____ C:\Users\Amy\Desktop\RogueKiller.exe 2013-08-09 09:57 - 2013-08-09 09:57 - 00003364 _____ C:\Windows\System32\Tasks\AmiUpdXp 2013-08-09 09:57 - 2013-08-09 09:57 - 00000000 ____D C:\Users\Amy\AppData\Local\SwvUpdater 2013-08-09 09:37 - 2008-01-20 19:26 - 00451008 _____ C:\Windows\PFRO.log 2013-08-09 09:35 - 2013-08-09 09:35 - 00002509 _____ C:\AdwCleaner[s1].txt 2013-08-09 09:34 - 2013-08-09 09:34 - 00017910 _____ C:\Users\Amy\Desktop\Wildcat11.dst 2013-08-09 09:32 - 2013-08-09 09:32 - 00004700 _____ C:\Users\Amy\Desktop\JRT.txt 2013-08-09 09:25 - 2013-08-09 09:25 - 01066136 _____ C:\Users\Amy\Desktop\Setup.exe 2013-08-09 09:23 - 2013-08-09 09:23 - 00666633 _____ C:\Users\Amy\Desktop\AdwCleaner.exe 2013-08-09 09:22 - 2013-08-09 09:22 - 00000000 ____D C:\Windows\ERUNT 2013-08-09 09:21 - 2013-08-09 09:21 - 00958036 _____ (Oleg N. Scherbakov) C:\Users\Amy\Desktop\JRT.exe 2013-08-09 09:08 - 2009-09-25 12:25 - 00000000 ____D C:\Users\Amy\Documents\Flexi art 2013-08-09 08:25 - 2013-08-09 08:25 - 00211924 _____ C:\Users\Amy\Desktop\Football 1.EPS 2013-08-09 06:26 - 2013-08-09 06:26 - 00010138 _____ C:\Users\Amy\Desktop\attach.txt 2013-08-09 06:25 - 2013-08-09 06:23 - 00000000 ____D C:\Users\Amy\Desktop\New Folder 2013-08-09 06:21 - 2013-08-09 06:26 - 00024109 _____ C:\Users\Amy\Desktop\dds.txt 2013-08-09 06:20 - 2013-07-31 08:55 - 00000000 ____D C:\Users\Amy\Desktop\amy 2013-08-09 06:15 - 2013-08-09 06:15 - 00000927 _____ C:\Users\Amy\Desktop\mbam.txt 2013-08-09 06:06 - 2013-08-09 06:06 - 00688992 ____R (Swearware) C:\Users\Amy\Desktop\dds.scr 2013-08-08 06:06 - 2012-07-11 05:42 - 00000950 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2013-08-08 06:06 - 2012-07-11 05:42 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-08-08 06:01 - 2011-07-28 08:15 - 00000000 ____D C:\Users\Amy\AppData\Local\Meebo 2013-08-08 05:52 - 2009-12-11 06:34 - 00000000 ____D C:\Windows\Minidump 2013-08-08 05:52 - 2009-12-11 06:33 - 781185219 _____ C:\Windows\MEMORY.DMP 2013-08-07 12:38 - 2006-11-02 07:27 - 00172142 _____ C:\Windows\setupact.log 2013-08-07 12:07 - 2012-03-22 09:44 - 00000000 ____D C:\Users\Amy\AppData\Roaming\Audacity 2013-08-07 12:07 - 2011-11-09 16:23 - 00000000 ____D C:\Users\Amy\AppData\Local\Akamai 2013-08-07 12:07 - 2011-06-15 06:56 - 00000000 ____D C:\Users\Amy\AppData\Roaming\Skype 2013-08-07 12:07 - 2009-09-21 06:25 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy 2013-08-07 12:07 - 2009-04-09 21:45 - 00000000 ____D C:\Program Files (x86)\Windows Live SkyDrive 2013-08-07 12:07 - 2009-04-09 21:45 - 00000000 ____D C:\Program Files (x86)\Windows Live 2013-08-07 12:07 - 2006-11-02 05:34 - 00000000 ____D C:\Windows\System32\spool 2013-08-07 12:07 - 2006-11-02 05:34 - 00000000 ____D C:\Windows\System32\Msdtc 2013-08-07 12:07 - 2006-11-02 05:33 - 00000000 ____D C:\Windows\rescache 2013-08-07 12:07 - 2006-11-02 05:33 - 00000000 ____D C:\Windows\registration 2013-08-07 12:07 - 2006-11-02 04:33 - 77594624 _____ C:\Windows\System32\config\software_previous 2013-08-07 12:07 - 2006-11-02 04:33 - 37748736 _____ C:\Windows\System32\config\system_previous 2013-08-07 12:06 - 2012-04-20 07:01 - 00000000 ____D C:\Windows\SysWOW64\kodak 2013-08-07 12:05 - 2009-07-06 08:03 - 00000000 ____D C:\ProgramData\CyberLink 2013-08-07 12:03 - 2011-09-26 07:40 - 00000000 ____D C:\Program Files (x86)\GIMP-2.0 2013-08-07 12:02 - 2009-07-06 08:02 - 00000000 ____D C:\Program Files (x86)\Cyberlink 2013-08-07 11:53 - 2006-11-02 04:33 - 54525952 _____ C:\Windows\System32\config\components_previous 2013-08-07 11:53 - 2006-11-02 04:33 - 00057344 _____ C:\Windows\System32\config\sam_previous 2013-08-07 09:34 - 2009-09-16 09:03 - 00376680 _____ C:\Users\Amy\AppData\Local\GDIPFONTCACHEV1.DAT 2013-08-07 09:19 - 2012-07-10 13:11 - 00000000 ____D C:\Windows\18F97AF04F884494AFE25A5702E142CC.TMP 2013-08-07 09:11 - 2013-05-15 08:18 - 00376680 _____ C:\Windows\System32\GDIPFONTCACHEV1.DAT 2013-08-07 09:09 - 2009-09-16 09:00 - 00000000 ____D C:\users\Amy 2013-08-07 08:49 - 2006-11-02 04:33 - 00786432 _____ C:\Windows\System32\config\default_previous 2013-08-07 08:49 - 2006-11-02 04:33 - 00020480 _____ C:\Windows\System32\config\security_previous 2013-08-07 07:38 - 2009-04-09 21:23 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2013-08-07 07:33 - 2012-04-20 07:03 - 00000000 ____D C:\Users\Amy\AppData\Local\Eastman_Kodak_Company 2013-08-07 07:32 - 2012-04-20 06:58 - 00000000 ____D C:\Program Files (x86)\Kodak 2013-08-07 06:35 - 2006-11-02 05:33 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared 2013-08-07 06:34 - 2009-04-09 21:47 - 00063470 _____ C:\Windows\DirectX.log 2013-08-07 06:33 - 2013-08-07 06:33 - 00000000 ____D C:\Users\Amy\AppData\Local\Windows Live 2013-08-07 06:01 - 2006-11-02 07:21 - 01069544 _____ C:\Windows\System32\FNTCACHE.DAT 2013-08-06 07:43 - 2009-04-09 21:49 - 00000000 ____D C:\ProgramData\Adobe 2013-08-06 07:43 - 2009-04-09 21:49 - 00000000 ____D C:\Program Files (x86)\Adobe 2013-08-06 07:37 - 2013-08-06 07:37 - 00000000 ____D C:\Windows\SysWOW64\syncdb 2013-08-06 07:14 - 2009-09-28 07:00 - 00000000 ____D C:\Program Files (x86)\Corel 2013-08-06 07:03 - 2011-06-15 06:56 - 00000000 ____D C:\ProgramData\Skype 2013-08-06 07:02 - 2009-09-21 10:35 - 00000000 ____D C:\Users\Amy\AppData\Local\Adobe 2013-08-06 06:59 - 2013-08-06 06:59 - 00001924 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk 2013-08-06 06:56 - 2013-08-06 06:56 - 00000000 ____D C:\Users\Amy\AppData\Roaming\1O1L1I1PtF1F1C1N 2013-08-06 06:54 - 2013-08-06 06:55 - 01037120 _____ (Solid State Networks) C:\Users\Amy\Downloads\AdobeReaderSetup.exe 2013-08-06 06:09 - 2013-08-06 06:09 - 00274504 _____ C:\Windows\Minidump\Mini080613-01.dmp 2013-08-02 07:02 - 2013-08-02 07:02 - 00000000 ____D C:\Users\Amy\Documents\Add-in Express 2013-08-02 07:02 - 2010-05-25 07:16 - 00000000 ____D C:\ProgramData\WinZip 2013-07-31 08:29 - 2009-09-17 12:33 - 00000000 ____D C:\Program Files (x86)\Yahoo! 2013-07-30 08:05 - 2013-07-30 08:01 - 00000000 ____D C:\Windows\System32\MRT 2013-07-30 00:02 - 2013-07-30 00:02 - 00000000 ____D C:\74bf217706d79f526b8726bf6b 2013-07-26 07:34 - 2009-09-16 09:00 - 00000000 ____D C:\Program Files (x86)\Google 2013-07-24 08:02 - 2009-09-17 10:46 - 00000000 ____D C:\Users\Amy\AppData\Local\Google 2013-07-22 09:37 - 2013-07-22 09:37 - 02818886 _____ C:\Users\Amy\Downloads\tyshayouth rev.eps 2013-07-17 08:05 - 2009-09-28 07:04 - 00002984 ___SH C:\Windows\SysWOW64\KGyGaAvL.sys 2013-07-17 08:05 - 2009-09-28 07:04 - 00000088 __RSH C:\Windows\SysWOW64\8901C0D7E9.sys 2013-07-15 10:42 - 2010-02-03 06:22 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2013-07-15 10:42 - 2010-02-03 06:22 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2013-06-04 00:59:50 Restore point made on: 2013-06-05 14:10:15 Restore point made on: 2013-06-07 09:46:01 Restore point made on: 2013-06-10 09:26:15 Restore point made on: 2013-06-12 12:46:01 Restore point made on: 2013-06-13 00:01:59 Restore point made on: 2013-06-14 09:41:54 Restore point made on: 2013-06-17 12:28:57 Restore point made on: 2013-06-19 12:22:24 Restore point made on: 2013-06-20 13:57:50 Restore point made on: 2013-06-21 13:44:08 Restore point made on: 2013-06-22 00:02:03 Restore point made on: 2013-06-24 06:16:47 Restore point made on: 2013-06-25 00:00:55 Restore point made on: 2013-06-26 14:02:43 Restore point made on: 2013-07-03 08:44:22 Restore point made on: 2013-07-08 08:11:13 Restore point made on: 2013-07-09 12:23:10 Restore point made on: 2013-07-10 05:43:41 Restore point made on: 2013-07-11 05:51:38 Restore point made on: 2013-07-12 00:01:57 Restore point made on: 2013-07-15 11:49:44 Restore point made on: 2013-07-16 05:43:26 Restore point made on: 2013-07-17 14:02:26 Restore point made on: 2013-07-18 13:19:26 Restore point made on: 2013-07-19 11:40:08 Restore point made on: 2013-07-22 13:30:54 Restore point made on: 2013-07-24 12:53:11 Restore point made on: 2013-07-25 09:17:55 Restore point made on: 2013-07-29 12:15:54 Restore point made on: 2013-07-30 00:01:10 Restore point made on: 2013-07-30 07:50:53 Restore point made on: 2013-07-31 08:30:21 Restore point made on: 2013-08-01 12:38:26 Restore point made on: 2013-08-02 07:00:48 Restore point made on: 2013-08-05 12:54:32 Restore point made on: 2013-08-06 06:21:48 Restore point made on: 2013-08-06 07:02:15 Restore point made on: 2013-08-06 07:07:23 Restore point made on: 2013-08-06 07:12:24 Restore point made on: 2013-08-06 07:19:55 Restore point made on: 2013-08-07 06:31:27 Restore point made on: 2013-08-07 07:34:53 Restore point made on: 2013-08-07 09:19:16 Restore point made on: 2013-08-08 05:59:21 Restore point made on: 2013-08-09 14:19:40 Restore point made on: 2013-08-10 21:00:27 Restore point made on: 2013-08-11 16:00:11 Restore point made on: 2013-08-12 21:00:27 ==================== Memory info =========================== Percentage of memory in use: 8% Total physical RAM: 7934.26 MB Available physical RAM: 7264.62 MB Total Pagefile: 7693.14 MB Available Pagefile: 7250 MB Total Virtual: 8192 MB Available Virtual: 8191.89 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:916.86 GB) (Free:721.43 GB) NTFS (Disk=0 Partition=2) ==>[Drive with boot components (obtained from BCD)] Drive d: (040722_1136) (CDROM) (Total:0.57 GB) (Free:0 GB) CDFS Drive e: () (Removable) (Total:3.72 GB) (Free:3.68 GB) FAT32 (Disk=1 Partition=1) Drive f: (WD SmartWare) (CDROM) (Total:0.63 GB) (Free:0 GB) UDF Drive g: (My Passport) (Fixed) (Total:232.23 GB) (Free:223.72 GB) NTFS (Disk=2 Partition=1) Drive x: (PQSERVICE) (Fixed) (Total:14.65 GB) (Free:4.49 GB) NTFS (Disk=0 Partition=1) ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 932 GB) (Disk ID: 5052995B) Partition 1: (Not Active) - (Size=15 GB) - (Type=27) Partition 2: (Active) - (Size=917 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 4 GB) (Disk ID: 00000000) Partition 1: (Not Active) - (Size=4 GB) - (Type=0B) ======================================================== Disk: 2 (MBR Code: Windows XP) (Size: 232 GB) (Disk ID: 0006B2D9) Partition 1: (Not Active) - (Size=232 GB) - (Type=07 NTFS) LastRegBack: 2013-08-13 12:32 ==================== End Of Log ============================
- August 13, 2013
- 39 replies
am i infected?!

dixiechs88 replied to dixiechs88's topic in Resolved Malware Removal Logs

ok Borislav! i am SOO sorry i have tried to follow your instructions, but i am unclear on what Exactly to type once the command prompt is up. the way i read your instructions was to type FRST64 but that did not work can you please give me a step by step for computer dummies?
- August 13, 2013
- 39 replies
am i infected?!

dixiechs88 replied to dixiechs88's topic in Resolved Malware Removal Logs

how do i get to System Recovery Options?
- August 13, 2013
- 39 replies
am i infected?!

dixiechs88 replied to dixiechs88's topic in Resolved Malware Removal Logs

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-08-2013 02 Ran by Amy (administrator) on 12-08-2013 09:31:59 Running from C:\Users\Amy\Desktop Windows Vista Home Premium Service Pack 2 (X64) OS Language: English(US) Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\system32\atiesrxx.exe (Microsoft Corporation) C:\Windows\system32\SLsvc.exe (AMD) C:\Windows\system32\atieclxx.exe (Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (CANON INC.) C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT6.EXE (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Microsoft Corporation) C:\Windows\ehome\ehtray.exe (Akamai Technologies, Inc.) C:\Users\Amy\AppData\Local\Akamai\netsession_win.exe (WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (Western Digital) C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (IOI) C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (CyberLink) C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe (InstallShield Software Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe (Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Akamai Technologies, Inc.) C:\Users\Amy\AppData\Local\Akamai\netsession_win.exe (Agere Systems) C:\Windows\system32\agr64svc.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Cisco WebEx LLC) C:\Windows\SysWOW64\atashost.exe (Alcatel-Lucent) C:\Program Files (x86)\ATT\8.2.1.6\ma\bin\MAHostService.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Joyent, Inc) C:\Program Files (x86)\ATT\8.2.1.6\ma\bin\node.exe ( ) C:\Windows\system32\dlcccoms.exe (Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.) C:\Windows\system32\mfevtps.exe (Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\pcCMService.exe (Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe () C:\Program Files (x86)\Common Files\Protexis\License Service\PSIService.exe (Microsoft Corporation) C:\Windows\system32\locator.exe (TODO: <Company name>) C:\Windows\SysWOW64\SAiAdmin.exe (TODO: <Company name>) C:\Program Files (x86)\SAi\SAi Production Suite\Program\SAiDownloaderVistaUI.exe (TODO: <Company name>) C:\Windows\SysWOW64\SAiDownloaderVista.exe (SA International) C:\Windows\SysWOW64\SAiLicSvr.exe (SafeNet, Inc.) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe (WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (Memeo) C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe (Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe (Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe () C:\Users\Amy\Desktop\RogueKiller.exe (Microsoft Corporation) C:\Windows\splwow64.exe (McAfee, Inc.) c:\PROGRA~2\mcafee\SITEAD~1\saui.exe (Microsoft Corporation) C:\Windows\system32\sdclt.exe (McAfee, Inc.) C:\Program Files\McAfee.com\Agent\mcagent.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7574048 2009-03-30] (Realtek Semiconductor) HKLM\...\Run: [skytel] - C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-03-30] (Realtek Semiconductor Corp.) HKLM\...\Run: [DLCCCATS] - C:\Windows\system32\spool\DRIVERS\x64\3\DLCCtime.dll [28672 2006-02-24] () HKLM\...\Run: [EKAIO2StatusMonitor] - C:\Windows\system32\spool\DRIVERS\x64\3\EKAiO2MUI.exe [3240448 2012-03-16] (Eastman Kodak Company) HKLM\...\Run: [MFNetworkScanUtility] - C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT6.EXE [508312 2009-12-14] (CANON INC.) HKCU\...\Run: [spybotSD TeaTimer] - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.) HKCU\...\Run: [iSUSPM Startup] - C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [221184 2005-02-16] (InstallShield Software Corporation) HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation) HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\Amy\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.) HKCU\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe -update activex [814472 2013-06-11] (Adobe Systems Incorporated) HKLM-x32\...\Run: [startCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-08-29] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [Gateway Photo Frame] - C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe [123904 2009-05-05] (IOI) HKLM-x32\...\Run: [LchDrvKey] - LchDrvKey.exe [x] HKLM-x32\...\Run: [LedKey] - CNYHKey.exe [x] HKLM-x32\...\Run: [CLMLServer] - C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe [103720 2008-12-24] (CyberLink) HKLM-x32\...\Run: [iSUSScheduler] - C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-02-16] (InstallShield Software Corporation) HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2010-03-17] (Apple Inc.) HKLM-x32\...\Run: [mcui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [1532992 2013-03-13] (McAfee, Inc.) HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [Conime] - C:\Windows\SysWOW64\conime.exe [69120 2009-04-11] (Microsoft Corporation) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated) HKU\Default\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [2438656 2009-04-11] (Microsoft Corporation) HKU\Default\...\RunOnce: [scrSav] - C:\Windows\Screensavers\Gateway\run_Gateway.exe [155648 2009-04-03] () HKU\Default User\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [2438656 2009-04-11] (Microsoft Corporation) HKU\Default User\...\RunOnce: [scrSav] - C:\Windows\Screensavers\Gateway\run_Gateway.exe [155648 2009-04-03] () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk ShortcutTarget: WDDMStatus.lnk -> C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDSmartWare.lnk ShortcutTarget: WDSmartWare.lnk -> C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital) SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation) SSODL-x32: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWOW64\webcheck.dll (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://att.net HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4300&r=1v3607099306p0325vqk5k46j15206 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4300&r=1v3607099306p0325vqk5k46j15206 URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) URLSearchHook: YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No File StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKCU - DefaultScope {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://search.yahoo.com/search?p={searchTerms}&fr=chr-rog SearchScopes: HKCU - {86EA8B23-520D-4E3F-BCD4-D4AEB586AF18} URL = http://www.flickr.com/search/?q={searchTerms} SearchScopes: HKCU - {AB2D7FD7-7580-410E-B623-82F3A63D8002} URL = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avgb-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms} SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://search.yahoo.com/search?p={searchTerms}&fr=chr-rog SearchScopes: HKCU - {E5156248-9F66-4F64-8B27-5592AB3114A2} URL = http://delicious.com/search?p={searchTerms} BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120625090711.dll (McAfee, Inc.) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) BHO-x32: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120625090711.dll (McAfee, Inc.) BHO-x32: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO-x32: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\YTSingleInstance.dll (Yahoo! Inc) Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKLM-x32 - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://kodak.webex.com/client/T27L10NSP25/support/ieatgpc1.cab Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - No File Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\syswow64\urlmon.dll (Microsoft Corporation) Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) Handler-x32: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~1\mcafee\msc\MCSNIE~1.DLL (McAfee, Inc.) Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dll (McAfee, Inc.) Winsock: Catalog5 01 %SystemRoot%\System32\mswsock.dll [223232] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll" Winsock: Catalog5-x64 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll" Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 FireFox: ======== FF ProfilePath: C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\1eo4ssn2.default FF SelectedSearchEngine: Yahoo FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll () FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL () FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF Plugin-x32: @ei.ConservativeTalkNow_4n.com/Plugin - C:\Program Files (x86)\ConservativeTalkNow_4nEI\Installr\1.bin\NP4nEISB.dll (ConservativeTalkNow) FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL () FF Plugin-x32: @mcafee.com/MVT - C:\Program Files (x86)\McAfee\Supportability\MVT\npmvtplugin.dll (McAfee, Inc.) FF Plugin-x32: @mcafee.com/SAFFPlugin - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin-x32: @Motive.com/NpMotive,version=1.0 - C:\Program Files (x86)\ATT\8.2.1.6\ma\bin\npMotive.dll (Alcatel-Lucent) FF Plugin-x32: @Motive.com/npMotiveRequest,version=1.0 - C:\Program Files (x86)\Common Files\Motive\npMotiveRequest.dll (Alcatel-Lucent) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @yahoo.com/BrowserPlus,version=2.9.8 - C:\Users\Amy\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.) FF Extension: No Name - C:\Users\Amy\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} FF Extension: Microsoft .NET Framework Assistant - C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\1eo4ssn2.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} FF Extension: Yahoo! Toolbar - C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\1eo4ssn2.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} FF Extension: mcciwbch - C:\Program Files (x86)\Mozilla Firefox\extensions\mcciwbch@motive.com.xpi FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] C:\Program Files (x86)\McAfee\SiteAdvisor FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] C:\Program Files (x86)\Common Files\McAfee\SystemCore FF Extension: No Name - C:\Program Files (x86)\Common Files\McAfee\SystemCore Chrome: ======= CHR HKLM-x32\...\Chrome\Extension: [edmgmpmklgfbohogafcfobonnkogchec] - C:\Program Files (x86)\Common Files\Motive\extensions\MotiveRequest.crx CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx ==================== Services (Whitelisted) ================= R2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-01] (Akamai Technologies, Inc.) R2 ATT MAHostService; C:\Program Files (x86)\ATT\8.2.1.6\ma\bin\MAHostService.exe [319488 2013-03-26] (Alcatel-Lucent) R2 dlcc_device; C:\Windows\system32\dlcccoms.exe [566768 2007-02-14] ( ) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [120592 2013-05-22] (McAfee, Inc.) R2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.) R2 mcmscsvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.) R2 McNaiAnn; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.) R2 McNASvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.) S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [383608 2012-11-16] (McAfee, Inc.) R2 McProxy; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.) R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [241456 2013-02-19] (McAfee, Inc.) R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218760 2013-02-19] (McAfee, Inc.) R2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-02-19] (McAfee, Inc.) R2 pcCMService64; C:\Program Files\Common Files\Motive\pcCMService.exe [460288 2012-11-01] (Alcatel-Lucent) R2 ProtexisLicensing; C:\Program Files (x86)\Common Files\Protexis\License Service\PSIService.exe [174656 2006-11-02] () R2 SAiAdmin; C:\Windows\SysWOW64\SAiAdmin.exe [65536 2007-08-27] (TODO: <Company name>) R2 SAiDownloader; C:\Program Files (x86)\SAi\SAi Production Suite\Program\SAiDownloaderVistaUI.exe [417792 2007-09-11] (TODO: <Company name>) R2 SAiDownloaderVista; C:\Windows\SysWOW64\SAiDownloaderVista.exe [77824 2007-09-11] (TODO: <Company name>) R2 SAiLicSvr; C:\Windows\SysWOW64\SAiLicSvr.exe [86016 2007-12-19] (SA International) R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.) R2 SentinelKeysServer; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [328992 2008-07-11] (SafeNet, Inc.) R2 yksvc; C:\Windows\System32\ykx64mpcoinst.dll [382464 2009-01-08] (Marvell) ==================== Drivers (Whitelisted) ==================== R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-02-19] (McAfee, Inc.) R3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [13088 2011-03-02] () S2 Haspnt; C:\Windows\SysWow64\drivers\Haspnt.sys [47616 2009-09-17] (Aladdin Knowledge Systems) S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179280 2013-02-19] (McAfee, Inc.) R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [309840 2013-02-19] (McAfee, Inc.) R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [515968 2013-02-19] (McAfee, Inc.) R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [771536 2013-02-19] (McAfee, Inc.) S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106552 2013-02-19] (McAfee, Inc.) R1 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [340216 2013-02-19] (McAfee, Inc.) S3 MREMP50; C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [21248 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) S3 MREMP50; C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [21248 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) S3 MREMP50a64; C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [43008 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) S3 MRESP50; C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [20096 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) S3 MRESP50; C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [20096 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) S3 MRESP50a64; C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [40960 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) S2 Par1284; C:\Program Files (x86)\FlexiSIGN 7.5v5\Program\Par1284.sys [53344 2004-07-13] (Warp Nine Engineering) S2 Par1284; C:\Program Files (x86)\FlexiSIGN 7.5v5\Program\Par1284.sys [53344 2004-07-13] (Warp Nine Engineering) R3 RTL85n64; C:\Windows\System32\DRIVERS\RTL85n64.sys [444960 2008-05-09] (Realtek) R3 SNTUSB64; C:\Windows\System32\DRIVERS\SNTUSB64.SYS [58664 2008-07-11] (SafeNet, Inc.) S3 SydexFDD; C:\Windows\SysWOW64\Drivers\sydexfdd.sys [13359 2009-08-06] (Windows ® 2000 DDK provider) S3 SydexFDD; C:\Windows\SysWOW64\Drivers\sydexfdd.sys [13359 2009-08-06] (Windows ® 2000 DDK provider) S1 Beep; No ImagePath S3 catchme; \??\C:\ComboFix\catchme.sys [x] S2 Haspnt; \??\C:\Windows\system32\drivers\Haspnt.sys [x] S3 IpInIp; system32\DRIVERS\ipinip.sys [x] U3 mfeavfk01; No ImagePath S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [x] S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [x] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x] S2 wntpport; No ImagePath ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-08-09 16:22 - 2013-08-09 16:22 - 00329216 _____ C:\Users\Amy\Desktop\johnnyduckhunt.fs 2013-08-09 14:08 - 2013-08-09 14:26 - 00664064 _____ C:\Users\Amy\Desktop\bms.fs 2013-08-09 13:07 - 2013-08-09 13:07 - 00004954 _____ C:\Users\Amy\Desktop\RKreport[0]_S_08092013_130747.txt 2013-08-09 13:05 - 2013-08-09 13:07 - 00000000 ____D C:\Users\Amy\Desktop\RK_Quarantine 2013-08-09 13:05 - 2013-08-09 13:05 - 00920576 _____ C:\Users\Amy\Desktop\RogueKiller.exe 2013-08-09 12:57 - 2013-08-12 09:08 - 00000348 _____ C:\Windows\Tasks\AmiUpdXp.job 2013-08-09 12:57 - 2013-08-09 12:57 - 00003364 _____ C:\Windows\System32\Tasks\AmiUpdXp 2013-08-09 12:57 - 2013-08-09 12:57 - 00000000 ____D C:\Users\Amy\AppData\Local\SwvUpdater 2013-08-09 12:35 - 2013-08-09 12:35 - 00002509 _____ C:\AdwCleaner[s1].txt 2013-08-09 12:34 - 2013-08-09 12:34 - 00017910 _____ C:\Users\Amy\Desktop\Wildcat11.dst 2013-08-09 12:32 - 2013-08-09 12:32 - 00004700 _____ C:\Users\Amy\Desktop\JRT.txt 2013-08-09 12:25 - 2013-08-09 12:25 - 01066136 _____ C:\Users\Amy\Desktop\Setup.exe 2013-08-09 12:23 - 2013-08-09 12:23 - 00666633 _____ C:\Users\Amy\Desktop\AdwCleaner.exe 2013-08-09 12:22 - 2013-08-09 12:22 - 00000000 ____D C:\Windows\ERUNT 2013-08-09 12:21 - 2013-08-09 12:21 - 00958036 _____ (Oleg N. Scherbakov) C:\Users\Amy\Desktop\JRT.exe 2013-08-09 11:25 - 2013-08-09 11:25 - 00211924 _____ C:\Users\Amy\Desktop\Football 1.EPS 2013-08-09 09:26 - 2013-08-09 09:26 - 00010138 _____ C:\Users\Amy\Desktop\attach.txt 2013-08-09 09:26 - 2013-08-09 09:21 - 00024109 _____ C:\Users\Amy\Desktop\dds.txt 2013-08-09 09:23 - 2013-08-09 09:25 - 00000000 ____D C:\Users\Amy\Desktop\New Folder 2013-08-09 09:15 - 2013-08-09 09:15 - 00000927 _____ C:\Users\Amy\Desktop\mbam.txt 2013-08-09 09:06 - 2013-08-09 09:06 - 00688992 ____R (Swearware) C:\Users\Amy\Desktop\dds.scr 2013-08-07 09:33 - 2013-08-07 09:33 - 00000000 ____D C:\Users\Amy\AppData\Local\Windows Live 2013-08-06 10:37 - 2013-08-06 10:37 - 00000000 ____D C:\Windows\SysWOW64\syncdb 2013-08-06 09:59 - 2013-08-06 09:59 - 00001924 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk 2013-08-06 09:56 - 2013-08-06 09:56 - 00000000 ____D C:\Users\Amy\AppData\Roaming\1O1L1I1PtF1F1C1N 2013-08-06 09:55 - 2013-08-06 09:54 - 01037120 _____ (Solid State Networks) C:\Users\Amy\Downloads\AdobeReaderSetup.exe 2013-08-06 09:09 - 2013-08-06 09:09 - 00274504 _____ C:\Windows\Minidump\Mini080613-01.dmp 2013-08-02 10:02 - 2013-08-02 10:02 - 00000000 ____D C:\Users\Amy\Documents\Add-in Express 2013-07-31 11:55 - 2013-08-09 09:20 - 00000000 ____D C:\Users\Amy\Desktop\amy 2013-07-30 11:01 - 2013-07-30 11:05 - 00000000 ____D C:\Windows\system32\MRT 2013-07-30 03:02 - 2013-07-30 03:02 - 00000000 ____D C:\74bf217706d79f526b8726bf6b 2013-07-22 12:37 - 2013-07-22 12:37 - 02818886 _____ C:\Users\Amy\Downloads\tyshayouth rev.eps ==================== One Month Modified Files and Folders ======= 2013-08-12 09:30 - 2013-08-12 09:30 - 01575246 _____ (Farbar) C:\Users\Amy\Desktop\FRST64.exe 2013-08-12 09:30 - 2006-11-02 10:22 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2013-08-12 09:30 - 2006-11-02 10:22 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2013-08-12 09:27 - 2012-01-05 15:53 - 00000000 ____D C:\Users\Amy\AppData\Roaming\Clip Art Collection 2013-08-12 09:12 - 2012-04-20 09:56 - 00000000 ____D C:\ProgramData\Kodak 2013-08-12 09:09 - 2012-04-09 08:50 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-08-12 09:08 - 2013-08-09 12:57 - 00000348 _____ C:\Windows\Tasks\AmiUpdXp.job 2013-08-12 08:47 - 2010-02-03 09:22 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-08-11 13:47 - 2010-02-03 09:22 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-08-09 16:28 - 2009-09-21 14:11 - 00021878 _____ C:\Windows\winltr.ini 2013-08-09 16:22 - 2013-08-09 16:22 - 00329216 _____ C:\Users\Amy\Desktop\johnnyduckhunt.fs 2013-08-09 16:02 - 2009-09-21 14:10 - 00000000 ____D C:\Fantastic Fonts for Embroidery 2013-08-09 16:02 - 2006-11-02 07:46 - 00709582 _____ C:\Windows\system32\PerfStringBackup.INI 2013-08-09 15:42 - 2010-02-12 12:14 - 00002655 _____ C:\Users\Amy\Desktop\CorelDRAW 12.lnk 2013-08-09 14:26 - 2013-08-09 14:08 - 00664064 _____ C:\Users\Amy\Desktop\bms.fs 2013-08-09 13:07 - 2013-08-09 13:07 - 00004954 _____ C:\Users\Amy\Desktop\RKreport[0]_S_08092013_130747.txt 2013-08-09 13:07 - 2013-08-09 13:05 - 00000000 ____D C:\Users\Amy\Desktop\RK_Quarantine 2013-08-09 13:05 - 2013-08-09 13:05 - 00920576 _____ C:\Users\Amy\Desktop\RogueKiller.exe 2013-08-09 12:57 - 2013-08-09 12:57 - 00003364 _____ C:\Windows\System32\Tasks\AmiUpdXp 2013-08-09 12:57 - 2013-08-09 12:57 - 00000000 ____D C:\Users\Amy\AppData\Local\SwvUpdater 2013-08-09 12:43 - 2009-07-06 10:42 - 01987637 _____ C:\Windows\WindowsUpdate.log 2013-08-09 12:38 - 2006-11-02 10:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-08-09 12:37 - 2008-01-20 22:26 - 00451008 _____ C:\Windows\PFRO.log 2013-08-09 12:35 - 2013-08-09 12:35 - 00002509 _____ C:\AdwCleaner[s1].txt 2013-08-09 12:35 - 2006-11-02 10:42 - 00032580 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2013-08-09 12:34 - 2013-08-09 12:34 - 00017910 _____ C:\Users\Amy\Desktop\Wildcat11.dst 2013-08-09 12:32 - 2013-08-09 12:32 - 00004700 _____ C:\Users\Amy\Desktop\JRT.txt 2013-08-09 12:25 - 2013-08-09 12:25 - 01066136 _____ C:\Users\Amy\Desktop\Setup.exe 2013-08-09 12:23 - 2013-08-09 12:23 - 00666633 _____ C:\Users\Amy\Desktop\AdwCleaner.exe 2013-08-09 12:22 - 2013-08-09 12:22 - 00000000 ____D C:\Windows\ERUNT 2013-08-09 12:21 - 2013-08-09 12:21 - 00958036 _____ (Oleg N. Scherbakov) C:\Users\Amy\Desktop\JRT.exe 2013-08-09 12:08 - 2009-09-25 15:25 - 00000000 ____D C:\Users\Amy\Documents\Flexi art 2013-08-09 11:25 - 2013-08-09 11:25 - 00211924 _____ C:\Users\Amy\Desktop\Football 1.EPS 2013-08-09 09:26 - 2013-08-09 09:26 - 00010138 _____ C:\Users\Amy\Desktop\attach.txt 2013-08-09 09:25 - 2013-08-09 09:23 - 00000000 ____D C:\Users\Amy\Desktop\New Folder 2013-08-09 09:21 - 2013-08-09 09:26 - 00024109 _____ C:\Users\Amy\Desktop\dds.txt 2013-08-09 09:20 - 2013-07-31 11:55 - 00000000 ____D C:\Users\Amy\Desktop\amy 2013-08-09 09:15 - 2013-08-09 09:15 - 00000927 _____ C:\Users\Amy\Desktop\mbam.txt 2013-08-09 09:06 - 2013-08-09 09:06 - 00688992 ____R (Swearware) C:\Users\Amy\Desktop\dds.scr 2013-08-08 09:06 - 2012-07-11 08:42 - 00000950 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2013-08-08 09:06 - 2012-07-11 08:42 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-08-08 09:01 - 2011-07-28 11:15 - 00000000 ____D C:\Users\Amy\AppData\Local\Meebo 2013-08-08 08:52 - 2009-12-11 09:34 - 00000000 ____D C:\Windows\Minidump 2013-08-08 08:52 - 2009-12-11 09:33 - 781185219 _____ C:\Windows\MEMORY.DMP 2013-08-07 15:38 - 2006-11-02 10:27 - 00172142 _____ C:\Windows\setupact.log 2013-08-07 15:07 - 2012-03-22 12:44 - 00000000 ____D C:\Users\Amy\AppData\Roaming\Audacity 2013-08-07 15:07 - 2011-11-09 19:23 - 00000000 ____D C:\Users\Amy\AppData\Local\Akamai 2013-08-07 15:07 - 2011-09-26 10:39 - 00000000 ____D C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Shop to Win 12 2013-08-07 15:07 - 2011-06-15 09:56 - 00000000 ____D C:\Users\Amy\AppData\Roaming\Skype 2013-08-07 15:07 - 2009-09-21 09:25 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy 2013-08-07 15:07 - 2009-09-16 12:00 - 00000000 ____D C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Power2Go 2013-08-07 15:07 - 2009-04-10 00:45 - 00000000 ____D C:\Program Files (x86)\Windows Live SkyDrive 2013-08-07 15:07 - 2009-04-10 00:45 - 00000000 ____D C:\Program Files (x86)\Windows Live 2013-08-07 15:07 - 2006-11-02 08:34 - 00000000 ____D C:\Windows\system32\spool 2013-08-07 15:07 - 2006-11-02 08:34 - 00000000 ____D C:\Windows\system32\Msdtc 2013-08-07 15:07 - 2006-11-02 08:33 - 00000000 ____D C:\Windows\rescache 2013-08-07 15:07 - 2006-11-02 08:33 - 00000000 ____D C:\Windows\registration 2013-08-07 15:07 - 2006-11-02 07:33 - 77594624 _____ C:\Windows\system32\config\software_previous 2013-08-07 15:07 - 2006-11-02 07:33 - 37748736 _____ C:\Windows\system32\config\system_previous 2013-08-07 15:06 - 2012-04-20 10:01 - 00000000 ____D C:\Windows\SysWOW64\kodak 2013-08-07 15:05 - 2009-07-06 11:03 - 00000000 ____D C:\ProgramData\CyberLink 2013-08-07 15:03 - 2011-09-26 10:40 - 00000000 ____D C:\Program Files (x86)\GIMP-2.0 2013-08-07 15:02 - 2009-07-06 11:02 - 00000000 ____D C:\Program Files (x86)\Cyberlink 2013-08-07 14:53 - 2006-11-02 07:33 - 54525952 _____ C:\Windows\system32\config\components_previous 2013-08-07 14:53 - 2006-11-02 07:33 - 00057344 _____ C:\Windows\system32\config\sam_previous 2013-08-07 12:34 - 2009-09-16 12:03 - 00376680 _____ C:\Users\Amy\AppData\Local\GDIPFONTCACHEV1.DAT 2013-08-07 12:19 - 2012-07-10 16:11 - 00000000 ____D C:\Windows\18F97AF04F884494AFE25A5702E142CC.TMP 2013-08-07 12:11 - 2013-05-15 11:18 - 00376680 _____ C:\Windows\system32\GDIPFONTCACHEV1.DAT 2013-08-07 12:09 - 2009-09-16 12:00 - 00000000 ____D C:\Users\Amy 2013-08-07 11:49 - 2006-11-02 07:33 - 00786432 _____ C:\Windows\system32\config\default_previous 2013-08-07 11:49 - 2006-11-02 07:33 - 00020480 _____ C:\Windows\system32\config\security_previous 2013-08-07 10:38 - 2009-04-10 00:23 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2013-08-07 10:33 - 2012-04-20 10:03 - 00000000 ____D C:\Users\Amy\AppData\Local\Eastman_Kodak_Company 2013-08-07 10:32 - 2012-04-20 09:58 - 00000000 ____D C:\Program Files (x86)\Kodak 2013-08-07 09:35 - 2006-11-02 08:33 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared 2013-08-07 09:34 - 2009-04-10 00:47 - 00063470 _____ C:\Windows\DirectX.log 2013-08-07 09:33 - 2013-08-07 09:33 - 00000000 ____D C:\Users\Amy\AppData\Local\Windows Live 2013-08-07 09:01 - 2006-11-02 10:21 - 01069544 _____ C:\Windows\system32\FNTCACHE.DAT 2013-08-06 10:43 - 2009-04-10 00:49 - 00000000 ____D C:\ProgramData\Adobe 2013-08-06 10:43 - 2009-04-10 00:49 - 00000000 ____D C:\Program Files (x86)\Adobe 2013-08-06 10:37 - 2013-08-06 10:37 - 00000000 ____D C:\Windows\SysWOW64\syncdb 2013-08-06 10:14 - 2009-09-28 10:00 - 00000000 ____D C:\Program Files (x86)\Corel 2013-08-06 10:03 - 2011-06-15 09:56 - 00000000 ____D C:\ProgramData\Skype 2013-08-06 10:02 - 2009-09-21 13:35 - 00000000 ____D C:\Users\Amy\AppData\Local\Adobe 2013-08-06 09:59 - 2013-08-06 09:59 - 00001924 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk 2013-08-06 09:56 - 2013-08-06 09:56 - 00000000 ____D C:\Users\Amy\AppData\Roaming\1O1L1I1PtF1F1C1N 2013-08-06 09:54 - 2013-08-06 09:55 - 01037120 _____ (Solid State Networks) C:\Users\Amy\Downloads\AdobeReaderSetup.exe 2013-08-06 09:09 - 2013-08-06 09:09 - 00274504 _____ C:\Windows\Minidump\Mini080613-01.dmp 2013-08-02 10:02 - 2013-08-02 10:02 - 00000000 ____D C:\Users\Amy\Documents\Add-in Express 2013-08-02 10:02 - 2010-05-25 10:16 - 00000000 ____D C:\ProgramData\WinZip 2013-07-31 11:29 - 2009-09-17 15:33 - 00000000 ____D C:\Program Files (x86)\Yahoo! 2013-07-30 11:05 - 2013-07-30 11:01 - 00000000 ____D C:\Windows\system32\MRT 2013-07-30 03:02 - 2013-07-30 03:02 - 00000000 ____D C:\74bf217706d79f526b8726bf6b 2013-07-26 10:34 - 2009-09-16 12:00 - 00000000 ____D C:\Program Files (x86)\Google 2013-07-24 11:02 - 2009-09-17 13:46 - 00000000 ____D C:\Users\Amy\AppData\Local\Google 2013-07-22 12:37 - 2013-07-22 12:37 - 02818886 _____ C:\Users\Amy\Downloads\tyshayouth rev.eps 2013-07-17 11:05 - 2009-09-28 10:04 - 00002984 ___SH C:\Windows\SysWOW64\KGyGaAvL.sys 2013-07-17 11:05 - 2009-09-28 10:04 - 00000088 __RSH C:\Windows\SysWOW64\8901C0D7E9.sys 2013-07-15 13:42 - 2010-02-03 09:22 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2013-07-15 13:42 - 2010-02-03 09:22 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender LastRegBack: 2013-08-12 01:28 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-08-2013 02 Ran by Amy at 2013-08-12 09:35:00 Running from C:\Users\Amy\Desktop Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= Update for Microsoft Office 2007 (KB2508958) (x32) Acrobat.com (x32 Version: 0.0.0) Acrobat.com (x32 Version: 1.1.377) Adobe AIR (x32 Version: 2.5.1.17730) Adobe Community Help (x32 Version: 3.2.1) Adobe Community Help (x32 Version: 3.2.1.650) Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224) Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224) Adobe Reader Free Download Packages (HKCU) Adobe Reader XI (11.0.03) (x32 Version: 11.0.03) aioscnnr (x32 Version: 7.3.4.0) Akamai NetSession Interface (HKCU) Akamai NetSession Interface Service (x32) Apple Application Support (x32 Version: 1.2.1) Apple Software Update (x32 Version: 2.1.1.116) ATI Catalyst Install Manager (Version: 3.0.704.0) ATT Management Agent (x32 Version: 8.2.1.6) Bing Bar (x32 Version: 7.0.822.0) C4USelfUpdater (x32 Version: 1.00.0000) Canon MF Toolbox 4.9.1.1.mf12 (x32 Version: 4.9.1.1.mf12) Canon MF4500w Series (Version: 3.9.0.0) Catalyst Control Center - Branding (x32 Version: 1.00.0000) Catalyst Control Center Core Implementation (x32 Version: 2008.1210.1623.29379) Catalyst Control Center Graphics Full Existing (x32 Version: 2008.1210.1623.29379) Catalyst Control Center Graphics Full New (x32 Version: 2008.1210.1623.29379) Catalyst Control Center Graphics Light (x32 Version: 2008.1210.1623.29379) Catalyst Control Center Graphics Previews Vista (x32 Version: 2008.1210.1623.29379) Catalyst Control Center InstallProxy (x32 Version: 2008.1210.1623.29379) Catalyst Control Center Localization Danish (x32 Version: 2008.1210.1623.29379) Catalyst Control Center Localization Dutch (x32 Version: 2008.1210.1623.29379) Catalyst Control Center Localization Finnish (x32 Version: 2008.1210.1623.29379) Catalyst Control Center Localization French (x32 Version: 2008.1210.1623.29379) Catalyst Control Center Localization German (x32 Version: 2008.1210.1623.29379) Catalyst Control Center Localization Italian (x32 Version: 2008.1210.1623.29379) Catalyst Control Center Localization Japanese (x32 Version: 2008.1210.1623.29379) Catalyst Control Center Localization Norwegian (x32 Version: 2008.1210.1623.29379) Catalyst Control Center Localization Spanish (x32 Version: 2008.1210.1623.29379) Catalyst Control Center Localization Swedish (x32 Version: 2008.1210.1623.29379) CCC Help Danish (x32 Version: 2008.1210.1622.29379) CCC Help Dutch (x32 Version: 2008.1210.1622.29379) CCC Help English (x32 Version: 2008.1210.1622.29379) CCC Help Finnish (x32 Version: 2008.1210.1622.29379) CCC Help French (x32 Version: 2008.1210.1622.29379) CCC Help German (x32 Version: 2008.1210.1622.29379) CCC Help Italian (x32 Version: 2008.1210.1622.29379) CCC Help Japanese (x32 Version: 2008.1210.1622.29379) CCC Help Norwegian (x32 Version: 2008.1210.1622.29379) CCC Help Spanish (x32 Version: 2008.1210.1622.29379) CCC Help Swedish (x32 Version: 2008.1210.1622.29379) ccc-core-static (x32 Version: 2008.1210.1623.29379) ccc-utility64 (Version: 2008.1210.1623.29379) center (x32 Version: 6.2.5.0) Clip Art Collection (x32 Version: 1.0.0.0) Compatibility Pack for the 2007 Office system (x32 Version: 12.0.6612.1000) CorelDRAW Graphics Suite 12 (x32 Version: 12.0.0.458) CyberLink Power2Go (x32 Version: 6.0.2705) Embroidery Fonts Plus (x32 Version: 2.0.0000) essentials (x32 Version: 6.0.14.0) EZ Fonts (x32 Version: 1.0.0) EZgram Home Edition (x32) Fantastic Fonts for Embroidery (x32) File Type Assistant (x32) FlexiSIGN 7.5v5 (x32) Gateway Games (x32 Version: 1.0.0.52) Gateway Photo Frame 4.2.3.6 (x32 Version: 4.2.3.6) Gateway Recovery Management (x32 Version: 4.00.3008) Gateway ScreenSaver (x32 Version: 1.0.0.413) GIMP 2.6.11 (x32 Version: 2.6.11) Google Toolbar for Internet Explorer (x32 Version: 1.0.0) Google Toolbar for Internet Explorer (x32 Version: 7.5.4209.2358) Google Update Helper (x32 Version: 1.3.21.153) HASP Device Drivers (x32) Java Auto Updater (x32 Version: 2.0.7.1) Java 6 Update 31 (x32 Version: 6.0.310) Java 6 Update 5 (x32 Version: 1.6.0.50) Junk Mail filter update (x32 Version: 14.0.8089.726) KB0817 Keyboard Driver (x32 Version: 1.30.0000) Kodak AIO Printer (Version: 7.4.0.0) KODAK AiO Software (x32 Version: 7.4.5.40) Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300) Marvell Miniport Driver (x32 Version: 10.67.3.3) McAfee SecurityCenter (x32 Version: 11.6.511) McAfee Virtual Technician (x32 Version: 7.1.0.2483) Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft Application Error Reporting (Version: 12.0.6015.5000) Microsoft Choice Guard (x32 Version: 2.0.48.0) Microsoft Money Essentials (x32 Version: 16) Microsoft Money Shared Libraries (x32 Version: 16.0.0.705) Microsoft Office 2007 Service Pack 3 (SP3) (x32) Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003) Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000) Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office PowerPoint Viewer 2007 (English) (x32 Version: 12.0.6612.1000) Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014) Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32) Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000) Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000) Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Suite Activation Assistant (x32 Version: 2.9) Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000) Microsoft Silverlight (x32 Version: 5.1.20513.0) Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000) Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.50727.42) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000) Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161) Microsoft Works (x32 Version: 9.7.0621) Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053) Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053) Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053) Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000) Mozilla Firefox 22.0 (x86 en-US) (x32 Version: 22.0) Mozilla Maintenance Service (x32 Version: 22.0) MSVCRT (x32 Version: 14.0.1468.721) MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0) NVIDIA Drivers ocr (x32 Version: 6.2.3.50) PL-2303 USB-to-Serial (x32 Version: 1.00.000) PreReq (x32 Version: 6.2.3.0) QuickTime (x32 Version: 7.66.71.0) re Systems PCI-SV92PP Soft Modem Realtek High Definition Audio Driver (x32 Version: 6.0.1.5821) SAi Production Suite (x32 Version: 1.00.0000) Scrapbook Factory (x32 Version: 2.00.0004) Sentinel Protection Installer 7.5.0 (x32 Version: 7.5.0) Shared C Run-time for x64 (Version: 10.0.0) Skins (x32 Version: 2008.1210.1623.29379) Smart Sizer Platinum (HKCU Version: 3.2.6.4) Smart Sizer Platinum (x32 Version: 3.2.6.4) Software Version Updater (x32 Version: 1.1.3.8) Spybot - Search & Destroy (x32 Version: 1.6.2) SpyHunter (Version: 4.9.11.3987) Update for 2007 Microsoft Office System (KB967642) (x32) Update for Microsoft .NET Framework 3.5 SP1 (KB2836940) (x32 Version: 1) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1) Update for Microsoft Office 2007 Help for Common Features (KB963673) (x32) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32) Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (x32) Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (x32) Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32) Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32) Update for Microsoft Office Excel 2007 Help (KB963678) (x32) Update for Microsoft Office OneNote 2007 Help (KB963670) (x32) Update for Microsoft Office Powerpoint 2007 Help (KB963669) (x32) Update for Microsoft Office Script Editor Help (KB963671) (x32) Update for Microsoft Office Word 2007 Help (KB963665) (x32) Update Manager (x32 Version: 4.60) Visual C++ 8.0 Runtime Setup Package (x64) (x32 Version: 9.0.0.623) WD SmartWare (Version: 1.1.1.6) WebEx (x32) Wilcom TrueSizer (x32 Version: 12.0.0004) Windows Driver Package - YUAN TV DRIVER (cxpl_mhd) Media (03/21/2009 6.0.64.0057) (Version: 03/21/2009 6.0.64.0057) Windows Live Call (x32 Version: 14.0.8064.0206) Windows Live Communications Platform (x32 Version: 14.0.8064.206) Windows Live Essentials (x32 Version: 14.0.8089.0726) Windows Live Essentials (x32 Version: 14.0.8089.726) Windows Live Mail (x32 Version: 14.0.8089.0726) Windows Live Messenger (x32 Version: 14.0.8089.0726) Windows Live Photo Gallery (x32 Version: 14.0.8081.709) Windows Live Sign-in Assistant (x32 Version: 5.000.818.6) Windows Live Sync (x32 Version: 14.0.8089.726) Windows Live Upload Tool (x32 Version: 14.0.8014.1029) Windows Live Writer (x32 Version: 14.0.8089.0726) Yahoo! BrowserPlus 2.9.8 (HKCU) Yahoo! Software Update (x32) Yahoo! Toolbar (x32) ==================== Restore Points ========================= 31-05-2013 17:39:40 Scheduled Checkpoint 04-06-2013 08:59:26 Scheduled Checkpoint 05-06-2013 22:09:54 Scheduled Checkpoint 07-06-2013 17:45:30 Scheduled Checkpoint 10-06-2013 17:26:04 Scheduled Checkpoint 12-06-2013 20:45:29 Scheduled Checkpoint 13-06-2013 08:01:23 Windows Update 14-06-2013 17:41:27 Scheduled Checkpoint 17-06-2013 20:28:29 Scheduled Checkpoint 19-06-2013 20:21:57 Scheduled Checkpoint 20-06-2013 21:57:17 Scheduled Checkpoint 21-06-2013 21:43:38 Scheduled Checkpoint 22-06-2013 08:01:26 Windows Update 24-06-2013 14:15:02 Windows Update 25-06-2013 08:00:29 Windows Update 26-06-2013 22:02:08 Scheduled Checkpoint 03-07-2013 16:44:04 Scheduled Checkpoint 08-07-2013 16:10:48 Scheduled Checkpoint 09-07-2013 20:22:48 Scheduled Checkpoint 10-07-2013 13:43:14 Scheduled Checkpoint 11-07-2013 13:51:28 Scheduled Checkpoint 12-07-2013 08:01:33 Windows Update 15-07-2013 19:49:18 Scheduled Checkpoint 16-07-2013 13:42:55 Scheduled Checkpoint 17-07-2013 22:01:56 Scheduled Checkpoint 18-07-2013 21:18:58 Scheduled Checkpoint 19-07-2013 19:39:39 Scheduled Checkpoint 22-07-2013 21:30:24 Scheduled Checkpoint 24-07-2013 20:52:39 Scheduled Checkpoint 25-07-2013 17:17:26 Scheduled Checkpoint 29-07-2013 20:15:21 Scheduled Checkpoint 30-07-2013 08:00:54 Windows Update 30-07-2013 15:47:45 Windows Update 31-07-2013 16:29:54 Removed SpyHunter 01-08-2013 20:37:41 Scheduled Checkpoint 02-08-2013 15:00:29 Removed WinZip 17.5 05-08-2013 20:53:58 Scheduled Checkpoint 06-08-2013 14:18:24 Windows Backup 06-08-2013 15:02:02 Removed Skype™ 5.10 06-08-2013 15:06:10 Removed Skype Toolbars 06-08-2013 15:11:27 Removed CorelDRAW Graphics Suite X3 06-08-2013 15:19:46 Removed Adobe Photoshop Elements 9. 07-08-2013 14:28:50 Windows Update 07-08-2013 15:34:24 Configured Power2Go 07-08-2013 17:17:15 Removed SpyHunter 08-08-2013 13:56:11 Removed SpyHunter 09-08-2013 22:19:19 Scheduled Checkpoint 11-08-2013 05:00:03 Scheduled Checkpoint 12-08-2013 00:00:06 Windows Backup ==================== Hosts content: ========================== 2006-11-02 07:34 - 2012-07-12 12:48 - 00000027 ____N C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} - System32\Tasks\Microsoft\Windows\MobilePC\TMM Task: {192DDA2D-5815-47B8-983F-65744FEEC03A} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages Task: {254095AE-FB97-48EA-94A5-D8BF2AB79714} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation) Task: {39771AF2-351D-45E1-8B56-9A6BCF6D9586} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2008-07-30] (Apple Inc.) Task: {4A8468AF-E05E-4FCE-9073-87AF93DD1791} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-02-03] (Google Inc.) Task: {77DFEF52-C0ED-4B0E-AA70-6FAA3D9A6D8B} - System32\Tasks\Acer\Burn Notification => C:\Program Files\Gateway\Gateway Recovery Management\NotificationCenter\Notification.exe [2009-04-20] (Acer) Task: {7C638E5B-ECE5-4424-A7E5-2C913CA682E9} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI Task: {829383F5-9360-41DD-B194-52F5D2F310BE} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\system32\rundll32.exe [2006-11-02] (Microsoft Corporation) Task: {8540A123-EA65-4272-9A21-F9E2CE6449F2} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\schtasks.exe [2008-01-20] (Microsoft Corporation) Task: {873FDFBB-D3EF-492D-8AC0-9A5A7F3B3582} - System32\Tasks\Microsoft\Windows\WindowsBackup\CheckFull => C:\Windows\System32\sdclt.exe [2010-12-14] (Microsoft Corporation) Task: {8F5110A8-B304-42E7-8C4E-7E32B5B99B8E} - System32\Tasks\ProgramUpdateCheck => C:\Program Files (x86)\File Type Assistant\TSAssist.exe [2012-02-28] (Trusted Software ApS) Task: {A11D9B14-135D-413F-A40F-C2DA520E449D} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Amy => C:\Program Files\Windows Calendar\WinCal.exe [2008-01-20] (Microsoft Corporation) Task: {A9683382-0125-42BE-A29E-E39819CD3AF7} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\OptinNotification => C:\Windows\System32\wsqmcons.exe [2008-01-20] (Microsoft Corporation) Task: {B2471C96-6082-4AFB-A4D3-24B8AE499EF1} - System32\Tasks\{403568FF-F792-4EF3-BE96-61C384524891} => C:\Program Files (x86)\Skype\\Phone\Skype.exe No File Task: {BB87A277-8333-4F80-89BE-CE6813F18410} - System32\Tasks\AmiUpdXp => C:\Users\Amy\AppData\Local\SwvUpdater\Updater.exe [2013-08-09] (Amonetize ltd.) Task: {C77E7BE4-FEAE-4AA4-A6A9-FD67AE703E03} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-11] (Adobe Systems Incorporated) Task: {D11B4B08-A2F5-4573-9B06-1B586821335C} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe [2012-06-02] (Enigma Software Group USA, LLC.) Task: {DFB08081-4C2B-457F-BA47-B236CD2CF97A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-02-03] (Google Inc.) Task: {E5014A45-9172-4A85-BEB2-4F4BDD6BF13E} - System32\Tasks\MHotkey => C:\Windows\MHotKey.exe [2008-05-30] () Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] () Task: {EE2517D5-479F-41D8-AAB0-6499BB6E775F} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\System32\sdclt.exe [2010-12-14] (Microsoft Corporation) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\AmiUpdXp.job => C:\Users\Amy\AppData\Local\SwvUpdater\Updater.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Faulty Device Manager Devices ============= Name: Microsoft Tun Miniport Adapter #2 Description: Microsoft Tun Miniport Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunmp Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: Microsoft PS/2 Mouse Description: Microsoft PS/2 Mouse Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: i8042prt Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== Error: (08/12/2013 01:01:43 AM) (Source: Windows Search Service) (User: ) Description: The entry <C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\MCAFEE\MCAFEE SECURITYCENTER.LNK> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Error: (08/12/2013 01:01:43 AM) (Source: Windows Search Service) (User: ) Description: The entry <C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\MCAFEE\MCAFEE SECURITYCENTER.LNK> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Error: (08/09/2013 04:32:21 PM) (Source: Application Hang) (User: ) Description: The program App.exe version 8.0.0.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: 13bc Start Time: 01ce952ce5d42cd6 Termination Time: 31 Error: (08/09/2013 00:38:44 PM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1". Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (08/09/2013 00:38:44 PM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1". Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (08/09/2013 00:38:43 PM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1". Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (08/09/2013 00:38:43 PM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1". Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (08/09/2013 00:38:43 PM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1". Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (08/09/2013 00:38:43 PM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1". Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (08/09/2013 00:38:43 PM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1". Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found. Please use sxstrace.exe for detailed diagnosis. System errors: ============= Error: (08/09/2013 04:05:45 PM) (Source: Print) (User: Top-Brass) Description: The document terri, owned by Amy, failed to print on printer HP LaserJet 5Si. Try to print the document again, or restart the print spooler. Data type: NT EMF 1.008. Size of the spool file in bytes: 81004. Number of bytes printed: 0. Total number of pages in the document: 1. Number of pages printed: 0. Client computer: \\TOP-BRASS. Win32 error code returned by the print processor: terri0. terri1 Error: (08/09/2013 00:38:47 PM) (Source: Service Control Manager) (User: ) Description: Beep Error: (08/09/2013 00:38:41 PM) (Source: Service Control Manager) (User: ) Description: Par1284%%1275 Error: (08/09/2013 00:38:41 PM) (Source: Service Control Manager) (User: ) Description: wntpport%%2 Error: (08/09/2013 00:38:41 PM) (Source: Service Control Manager) (User: ) Description: Haspnt%%1275 Error: (08/09/2013 00:38:41 PM) (Source: Service Control Manager) (User: ) Description: Windows Firewall5 (0x5) Error: (08/09/2013 00:38:33 PM) (Source: Application Popup) (User: ) Description: \??\C:\Program Files (x86)\FlexiSIGN 7.5v5\Program\Par1284.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error: (08/09/2013 00:38:24 PM) (Source: Application Popup) (User: ) Description: \??\C:\Windows\SysWow64\drivers\Haspnt.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error: (08/09/2013 00:35:36 PM) (Source: DCOM) (User: ) Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} Microsoft Office Sessions: ========================= CodeIntegrity Errors: =================================== Date: 2013-08-09 12:38:33.229 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\FlexiSIGN 7.5v5\Program\Par1284.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-08-09 12:38:32.870 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\FlexiSIGN 7.5v5\Program\Par1284.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-08-08 12:04:33.029 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\drivers\SYDEXFDD.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-08-08 12:04:32.764 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\drivers\SYDEXFDD.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-08-08 09:38:08.417 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\FlexiSIGN 7.5v5\Program\Par1284.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-08-08 09:38:08.105 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\FlexiSIGN 7.5v5\Program\Par1284.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-08-08 08:53:05.001 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\FlexiSIGN 7.5v5\Program\Par1284.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-08-08 08:53:04.657 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\FlexiSIGN 7.5v5\Program\Par1284.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-08-07 12:38:56.996 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\drivers\SYDEXFDD.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-08-07 12:38:56.721 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\drivers\SYDEXFDD.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Percentage of memory in use: 33% Total physical RAM: 7934.26 MB Available physical RAM: 5310.97 MB Total Pagefile: 16057.04 MB Available Pagefile: 11715.3 MB Total Virtual: 8192 MB Available Virtual: 8191.84 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:916.86 GB) (Free:721.59 GB) NTFS (Disk=0 Partition=2) ==>[Drive with boot components (obtained from BCD)] Drive d: (040722_1136) (CDROM) (Total:0.57 GB) (Free:0 GB) CDFS Drive k: (WD SmartWare) (CDROM) (Total:0.63 GB) (Free:0 GB) UDF Drive l: (My Passport) (Fixed) (Total:232.23 GB) (Free:223.72 GB) NTFS (Disk=6 Partition=1) ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 932 GB) (Disk ID: 5052995B) Partition 1: (Not Active) - (Size=15 GB) - (Type=27) Partition 2: (Active) - (Size=917 GB) - (Type=07 NTFS) ======================================================== Disk: 6 (MBR Code: Windows XP) (Size: 232 GB) (Disk ID: 0006B2D9) Partition 1: (Not Active) - (Size=232 GB) - (Type=07 NTFS) ==================== End Of Log ============================ **side note..i will never understand how you make heads or tails of all that^^^ LOL
- August 12, 2013
- 39 replies
am i infected?!

dixiechs88 replied to dixiechs88's topic in Resolved Malware Removal Logs

i guess i am asking if you would try to clean it first, rather than wiping it first?
- August 12, 2013
- 39 replies
am i infected?!

dixiechs88 replied to dixiechs88's topic in Resolved Malware Removal Logs

sorry for the late reply, this is my work computer! if i back up all my files and programs to re format, is there a chance they will be infected? what would you personally reccomend? if i were to change all passwords from a clean computer, and not use this one for that kind of activity again, would that be ok?
- August 12, 2013
- 39 replies
am i infected?!

dixiechs88 replied to dixiechs88's topic in Resolved Malware Removal Logs

got it.. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 5.3.9 (08.09.2013:1) OS: Windows Vista Home Premium x64 Ran by Amy on Fri 08/09/2013 at 12:22:57.33 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin.1 Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\toolbar.dll Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installcore Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\crossrider Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolbar.bandobject Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolbar.bandobject.1 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolbar.toolbarhelperobject Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolbar.toolbarhelperobject.1 Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\FCSB000063129.JSOptionsImpl Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\FCSB000063129.JSOptionsImpl.1 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\FCSB000063129.JSOptionsImpl Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\FCSB000063129.JSOptionsImpl.1 Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110311321154} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110311321154} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{28A29DB4-F095-4FCC-A2A0-1856CD236415} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670} ~~~ Files Successfully deleted: [File] "C:\Windows\wininit.ini" ~~~ Folders Successfully deleted: [Folder] "C:\Program Files (x86)\shop to win 12" ~~~ FireFox Successfully deleted: [File] C:\Users\Amy\AppData\Roaming\mozilla\firefox\profiles\1eo4ssn2.default\user.js Successfully deleted: [Folder] C:\Users\Amy\AppData\Roaming\mozilla\firefox\profiles\1eo4ssn2.default\fctb Successfully deleted the following from C:\Users\Amy\AppData\Roaming\mozilla\firefox\profiles\1eo4ssn2.default\prefs.js user_pref("extensions.crossrider.bic", "140555c62c49bacbfbb1ee8beb58326c"); user_pref("freecause70263cf9d46a4be4adc629500ba884e1.DNSCatch", false); user_pref("freecause70263cf9d46a4be4adc629500ba884e1.FirstLaunchShown", true); user_pref("freecause70263cf9d46a4be4adc629500ba884e1.LastDate", 19); user_pref("freecause70263cf9d46a4be4adc629500ba884e1.customNewTab", false); user_pref("freecause70263cf9d46a4be4adc629500ba884e1.processAddrBar", false); user_pref("freecause70263cf9d46a4be4adc629500ba884e1.session", "B4CFF5988EA1A4B0DC474377B5D44B51D327AAD0E8E14D5C601C2F7616FE66745137A6BB0CB398DABF93CC0D31C92B7F283D51B14EC9AFC user_pref("freecause70263cf9d46a4be4adc629500ba884e1.tb_lang", "en"); user_pref("freecause70263cf9d46a4be4adc629500ba884e1.user_id", "53705801"); user_pref("freecause70263cf9d46a4be4adc629500ba884e1.vars.disablecuidinject", "1"); user_pref("freecause70263cf9d46a4be4adc629500ba884e1.vars.lastcheck", "Tue%20Nov%2022%202011%2013%3A11%3A21%20GMT-0600%20%28Central%20Standard%20Time%29"); user_pref("freecause70263cf9d46a4be4adc629500ba884e1.yahooSearch", false); user_pref("{5911488E-9D1E-40ec-8CBB-06B231CC153F}.name", "StartNow Toolbar"); user_pref("{5911488E-9D1E-40ec-8CBB-06B231CC153F}.startpage", "adkn.startnow.com"); Emptied folder: C:\Users\Amy\AppData\Roaming\mozilla\firefox\profiles\1eo4ssn2.default\minidumps [17 files] # AdwCleaner v2.306 - Logfile created 08/09/2013 at 12:35:05 # Updated 19/07/2013 by Xplode # Operating system : Windows Vista Home Premium Service Pack 2 (64 bits) # User : Amy - TOP-BRASS # Boot Mode : Normal # Running from : C:\Users\Amy\Desktop\AdwCleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** Deleted on reboot : C:\Users\Amy\AppData\LocalLow\AVG Security Toolbar ***** [Registry] ***** Key Deleted : HKCU\Software\AppDataLow\Software\AVG Security Toolbar Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7E8A36EA-2501-4ED3-A3C8-CFA9143FB169} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6857AC4A-95B4-4E2C-B2D2-8A235FCCEF4A} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA} Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}] Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}] ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16496 [OK] Registry is clean. -\\ Mozilla Firefox v22.0 (en-US) File : C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\1eo4ssn2.default\prefs.js [OK] File is clean. -\\ Google Chrome v [unable to get version] File : C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[s1].txt - [2386 octets] - [09/08/2013 12:35:05] ########## EOF - C:\AdwCleaner[s1].txt - [2446 octets] ########## RogueKiller V8.6.5 [Aug 5 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.adlice.com/forum/ Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://tigzyrk.blogspot.com/ Operating System : Windows Vista (6.0.6002 Service Pack 2) 64 bits version Started in : Normal mode User : Amy [Admin rights] Mode : Scan -- Date : 08/09/2013 13:07:47 | ARK || FAK || MBR | ¤¤¤ Bad processes : 4 ¤¤¤ [sUSP PATH] mHotkey.exe -- C:\Windows\mHotkey.exe [-] -> KILLED [TermProc] [sUSP PATH] ChiFuncExt.exe -- C:\Windows\ChiFuncExt.exe [-] -> KILLED [TermProc] [sUSP PATH] CNYHKey.exe -- C:\Windows\CNYHKey.exe [-] -> KILLED [TermProc] [sUSP PATH] ModLEDKey.exe -- C:\Windows\ModLedKey.exe [-] -> KILLED [TermProc] ¤¤¤ Registry Entries : 10 ¤¤¤ [HJ POL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND [HJ POL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND [HJ POL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND [HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND [HJ POL] HKLM\[...]\Wow6432Node\[...]\System : DisableTaskMgr (0) -> FOUND [HJ POL] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND [HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND [HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 1 ¤¤¤ [V2][sUSP PATH] MHotkey : %SystemRoot%\MHotKey.exe [x] -> FOUND ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ [ZeroAccess][Junction] en-US : C:\Program Files\Windows Defender\en-US >> \systemroot\system32\config [-] --> FOUND [ZeroAccess][Junction] MpAsDesc.dll : C:\Program Files\Windows Defender\MpAsDesc.dll >> \systemroot\system32\config [-] --> FOUND [ZeroAccess][Junction] MpClient.dll : C:\Program Files\Windows Defender\MpClient.dll >> \systemroot\system32\config [-] --> FOUND [ZeroAccess][Junction] MpCmdRun.exe : C:\Program Files\Windows Defender\MpCmdRun.exe >> \systemroot\system32\config [-] --> FOUND [ZeroAccess][Junction] MpEvMsg.dll : C:\Program Files\Windows Defender\MpEvMsg.dll >> \systemroot\system32\config [-] --> FOUND [ZeroAccess][Junction] MpOAV.dll : C:\Program Files\Windows Defender\MpOAV.dll >> \systemroot\system32\config [-] --> FOUND [ZeroAccess][Junction] MpRtMon.dll : C:\Program Files\Windows Defender\MpRtMon.dll >> \systemroot\system32\config [-] --> FOUND [ZeroAccess][Junction] MpRtPlug.dll : C:\Program Files\Windows Defender\MpRtPlug.dll >> \systemroot\system32\config [-] --> FOUND [ZeroAccess][Junction] MpSigDwn.dll : C:\Program Files\Windows Defender\MpSigDwn.dll >> \systemroot\system32\config [-] --> FOUND [ZeroAccess][Junction] MpSoftEx.dll : C:\Program Files\Windows Defender\MpSoftEx.dll >> \systemroot\system32\config [-] --> FOUND [ZeroAccess][Junction] MpSvc.dll : C:\Program Files\Windows Defender\MpSvc.dll >> \systemroot\system32\config [-] --> FOUND [ZeroAccess][Junction] MSASCui.exe : C:\Program Files\Windows Defender\MSASCui.exe >> \systemroot\system32\config [-] --> FOUND [ZeroAccess][Junction] MsMpCom.dll : C:\Program Files\Windows Defender\MsMpCom.dll >> \systemroot\system32\config [-] --> FOUND [ZeroAccess][Junction] MsMpLics.dll : C:\Program Files\Windows Defender\MsMpLics.dll >> \systemroot\system32\config [-] --> FOUND [ZeroAccess][Junction] MsMpRes.dll : C:\Program Files\Windows Defender\MsMpRes.dll >> \systemroot\system32\config [-] --> FOUND ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ZeroAccess ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: Hitachi HDT721010SLA360 ATA Device +++++ --- User --- [MBR] cf68788bec0301e74a5cde91827a2c18 [bSP] 0954b4e64961a5d2bd991e7fe7172b12 : Acer MBR Code Partition table: 0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 15000 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 30722048 | Size: 938867 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: Hitachi HDT721010SLA360 ATA Device +++++ Error reading User MBR! User = LL1 ... OK! Error reading LL2 MBR! +++++ PhysicalDrive2: Hitachi HDT721010SLA360 ATA Device +++++ Error reading User MBR! User = LL1 ... OK! Error reading LL2 MBR! +++++ PhysicalDrive3: Hitachi HDT721010SLA360 ATA Device +++++ Error reading User MBR! User = LL1 ... OK! Error reading LL2 MBR! +++++ PhysicalDrive4: Hitachi HDT721010SLA360 ATA Device +++++ Error reading User MBR! User = LL1 ... OK! Error reading LL2 MBR! Finished : << RKreport[0]_S_08092013_130747.txt >>
- August 9, 2013
- 39 replies
am i infected?!

dixiechs88 replied to dixiechs88's topic in Resolved Malware Removal Logs

i have done steps 1 and 2..step 3 download keeps activating my mcAfee and saying not to download, even after i have turned off firewall and scanning...continue?
- August 9, 2013
- 39 replies
am i infected?!

dixiechs88 replied to dixiechs88's topic in Resolved Malware Removal Logs

FINALLY got it(had to disable bbc code mode) Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.08.08.04 Windows Vista Service Pack 2 x64 NTFS Internet Explorer 9.0.8112.16421 Amy :: TOP-BRASS [administrator] 8/9/2013 9:05:32 AM mbam-log-2013-08-09 (09-05-32).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 226329 Time elapsed: 8 minute(s), 47 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16496 BrowserJavaVersion: 1.6.0_31 Run by Amy at 9:20:24 on 2013-08-09 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.7934.5554 [GMT -5:00] . AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892} SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\atieclxx.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\svchost.exe -k yksvcs C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Windows\system32\taskeng.exe C:\Windows\MHotKey.exe C:\Windows\ChiFuncExt.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Windows\system32\agr64svc.exe C:\Windows\SysWOW64\svchost.exe -k Akamai C:\Windows\SysWOW64\atashost.exe C:\Program Files (x86)\ATT\8.2.1.6\ma\bin\MAHostService.exe C:\Program Files (x86)\ATT\8.2.1.6\ma\bin\node.exe C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE C:\Windows\system32\dlcccoms.exe C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe C:\Windows\system32\mfevtps.exe C:\Windows\system32\rundll32.exe C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\Common Files\Motive\pcCMService.exe C:\Program Files\Common Files\Motive\pcCMService.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files (x86)\Common Files\Protexis\License Service\PSIService.exe C:\Windows\system32\locator.exe C:\Windows\SysWOW64\SAiAdmin.exe C:\Program Files (x86)\SAi\SAi Production Suite\Program\SAiDownloaderVistaUI.exe C:\Windows\SysWOW64\SAiDownloaderVista.exe C:\Windows\SysWOW64\SAiLicSvr.exe C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Windows\System32\WUDFHost.exe C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT6.EXE C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe C:\Windows\ehome\ehtray.exe C:\Users\Amy\AppData\Local\Akamai\netsession_win.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe C:\Users\Amy\AppData\Local\Akamai\netsession_win.exe C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Windows\CNYHKey.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe C:\Windows\ModLedKey.exe C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\wuauclt.exe C:\Windows\system32\svchost.exe -k SDRSVC C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\program files (x86)\safe saver\safe saver-bg.exe C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe C:\Windows\splwow64.exe c:\PROGRA~2\mcafee\SITEAD~1\saui.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files\McAfee.com\Agent\mcagent.exe c:\program files (x86)\common files\installshield\updateservice\isuspm.exe C:\Program Files (x86)\Common Files\InstallShield\UpdateService\agent.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = about:blank uWindow Title = Windows Internet Explorer provided by Yahoo! uProxyOverride = <local> uURLSearchHooks: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn6\yt.dll uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll uURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn6\yt.dll BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn6\yt.dll BHO: Safe Saver: {11111111-1111-1111-1111-110311321154} - C:\Program Files (x86)\Safe Saver\Safe Saver-bho.dll BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned> BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120625090711.dll BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\YTSingleInstance.dll TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn6\yt.dll TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe uRun: [iSUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe uRun: [Akamai NetSession Interface] "C:\Users\Amy\AppData\Local\Akamai\netsession_win.exe" mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [Gateway Photo Frame] "C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe" -A mRun: [LchDrvKey] LchDrvKey.exe mRun: [LedKey] CNYHKey.exe mRun: [CLMLServer] "C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe" mRun: [iSUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [Conime] C:\Windows\System32\conime.exe mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WDDMST~1.LNK - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WDSMAR~1.LNK - C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe uPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll TCP: NameServer = 192.168.1.254 TCP: Interfaces\{2358983E-27A3-4B12-8C83-E6254158173C} : DHCPNameServer = 192.168.1.254 Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\Windows\SysWow64\browseui.dll x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120625090711.dll x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe x64-Run: [skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe x64-Run: [DLCCCATS] rundll32 C:\Windows\System32\spool\DRIVERS\x64\3\DLCCtime.dll,RunDLLEntry x64-Run: [EKAIO2StatusMonitor] C:\Windows\System32\spool\DRIVERS\x64\3\EKAiO2MUI.exe x64-Run: [MFNetworkScanUtility] C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT6.EXE x64-mPolicies-Explorer: NoDrives = dword:0 x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0 x64-mPolicies-System: EnableUIADesktopToggle = dword:0 x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\1eo4ssn2.default\ FF - prefs.js: browser.search.selectedEngine - Yahoo FF - plugin: c:\PROGRA~2\mcafee\msc\npMcSnFFPl.dll FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\ATT\8.2.1.6\ma\bin\npMotive.dll FF - plugin: C:\Program Files (x86)\Common Files\Motive\npMotiveRequest.dll FF - plugin: C:\Program Files (x86)\ConservativeTalkNow_4nEI\Installr\1.bin\NP4nEISb.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll FF - plugin: C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Users\Amy\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll FF - ExtSQL: !HIDDEN! 2009-09-22 08:37; {20a82645-c095-46ed-80e3-08825760534b}; c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension . ---- FIREFOX POLICIES ---- FF - user.js: yahoo.ytff.general.dontshowhpoffer - true . ============= SERVICES / DRIVERS =============== . R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2011-3-1 771536] R1 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2011-3-1 340216] R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2008-1-20 27648] R2 aksdf;aksdf;C:\Windows\System32\drivers\aksdf.sys [2009-9-18 65024] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-4-20 203776] R2 atashost;WebEx Service Host for Support Center;C:\Windows\SysWOW64\atashost.exe [2012-4-20 133944] R2 ATT MAHostService;ATT MAHostService;C:\Program Files (x86)\ATT\8.2.1.6\ma\bin\MAHostService.exe [2013-3-26 319488] R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-6-15 249648] R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648] R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2012-3-16 389120] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-8-7 418376] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-11 701512] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [2010-10-5 120592] R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-3-1 201304] R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-3-1 201304] R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-3-1 201304] R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2011-3-1 241456] R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2011-3-1 218760] R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2011-3-1 182752] R2 pcCMService;pcCMService;C:\Program Files (x86)\Common Files\Motive\pcCMService.exe [2013-4-17 369152] R2 pcCMService64;pcCMService64;C:\Program Files\Common Files\Motive\pcCMService.exe [2013-4-17 460288] R2 SAiAdmin;SAiAdmin;C:\Windows\SysWOW64\SAiAdmin.exe [2009-9-24 65536] R2 SAiDownloader;SAiDownloader;C:\Program Files (x86)\SAi\SAi Production Suite\Program\SAiDownloaderVistaUI.exe [2009-9-24 417792] R2 SAiDownloaderVista;SAiDownloaderVista;C:\Windows\SysWOW64\SAiDownloaderVista.exe [2009-9-24 77824] R2 SAiLicSvr;SAiLicSvr;C:\Windows\SysWOW64\SAiLicSvr.exe [2009-9-24 86016] R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-9-21 1153368] R2 SentinelKeysServer;Sentinel Keys Server;C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [2008-7-11 328992] R2 WDDMService;WD SmartWare Drive Manager Service;C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2009-10-14 116224] R2 WDSmartWareBackgroundService;WD SmartWare Background Service;C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480] R2 yksvc;Marvell Yukon Service;C:\Windows\System32\svchost.exe -k yksvcs [2008-1-20 27648] R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2011-3-1 70112] R3 cxpl_mhd;CX23885/8 PCI-E AvStream Video Capture (PalomarMHD);C:\Windows\System32\drivers\y_cx88x.sys [2009-3-23 676992] R3 esgiguard;esgiguard;C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [2011-3-2 13088] R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-7-11 25928] R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2011-3-1 309840] R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2011-3-1 515968] R3 RTL85n64;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;C:\Windows\System32\drivers\RTL85n64.sys [2009-4-9 444960] R3 SNTUSB64;SafeNet USB SuperPro/UltraPro/HardwareKey;C:\Windows\System32\drivers\SNTUSB64.SYS [2008-7-11 58664] R3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2009-2-13 14464] R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk60x64.sys [2009-1-8 405504] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-7-7 195336] S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\drivers\HipShieldK.sys [2012-10-23 196440] S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2011-3-1 106552] S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968] S3 SydexFDD;Sydex Diskette Driver;C:\Windows\SysWOW64\drivers\SYDEXFDD.SYS [2010-12-6 13359] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-4-19 1022632] S4 ahcix64s;ahcix64s;C:\Windows\System32\drivers\ahcix64s.sys [2009-4-9 225296] S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-9-21 89920] . =============== File Associations =============== . FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %* . =============== Created Last 30 ================ . . . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft® Windows Vista™ Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 7/6/2009 10:46:25 AM System Uptime: 8/8/2013 9:38:42 AM (24 hours ago) . Motherboard: Gateway | | RS780 Processor: AMD Phenom 9750 Quad-Core Processor | AM2 | 1200/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 917 GiB total, 721.966 GiB free. D: is CDROM (CDFS) E: is Removable F: is Removable G: is Removable H: is Removable I: is Removable J: is Removable K: is CDROM (UDF) L: is FIXED (NTFS) - 232 GiB total, 224.088 GiB free. . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Microsoft Tun Miniport Adapter Device ID: ROOT\*TUNMP\0001 Manufacturer: Microsoft Name: Microsoft Tun Miniport Adapter #2 PNP Device ID: ROOT\*TUNMP\0001 Service: tunmp . Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318} Description: Microsoft PS/2 Mouse Device ID: ACPI\PNP0F03\4&2A700557&0 Manufacturer: Microsoft Name: Microsoft PS/2 Mouse PNP Device ID: ACPI\PNP0F03\4&2A700557&0 Service: i8042prt . ==== System Restore Points =================== . . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) Acrobat.com Adobe AIR Adobe Community Help Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader Free Download Packages Adobe Reader XI (11.0.03) Agere Systems PCI-SV92PP Soft Modem aioscnnr Akamai NetSession Interface Akamai NetSession Interface Service Apple Application Support Apple Software Update ATI Catalyst Install Manager ATT Management Agent Bing Bar C4USelfUpdater Canon MF Toolbox 4.9.1.1.mf12 Canon MF4500w Series Catalyst Control Center - Branding Catalyst Control Center Core Implementation Catalyst Control Center Graphics Full Existing Catalyst Control Center Graphics Full New Catalyst Control Center Graphics Light Catalyst Control Center Graphics Previews Vista Catalyst Control Center InstallProxy Catalyst Control Center Localization Danish Catalyst Control Center Localization Dutch Catalyst Control Center Localization Finnish Catalyst Control Center Localization French Catalyst Control Center Localization German Catalyst Control Center Localization Italian Catalyst Control Center Localization Japanese Catalyst Control Center Localization Norwegian Catalyst Control Center Localization Spanish Catalyst Control Center Localization Swedish ccc-core-static ccc-utility64 CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Italian CCC Help Japanese CCC Help Norwegian CCC Help Spanish CCC Help Swedish center Clip Art Collection Compatibility Pack for the 2007 Office system CorelDRAW Graphics Suite 12 CyberLink Power2Go Embroidery Fonts Plus essentials EZ Fonts EZgram Home Edition Fantastic Fonts for Embroidery File Type Assistant FlexiSIGN 7.5v5 Gateway Games Gateway Photo Frame 4.2.3.6 Gateway Recovery Management Gateway ScreenSaver GIMP 2.6.11 Google Toolbar for Internet Explorer Google Update Helper HASP Device Drivers Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Java Auto Updater Java 6 Update 31 Java 6 Update 5 Junk Mail filter update KB0817 Keyboard Driver Kodak AIO Printer KODAK AiO Software Malwarebytes Anti-Malware version 1.75.0.1300 Marvell Miniport Driver McAfee SecurityCenter McAfee Virtual Technician Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Choice Guard Microsoft Money Essentials Microsoft Money Shared Libraries Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office Home and Student 2007 Microsoft Office Office 64-bit Components 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Shared 64-bit MUI (English) 2007 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Suite Activation Assistant Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Works Microsoft_VC80_CRT_x86 Microsoft_VC80_MFC_x86 Microsoft_VC80_MFCLOC_x86 Microsoft_VC90_CRT_x86 Mozilla Firefox 22.0 (x86 en-US) Mozilla Maintenance Service MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) NVIDIA Drivers ocr PL-2303 USB-to-Serial PreReq QuickTime Realtek High Definition Audio Driver Safe Saver SAi Production Suite Scrapbook Factory Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629) Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576) Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407) Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628) Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition Sentinel Protection Installer 7.5.0 Shared C Run-time for x64 Shop To Win Skins Smart Sizer Platinum Spybot - Search & Destroy SpyHunter StartNow Toolbar Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB2836940) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) Update Manager Visual C++ 8.0 Runtime Setup Package (x64) WD SmartWare WebEx Wilcom TrueSizer Windows Driver Package - YUAN TV DRIVER (cxpl_mhd) Media (03/21/2009 6.0.64.0057) Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Mail Windows Live Messenger Windows Live Photo Gallery Windows Live Sign-in Assistant Windows Live Sync Windows Live Upload Tool Windows Live Writer Yahoo! BrowserPlus 2.9.8 Yahoo! Software Update Yahoo! Toolbar . ==== End Of File ===========================
- August 9, 2013
- 39 replies
am i infected?!

dixiechs88 replied to dixiechs88's topic in Resolved Malware Removal Logs

i have all 3 logs malware and both dds, but it will NOT let me paste into the reply!
- August 9, 2013
- 39 replies
am i infected?!

dixiechs88 replied to dixiechs88's topic in Resolved Malware Removal Logs

can someone help me? practically every other word is now a link for some type of ad...
- August 9, 2013
- 39 replies
am i infected?!

dixiechs88 replied to dixiechs88's topic in Resolved Malware Removal Logs

also it may be worthy of mentioning that all kinds of words in email and even these forums are now underlined and green and pull up crap when scrolled over..
- August 8, 2013
- 39 replies
am i infected?!

dixiechs88 posted a topic in Resolved Malware Removal Logs

the other day my computer cut off on its own, blue screen, had to restart..it ran a startup repair, i ran spybot and found 3 issues..fixed, tried to update malware..it wouldnt do it, now i cant unistall it and alot of other things either..ran spyhunter and it found all kinds of stuff, the main one being lop.com? my ie is all botched,my computer seems all skitzed out!! help!!!!! i dont know where to even start...
- August 8, 2013
- 39 replies
zero access?

dixiechs88 replied to dixiechs88's topic in Resolved Malware Removal Logs

7/12/2012 2:06:35 PM mbam-log-2012-07-12 (14-06-35).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 214847 Time elapsed: 5 minute(s), 1 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) comp is running good!
zero access?

dixiechs88 replied to dixiechs88's topic in Resolved Malware Removal Logs

ComboFix 12-07-12.02 - Amy 07/12/2012 11:27:37.1.4 - x64 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.7934.6279 [GMT -5:00] Running from: c:\users\Amy\Desktop\ComboFix.exe AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637} FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C} SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\StartNow Toolbar c:\program files (x86)\StartNow Toolbar\Resources\images\engine_images.png c:\program files (x86)\StartNow Toolbar\Resources\images\engine_maps.png c:\program files (x86)\StartNow Toolbar\Resources\images\engine_news.png c:\program files (x86)\StartNow Toolbar\Resources\images\engine_videos.png c:\program files (x86)\StartNow Toolbar\Resources\images\engine_web.png c:\program files (x86)\StartNow Toolbar\Resources\images\icon_amazon.png c:\program files (x86)\StartNow Toolbar\Resources\images\icon_ebay.png c:\program files (x86)\StartNow Toolbar\Resources\images\icon_facebook.png c:\program files (x86)\StartNow Toolbar\Resources\images\icon_games.png c:\program files (x86)\StartNow Toolbar\Resources\images\icon_msn.png c:\program files (x86)\StartNow Toolbar\Resources\images\icon_shopping.png c:\program files (x86)\StartNow Toolbar\Resources\images\icon_travel.png c:\program files (x86)\StartNow Toolbar\Resources\images\icon_twitter.png c:\program files (x86)\StartNow Toolbar\Resources\images\startnow_logo.png c:\program files (x86)\StartNow Toolbar\Resources\installer.xml c:\program files (x86)\StartNow Toolbar\Resources\protect\index.html c:\program files (x86)\StartNow Toolbar\Resources\protect\NotIE6.css c:\program files (x86)\StartNow Toolbar\Resources\protect\OnlyIE6.css c:\program files (x86)\StartNow Toolbar\Resources\protect\SearchProtectIcon.png c:\program files (x86)\StartNow Toolbar\Resources\protect\window.css c:\program files (x86)\StartNow Toolbar\Resources\protect\window.js c:\program files (x86)\StartNow Toolbar\Resources\reactivate\index.html c:\program files (x86)\StartNow Toolbar\Resources\reactivate\LeftImage.png c:\program files (x86)\StartNow Toolbar\Resources\reactivate\NotIE6.css c:\program files (x86)\StartNow Toolbar\Resources\reactivate\OnlyIE6.css c:\program files (x86)\StartNow Toolbar\Resources\reactivate\window.css c:\program files (x86)\StartNow Toolbar\Resources\reactivate\window.js c:\program files (x86)\StartNow Toolbar\Resources\skin\chevron_button.png c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_button_hover.png c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_button_normal.png c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_dropdown_button_normal.png c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_background.png c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_left.png c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_middle.png c:\program files (x86)\StartNow Toolbar\Resources\skin\separator.png c:\program files (x86)\StartNow Toolbar\Resources\skin\splitter.png c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ff_hover_c.png c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_c.png c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_l.png c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_r.png c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_c.png c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_l.png c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_r.png c:\program files (x86)\StartNow Toolbar\Resources\toolbar.xml c:\program files (x86)\StartNow Toolbar\Resources\update.xml c:\program files (x86)\StartNow Toolbar\StartNowToolbarUninstall.exe c:\program files (x86)\StartNow Toolbar\ToOLbar32.dll c:\program files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe c:\program files (x86)\StartNow Toolbar\uninstall.dat c:\programdata\SPL3AAB.tmp c:\users\Amy\AppData\Local\Temp\ppcrlui_12980_2 c:\users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\1eo4ssn2.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F} c:\users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\1eo4ssn2.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome.manifest c:\users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\1eo4ssn2.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\bar.js c:\users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\1eo4ssn2.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\bar.xul c:\users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\1eo4ssn2.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\buttons.js c:\users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\1eo4ssn2.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\constants.js c:\users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\1eo4ssn2.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\events.js c:\users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\1eo4ssn2.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\globals.js c:\users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\1eo4ssn2.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\htmldialog.js c:\users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\1eo4ssn2.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\htmldialog.xul c:\users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\1eo4ssn2.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\htmldropdown.xul c:\users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\1eo4ssn2.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\init.js c:\users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\1eo4ssn2.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_images.png c:\users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\1eo4ssn2.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_maps.png c:\users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\1eo4ssn2.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_news.png c:\users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\1eo4ssn2.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_videos.png c:\users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\1eo4ssn2.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_web.png c:\users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\1eo4ssn2.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_amazon.png c:\users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\1eo4ssn2.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_ebay.png c:\users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\1eo4ssn2.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_facebook.png c:\users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\1eo4ssn2.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_games.png c:\users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\1eo4ssn2.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_msn.png c:\users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\1eo4ssn2.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_shopping.png c:\users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\1eo4ssn2.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_travel.png c:\users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\1eo4ssn2.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_twitter.png c:\users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\1eo4ssn2.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\startnow_logo.png c:\users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\1eo4ssn2.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\installer.xml c:\users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\1eo4ssn2.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\protect\index.html c:\users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\1eo4ssn2.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\protect\NotIE6.css c:\users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\1eo4ssn2.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\protect\OnlyIE6.css c:\users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\1eo4ssn2.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\protect\SearchProtectIcon.png c:\users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\1eo4ssn2.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\protect\Web.config c:\users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\1eo4ssn2.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\protect\window.css c:\users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\1eo4ssn2.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\protect\window.js c:\users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\1eo4ssn2.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\reactivate\index.html c:\users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\1eo4ssn2.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\reactivate\LeftImage.png c:\users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\1eo4ssn2.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\reactivate\NotIE6.css c:\users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\1eo4ssn2.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\reactivate\OnlyIE6.css c:\users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\1eo4ssn2.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\reactivate\window.css c:\users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\1eo4ssn2.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\reactivate\window.js c:\users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\1eo4ssn2.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\chevron_button.png c:\users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\1eo4ssn2.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_button_hover.png c:\users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\1eo4ssn2.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_button_normal.png c:\users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\1eo4ssn2.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_dropdown_button_normal.png c:\users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\1eo4ssn2.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_input_background.png c:\users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\1eo4ssn2.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_input_left.png c:\users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\1eo4ssn2.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_input_middle.png c:\users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\1eo4ssn2.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\separator.png c:\users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\1eo4ssn2.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\splitter.png c:\users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\1eo4ssn2.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ff_hover_c.png c:\users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\1eo4ssn2.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_hover_c.png c:\users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\1eo4ssn2.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_hover_l.png c:\users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\1eo4ssn2.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_hover_r.png c:\users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\1eo4ssn2.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_normal_c.png c:\users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\1eo4ssn2.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_normal_l.png c:\users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\1eo4ssn2.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_normal_r.png c:\users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\1eo4ssn2.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\toolbar.xml c:\users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\1eo4ssn2.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\locale\en-US\{5911488E-9D1E-40ec-8CBB-06B231CC153F}.dtd c:\users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\1eo4ssn2.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\skin\overlay.css c:\users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\1eo4ssn2.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\install.rdf c:\users\Public\003.jpg c:\users\Public\005.jpg c:\users\Public\010.jpg c:\windows\SysWow64\system c:\windows\SysWow64\UNWISE.EXE . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_Updater Service for StartNow Toolbar -------\Service_Updater Service for StartNow Toolbar . . ((((((((((((((((((((((((( Files Created from 2012-06-12 to 2012-07-12 ))))))))))))))))))))))))))))))) . . 2012-07-12 17:44 . 2012-07-12 17:50 -------- d-----w- c:\users\Amy\AppData\Local\temp 2012-07-12 17:44 . 2012-07-12 17:44 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-07-11 20:02 . 2012-07-11 20:02 -------- d-----w- C:\FRST 2012-07-11 13:43 . 2012-07-11 13:43 -------- d-----w- c:\users\Amy\AppData\Roaming\Malwarebytes 2012-07-11 13:42 . 2012-07-11 13:42 -------- d-----w- c:\programdata\Malwarebytes 2012-07-11 13:42 . 2012-07-11 13:43 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-07-11 13:42 . 2012-04-04 20:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-07-10 21:12 . 2012-07-10 21:12 110080 ----a-r- c:\users\Amy\AppData\Roaming\Microsoft\Installer\{18F97AF0-4F88-4494-AFE2-5A5702E142CC}\IconF7A21AF7.exe 2012-07-10 21:12 . 2012-07-10 21:12 110080 ----a-r- c:\users\Amy\AppData\Roaming\Microsoft\Installer\{18F97AF0-4F88-4494-AFE2-5A5702E142CC}\IconD7F16134.exe 2012-07-10 21:12 . 2012-07-10 21:12 110080 ----a-r- c:\users\Amy\AppData\Roaming\Microsoft\Installer\{18F97AF0-4F88-4494-AFE2-5A5702E142CC}\Icon1226A4C5.exe 2012-07-10 21:12 . 2012-07-10 21:13 -------- d-----w- C:\sh4ldr 2012-07-10 21:12 . 2012-07-10 21:12 -------- d-----w- c:\program files\Enigma Software Group 2012-07-10 21:11 . 2012-07-10 21:12 -------- d-----w- c:\windows\18F97AF04F884494AFE25A5702E142CC.TMP 2012-07-10 21:11 . 2012-07-10 21:11 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard 2012-07-06 18:32 . 2012-07-06 18:32 -------- d-sh--w- c:\windows\SysWow64\%APPDATA% 2012-07-06 18:26 . 2012-07-06 18:26 -------- d-----w- c:\users\Amy\AppData\Roaming\McAfee 2012-06-25 15:10 . 2012-06-25 15:10 -------- d-----w- c:\users\Amy\AppData\Local\Macromedia 2012-06-25 14:07 . 2012-05-25 22:09 29312 ----a-w- c:\program files (x86)\Mozilla Firefox\ScriptFF.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-12 15:09 . 2012-04-09 13:50 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-07-12 15:09 . 2011-09-12 13:20 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-04-20 15:57 . 2012-04-20 15:57 133944 ----a-w- c:\windows\SysWow64\atashost.exe 2012-04-20 15:57 . 2012-04-20 15:57 215864 ----a-w- c:\windows\SysWow64\atsckernel.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn6\yt.dll" [2012-06-11 1524056] . [HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}] [HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1] [HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}] [HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WindowsWelcomeCenter"="oobefldr.dll" [2008-01-21 2153472] "SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] "ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240] "Akamai NetSession Interface"="c:\users\Amy\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-30 61440] "Gateway Photo Frame"="c:\program files (x86)\Gateway Photo Frame\ButtonMonitor.exe" [2009-05-05 123904] "LchDrvKey"="LchDrvKey.exe" [2007-03-29 36864] "LedKey"="CNYHKey.exe" [2008-04-24 339968] "CLMLServer"="c:\program files (x86)\Cyberlink\Power2Go\CLMLSvc.exe" [2008-12-24 103720] "ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-03-18 421888] "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1675160] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "Conime"="c:\windows\system32\conime.exe" [2008-01-21 69120] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-10-14 2111296] WDSmartWare.lnk - c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2009-10-14 9085760] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux2"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 250056] S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-30 169408] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL *Deregistered* - mfeavfk01 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai . HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs Themes . Contents of the 'Scheduled Tasks' folder . 2012-07-12 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 15:09] . 2012-07-12 c:\windows\Tasks\FreeFileViewerUpdateChecker.job - c:\program files (x86)\FreeFileViewer\FFVCheckForUpdates.exe [2012-03-01 20:24] . 2012-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-03 14:21] . 2012-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-03 14:21] . 2012-07-11 c:\windows\Tasks\vtscheduletask.job - c:\program files (x86)\McAfee\Supportability\MVT\MvtApp.exe [2012-07-06 02:05] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-03-30 7574048] "Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-03-30 1833504] "DLCCCATS"="c:\windows\system32\spool\DRIVERS\x64\3\DLCCtime.dll" [2006-02-24 28672] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-07-29 497648] "EKAIO2StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKAiO2MUI.exe" [2012-03-16 3240448] "combofix"="c:\combofix\CF13462.3XE" [2008-01-21 363008] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x1 . ------- Supplementary Scan ------- . uStart Page = about:blank uLocal Page = c:\windows\system32\blank.htm mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4300&r=1v3607099306p0325vqk5k46j15206 mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = <local> IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.254 CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll FF - ProfilePath - c:\users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\1eo4ssn2.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p= FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p= FF - user.js: yahoo.ytff.general.dontshowhpoffer - true . - - - - ORPHANS REMOVED - - - - . Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) Wow6432Node-HKLM-Run-StartNowToolbarHelper - c:\program files (x86)\StartNow Toolbar\ToolbarHelper.exe WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) AddRemove-HASP Device Drivers - c:\windows\system32\UNWISE.EXE AddRemove-StartNow Toolbar - c:\program files (x86)\StartNow Toolbar\StartNowToolbarUninstall.exe AddRemove-_{63218538-4A69-497F-8455-904261B0E9E4} - c:\program files (x86)\Corel\CorelDRAW Graphics Suite 13\Programs\MSILauncher {63218538-4A69-497F-8455-904261B0E9E4} AddRemove-{4E5AFC0B-6177-4077-8EF3-9AB934B616C0}_is1 - c:\program files (x86)\Shop To Win\unins000.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Akamai] "ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-1689078248-3964896573-4102054736-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*8*R%] @Class="Shell" . [HKEY_USERS\S-1-5-21-1689078248-3964896573-4102054736-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*8*R%\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-1689078248-3964896573-4102054736-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*8*R%] "0"=hex:57,25,02,25,24,25,f2,00,e5,00,6e,00,2d,00,a7,20,2e,00,38,00,52,25,00, 00,7a,00,36,00,00,00,00,00,00,00,00,00,00,00,57,25,02,25,24,25,f2,00,e5,00,\ "MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}] @Denied: (A 2) (Everyone) . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0] @="Shockwave Flash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}] @Denied: (A 2) (Everyone) @="" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0] @="FlashBroker" . [HKEY_LOCAL_MACHINE\software\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes] "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . ------------------------ Other Running Processes ------------------------ . c:\windows\MHotKey.exe c:\windows\ChiFuncExt.exe c:\windows\SysWOW64\atashost.exe c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe c:\windows\SysWOW64\rundll32.exe c:\program files (x86)\Common Files\Protexis\License Service\PSIService.exe c:\windows\SysWOW64\SAiAdmin.exe c:\program files (x86)\SAi\SAi Production Suite\Program\SAiDownloaderVistaUI.exe c:\windows\SysWOW64\SAiDownloaderVista.exe c:\windows\SysWOW64\SAiLicSvr.exe c:\program files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe c:\windows\CNYHKey.exe c:\windows\ModLedKey.exe c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe c:\program files (x86)\Yahoo!\Messenger\ymsgr_tray.exe . ************************************************************************** . Completion time: 2012-07-12 12:56:32 - machine was rebooted ComboFix-quarantined-files.txt 2012-07-12 17:56 . Pre-Run: 779,862,003,712 bytes free Post-Run: 779,364,306,944 bytes free . - - End Of File - - 63C56917C852048D31871D2C31A52141
zero access?

dixiechs88 replied to dixiechs88's topic in Resolved Malware Removal Logs

what i am doing, step by step...inserting flash with fixlist saved on it, booting my comp into safe mode via f8 key,picking system repair,opening the notepad,finding drive,opening the frst program, clicking fix button once, and then posting the log it saves..am i missing anything? here is the log... Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 11-07-2012 Ran by SYSTEM at 2012-07-12 09:56:08 Run:4 Running from D:\ ============================================== C:\Windows\Installer\{0561cdcb-d04c-42a8-dbdd-e535a4706eb5} moved successfully. C:\Windows\Installer\{0561cdcb-d04c-42a8-dbdd-e535a4706eb5}\@ not found. C:\Windows\Installer\{0561cdcb-d04c-42a8-dbdd-e535a4706eb5}\L not found. C:\Windows\Installer\{0561cdcb-d04c-42a8-dbdd-e535a4706eb5}\U not found. C:\Windows\Installer\{0561cdcb-d04c-42a8-dbdd-e535a4706eb5}\L\00000004.@ not found. C:\Windows\Installer\{0561cdcb-d04c-42a8-dbdd-e535a4706eb5}\L\1afb2d56 not found. C:\Windows\Installer\{0561cdcb-d04c-42a8-dbdd-e535a4706eb5}\L\201d3dde not found. C:\Windows\Installer\{0561cdcb-d04c-42a8-dbdd-e535a4706eb5}\U\00000004.@ not found. C:\Windows\Installer\{0561cdcb-d04c-42a8-dbdd-e535a4706eb5}\U\00000008.@ not found. C:\Windows\Installer\{0561cdcb-d04c-42a8-dbdd-e535a4706eb5}\U\000000cb.@ not found. C:\Windows\Installer\{0561cdcb-d04c-42a8-dbdd-e535a4706eb5}\U\80000000.@ not found. C:\Windows\Installer\{0561cdcb-d04c-42a8-dbdd-e535a4706eb5}\U\80000032.@ not found. C:\Windows\Installer\{0561cdcb-d04c-42a8-dbdd-e535a4706eb5}\U\80000064.@ not found. C:\Users\Amy\AppData\Local\{0561cdcb-d04c-42a8-dbdd-e535a4706eb5} moved successfully. C:\Users\Amy\AppData\Local\{0561cdcb-d04c-42a8-dbdd-e535a4706eb5}\@ not found. C:\Users\Amy\AppData\Local\{0561cdcb-d04c-42a8-dbdd-e535a4706eb5}\L not found. C:\Users\Amy\AppData\Local\{0561cdcb-d04c-42a8-dbdd-e535a4706eb5}\n not found. C:\Users\Amy\AppData\Local\{0561cdcb-d04c-42a8-dbdd-e535a4706eb5}\U not found. C:\Windows\assembly\GAC_32\Desktop.ini moved successfully. C:\Windows\assembly\GAC_64\Desktop.ini moved successfully. C:\Windows\System32\services.exe moved successfully. C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_2b7e5beb85a67240\services.exe copied successfully to C:\Windows\System32\services.exe ==== End of Fixlog ====

Events

Profiles

Forums

Everything posted by dixiechs88

Important Information