hotdogdoxie

Honorary Members

View Profile See their activity

Posts
21
Joined
December 27, 2012
Last visited
January 14, 2013

Reputation

0 Neutral

About hotdogdoxie

Birthday June 26

Profile Information

Location
USA

I have a trojan according to your scan

hotdogdoxie replied to hotdogdoxie's topic in Resolved Malware Removal Logs

No problem. I appreciate all the help you have given me. I don't know what to do, but hopefully my information has not been stolen. Anyway, thank you for all the time you've put in to this problem.
- January 11, 2013
- 38 replies
I have a trojan according to your scan

hotdogdoxie replied to hotdogdoxie's topic in Resolved Malware Removal Logs

OK here is the frst and search reports for you FRST: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09-01-2013 Ran by SYSTEM at 10-01-2013 15:07:05 Running from H:\ Windows 7 Home Premium (X64) OS Language: English(US) The current controlset is ControlSet001 ==================== Registry (Whitelisted) =================== HKLM\...\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2816808 2011-07-21] (Synaptics Incorporated) HKLM\...\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [1424896 2011-09-08] (IDT, Inc.) HKLM\...\Run: [setDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [44880 2011-12-19] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [343168 2011-09-15] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [169528 2011-10-07] (Hewlett-Packard Company) HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-02] (Adobe Systems Incorporated) HKLM-x32\...\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-11-28] (Apple Inc.) HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-10-25] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152544 2012-12-12] (Apple Inc.) HKLM-x32\...\Run: [Conime] %windir%\system32\conime.exe [x] HKU\Amanda\...\Run: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.) Tcpip\Parameters: [DhcpNameServer] 192.168.254.254 192.168.254.254 Startup: C:\Users\Amanda\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) ==================== Services (Whitelisted) =================== 2 ehffigzyvkiukf; C:\windows\SysWOW64\XTSYNX~1.EXE [98304 2010-12-15] ( Copyrighted © ) 2 HPAuto; "C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe" [682040 2011-02-16] (Hewlett-Packard) 2 Kodak AiO Status Monitor Service; "C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe" [777728 2012-06-19] (Eastman Kodak Company) 2 NAV; "C:\Program Files (x86)\Norton AntiVirus\Engine\20.2.0.19\ccSvcHst.exe" /s "NAV" /m "C:\Program Files (x86)\Norton AntiVirus\Engine\20.2.0.19\diMaster.dll" /prefetch:1 [535416 2012-10-11] (Symantec Corporation) 2 NCO; "C:\Program Files (x86)\Norton Identity Safe\Engine\2013.2.1.33\ccSvcHst.exe" /s "NCO" /m "C:\Program Files (x86)\Norton Identity Safe\Engine\2013.2.1.33\diMaster.dll" /prefetch:1 [535416 2012-12-05] (Symantec Corporation) 2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.) 2 SpyroService; "C:\Program Files (x86)\FS\Spyro Portal\FlashPortal.exe" [50688 2012-09-20] (FS) ==================== Drivers (Whitelisted) ===================== 1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.2.0.19\Definitions\BASHDefs\20130107.001\BHDrvx64.sys [1384608 2012-11-29] (Symantec Corporation) 1 ccSet_NAV; C:\Windows\system32\drivers\NAVx64\1402000.013\ccSetx64.sys [168096 2012-10-03] (Symantec Corporation) 1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DD02010.021\ccSetx64.sys [168096 2012-08-20] (Symantec Corporation) 1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-12-16] (Symantec Corporation) 3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-08-09] (Symantec Corporation) 1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.2.0.19\Definitions\IPSDefs\20130109.001\IDSvia64.sys [513184 2012-12-15] (Symantec Corporation) 3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.2.0.19\Definitions\VirusDefs\20130109.040\ENG64.SYS [126112 2012-12-16] (Symantec Corporation) 3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.2.0.19\Definitions\VirusDefs\20130109.040\EX64.SYS [2084000 2012-12-16] (Symantec Corporation) 3 SNP2UVC; C:\Windows\System32\Drivers\SNP2UVC.sys [1863720 2012-06-01] () 1 SRTSP; C:\Windows\System32\Drivers\NAVx64\1402000.013\SRTSP64.SYS [776864 2012-10-08] (Symantec Corporation) 1 SRTSPX; C:\Windows\system32\drivers\NAVx64\1402000.013\SRTSPX64.SYS [37496 2012-09-06] (Symantec Corporation) 0 SymDS; C:\Windows\System32\drivers\NAVx64\1402000.013\SYMDS64.SYS [493216 2012-10-03] (Symantec Corporation) 0 SymEFA; C:\Windows\System32\drivers\NAVx64\1402000.013\SYMEFA64.SYS [1133216 2012-10-03] (Symantec Corporation) 3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2012-12-17] (Symantec Corporation) 1 SymIRON; C:\Windows\system32\drivers\NAVx64\1402000.013\Ironx64.SYS [224416 2012-09-06] (Symantec Corporation) 1 SymNetS; C:\Windows\System32\Drivers\NAVx64\1402000.013\SYMNETS.SYS [432800 2012-09-06] (Symantec Corporation) 3 catchme; \??\C:\ComboFix\catchme.sys [x] ==================== NetSvcs (Whitelisted) ==================== ==================== One Month Created Files and Folders ======== 2013-01-10 11:58 - 2013-01-10 11:58 - 00000000 ____D C:\FRST 2013-01-10 10:15 - 2013-01-10 10:15 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_WinUsb_01009.Wdf 2013-01-10 10:15 - 2013-01-10 10:15 - 00000000 ____D C:\Program Files (x86)\FS 2013-01-10 10:14 - 2013-01-10 10:14 - 00000000 ____D C:\Users\Amanda\AppData\Local\Downloaded Installations 2013-01-10 10:14 - 2013-01-10 10:14 - 00000000 ____D C:\Program Files\FS 2013-01-10 07:15 - 2013-01-10 07:15 - 00000000 ____D C:\Users\Amanda\AppData\Local\{A3514E8E-1DCA-4992-AAA4-35A85E064B1B} 2013-01-09 19:14 - 2013-01-09 19:15 - 00000000 ____D C:\Users\Amanda\AppData\Local\{B2B32F44-514E-4D97-9358-C93D4372AC23} 2013-01-09 14:15 - 2012-11-08 21:45 - 00750592 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll 2013-01-09 14:15 - 2012-11-08 20:43 - 00492032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll 2013-01-09 14:13 - 2012-12-07 05:20 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\Wpc.dll 2013-01-09 14:13 - 2012-12-07 05:15 - 02746368 ____A (Microsoft Corporation) C:\Windows\System32\gameux.dll 2013-01-09 14:13 - 2012-12-07 04:26 - 00308736 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll 2013-01-09 14:13 - 2012-12-07 04:20 - 02576384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\gameux.dll 2013-01-09 14:13 - 2012-12-07 03:20 - 00045568 ____A (Microsoft) C:\Windows\System32\oflc-nz.rs 2013-01-09 14:13 - 2012-12-07 03:20 - 00044544 ____A (Microsoft) C:\Windows\System32\pegibbfc.rs 2013-01-09 14:13 - 2012-12-07 03:20 - 00043520 ____A (Microsoft) C:\Windows\System32\csrr.rs 2013-01-09 14:13 - 2012-12-07 03:20 - 00030720 ____A (Microsoft) C:\Windows\System32\usk.rs 2013-01-09 14:13 - 2012-12-07 03:20 - 00023552 ____A (Microsoft) C:\Windows\System32\oflc.rs 2013-01-09 14:13 - 2012-12-07 03:20 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi-pt.rs 2013-01-09 14:13 - 2012-12-07 03:20 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi-fi.rs 2013-01-09 14:13 - 2012-12-07 03:19 - 00055296 ____A (Microsoft) C:\Windows\System32\cero.rs 2013-01-09 14:13 - 2012-12-07 03:19 - 00051712 ____A (Microsoft) C:\Windows\System32\esrb.rs 2013-01-09 14:13 - 2012-12-07 03:19 - 00046592 ____A (Microsoft) C:\Windows\System32\fpb.rs 2013-01-09 14:13 - 2012-12-07 03:19 - 00040960 ____A (Microsoft) C:\Windows\System32\cob-au.rs 2013-01-09 14:13 - 2012-12-07 03:19 - 00021504 ____A (Microsoft) C:\Windows\System32\grb.rs 2013-01-09 14:13 - 2012-12-07 03:19 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi.rs 2013-01-09 14:13 - 2012-12-07 03:19 - 00015360 ____A (Microsoft) C:\Windows\System32\djctq.rs 2013-01-09 14:13 - 2012-12-07 02:46 - 00055296 ____A (Microsoft) C:\Windows\SysWOW64\cero.rs 2013-01-09 14:13 - 2012-12-07 02:46 - 00051712 ____A (Microsoft) C:\Windows\SysWOW64\esrb.rs 2013-01-09 14:13 - 2012-12-07 02:46 - 00046592 ____A (Microsoft) C:\Windows\SysWOW64\fpb.rs 2013-01-09 14:13 - 2012-12-07 02:46 - 00045568 ____A (Microsoft) C:\Windows\SysWOW64\oflc-nz.rs 2013-01-09 14:13 - 2012-12-07 02:46 - 00044544 ____A (Microsoft) C:\Windows\SysWOW64\pegibbfc.rs 2013-01-09 14:13 - 2012-12-07 02:46 - 00043520 ____A (Microsoft) C:\Windows\SysWOW64\csrr.rs 2013-01-09 14:13 - 2012-12-07 02:46 - 00040960 ____A (Microsoft) C:\Windows\SysWOW64\cob-au.rs 2013-01-09 14:13 - 2012-12-07 02:46 - 00030720 ____A (Microsoft) C:\Windows\SysWOW64\usk.rs 2013-01-09 14:13 - 2012-12-07 02:46 - 00023552 ____A (Microsoft) C:\Windows\SysWOW64\oflc.rs 2013-01-09 14:13 - 2012-12-07 02:46 - 00021504 ____A (Microsoft) C:\Windows\SysWOW64\grb.rs 2013-01-09 14:13 - 2012-12-07 02:46 - 00020480 ____A (Microsoft) C:\Windows\SysWOW64\pegi-pt.rs 2013-01-09 14:13 - 2012-12-07 02:46 - 00020480 ____A (Microsoft) C:\Windows\SysWOW64\pegi-fi.rs 2013-01-09 14:13 - 2012-12-07 02:46 - 00020480 ____A (Microsoft) C:\Windows\SysWOW64\pegi.rs 2013-01-09 14:13 - 2012-12-07 02:46 - 00015360 ____A (Microsoft) C:\Windows\SysWOW64\djctq.rs 2013-01-09 14:13 - 2012-11-21 21:44 - 00800768 ____A (Microsoft Corporation) C:\Windows\System32\usp10.dll 2013-01-09 14:13 - 2012-11-21 20:45 - 00626688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll 2013-01-09 14:13 - 2012-11-19 21:48 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll 2013-01-09 14:13 - 2012-11-19 20:51 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2013-01-09 14:13 - 2012-10-31 21:43 - 02002432 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll 2013-01-09 14:13 - 2012-10-31 21:43 - 01882624 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll 2013-01-09 14:13 - 2012-10-31 20:47 - 01389568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2013-01-09 14:13 - 2012-10-31 20:47 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2013-01-09 14:12 - 2012-11-29 21:45 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll 2013-01-09 14:12 - 2012-11-29 21:45 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll 2013-01-09 14:12 - 2012-11-29 21:45 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll 2013-01-09 14:12 - 2012-11-29 21:45 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll 2013-01-09 14:12 - 2012-11-29 21:43 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll 2013-01-09 14:12 - 2012-11-29 21:41 - 01161216 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll 2013-01-09 14:12 - 2012-11-29 21:41 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll 2013-01-09 14:12 - 2012-11-29 21:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll 2013-01-09 14:12 - 2012-11-29 21:38 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll 2013-01-09 14:12 - 2012-11-29 21:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll 2013-01-09 14:12 - 2012-11-29 21:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll 2013-01-09 14:12 - 2012-11-29 21:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll 2013-01-09 14:12 - 2012-11-29 21:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll 2013-01-09 14:12 - 2012-11-29 21:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll 2013-01-09 14:12 - 2012-11-29 21:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll 2013-01-09 14:12 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll 2013-01-09 14:12 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll 2013-01-09 14:12 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll 2013-01-09 14:12 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll 2013-01-09 14:12 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll 2013-01-09 14:12 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll 2013-01-09 14:12 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll 2013-01-09 14:12 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll 2013-01-09 14:12 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll 2013-01-09 14:12 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll 2013-01-09 14:12 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll 2013-01-09 14:12 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll 2013-01-09 14:12 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll 2013-01-09 14:12 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll 2013-01-09 14:12 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll 2013-01-09 14:12 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll 2013-01-09 14:12 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll 2013-01-09 14:12 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll 2013-01-09 14:12 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll 2013-01-09 14:12 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll 2013-01-09 14:12 - 2012-11-29 20:54 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2013-01-09 14:12 - 2012-11-29 20:53 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2013-01-09 14:12 - 2012-11-29 20:53 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2013-01-09 14:12 - 2012-11-29 20:45 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2013-01-09 14:12 - 2012-11-29 20:45 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2013-01-09 14:12 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2013-01-09 14:12 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2013-01-09 14:12 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2013-01-09 14:12 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2013-01-09 14:12 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2013-01-09 14:12 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2013-01-09 14:12 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2013-01-09 14:12 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2013-01-09 14:12 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2013-01-09 14:12 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2013-01-09 14:12 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2013-01-09 14:12 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2013-01-09 14:12 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2013-01-09 14:12 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2013-01-09 14:12 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2013-01-09 14:12 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2013-01-09 14:12 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2013-01-09 14:12 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2013-01-09 14:12 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2013-01-09 14:12 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2013-01-09 14:12 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2013-01-09 14:12 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2013-01-09 14:12 - 2012-11-29 19:23 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe 2013-01-09 14:12 - 2012-11-29 18:44 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2013-01-09 14:12 - 2012-11-29 18:44 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2013-01-09 14:12 - 2012-11-29 18:44 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2013-01-09 14:12 - 2012-11-29 18:44 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2013-01-09 14:12 - 2012-11-29 18:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2013-01-09 14:12 - 2012-11-29 18:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2013-01-09 14:12 - 2012-11-29 18:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2013-01-09 14:12 - 2012-11-29 18:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2013-01-09 14:12 - 2012-11-29 15:17 - 00420064 ____A C:\Windows\SysWOW64\locale.nls 2013-01-09 14:12 - 2012-11-29 15:15 - 00420064 ____A C:\Windows\System32\locale.nls 2013-01-09 14:11 - 2012-11-22 19:26 - 03149824 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2013-01-09 14:11 - 2012-11-22 19:13 - 00068608 ____A (Microsoft Corporation) C:\Windows\System32\taskhost.exe 2013-01-08 19:59 - 2013-01-08 19:59 - 00000000 ____D C:\Users\Amanda\AppData\Local\{D9F8517C-9933-460C-A1E0-758AE31F70C4} 2013-01-07 19:37 - 2013-01-07 19:37 - 00000000 ____D C:\Users\Amanda\AppData\Local\{E609700E-C39F-4084-8925-B5BAFA4F4DAA} 2013-01-07 07:36 - 2013-01-07 07:37 - 00000000 ____D C:\Users\Amanda\AppData\Local\{D9A3BA8D-F1E8-49E5-B19E-183D5C5CF438} 2013-01-07 05:43 - 2013-01-07 05:43 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2013-01-07 05:43 - 2013-01-07 05:43 - 00000000 ____D C:\Users\Amanda\AppData\Roaming\Malwarebytes 2013-01-07 05:43 - 2013-01-07 05:43 - 00000000 ____D C:\Users\All Users\Malwarebytes 2013-01-07 05:43 - 2013-01-07 05:43 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-01-07 05:43 - 2012-12-14 13:49 - 00024176 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2013-01-07 05:42 - 2013-01-07 05:43 - 10156344 ____A (Malwarebytes Corporation ) C:\Users\Amanda\Downloads\mbam-setup-1.70.0.1100.exe 2013-01-06 11:25 - 2013-01-06 11:25 - 00000000 ____D C:\Users\Amanda\AppData\Local\{6DE5B740-C8C6-4EE1-83A7-48B272E01B17} 2013-01-05 11:53 - 2013-01-05 11:53 - 00000000 ____D C:\Users\Amanda\AppData\Local\{46E1EEAA-AEDD-47D4-9587-77B5F5227313} 2013-01-04 20:35 - 2013-01-06 09:34 - 00000432 ____A C:\Users\Amanda\Desktop\SystemLook.txt 2013-01-04 20:22 - 2013-01-04 20:22 - 00165376 ____A C:\Users\Amanda\Desktop\SystemLook_x64.exe 2013-01-04 18:43 - 2013-01-04 18:43 - 00000000 ____D C:\Users\Amanda\Desktop\mbar-1.01.0.1011 2013-01-04 18:40 - 2013-01-04 18:42 - 13485902 ____A C:\Users\Amanda\Desktop\mbar-1.01.0.1011.zip 2013-01-04 18:33 - 2013-01-04 18:33 - 00021237 ____A C:\ComboFix.txt 2013-01-04 17:14 - 2013-01-04 18:34 - 00000000 ____D C:\ComboFix 2013-01-04 10:36 - 2013-01-04 10:36 - 00000000 ____D C:\Users\Amanda\AppData\Local\{03F6BD2B-7269-46A6-8CA2-36486420A2C6} 2013-01-03 15:24 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe 2013-01-03 15:24 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe 2013-01-03 15:24 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe 2013-01-03 15:24 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe 2013-01-03 15:24 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe 2013-01-03 15:24 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe 2013-01-03 15:24 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe 2013-01-03 15:24 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe 2013-01-03 15:23 - 2013-01-04 18:34 - 00000000 ____D C:\Qoobox 2013-01-03 15:23 - 2013-01-03 15:40 - 00000000 ____D C:\Windows\erdnt 2013-01-03 15:17 - 2013-01-03 15:17 - 05018515 ____R (Swearware) C:\Users\Amanda\Desktop\ComboFix.exe 2013-01-03 15:11 - 2013-01-03 15:11 - 00001509 ____A C:\Users\Amanda\Documents\malewarebytes2.txt 2013-01-03 11:21 - 2013-01-03 11:21 - 00002669 ____A C:\Users\Amanda\Desktop\RKreport[2]_D_01032013_02d1421.txt 2013-01-03 11:20 - 2013-01-03 11:20 - 00002614 ____A C:\Users\Amanda\Desktop\RKreport[1]_S_01032013_02d1420.txt 2013-01-03 11:18 - 2013-01-03 11:21 - 00000000 ____D C:\Users\Amanda\Desktop\RK_Quarantine 2013-01-03 10:29 - 2013-01-03 10:29 - 00007609 ____A C:\AdwCleaner[s1].txt 2013-01-03 10:27 - 2013-01-03 10:27 - 00551997 ____A C:\Users\Amanda\Downloads\adwcleaner.exe 2013-01-03 10:22 - 2013-01-03 10:22 - 00856731 ____A C:\Users\Amanda\Downloads\SecurityCheck.exe 2013-01-03 10:17 - 2013-01-03 10:17 - 00004382 ____A C:\Users\Amanda\Documents\malewarebytes.txt 2013-01-03 09:35 - 2013-01-03 09:35 - 00028508 ____A C:\Users\Amanda\Desktop\dds.txt 2013-01-03 09:35 - 2013-01-03 09:35 - 00011205 ____A C:\Users\Amanda\Desktop\attach.txt 2013-01-03 07:30 - 2013-01-03 07:31 - 00000000 ____D C:\Users\Amanda\AppData\Local\{0B3C4691-7479-43CC-BC91-D14B3BB07D51} 2013-01-02 07:30 - 2013-01-02 19:30 - 00000000 ____D C:\Users\Amanda\AppData\Local\{562C84FC-9C6A-43F8-A97B-890321B5AFD4} 2013-01-01 18:57 - 2013-01-01 18:57 - 00000000 ____D C:\Users\Amanda\AppData\Local\{FE4F8D2B-9D0B-45B9-964C-2DEE5D8ABFEF} 2013-01-01 06:56 - 2013-01-01 06:57 - 00000000 ____D C:\Users\Amanda\AppData\Local\{17B04F02-5D7F-4898-B325-31601408E41F} 2012-12-31 06:55 - 2012-12-31 18:56 - 00000000 ____D C:\Users\Amanda\AppData\Local\{CA17C3DA-AD6C-49BA-A11C-097B33F46C74} 2012-12-30 17:12 - 2012-12-30 17:13 - 00000000 ____D C:\Users\Amanda\AppData\Local\{0676AFF4-2FCE-4D70-B7CF-17267F090A68} 2012-12-30 05:00 - 2012-12-30 05:01 - 00000000 ____D C:\Users\Amanda\AppData\Local\{028DC895-9265-4812-8009-73E1BCF11DA2} 2012-12-29 10:01 - 2012-12-29 10:01 - 00000000 ____D C:\Users\Amanda\AppData\Local\{F9329E83-1C63-4F35-8D9C-6FC0C01A0985} 2012-12-28 09:59 - 2012-12-28 22:00 - 00000000 ____D C:\Users\Amanda\AppData\Local\{A5FDCD53-7FD7-43EF-988E-04148CBA0E21} 2012-12-27 21:59 - 2012-12-27 21:59 - 00000000 ____D C:\Users\Amanda\AppData\Local\{D866A0BC-817B-4A94-9DD7-11209606F6C4} 2012-12-27 08:44 - 2012-12-27 08:44 - 00000000 ____D C:\Users\Amanda\AppData\Local\{BDCCDB9E-FD81-4945-A5D8-419C31609930} 2012-12-26 07:54 - 2012-12-26 19:55 - 00000000 ____D C:\Users\Amanda\AppData\Local\{38DA240D-4F40-4287-8157-45762154365D} 2012-12-25 21:21 - 2012-12-25 21:21 - 00001783 ____A C:\Users\Public\Desktop\iTunes.lnk 2012-12-25 21:19 - 2012-12-25 21:20 - 00000000 ____D C:\Users\All Users\34BE82C4-E596-4e99-A191-52C6199EBF69 2012-12-25 21:19 - 2012-12-25 21:20 - 00000000 ____D C:\Program Files\iTunes 2012-12-25 21:19 - 2012-12-25 21:20 - 00000000 ____D C:\Program Files (x86)\iTunes 2012-12-25 21:19 - 2012-12-25 21:19 - 00000000 ____D C:\Program Files\iPod 2012-12-25 19:30 - 2012-12-25 19:30 - 00000000 ____D C:\Users\Amanda\AppData\Local\{4E80C674-C6A5-4C48-BF62-006826A952C5} 2012-12-25 07:29 - 2012-12-25 07:30 - 00000000 ____D C:\Users\Amanda\AppData\Local\{168F42E3-E27C-417F-9F7F-C9FEA5587BF6} 2012-12-24 14:28 - 2012-12-24 14:28 - 00000000 ____D C:\Users\Amanda\AppData\Local\{7E988694-DF50-4046-85EA-01131A22961E} 2012-12-23 22:00 - 2012-12-23 22:01 - 00000000 ____D C:\Users\Amanda\AppData\Local\{97C4357F-859A-4CE8-B9CD-56A3D2F28476} 2012-12-23 10:00 - 2012-12-23 10:00 - 00000000 ____D C:\Users\Amanda\AppData\Local\{B1B36702-05C4-4226-A961-C24573A4E5FD} 2012-12-22 06:21 - 2012-12-22 18:22 - 00000000 ____D C:\Users\Amanda\AppData\Local\{95E19CEA-8A23-40A0-8181-061A84237CA2} 2012-12-21 21:41 - 2012-12-16 09:11 - 00046080 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll 2012-12-21 21:41 - 2012-12-16 06:45 - 00367616 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll 2012-12-21 21:41 - 2012-12-16 06:13 - 00295424 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2012-12-21 21:41 - 2012-12-16 06:13 - 00034304 ____A (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2012-12-21 05:36 - 2012-12-21 17:36 - 00000000 ____D C:\Users\Amanda\AppData\Local\{7D6FE86F-5C49-410A-B350-0A69CF05DA22} 2012-12-20 05:35 - 2012-12-20 17:35 - 00000000 ____D C:\Users\Amanda\AppData\Local\{86F38EDB-F76D-40F6-9919-75BDDA3D8526} 2012-12-19 10:49 - 2012-12-19 10:49 - 00000000 ____D C:\Users\Amanda\AppData\Local\{0AFD5A01-1F20-4C36-90C8-A87B75593C92} 2012-12-19 05:41 - 2012-12-27 06:04 - 00000336 ____A C:\Windows\Tasks\HPCeeScheduleForAmanda.job 2012-12-19 05:39 - 2012-12-19 05:39 - 00000000 __SHD C:\Windows\System32\%APPDATA% 2012-12-18 20:50 - 2012-12-18 20:50 - 00000000 ____D C:\Users\Amanda\AppData\Local\{8D875933-9820-46D4-8F85-C90704C543E2} 2012-12-18 18:43 - 2012-12-18 18:43 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA% 2012-12-18 18:41 - 2009-06-10 13:00 - 00000824 ____A C:\Windows\System32\Drivers\etc\hosts.20121218-214141.backup 2012-12-18 18:01 - 2012-12-18 18:40 - 00000000 ____D C:\Users\All Users\Spybot - Search & Destroy 2012-12-18 18:01 - 2012-12-18 18:08 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2012-12-18 18:01 - 2012-12-18 18:01 - 00001262 ____A C:\Users\Amanda\Desktop\Spybot - Search & Destroy.lnk 2012-12-18 05:53 - 2012-12-18 05:53 - 00000000 ____D C:\Users\Amanda\AppData\Local\{8FA09FCC-5E90-4E61-A38A-20B70C647FEE} 2012-12-17 20:08 - 2013-01-04 10:27 - 00000000 ____D C:\Windows\System32\Drivers\NSTx64 2012-12-17 20:08 - 2012-12-17 20:08 - 00000000 ____D C:\Program Files (x86)\Norton Identity Safe 2012-12-17 19:46 - 2012-12-17 20:08 - 00001294 ____A C:\Users\Amanda\Desktop\Norton Installation Files.lnk 2012-12-17 17:52 - 2012-12-17 17:52 - 00000000 ____D C:\Users\Amanda\AppData\Local\{A37FE5F4-8EFB-4521-83EA-C02F83F71444} 2012-12-17 06:35 - 2012-12-17 06:35 - 00000000 ____D C:\Users\Public\Documents\Downloaded Installers 2012-12-17 05:52 - 2012-12-17 05:52 - 00000000 ____D C:\Users\Amanda\AppData\Local\{BBAE4CDC-06E9-4030-BE0B-955925A030B6} 2012-12-16 16:42 - 2012-11-13 23:06 - 17811968 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2012-12-16 16:42 - 2012-11-13 22:32 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2012-12-16 16:42 - 2012-11-13 22:11 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2012-12-16 16:42 - 2012-11-13 22:04 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-12-16 16:42 - 2012-11-13 22:04 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2012-12-16 16:42 - 2012-11-13 22:02 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2012-12-16 16:42 - 2012-11-13 22:02 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2012-12-16 16:42 - 2012-11-13 21:59 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-12-16 16:42 - 2012-11-13 21:58 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2012-12-16 16:42 - 2012-11-13 21:57 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2012-12-16 16:42 - 2012-11-13 21:57 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2012-12-16 16:42 - 2012-11-13 21:55 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2012-12-16 16:42 - 2012-11-13 21:55 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2012-12-16 16:42 - 2012-11-13 21:53 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2012-12-16 16:42 - 2012-11-13 21:52 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2012-12-16 16:42 - 2012-11-13 21:46 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2012-12-16 16:42 - 2012-11-13 18:48 - 12320256 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2012-12-16 16:42 - 2012-11-13 18:14 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2012-12-16 16:42 - 2012-11-13 18:09 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2012-12-16 16:42 - 2012-11-13 17:58 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2012-12-16 16:42 - 2012-11-13 17:57 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2012-12-16 16:42 - 2012-11-13 17:57 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2012-12-16 16:42 - 2012-11-13 17:55 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2012-12-16 16:42 - 2012-11-13 17:51 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2012-12-16 16:42 - 2012-11-13 17:49 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2012-12-16 16:42 - 2012-11-13 17:49 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2012-12-16 16:42 - 2012-11-13 17:48 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2012-12-16 16:42 - 2012-11-13 17:47 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2012-12-16 16:42 - 2012-11-13 17:46 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2012-12-16 16:42 - 2012-11-13 17:45 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2012-12-16 16:42 - 2012-11-13 17:44 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2012-12-16 16:42 - 2012-11-13 17:41 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2012-12-16 15:40 - 2012-12-17 19:42 - 00000000 ____D C:\Users\Amanda\AppData\Local\NPE 2012-12-16 13:59 - 2012-12-16 14:00 - 01754528 ____A (Bleeping Computer, LLC) C:\Users\Amanda\Downloads\rkill.com 2012-12-16 12:48 - 2012-12-16 12:48 - 00000861 ____A C:\Windows\SysWOW64\InstallUtil.InstallLog 2012-12-16 10:35 - 2012-11-08 21:45 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll 2012-12-16 10:35 - 2012-11-08 20:42 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2012-12-16 10:35 - 2012-11-01 21:59 - 00478208 ____A (Microsoft Corporation) C:\Windows\System32\dpnet.dll 2012-12-16 10:35 - 2012-11-01 21:11 - 00376832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll 2012-12-16 10:32 - 2012-12-16 10:34 - 10669952 ____A (Malwarebytes Corporation ) C:\Users\Amanda\Downloads\mbam-setup-1.65.1.1000.exe 2012-12-16 10:22 - 2012-12-16 10:22 - 00000000 ____D C:\Users\Amanda\AppData\Local\{EDFCD47E-FE5F-4BCC-A69B-E84E685321E5} 2012-12-16 10:21 - 2012-12-16 10:21 - 00272464 ____A C:\Windows\Minidump\121612-46815-01.dmp 2012-12-16 06:43 - 2012-12-16 06:43 - 00000000 ____D C:\Users\Amanda\AppData\Local\{DBAC9BD4-B5BA-44E5-9CE9-2B3B3AE8F994} 2012-12-15 16:57 - 2012-12-15 16:57 - 00000000 ____D C:\Users\Amanda\AppData\Local\{4E1515CE-C589-49BE-991F-4FA0E0335881} 2012-12-15 04:57 - 2012-12-15 04:57 - 00000000 ____D C:\Users\Amanda\AppData\Local\{7BBE2769-804B-42B6-9BC2-7B02B3088607} 2012-12-14 16:48 - 2012-12-14 16:49 - 00000000 ____D C:\Users\Amanda\AppData\Local\{A9068C5C-729A-4FF6-8F8A-F1F8D38094C6} 2012-12-14 12:25 - 2012-12-14 12:25 - 00000000 ____D C:\Users\Amanda\AppData\Roaming\Mozilla 2012-12-14 12:25 - 2012-12-14 12:25 - 00000000 ____D C:\Users\Amanda\AppData\Local\Mozilla 2012-12-14 12:24 - 2012-12-16 13:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2012-12-14 12:24 - 2012-12-14 12:24 - 00000000 ____D C:\Users\All Users\Mozilla 2012-12-14 04:48 - 2012-12-14 04:48 - 00000000 ____D C:\Users\Amanda\AppData\Local\{8A306D11-597E-44C4-AF63-A8C76A005A8E} 2012-12-13 04:42 - 2012-12-13 16:42 - 00000000 ____D C:\Users\Amanda\AppData\Local\{3EEEBA01-F231-425A-87A8-5D7061AFF811} 2012-12-12 08:54 - 2012-12-12 08:54 - 00000000 ____D C:\Users\Amanda\AppData\Local\{ED58D4E2-F8E5-4C78-9561-458ADB2D68AC} 2012-12-12 05:40 - 2012-12-12 05:40 - 00272496 ____A C:\Windows\Minidump\121212-45006-01.dmp 2012-12-11 08:54 - 2012-12-11 20:54 - 00000000 ____D C:\Users\Amanda\AppData\Local\{53E8F4DC-22CA-4D48-A932-06D39D15C5DA} ==================== One Month Modified Files and Folders ======= 2013-01-10 11:59 - 2012-04-26 22:59 - 01090154 ____A C:\Windows\WindowsUpdate.log 2013-01-10 11:59 - 2009-07-13 21:13 - 00726316 ____A C:\Windows\System32\PerfStringBackup.INI 2013-01-10 11:58 - 2013-01-10 11:58 - 00000000 ____D C:\FRST 2013-01-10 11:57 - 2009-07-13 20:45 - 00032064 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-01-10 11:57 - 2009-07-13 20:45 - 00032064 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-01-10 11:55 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF 2013-01-10 11:50 - 2012-08-29 05:31 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-01-10 11:50 - 2012-07-12 15:48 - 00000000 ____D C:\Users\All Users\Kodak 2013-01-10 11:50 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-01-10 11:50 - 2009-07-13 20:51 - 00066663 ____A C:\Windows\setupact.log 2013-01-10 11:43 - 2012-08-29 05:31 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-01-10 11:06 - 2012-07-18 07:34 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-01-10 10:15 - 2013-01-10 10:15 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_WinUsb_01009.Wdf 2013-01-10 10:15 - 2013-01-10 10:15 - 00000000 ____D C:\Program Files (x86)\FS 2013-01-10 10:14 - 2013-01-10 10:14 - 00000000 ____D C:\Users\Amanda\AppData\Local\Downloaded Installations 2013-01-10 10:14 - 2013-01-10 10:14 - 00000000 ____D C:\Program Files\FS 2013-01-10 07:15 - 2013-01-10 07:15 - 00000000 ____D C:\Users\Amanda\AppData\Local\{A3514E8E-1DCA-4992-AAA4-35A85E064B1B} 2013-01-10 06:00 - 2009-07-13 20:45 - 00310952 ____A C:\Windows\System32\FNTCACHE.DAT 2013-01-09 21:30 - 2012-07-10 15:02 - 00000000 ____D C:\Users\All Users\Microsoft Help 2013-01-09 21:19 - 2012-08-07 18:39 - 67599240 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2013-01-09 19:15 - 2013-01-09 19:14 - 00000000 ____D C:\Users\Amanda\AppData\Local\{B2B32F44-514E-4D97-9358-C93D4372AC23} 2013-01-09 14:23 - 2012-08-15 05:06 - 00002019 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk 2013-01-09 14:07 - 2012-07-11 05:33 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log 2013-01-08 19:59 - 2013-01-08 19:59 - 00000000 ____D C:\Users\Amanda\AppData\Local\{D9F8517C-9933-460C-A1E0-758AE31F70C4} 2013-01-08 17:07 - 2012-07-18 07:34 - 00697864 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-01-08 17:07 - 2011-10-25 20:12 - 00074248 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-01-07 19:37 - 2013-01-07 19:37 - 00000000 ____D C:\Users\Amanda\AppData\Local\{E609700E-C39F-4084-8925-B5BAFA4F4DAA} 2013-01-07 07:37 - 2013-01-07 07:36 - 00000000 ____D C:\Users\Amanda\AppData\Local\{D9A3BA8D-F1E8-49E5-B19E-183D5C5CF438} 2013-01-07 05:43 - 2013-01-07 05:43 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2013-01-07 05:43 - 2013-01-07 05:43 - 00000000 ____D C:\Users\Amanda\AppData\Roaming\Malwarebytes 2013-01-07 05:43 - 2013-01-07 05:43 - 00000000 ____D C:\Users\All Users\Malwarebytes 2013-01-07 05:43 - 2013-01-07 05:43 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-01-07 05:43 - 2013-01-07 05:42 - 10156344 ____A (Malwarebytes Corporation ) C:\Users\Amanda\Downloads\mbam-setup-1.70.0.1100.exe 2013-01-07 05:37 - 2010-11-20 19:47 - 00634046 ____A C:\Windows\PFRO.log 2013-01-06 11:25 - 2013-01-06 11:25 - 00000000 ____D C:\Users\Amanda\AppData\Local\{6DE5B740-C8C6-4EE1-83A7-48B272E01B17} 2013-01-06 09:34 - 2013-01-04 20:35 - 00000432 ____A C:\Users\Amanda\Desktop\SystemLook.txt 2013-01-05 19:45 - 2012-09-04 13:33 - 00000344 ____A C:\Windows\Tasks\HPCeeScheduleForAMANDA-HP$.job 2013-01-05 11:53 - 2013-01-05 11:53 - 00000000 ____D C:\Users\Amanda\AppData\Local\{46E1EEAA-AEDD-47D4-9587-77B5F5227313} 2013-01-04 20:22 - 2013-01-04 20:22 - 00165376 ____A C:\Users\Amanda\Desktop\SystemLook_x64.exe 2013-01-04 18:43 - 2013-01-04 18:43 - 00000000 ____D C:\Users\Amanda\Desktop\mbar-1.01.0.1011 2013-01-04 18:42 - 2013-01-04 18:40 - 13485902 ____A C:\Users\Amanda\Desktop\mbar-1.01.0.1011.zip 2013-01-04 18:34 - 2013-01-04 17:14 - 00000000 ____D C:\ComboFix 2013-01-04 18:34 - 2013-01-03 15:23 - 00000000 ____D C:\Qoobox 2013-01-04 18:33 - 2013-01-04 18:33 - 00021237 ____A C:\ComboFix.txt 2013-01-04 18:31 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini 2013-01-04 10:36 - 2013-01-04 10:36 - 00000000 ____D C:\Users\Amanda\AppData\Local\{03F6BD2B-7269-46A6-8CA2-36486420A2C6} 2013-01-04 10:27 - 2012-12-17 20:08 - 00000000 ____D C:\Windows\System32\Drivers\NSTx64 2013-01-03 15:40 - 2013-01-03 15:23 - 00000000 ____D C:\Windows\erdnt 2013-01-03 15:17 - 2013-01-03 15:17 - 05018515 ____R (Swearware) C:\Users\Amanda\Desktop\ComboFix.exe 2013-01-03 15:11 - 2013-01-03 15:11 - 00001509 ____A C:\Users\Amanda\Documents\malewarebytes2.txt 2013-01-03 11:21 - 2013-01-03 11:21 - 00002669 ____A C:\Users\Amanda\Desktop\RKreport[2]_D_01032013_02d1421.txt 2013-01-03 11:21 - 2013-01-03 11:18 - 00000000 ____D C:\Users\Amanda\Desktop\RK_Quarantine 2013-01-03 11:20 - 2013-01-03 11:20 - 00002614 ____A C:\Users\Amanda\Desktop\RKreport[1]_S_01032013_02d1420.txt 2013-01-03 10:29 - 2013-01-03 10:29 - 00007609 ____A C:\AdwCleaner[s1].txt 2013-01-03 10:27 - 2013-01-03 10:27 - 00551997 ____A C:\Users\Amanda\Downloads\adwcleaner.exe 2013-01-03 10:22 - 2013-01-03 10:22 - 00856731 ____A C:\Users\Amanda\Downloads\SecurityCheck.exe 2013-01-03 10:17 - 2013-01-03 10:17 - 00004382 ____A C:\Users\Amanda\Documents\malewarebytes.txt 2013-01-03 09:35 - 2013-01-03 09:35 - 00028508 ____A C:\Users\Amanda\Desktop\dds.txt 2013-01-03 09:35 - 2013-01-03 09:35 - 00011205 ____A C:\Users\Amanda\Desktop\attach.txt 2013-01-03 07:31 - 2013-01-03 07:30 - 00000000 ____D C:\Users\Amanda\AppData\Local\{0B3C4691-7479-43CC-BC91-D14B3BB07D51} 2013-01-02 19:30 - 2013-01-02 07:30 - 00000000 ____D C:\Users\Amanda\AppData\Local\{562C84FC-9C6A-43F8-A97B-890321B5AFD4} 2013-01-01 18:57 - 2013-01-01 18:57 - 00000000 ____D C:\Users\Amanda\AppData\Local\{FE4F8D2B-9D0B-45B9-964C-2DEE5D8ABFEF} 2013-01-01 06:57 - 2013-01-01 06:56 - 00000000 ____D C:\Users\Amanda\AppData\Local\{17B04F02-5D7F-4898-B325-31601408E41F} 2012-12-31 18:56 - 2012-12-31 06:55 - 00000000 ____D C:\Users\Amanda\AppData\Local\{CA17C3DA-AD6C-49BA-A11C-097B33F46C74} 2012-12-30 17:13 - 2012-12-30 17:12 - 00000000 ____D C:\Users\Amanda\AppData\Local\{0676AFF4-2FCE-4D70-B7CF-17267F090A68} 2012-12-30 05:01 - 2012-12-30 05:00 - 00000000 ____D C:\Users\Amanda\AppData\Local\{028DC895-9265-4812-8009-73E1BCF11DA2} 2012-12-29 10:01 - 2012-12-29 10:01 - 00000000 ____D C:\Users\Amanda\AppData\Local\{F9329E83-1C63-4F35-8D9C-6FC0C01A0985} 2012-12-28 22:00 - 2012-12-28 09:59 - 00000000 ____D C:\Users\Amanda\AppData\Local\{A5FDCD53-7FD7-43EF-988E-04148CBA0E21} 2012-12-27 21:59 - 2012-12-27 21:59 - 00000000 ____D C:\Users\Amanda\AppData\Local\{D866A0BC-817B-4A94-9DD7-11209606F6C4} 2012-12-27 08:44 - 2012-12-27 08:44 - 00000000 ____D C:\Users\Amanda\AppData\Local\{BDCCDB9E-FD81-4945-A5D8-419C31609930} 2012-12-27 06:04 - 2012-12-19 05:41 - 00000336 ____A C:\Windows\Tasks\HPCeeScheduleForAmanda.job 2012-12-26 19:55 - 2012-12-26 07:54 - 00000000 ____D C:\Users\Amanda\AppData\Local\{38DA240D-4F40-4287-8157-45762154365D} 2012-12-26 08:06 - 2012-07-10 08:42 - 00000000 ____D C:\users\Amanda 2012-12-25 21:32 - 2012-07-11 14:31 - 00000000 ____D C:\Users\Amanda\AppData\Local\CrashDumps 2012-12-25 21:21 - 2012-12-25 21:21 - 00001783 ____A C:\Users\Public\Desktop\iTunes.lnk 2012-12-25 21:20 - 2012-12-25 21:19 - 00000000 ____D C:\Users\All Users\34BE82C4-E596-4e99-A191-52C6199EBF69 2012-12-25 21:20 - 2012-12-25 21:19 - 00000000 ____D C:\Program Files\iTunes 2012-12-25 21:20 - 2012-12-25 21:19 - 00000000 ____D C:\Program Files (x86)\iTunes 2012-12-25 21:19 - 2012-12-25 21:19 - 00000000 ____D C:\Program Files\iPod 2012-12-25 19:30 - 2012-12-25 19:30 - 00000000 ____D C:\Users\Amanda\AppData\Local\{4E80C674-C6A5-4C48-BF62-006826A952C5} 2012-12-25 14:49 - 2009-07-13 21:08 - 00032596 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2012-12-25 07:30 - 2012-12-25 07:29 - 00000000 ____D C:\Users\Amanda\AppData\Local\{168F42E3-E27C-417F-9F7F-C9FEA5587BF6} 2012-12-24 14:28 - 2012-12-24 14:28 - 00000000 ____D C:\Users\Amanda\AppData\Local\{7E988694-DF50-4046-85EA-01131A22961E} 2012-12-23 22:01 - 2012-12-23 22:00 - 00000000 ____D C:\Users\Amanda\AppData\Local\{97C4357F-859A-4CE8-B9CD-56A3D2F28476} 2012-12-23 10:00 - 2012-12-23 10:00 - 00000000 ____D C:\Users\Amanda\AppData\Local\{B1B36702-05C4-4226-A961-C24573A4E5FD} 2012-12-22 22:40 - 2012-11-04 09:28 - 00000000 ____D C:\Users\Amanda\Documents\Recipes 2012-12-22 18:22 - 2012-12-22 06:21 - 00000000 ____D C:\Users\Amanda\AppData\Local\{95E19CEA-8A23-40A0-8181-061A84237CA2} 2012-12-21 17:36 - 2012-12-21 05:36 - 00000000 ____D C:\Users\Amanda\AppData\Local\{7D6FE86F-5C49-410A-B350-0A69CF05DA22} 2012-12-20 17:35 - 2012-12-20 05:35 - 00000000 ____D C:\Users\Amanda\AppData\Local\{86F38EDB-F76D-40F6-9919-75BDDA3D8526} 2012-12-19 20:21 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache 2012-12-19 10:49 - 2012-12-19 10:49 - 00000000 ____D C:\Users\Amanda\AppData\Local\{0AFD5A01-1F20-4C36-90C8-A87B75593C92} 2012-12-19 05:40 - 2012-07-18 07:44 - 00000000 ____A C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt 2012-12-19 05:39 - 2012-12-19 05:39 - 00000000 __SHD C:\Windows\System32\%APPDATA% 2012-12-18 20:50 - 2012-12-18 20:50 - 00000000 ____D C:\Users\Amanda\AppData\Local\{8D875933-9820-46D4-8F85-C90704C543E2} 2012-12-18 18:43 - 2012-12-18 18:43 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA% 2012-12-18 18:40 - 2012-12-18 18:01 - 00000000 ____D C:\Users\All Users\Spybot - Search & Destroy 2012-12-18 18:08 - 2012-12-18 18:01 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2012-12-18 18:01 - 2012-12-18 18:01 - 00001262 ____A C:\Users\Amanda\Desktop\Spybot - Search & Destroy.lnk 2012-12-18 05:53 - 2012-12-18 05:53 - 00000000 ____D C:\Users\Amanda\AppData\Local\{8FA09FCC-5E90-4E61-A38A-20B70C647FEE} 2012-12-17 20:11 - 2012-04-26 23:10 - 00000000 ____D C:\Users\All Users\Norton 2012-12-17 20:10 - 2012-07-16 12:19 - 00000000 ____D C:\Windows\System32\Drivers\NAVx64 2012-12-17 20:08 - 2012-12-17 20:08 - 00000000 ____D C:\Program Files (x86)\Norton Identity Safe 2012-12-17 20:08 - 2012-12-17 19:46 - 00001294 ____A C:\Users\Amanda\Desktop\Norton Installation Files.lnk 2012-12-17 20:08 - 2012-07-16 12:20 - 00002316 ____A C:\Users\Public\Desktop\Norton AntiVirus.lnk 2012-12-17 20:06 - 2012-07-16 12:20 - 00177312 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT64x86.SYS 2012-12-17 20:06 - 2012-07-16 12:20 - 00007466 ____A C:\Windows\System32\Drivers\SYMEVENT64x86.CAT 2012-12-17 20:06 - 2012-07-16 12:20 - 00000000 ____D C:\Program Files\Symantec 2012-12-17 19:46 - 2012-07-16 12:06 - 00000000 ____D C:\Users\Public\Downloads\Norton 2012-12-17 19:42 - 2012-12-16 15:40 - 00000000 ____D C:\Users\Amanda\AppData\Local\NPE 2012-12-17 17:52 - 2012-12-17 17:52 - 00000000 ____D C:\Users\Amanda\AppData\Local\{A37FE5F4-8EFB-4521-83EA-C02F83F71444} 2012-12-17 06:35 - 2012-12-17 06:35 - 00000000 ____D C:\Users\Public\Documents\Downloaded Installers 2012-12-17 05:52 - 2012-12-17 05:52 - 00000000 ____D C:\Users\Amanda\AppData\Local\{BBAE4CDC-06E9-4030-BE0B-955925A030B6} 2012-12-16 14:00 - 2012-12-16 13:59 - 01754528 ____A (Bleeping Computer, LLC) C:\Users\Amanda\Downloads\rkill.com 2012-12-16 13:14 - 2012-12-14 12:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2012-12-16 13:14 - 2011-10-25 20:33 - 00000000 ____D C:\Users\All Users\Hewlett-Packard 2012-12-16 13:14 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration 2012-12-16 13:14 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\AppCompat 2012-12-16 13:12 - 2012-08-29 05:31 - 00000000 ____D C:\Program Files (x86)\Google 2012-12-16 12:48 - 2012-12-16 12:48 - 00000861 ____A C:\Windows\SysWOW64\InstallUtil.InstallLog 2012-12-16 12:47 - 2012-04-26 23:48 - 00000000 ___RD C:\Users\Public\Recorded TV 2012-12-16 10:34 - 2012-12-16 10:32 - 10669952 ____A (Malwarebytes Corporation ) C:\Users\Amanda\Downloads\mbam-setup-1.65.1.1000.exe 2012-12-16 10:22 - 2012-12-16 10:22 - 00000000 ____D C:\Users\Amanda\AppData\Local\{EDFCD47E-FE5F-4BCC-A69B-E84E685321E5} 2012-12-16 10:21 - 2012-12-16 10:21 - 00272464 ____A C:\Windows\Minidump\121612-46815-01.dmp 2012-12-16 10:21 - 2012-09-12 04:46 - 00000000 ____D C:\Windows\Minidump 2012-12-16 10:20 - 2012-09-12 04:46 - 401557580 ____A C:\Windows\MEMORY.DMP 2012-12-16 09:11 - 2012-12-21 21:41 - 00046080 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll 2012-12-16 06:45 - 2012-12-21 21:41 - 00367616 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll 2012-12-16 06:43 - 2012-12-16 06:43 - 00000000 ____D C:\Users\Amanda\AppData\Local\{DBAC9BD4-B5BA-44E5-9CE9-2B3B3AE8F994} 2012-12-16 06:13 - 2012-12-21 21:41 - 00295424 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2012-12-16 06:13 - 2012-12-21 21:41 - 00034304 ____A (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2012-12-15 16:57 - 2012-12-15 16:57 - 00000000 ____D C:\Users\Amanda\AppData\Local\{4E1515CE-C589-49BE-991F-4FA0E0335881} 2012-12-15 04:57 - 2012-12-15 04:57 - 00000000 ____D C:\Users\Amanda\AppData\Local\{7BBE2769-804B-42B6-9BC2-7B02B3088607} 2012-12-14 16:49 - 2012-12-14 16:48 - 00000000 ____D C:\Users\Amanda\AppData\Local\{A9068C5C-729A-4FF6-8F8A-F1F8D38094C6} 2012-12-14 13:49 - 2013-01-07 05:43 - 00024176 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2012-12-14 12:25 - 2012-12-14 12:25 - 00000000 ____D C:\Users\Amanda\AppData\Roaming\Mozilla 2012-12-14 12:25 - 2012-12-14 12:25 - 00000000 ____D C:\Users\Amanda\AppData\Local\Mozilla 2012-12-14 12:24 - 2012-12-14 12:24 - 00000000 ____D C:\Users\All Users\Mozilla 2012-12-14 04:48 - 2012-12-14 04:48 - 00000000 ____D C:\Users\Amanda\AppData\Local\{8A306D11-597E-44C4-AF63-A8C76A005A8E} 2012-12-13 16:42 - 2012-12-13 04:42 - 00000000 ____D C:\Users\Amanda\AppData\Local\{3EEEBA01-F231-425A-87A8-5D7061AFF811} 2012-12-12 15:24 - 2009-07-13 21:38 - 00067584 ___AS C:\Windows\bootstat(33).dat 2012-12-12 11:44 - 2012-07-10 11:05 - 00000000 ____D C:\Users\Amanda\Documents\Bill Payments 2012-12-12 11:42 - 2012-08-29 05:33 - 00002378 ____A C:\Users\Public\Desktop\Google Chrome.lnk 2012-12-12 08:54 - 2012-12-12 08:54 - 00000000 ____D C:\Users\Amanda\AppData\Local\{ED58D4E2-F8E5-4C78-9561-458ADB2D68AC} 2012-12-12 05:40 - 2012-12-12 05:40 - 00272496 ____A C:\Windows\Minidump\121212-45006-01.dmp 2012-12-11 20:54 - 2012-12-11 08:54 - 00000000 ____D C:\Users\Amanda\AppData\Local\{53E8F4DC-22CA-4D48-A932-06D39D15C5DA} ==================== Known DLLs (Whitelisted) ================= ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= ==================== Memory info =========================== Percentage of memory in use: 19% Total physical RAM: 3562.91 MB Available physical RAM: 2856.57 MB Total Pagefile: 3561.05 MB Available Pagefile: 2848.78 MB Total Virtual: 8192 MB Available Virtual: 8191.91 MB ==================== Partitions ============================= 1 Drive c: () (Fixed) (Total:440.78 GB) (Free:326.7 GB) NTFS ==>[system with boot components (obtained from reading drive)] 2 Drive e: (Recovery) (Fixed) (Total:20.82 GB) (Free:2.25 GB) NTFS ==>[system with boot components (obtained from reading drive)] 3 Drive f: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:1.08 GB) FAT32 5 Drive h: () (Removable) (Total:14.9 GB) (Free:14.2 GB) FAT32 6 Drive x: (Boot) (Fixed) (Total:0.25 GB) (Free:0.25 GB) NTFS 7 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[system with boot components (obtained from reading drive)] Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 465 GB 0 B Disk 1 Online 14 GB 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 199 MB 1024 KB Partition 2 Primary 440 GB 200 MB Partition 3 Primary 20 GB 440 GB Partition 4 Primary 4063 MB 461 GB ================================================================================== Disk: 0 Partition 1 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 Y SYSTEM NTFS Partition 199 MB Healthy ========================================================= Disk: 0 Partition 2 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 C NTFS Partition 440 GB Healthy ========================================================= Disk: 0 Partition 3 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 E Recovery NTFS Partition 20 GB Healthy ========================================================= Disk: 0 Partition 4 Type : 0C Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 4 F HP_TOOLS FAT32 Partition 4063 MB Healthy ========================================================= Partitions of Disk 1: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 14 GB 16 KB ================================================================================== Disk: 1 Partition 1 Type : 0C Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 5 H FAT32 Removable 14 GB Healthy ========================================================= Last Boot: 2013-01-04 11:10 ==================== End Of Log ============================= And the Search Report: Farbar Recovery Scan Tool (x64) Version: 09-01-2013 Ran by SYSTEM at 2013-01-10 15:09:41 Running from H:\ ================== Search: "services.exe" =================== C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB C:\Windows\System32\services.exe [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB C:\Windows\erdnt\cache64\services.exe [2013-01-03 15:40] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB ====== End Of Search ======
- January 10, 2013
- 38 replies
I have a trojan according to your scan

hotdogdoxie replied to hotdogdoxie's topic in Resolved Malware Removal Logs

Did you get a chance to look at the report yet?
- January 10, 2013
- 38 replies
I have a trojan according to your scan

hotdogdoxie replied to hotdogdoxie's topic in Resolved Malware Removal Logs

I just ran it again. I was out all day. Sorry for the delay. Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Database version: v2013.01.07.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Amanda :: AMANDA-HP [administrator] 1/8/2013 7:07:34 PM mbam-log-2013-01-08 (19-07-34).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 211719 Time elapsed: 5 minute(s), Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 1 c:\windows\system32\msaunperp.dll (Trojan.Agent) -> Delete on reboot. Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 c:\windows\system32\msaunperp.dll (Trojan.Agent) -> Delete on reboot. (end)
- January 9, 2013
- 38 replies
I have a trojan according to your scan

hotdogdoxie replied to hotdogdoxie's topic in Resolved Malware Removal Logs

The virus is still there. Is there anything else I can do? Is this something that is dangerous to my system?
- January 8, 2013
- 38 replies
I have a trojan according to your scan

hotdogdoxie replied to hotdogdoxie's topic in Resolved Malware Removal Logs

Still there. Should I try to remove them or is there something else I should try first?
- January 7, 2013
- 38 replies
I have a trojan according to your scan

hotdogdoxie replied to hotdogdoxie's topic in Resolved Malware Removal Logs

OK I have done all you instructed as above. I am assuming you want me to run the scan now, but I want to be sure that is the next step you'd like me to do first. Thanks!
- January 7, 2013
- 38 replies
I have a trojan according to your scan

hotdogdoxie replied to hotdogdoxie's topic in Resolved Malware Removal Logs

Sorry, I was out yesterday. Here is the report. SystemLook 30.07.11 by jpshortstuff Log created at 12:31 on 06/01/2013 by Amanda Administrator - Elevation successful ========== filefind ========== Searching for "msaunperp.dll" No files found. -= EOF =- FYI Upon running Malwarebytes again after running this report it found the trojan again.
- January 6, 2013
- 38 replies
I have a trojan according to your scan

hotdogdoxie replied to hotdogdoxie's topic in Resolved Malware Removal Logs

I'm so confused. Going to bed now and will pick up with this tomorrow please: SystemLook 30.07.11 by jpshortstuff Log created at 23:35 on 04/01/2013 by Amanda Administrator - Elevation successful ========== filefind ========== Searching for "msaunperp.dll " No files found. -= EOF =-
- January 5, 2013
- 38 replies
I have a trojan according to your scan

hotdogdoxie replied to hotdogdoxie's topic in Resolved Malware Removal Logs

OK I've run the anti-root kit 3 times now and it keeps coming back. I didn't see a report to post on this one. The file is under syswow64\msaunperp.dll but when I run malwarebytes it's under system32\msaunperp.dll under file and memory module. Everything else seems to be functioning properly (internet, firewall, windows update)
- January 5, 2013
- 38 replies
I have a trojan according to your scan

hotdogdoxie replied to hotdogdoxie's topic in Resolved Malware Removal Logs

The ComboFix scan is completed and the report is listed below. It took an hour and 20 minutes to complete and was hung up on stage 5 for half an hour. The trojan is still there. I will now run the second part of the post while you review the log. (By the way, I really appreciate your help) ComboFix 13-01-03.05 - Amanda 01/04/2013 20:16:14.4.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3563.2106 [GMT -5:00] Running from: c:\users\Amanda\Desktop\ComboFix.exe Command switches used :: c:\users\Amanda\Desktop\CFScript.txt AV: Norton AntiVirus *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} SP: Norton AntiVirus *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((( Files Created from 2012-12-05 to 2013-01-05 ))))))))))))))))))))))))))))))) . . 2013-01-05 02:31 . 2013-01-05 02:31 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp 2013-01-05 02:31 . 2013-01-05 02:31 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-01-03 20:14 . 2013-01-03 20:14 -------- d-----w- c:\users\Amanda\AppData\Local\Programs 2012-12-26 05:19 . 2012-12-26 05:19 -------- d-----w- c:\program files\iPod 2012-12-26 05:19 . 2012-12-26 05:20 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69 2012-12-26 05:19 . 2012-12-26 05:20 -------- d-----w- c:\program files\iTunes 2012-12-26 05:19 . 2012-12-26 05:20 -------- d-----w- c:\program files (x86)\iTunes 2012-12-22 05:41 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2012-12-22 05:41 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll 2012-12-22 05:41 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll 2012-12-22 05:41 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll 2012-12-19 13:39 . 2012-12-19 13:39 -------- d-sh--w- c:\windows\system32\%APPDATA% 2012-12-19 02:43 . 2012-12-19 02:43 -------- d-sh--w- c:\windows\SysWow64\%APPDATA% 2012-12-19 02:01 . 2012-12-19 02:40 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2012-12-19 02:01 . 2012-12-19 02:08 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2012-12-18 04:08 . 2013-01-04 18:27 -------- d-----w- c:\windows\system32\drivers\NSTx64 2012-12-18 04:08 . 2012-12-18 04:08 -------- d-----w- c:\program files (x86)\Norton Identity Safe 2012-12-18 04:05 . 2012-12-18 04:07 -------- d-----w- c:\windows\system32\drivers\NAVx64\1402000.013 2012-12-16 23:40 . 2012-12-18 03:42 -------- d-----w- c:\users\Amanda\AppData\Local\NPE 2012-12-16 18:50 . 2012-12-16 18:50 -------- d-----w- c:\users\Amanda\AppData\Roaming\Malwarebytes 2012-12-16 18:50 . 2012-12-16 18:50 -------- d-----w- c:\programdata\Malwarebytes 2012-12-16 18:50 . 2013-01-03 20:15 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-12-16 18:50 . 2012-12-14 21:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-12-16 18:35 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll 2012-12-16 18:35 . 2012-11-09 04:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-12-16 18:35 . 2012-11-02 05:59 478208 ----a-w- c:\windows\system32\dpnet.dll 2012-12-16 18:35 . 2012-11-02 05:11 376832 ----a-w- c:\windows\SysWow64\dpnet.dll 2012-12-16 18:35 . 2012-11-22 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys 2012-12-14 20:25 . 2012-12-14 20:25 -------- d-----w- c:\users\Amanda\AppData\Local\Mozilla 2012-12-08 03:59 . 2012-12-08 03:59 -------- d-----w- c:\users\Amanda\AppData\Roaming\Catalina Marketing Corp 2012-12-08 03:59 . 2012-12-08 04:06 489712 ----a-w- c:\users\Amanda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catalina Marketing Corp\UninstallCouponActivator.exe . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-12-18 04:06 . 2012-07-16 20:20 177312 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS 2012-12-17 00:43 . 2012-08-08 02:39 67413224 ----a-w- c:\windows\system32\MRT.exe 2012-12-12 01:07 . 2012-07-18 15:34 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-12-12 01:07 . 2011-10-26 04:12 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-10-25 08:12 . 2012-10-25 08:12 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx 2012-10-25 08:12 . 2012-10-25 08:12 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts 2012-10-19 23:18 . 2012-10-14 04:46 652160 ----a-w- c:\windows\couponprinter_x64.ocx 2012-10-19 23:18 . 2012-10-14 04:45 440704 ----a-w- c:\windows\CouponPrinter.ocx 2012-10-16 08:38 . 2012-11-28 13:48 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2012-10-16 08:38 . 2012-11-28 13:48 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2012-10-16 07:39 . 2012-11-28 13:48 561664 ----a-w- c:\windows\apppatch\AcLayers.dll 2012-10-09 18:17 . 2012-11-15 00:27 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll 2012-10-09 18:17 . 2012-11-15 00:27 226816 ----a-w- c:\windows\system32\dhcpcore6.dll 2012-10-09 17:40 . 2012-11-15 00:27 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll 2012-10-09 17:40 . 2012-11-15 00:27 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{f3954c17-b785-b6e4-e583-60efe47cb84a}"= "c:\program files (x86)\MyPoints Toolbar\Helper.dll" [2012-09-19 361472] . [HKEY_CLASSES_ROOT\clsid\{f3954c17-b785-b6e4-e583-60efe47cb84a}] [HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1] [HKEY_CLASSES_ROOT\TypeLib\{44B4024E-E741-7714-B513-8750120100CF}] [HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook] . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{948548C2-1801-7A14-F509-7FE523202B1D}] 2012-09-19 13:38 1624576 ----a-w- c:\program files (x86)\MyPoints Toolbar\Toolbar.dll . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{AB4C7833-A6EC-433f-B9FE-6B14B1A2F836}] 2012-12-18 02:16 509416 ----a-r- c:\program files (x86)\Norton Identity Safe\Engine\2013.2.1.33\coieplg.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{5495B7A2-8F65-DEE4-A9FF-9BB6409140D4}"= "c:\program files (x86)\MyPoints Toolbar\Toolbar.dll" [2012-09-19 1624576] "{A13C2648-91D4-4bf3-BC6D-0079707C4389}"= "c:\program files (x86)\Norton Identity Safe\Engine\2013.2.1.33\coIEPlg.dll" [2012-12-18 509416] . [HKEY_CLASSES_ROOT\clsid\{5495b7a2-8f65-dee4-a9ff-9bb6409140d4}] [HKEY_CLASSES_ROOT\FCTB000100757.IEToolbar.1] [HKEY_CLASSES_ROOT\TypeLib\{2F580E29-6056-3844-D9B5-6D363608DD88}] [HKEY_CLASSES_ROOT\FCTB000100757.IEToolbar] . [HKEY_CLASSES_ROOT\clsid\{a13c2648-91d4-4bf3-bc6d-0079707c4389}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-09-15 343168] "HPQuickWebProxy"="c:\program files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [2011-10-08 169528] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960] "HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-03-05 578944] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544] "Conime"="c:\windows\system32\conime.exe" [bU] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "KodakHomeCenter"="c:\program files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe" [2012-06-19 2234840] . c:\users\Amanda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944] R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-08-01 195320] R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2012-06-27 46176] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-07-13 1255736] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2011-06-17 79488] S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2011-06-17 40064] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAVx64\1402000.013\SYMDS64.SYS [2012-10-04 493216] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAVx64\1402000.013\SYMEFA64.SYS [2012-10-04 1133216] S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.2.0.19\Definitions\BASHDefs\20121130.005\BHDrvx64.sys [2012-11-29 1384608] S1 ccSet_NAV;Norton AntiVirus Settings Manager;c:\windows\system32\drivers\NAVx64\1402000.013\ccSetx64.sys [2012-10-04 168096] S1 ccSet_NST;Norton Identity Safe Settings Manager;c:\windows\system32\drivers\NSTx64\7DD02010.021\ccSetx64.sys [2012-08-20 168096] S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.2.0.19\Definitions\IPSDefs\20130103.002\IDSvia64.sys [2012-12-15 513184] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAVx64\1402000.013\Ironx64.SYS [2012-09-07 224416] S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NAVx64\1402000.013\SYMNETS.SYS [2012-09-07 432800] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-09-16 204288] S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-09-15 361984] S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-07-20 249648] S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528] S2 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-02-17 682040] S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168] S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-08-10 197536] S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-03-05 35200] S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-08-29 2424424] S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2012-06-19 394712] S2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;c:\program files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [2012-06-19 777728] S2 NAV;Norton AntiVirus;c:\program files (x86)\Norton AntiVirus\Engine\20.2.0.19\ccSvcHst.exe [2012-10-11 143928] S2 NCO;Norton Identity Safe;c:\program files (x86)\Norton Identity Safe\Engine\2013.2.1.33\ccSvcHst.exe [2012-12-05 143928] S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368] S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136] S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-03-30 114704] S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-07-28 31088] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-09 138912] S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2012-04-12 1860672] S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-08-29 339048] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240] S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2011-08-18 53376] . . Contents of the 'Scheduled Tasks' folder . 2013-01-05 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-18 01:07] . 2013-01-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-29 13:31] . 2013-01-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-29 13:31] . 2012-12-07 c:\windows\Tasks\HPCeeScheduleForAMANDA-HP$.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 11:43] . 2012-12-27 c:\windows\Tasks\HPCeeScheduleForAmanda.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 11:43] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-09-08 1424896] "SetDefault"="c:\program files\Hewlett-Packard\HP LaunchBox\SetDefault.exe" [2011-12-20 44880] . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.254.254 192.168.254.254 . - - - - ORPHANS REMOVED - - - - . WebBrowser-{5495B7A2-8F65-DEE4-A9FF-9BB6409140D4} - (no file) AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe AddRemove-MyPoints Toolbar - c:\program files (x86)\MyPoints Toolbar\Uninst.exe AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\NAV] "ImagePath"="\"c:\program files (x86)\Norton AntiVirus\Engine\20.2.0.19\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files (x86)\Norton AntiVirus\Engine\20.2.0.19\diMaster.dll\" /prefetch:1" -- . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\NCO] "ImagePath"="\"c:\program files (x86)\Norton Identity Safe\Engine\2013.2.1.33\ccSvcHst.exe\" /s \"NCO\" /m \"c:\program files (x86)\Norton Identity Safe\Engine\2013.2.1.33\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-01-04 21:33:59 ComboFix-quarantined-files.txt 2013-01-05 02:33 ComboFix2.txt 2013-01-04 22:01 ComboFix3.txt 2013-01-03 23:44 . Pre-Run: 356,141,101,056 bytes free Post-Run: 356,066,357,248 bytes free . - - End Of File - - 2F321FAFB0A3E56752C7CEB22ADEC3C8
- January 5, 2013
- 38 replies
I have a trojan according to your scan

hotdogdoxie replied to hotdogdoxie's topic in Resolved Malware Removal Logs

The computer is running fine, but Malewarebytes is still picking up the trojan....
- January 4, 2013
- 38 replies
I have a trojan according to your scan

hotdogdoxie replied to hotdogdoxie's topic in Resolved Malware Removal Logs

Here is the report from Combofix. It took an extremely long time to run. I have not rebooted yet but will in a moment and let you know how the computer is running. ComboFix 13-01-03.05 - Amanda 01/04/2013 16:02:11.3.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3563.2019 [GMT -5:00] Running from: c:\users\Amanda\Desktop\ComboFix.exe Command switches used :: c:\users\Amanda\Desktop\CFScript.txt AV: Norton AntiVirus *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} SP: Norton AntiVirus *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Previous Run ------- . c:\windows\wininit.ini . . ((((((((((((((((((((((((( Files Created from 2012-12-04 to 2013-01-04 ))))))))))))))))))))))))))))))) . . 2013-01-04 21:20 . 2013-01-04 21:20 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp 2013-01-04 21:20 . 2013-01-04 21:20 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-01-03 20:14 . 2013-01-03 20:14 -------- d-----w- c:\users\Amanda\AppData\Local\Programs 2012-12-26 05:19 . 2012-12-26 05:19 -------- d-----w- c:\program files\iPod 2012-12-26 05:19 . 2012-12-26 05:20 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69 2012-12-26 05:19 . 2012-12-26 05:20 -------- d-----w- c:\program files\iTunes 2012-12-26 05:19 . 2012-12-26 05:20 -------- d-----w- c:\program files (x86)\iTunes 2012-12-22 05:41 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2012-12-22 05:41 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll 2012-12-22 05:41 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll 2012-12-22 05:41 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll 2012-12-19 13:39 . 2012-12-19 13:39 -------- d-sh--w- c:\windows\system32\%APPDATA% 2012-12-19 02:43 . 2012-12-19 02:43 -------- d-sh--w- c:\windows\SysWow64\%APPDATA% 2012-12-19 02:01 . 2012-12-19 02:40 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2012-12-19 02:01 . 2012-12-19 02:08 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2012-12-18 04:08 . 2013-01-04 18:27 -------- d-----w- c:\windows\system32\drivers\NSTx64 2012-12-18 04:08 . 2012-12-18 04:08 -------- d-----w- c:\program files (x86)\Norton Identity Safe 2012-12-18 04:05 . 2012-12-18 04:07 -------- d-----w- c:\windows\system32\drivers\NAVx64\1402000.013 2012-12-16 23:40 . 2012-12-18 03:42 -------- d-----w- c:\users\Amanda\AppData\Local\NPE 2012-12-16 18:50 . 2012-12-16 18:50 -------- d-----w- c:\users\Amanda\AppData\Roaming\Malwarebytes 2012-12-16 18:50 . 2012-12-16 18:50 -------- d-----w- c:\programdata\Malwarebytes 2012-12-16 18:50 . 2013-01-03 20:15 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-12-16 18:50 . 2012-12-14 21:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-12-16 18:35 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll 2012-12-16 18:35 . 2012-11-09 04:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-12-16 18:35 . 2012-11-02 05:59 478208 ----a-w- c:\windows\system32\dpnet.dll 2012-12-16 18:35 . 2012-11-02 05:11 376832 ----a-w- c:\windows\SysWow64\dpnet.dll 2012-12-16 18:35 . 2012-11-22 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys 2012-12-14 20:25 . 2012-12-14 20:25 -------- d-----w- c:\users\Amanda\AppData\Local\Mozilla 2012-12-08 03:59 . 2012-12-08 03:59 -------- d-----w- c:\users\Amanda\AppData\Roaming\Catalina Marketing Corp 2012-12-08 03:59 . 2012-12-08 04:06 489712 ----a-w- c:\users\Amanda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catalina Marketing Corp\UninstallCouponActivator.exe . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-12-18 04:06 . 2012-07-16 20:20 177312 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS 2012-12-17 00:43 . 2012-08-08 02:39 67413224 ----a-w- c:\windows\system32\MRT.exe 2012-12-12 01:07 . 2012-07-18 15:34 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-12-12 01:07 . 2011-10-26 04:12 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-10-25 08:12 . 2012-10-25 08:12 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx 2012-10-25 08:12 . 2012-10-25 08:12 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts 2012-10-19 23:18 . 2012-10-14 04:46 652160 ----a-w- c:\windows\couponprinter_x64.ocx 2012-10-19 23:18 . 2012-10-14 04:45 440704 ----a-w- c:\windows\CouponPrinter.ocx 2012-10-16 08:38 . 2012-11-28 13:48 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2012-10-16 08:38 . 2012-11-28 13:48 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2012-10-16 07:39 . 2012-11-28 13:48 561664 ----a-w- c:\windows\apppatch\AcLayers.dll 2012-10-09 18:17 . 2012-11-15 00:27 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll 2012-10-09 18:17 . 2012-11-15 00:27 226816 ----a-w- c:\windows\system32\dhcpcore6.dll 2012-10-09 17:40 . 2012-11-15 00:27 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll 2012-10-09 17:40 . 2012-11-15 00:27 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{f3954c17-b785-b6e4-e583-60efe47cb84a}"= "c:\program files (x86)\MyPoints Toolbar\Helper.dll" [2012-09-19 361472] . [HKEY_CLASSES_ROOT\clsid\{f3954c17-b785-b6e4-e583-60efe47cb84a}] [HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1] [HKEY_CLASSES_ROOT\TypeLib\{44B4024E-E741-7714-B513-8750120100CF}] [HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook] . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{948548C2-1801-7A14-F509-7FE523202B1D}] 2012-09-19 13:38 1624576 ----a-w- c:\program files (x86)\MyPoints Toolbar\Toolbar.dll . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{AB4C7833-A6EC-433f-B9FE-6B14B1A2F836}] 2012-12-18 02:16 509416 ----a-r- c:\program files (x86)\Norton Identity Safe\Engine\2013.2.1.33\coieplg.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{5495B7A2-8F65-DEE4-A9FF-9BB6409140D4}"= "c:\program files (x86)\MyPoints Toolbar\Toolbar.dll" [2012-09-19 1624576] "{A13C2648-91D4-4bf3-BC6D-0079707C4389}"= "c:\program files (x86)\Norton Identity Safe\Engine\2013.2.1.33\coIEPlg.dll" [2012-12-18 509416] . [HKEY_CLASSES_ROOT\clsid\{5495b7a2-8f65-dee4-a9ff-9bb6409140d4}] [HKEY_CLASSES_ROOT\FCTB000100757.IEToolbar.1] [HKEY_CLASSES_ROOT\TypeLib\{2F580E29-6056-3844-D9B5-6D363608DD88}] [HKEY_CLASSES_ROOT\FCTB000100757.IEToolbar] . [HKEY_CLASSES_ROOT\clsid\{a13c2648-91d4-4bf3-bc6d-0079707c4389}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-09-15 343168] "HPQuickWebProxy"="c:\program files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [2011-10-08 169528] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960] "HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-03-05 578944] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544] "Conime"="c:\windows\system32\conime.exe" [bU] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "KodakHomeCenter"="c:\program files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe" [2012-06-19 2234840] . c:\users\Amanda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944] R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-08-01 195320] R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2012-06-27 46176] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-07-13 1255736] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2011-06-17 79488] S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2011-06-17 40064] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAVx64\1402000.013\SYMDS64.SYS [2012-10-04 493216] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAVx64\1402000.013\SYMEFA64.SYS [2012-10-04 1133216] S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.2.0.19\Definitions\BASHDefs\20121130.005\BHDrvx64.sys [2012-11-29 1384608] S1 ccSet_NAV;Norton AntiVirus Settings Manager;c:\windows\system32\drivers\NAVx64\1402000.013\ccSetx64.sys [2012-10-04 168096] S1 ccSet_NST;Norton Identity Safe Settings Manager;c:\windows\system32\drivers\NSTx64\7DD02010.021\ccSetx64.sys [2012-08-20 168096] S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.2.0.19\Definitions\IPSDefs\20130103.002\IDSvia64.sys [2012-12-15 513184] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAVx64\1402000.013\Ironx64.SYS [2012-09-07 224416] S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NAVx64\1402000.013\SYMNETS.SYS [2012-09-07 432800] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-09-16 204288] S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-09-15 361984] S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-07-20 249648] S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528] S2 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-02-17 682040] S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168] S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-08-10 197536] S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-03-05 35200] S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-08-29 2424424] S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2012-06-19 394712] S2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;c:\program files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [2012-06-19 777728] S2 NAV;Norton AntiVirus;c:\program files (x86)\Norton AntiVirus\Engine\20.2.0.19\ccSvcHst.exe [2012-10-11 143928] S2 NCO;Norton Identity Safe;c:\program files (x86)\Norton Identity Safe\Engine\2013.2.1.33\ccSvcHst.exe [2012-12-05 143928] S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368] S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136] S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-03-30 114704] S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-07-28 31088] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-09 138912] S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2012-04-12 1860672] S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-08-29 339048] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240] S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2011-08-18 53376] . . Contents of the 'Scheduled Tasks' folder . 2013-01-04 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-18 01:07] . 2013-01-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-29 13:31] . 2013-01-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-29 13:31] . 2012-12-07 c:\windows\Tasks\HPCeeScheduleForAMANDA-HP$.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 11:43] . 2012-12-27 c:\windows\Tasks\HPCeeScheduleForAmanda.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 11:43] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-09-08 1424896] "SetDefault"="c:\program files\Hewlett-Packard\HP LaunchBox\SetDefault.exe" [2011-12-20 44880] . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.254.254 192.168.254.254 . - - - - ORPHANS REMOVED - - - - . WebBrowser-{5495B7A2-8F65-DEE4-A9FF-9BB6409140D4} - (no file) AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe AddRemove-MyPoints Toolbar - c:\program files (x86)\MyPoints Toolbar\Uninst.exe AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\NAV] "ImagePath"="\"c:\program files (x86)\Norton AntiVirus\Engine\20.2.0.19\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files (x86)\Norton AntiVirus\Engine\20.2.0.19\diMaster.dll\" /prefetch:1" -- . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\NCO] "ImagePath"="\"c:\program files (x86)\Norton Identity Safe\Engine\2013.2.1.33\ccSvcHst.exe\" /s \"NCO\" /m \"c:\program files (x86)\Norton Identity Safe\Engine\2013.2.1.33\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-01-04 17:01:38 ComboFix-quarantined-files.txt 2013-01-04 22:01 ComboFix2.txt 2013-01-03 23:44 . Pre-Run: 356,207,222,784 bytes free Post-Run: 356,125,523,968 bytes free . - - End Of File - - 9874A90EC1C9551EEC35902B592EC164
- January 4, 2013
- 38 replies
I have a trojan according to your scan

hotdogdoxie replied to hotdogdoxie's topic in Resolved Malware Removal Logs

Here you are. Upon reboot the file is still infected. Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Database version: v2013.01.03.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Amanda :: AMANDA-HP [administrator] 1/3/2013 6:55:56 PM mbam-log-2013-01-03 (18-55-56).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 210689 Time elapsed: 3 minute(s), 10 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 1 c:\windows\system32\msaunperp.dll (Trojan.Agent) -> Delete on reboot. Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 c:\windows\system32\msaunperp.dll (Trojan.Agent) -> Delete on reboot. (end)
- January 4, 2013
- 38 replies
I have a trojan according to your scan

hotdogdoxie replied to hotdogdoxie's topic in Resolved Malware Removal Logs

Maleware is still picking up the virus. I will post the log when it is done running.
- January 3, 2013
- 38 replies

Sign In

hotdogdoxie

Posts

Joined

Last visited

Reputation

About hotdogdoxie

Profile Information

I have a trojan according to your scan

I have a trojan according to your scan

I have a trojan according to your scan

I have a trojan according to your scan

I have a trojan according to your scan

I have a trojan according to your scan

I have a trojan according to your scan

I have a trojan according to your scan

I have a trojan according to your scan

I have a trojan according to your scan

I have a trojan according to your scan

I have a trojan according to your scan

I have a trojan according to your scan

I have a trojan according to your scan

I have a trojan according to your scan

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information