hotdogdoxie

Honorary Members

View Profile See their activity

Posts
21
Joined
December 27, 2012
Last visited
January 14, 2013

Content Type

All Activity

Events

Profiles

Forums

Topics
Posts

Everything posted by hotdogdoxie

I have a trojan according to your scan

hotdogdoxie replied to hotdogdoxie's topic in Resolved Malware Removal Logs

No problem. I appreciate all the help you have given me. I don't know what to do, but hopefully my information has not been stolen. Anyway, thank you for all the time you've put in to this problem.
- January 11, 2013
- 38 replies
I have a trojan according to your scan

hotdogdoxie replied to hotdogdoxie's topic in Resolved Malware Removal Logs

OK here is the frst and search reports for you FRST: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09-01-2013 Ran by SYSTEM at 10-01-2013 15:07:05 Running from H:\ Windows 7 Home Premium (X64) OS Language: English(US) The current controlset is ControlSet001 ==================== Registry (Whitelisted) =================== HKLM\...\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2816808 2011-07-21] (Synaptics Incorporated) HKLM\...\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [1424896 2011-09-08] (IDT, Inc.) HKLM\...\Run: [setDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [44880 2011-12-19] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [343168 2011-09-15] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [169528 2011-10-07] (Hewlett-Packard Company) HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-02] (Adobe Systems Incorporated) HKLM-x32\...\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-11-28] (Apple Inc.) HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-10-25] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152544 2012-12-12] (Apple Inc.) HKLM-x32\...\Run: [Conime] %windir%\system32\conime.exe [x] HKU\Amanda\...\Run: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.) Tcpip\Parameters: [DhcpNameServer] 192.168.254.254 192.168.254.254 Startup: C:\Users\Amanda\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) ==================== Services (Whitelisted) =================== 2 ehffigzyvkiukf; C:\windows\SysWOW64\XTSYNX~1.EXE [98304 2010-12-15] ( Copyrighted © ) 2 HPAuto; "C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe" [682040 2011-02-16] (Hewlett-Packard) 2 Kodak AiO Status Monitor Service; "C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe" [777728 2012-06-19] (Eastman Kodak Company) 2 NAV; "C:\Program Files (x86)\Norton AntiVirus\Engine\20.2.0.19\ccSvcHst.exe" /s "NAV" /m "C:\Program Files (x86)\Norton AntiVirus\Engine\20.2.0.19\diMaster.dll" /prefetch:1 [535416 2012-10-11] (Symantec Corporation) 2 NCO; "C:\Program Files (x86)\Norton Identity Safe\Engine\2013.2.1.33\ccSvcHst.exe" /s "NCO" /m "C:\Program Files (x86)\Norton Identity Safe\Engine\2013.2.1.33\diMaster.dll" /prefetch:1 [535416 2012-12-05] (Symantec Corporation) 2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.) 2 SpyroService; "C:\Program Files (x86)\FS\Spyro Portal\FlashPortal.exe" [50688 2012-09-20] (FS) ==================== Drivers (Whitelisted) ===================== 1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.2.0.19\Definitions\BASHDefs\20130107.001\BHDrvx64.sys [1384608 2012-11-29] (Symantec Corporation) 1 ccSet_NAV; C:\Windows\system32\drivers\NAVx64\1402000.013\ccSetx64.sys [168096 2012-10-03] (Symantec Corporation) 1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DD02010.021\ccSetx64.sys [168096 2012-08-20] (Symantec Corporation) 1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-12-16] (Symantec Corporation) 3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-08-09] (Symantec Corporation) 1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.2.0.19\Definitions\IPSDefs\20130109.001\IDSvia64.sys [513184 2012-12-15] (Symantec Corporation) 3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.2.0.19\Definitions\VirusDefs\20130109.040\ENG64.SYS [126112 2012-12-16] (Symantec Corporation) 3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.2.0.19\Definitions\VirusDefs\20130109.040\EX64.SYS [2084000 2012-12-16] (Symantec Corporation) 3 SNP2UVC; C:\Windows\System32\Drivers\SNP2UVC.sys [1863720 2012-06-01] () 1 SRTSP; C:\Windows\System32\Drivers\NAVx64\1402000.013\SRTSP64.SYS [776864 2012-10-08] (Symantec Corporation) 1 SRTSPX; C:\Windows\system32\drivers\NAVx64\1402000.013\SRTSPX64.SYS [37496 2012-09-06] (Symantec Corporation) 0 SymDS; C:\Windows\System32\drivers\NAVx64\1402000.013\SYMDS64.SYS [493216 2012-10-03] (Symantec Corporation) 0 SymEFA; C:\Windows\System32\drivers\NAVx64\1402000.013\SYMEFA64.SYS [1133216 2012-10-03] (Symantec Corporation) 3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2012-12-17] (Symantec Corporation) 1 SymIRON; C:\Windows\system32\drivers\NAVx64\1402000.013\Ironx64.SYS [224416 2012-09-06] (Symantec Corporation) 1 SymNetS; C:\Windows\System32\Drivers\NAVx64\1402000.013\SYMNETS.SYS [432800 2012-09-06] (Symantec Corporation) 3 catchme; \??\C:\ComboFix\catchme.sys [x] ==================== NetSvcs (Whitelisted) ==================== ==================== One Month Created Files and Folders ======== 2013-01-10 11:58 - 2013-01-10 11:58 - 00000000 ____D C:\FRST 2013-01-10 10:15 - 2013-01-10 10:15 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_WinUsb_01009.Wdf 2013-01-10 10:15 - 2013-01-10 10:15 - 00000000 ____D C:\Program Files (x86)\FS 2013-01-10 10:14 - 2013-01-10 10:14 - 00000000 ____D C:\Users\Amanda\AppData\Local\Downloaded Installations 2013-01-10 10:14 - 2013-01-10 10:14 - 00000000 ____D C:\Program Files\FS 2013-01-10 07:15 - 2013-01-10 07:15 - 00000000 ____D C:\Users\Amanda\AppData\Local\{A3514E8E-1DCA-4992-AAA4-35A85E064B1B} 2013-01-09 19:14 - 2013-01-09 19:15 - 00000000 ____D C:\Users\Amanda\AppData\Local\{B2B32F44-514E-4D97-9358-C93D4372AC23} 2013-01-09 14:15 - 2012-11-08 21:45 - 00750592 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll 2013-01-09 14:15 - 2012-11-08 20:43 - 00492032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll 2013-01-09 14:13 - 2012-12-07 05:20 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\Wpc.dll 2013-01-09 14:13 - 2012-12-07 05:15 - 02746368 ____A (Microsoft Corporation) C:\Windows\System32\gameux.dll 2013-01-09 14:13 - 2012-12-07 04:26 - 00308736 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll 2013-01-09 14:13 - 2012-12-07 04:20 - 02576384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\gameux.dll 2013-01-09 14:13 - 2012-12-07 03:20 - 00045568 ____A (Microsoft) C:\Windows\System32\oflc-nz.rs 2013-01-09 14:13 - 2012-12-07 03:20 - 00044544 ____A (Microsoft) C:\Windows\System32\pegibbfc.rs 2013-01-09 14:13 - 2012-12-07 03:20 - 00043520 ____A (Microsoft) C:\Windows\System32\csrr.rs 2013-01-09 14:13 - 2012-12-07 03:20 - 00030720 ____A (Microsoft) C:\Windows\System32\usk.rs 2013-01-09 14:13 - 2012-12-07 03:20 - 00023552 ____A (Microsoft) C:\Windows\System32\oflc.rs 2013-01-09 14:13 - 2012-12-07 03:20 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi-pt.rs 2013-01-09 14:13 - 2012-12-07 03:20 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi-fi.rs 2013-01-09 14:13 - 2012-12-07 03:19 - 00055296 ____A (Microsoft) C:\Windows\System32\cero.rs 2013-01-09 14:13 - 2012-12-07 03:19 - 00051712 ____A (Microsoft) C:\Windows\System32\esrb.rs 2013-01-09 14:13 - 2012-12-07 03:19 - 00046592 ____A (Microsoft) C:\Windows\System32\fpb.rs 2013-01-09 14:13 - 2012-12-07 03:19 - 00040960 ____A (Microsoft) C:\Windows\System32\cob-au.rs 2013-01-09 14:13 - 2012-12-07 03:19 - 00021504 ____A (Microsoft) C:\Windows\System32\grb.rs 2013-01-09 14:13 - 2012-12-07 03:19 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi.rs 2013-01-09 14:13 - 2012-12-07 03:19 - 00015360 ____A (Microsoft) C:\Windows\System32\djctq.rs 2013-01-09 14:13 - 2012-12-07 02:46 - 00055296 ____A (Microsoft) C:\Windows\SysWOW64\cero.rs 2013-01-09 14:13 - 2012-12-07 02:46 - 00051712 ____A (Microsoft) C:\Windows\SysWOW64\esrb.rs 2013-01-09 14:13 - 2012-12-07 02:46 - 00046592 ____A (Microsoft) C:\Windows\SysWOW64\fpb.rs 2013-01-09 14:13 - 2012-12-07 02:46 - 00045568 ____A (Microsoft) C:\Windows\SysWOW64\oflc-nz.rs 2013-01-09 14:13 - 2012-12-07 02:46 - 00044544 ____A (Microsoft) C:\Windows\SysWOW64\pegibbfc.rs 2013-01-09 14:13 - 2012-12-07 02:46 - 00043520 ____A (Microsoft) C:\Windows\SysWOW64\csrr.rs 2013-01-09 14:13 - 2012-12-07 02:46 - 00040960 ____A (Microsoft) C:\Windows\SysWOW64\cob-au.rs 2013-01-09 14:13 - 2012-12-07 02:46 - 00030720 ____A (Microsoft) C:\Windows\SysWOW64\usk.rs 2013-01-09 14:13 - 2012-12-07 02:46 - 00023552 ____A (Microsoft) C:\Windows\SysWOW64\oflc.rs 2013-01-09 14:13 - 2012-12-07 02:46 - 00021504 ____A (Microsoft) C:\Windows\SysWOW64\grb.rs 2013-01-09 14:13 - 2012-12-07 02:46 - 00020480 ____A (Microsoft) C:\Windows\SysWOW64\pegi-pt.rs 2013-01-09 14:13 - 2012-12-07 02:46 - 00020480 ____A (Microsoft) C:\Windows\SysWOW64\pegi-fi.rs 2013-01-09 14:13 - 2012-12-07 02:46 - 00020480 ____A (Microsoft) C:\Windows\SysWOW64\pegi.rs 2013-01-09 14:13 - 2012-12-07 02:46 - 00015360 ____A (Microsoft) C:\Windows\SysWOW64\djctq.rs 2013-01-09 14:13 - 2012-11-21 21:44 - 00800768 ____A (Microsoft Corporation) C:\Windows\System32\usp10.dll 2013-01-09 14:13 - 2012-11-21 20:45 - 00626688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll 2013-01-09 14:13 - 2012-11-19 21:48 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll 2013-01-09 14:13 - 2012-11-19 20:51 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2013-01-09 14:13 - 2012-10-31 21:43 - 02002432 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll 2013-01-09 14:13 - 2012-10-31 21:43 - 01882624 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll 2013-01-09 14:13 - 2012-10-31 20:47 - 01389568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2013-01-09 14:13 - 2012-10-31 20:47 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2013-01-09 14:12 - 2012-11-29 21:45 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll 2013-01-09 14:12 - 2012-11-29 21:45 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll 2013-01-09 14:12 - 2012-11-29 21:45 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll 2013-01-09 14:12 - 2012-11-29 21:45 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll 2013-01-09 14:12 - 2012-11-29 21:43 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll 2013-01-09 14:12 - 2012-11-29 21:41 - 01161216 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll 2013-01-09 14:12 - 2012-11-29 21:41 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll 2013-01-09 14:12 - 2012-11-29 21:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll 2013-01-09 14:12 - 2012-11-29 21:38 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll 2013-01-09 14:12 - 2012-11-29 21:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll 2013-01-09 14:12 - 2012-11-29 21:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll 2013-01-09 14:12 - 2012-11-29 21:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll 2013-01-09 14:12 - 2012-11-29 21:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll 2013-01-09 14:12 - 2012-11-29 21:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll 2013-01-09 14:12 - 2012-11-29 21:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll 2013-01-09 14:12 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll 2013-01-09 14:12 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll 2013-01-09 14:12 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll 2013-01-09 14:12 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll 2013-01-09 14:12 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll 2013-01-09 14:12 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll 2013-01-09 14:12 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll 2013-01-09 14:12 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll 2013-01-09 14:12 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll 2013-01-09 14:12 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll 2013-01-09 14:12 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll 2013-01-09 14:12 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll 2013-01-09 14:12 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll 2013-01-09 14:12 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll 2013-01-09 14:12 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll 2013-01-09 14:12 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll 2013-01-09 14:12 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll 2013-01-09 14:12 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll 2013-01-09 14:12 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll 2013-01-09 14:12 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll 2013-01-09 14:12 - 2012-11-29 20:54 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2013-01-09 14:12 - 2012-11-29 20:53 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2013-01-09 14:12 - 2012-11-29 20:53 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2013-01-09 14:12 - 2012-11-29 20:45 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2013-01-09 14:12 - 2012-11-29 20:45 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2013-01-09 14:12 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2013-01-09 14:12 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2013-01-09 14:12 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2013-01-09 14:12 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2013-01-09 14:12 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2013-01-09 14:12 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2013-01-09 14:12 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2013-01-09 14:12 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2013-01-09 14:12 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2013-01-09 14:12 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2013-01-09 14:12 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2013-01-09 14:12 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2013-01-09 14:12 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2013-01-09 14:12 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2013-01-09 14:12 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2013-01-09 14:12 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2013-01-09 14:12 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2013-01-09 14:12 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2013-01-09 14:12 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2013-01-09 14:12 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2013-01-09 14:12 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2013-01-09 14:12 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2013-01-09 14:12 - 2012-11-29 19:23 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe 2013-01-09 14:12 - 2012-11-29 18:44 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2013-01-09 14:12 - 2012-11-29 18:44 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2013-01-09 14:12 - 2012-11-29 18:44 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2013-01-09 14:12 - 2012-11-29 18:44 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2013-01-09 14:12 - 2012-11-29 18:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2013-01-09 14:12 - 2012-11-29 18:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2013-01-09 14:12 - 2012-11-29 18:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2013-01-09 14:12 - 2012-11-29 18:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2013-01-09 14:12 - 2012-11-29 15:17 - 00420064 ____A C:\Windows\SysWOW64\locale.nls 2013-01-09 14:12 - 2012-11-29 15:15 - 00420064 ____A C:\Windows\System32\locale.nls 2013-01-09 14:11 - 2012-11-22 19:26 - 03149824 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2013-01-09 14:11 - 2012-11-22 19:13 - 00068608 ____A (Microsoft Corporation) C:\Windows\System32\taskhost.exe 2013-01-08 19:59 - 2013-01-08 19:59 - 00000000 ____D C:\Users\Amanda\AppData\Local\{D9F8517C-9933-460C-A1E0-758AE31F70C4} 2013-01-07 19:37 - 2013-01-07 19:37 - 00000000 ____D C:\Users\Amanda\AppData\Local\{E609700E-C39F-4084-8925-B5BAFA4F4DAA} 2013-01-07 07:36 - 2013-01-07 07:37 - 00000000 ____D C:\Users\Amanda\AppData\Local\{D9A3BA8D-F1E8-49E5-B19E-183D5C5CF438} 2013-01-07 05:43 - 2013-01-07 05:43 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2013-01-07 05:43 - 2013-01-07 05:43 - 00000000 ____D C:\Users\Amanda\AppData\Roaming\Malwarebytes 2013-01-07 05:43 - 2013-01-07 05:43 - 00000000 ____D C:\Users\All Users\Malwarebytes 2013-01-07 05:43 - 2013-01-07 05:43 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-01-07 05:43 - 2012-12-14 13:49 - 00024176 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2013-01-07 05:42 - 2013-01-07 05:43 - 10156344 ____A (Malwarebytes Corporation ) C:\Users\Amanda\Downloads\mbam-setup-1.70.0.1100.exe 2013-01-06 11:25 - 2013-01-06 11:25 - 00000000 ____D C:\Users\Amanda\AppData\Local\{6DE5B740-C8C6-4EE1-83A7-48B272E01B17} 2013-01-05 11:53 - 2013-01-05 11:53 - 00000000 ____D C:\Users\Amanda\AppData\Local\{46E1EEAA-AEDD-47D4-9587-77B5F5227313} 2013-01-04 20:35 - 2013-01-06 09:34 - 00000432 ____A C:\Users\Amanda\Desktop\SystemLook.txt 2013-01-04 20:22 - 2013-01-04 20:22 - 00165376 ____A C:\Users\Amanda\Desktop\SystemLook_x64.exe 2013-01-04 18:43 - 2013-01-04 18:43 - 00000000 ____D C:\Users\Amanda\Desktop\mbar-1.01.0.1011 2013-01-04 18:40 - 2013-01-04 18:42 - 13485902 ____A C:\Users\Amanda\Desktop\mbar-1.01.0.1011.zip 2013-01-04 18:33 - 2013-01-04 18:33 - 00021237 ____A C:\ComboFix.txt 2013-01-04 17:14 - 2013-01-04 18:34 - 00000000 ____D C:\ComboFix 2013-01-04 10:36 - 2013-01-04 10:36 - 00000000 ____D C:\Users\Amanda\AppData\Local\{03F6BD2B-7269-46A6-8CA2-36486420A2C6} 2013-01-03 15:24 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe 2013-01-03 15:24 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe 2013-01-03 15:24 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe 2013-01-03 15:24 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe 2013-01-03 15:24 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe 2013-01-03 15:24 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe 2013-01-03 15:24 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe 2013-01-03 15:24 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe 2013-01-03 15:23 - 2013-01-04 18:34 - 00000000 ____D C:\Qoobox 2013-01-03 15:23 - 2013-01-03 15:40 - 00000000 ____D C:\Windows\erdnt 2013-01-03 15:17 - 2013-01-03 15:17 - 05018515 ____R (Swearware) C:\Users\Amanda\Desktop\ComboFix.exe 2013-01-03 15:11 - 2013-01-03 15:11 - 00001509 ____A C:\Users\Amanda\Documents\malewarebytes2.txt 2013-01-03 11:21 - 2013-01-03 11:21 - 00002669 ____A C:\Users\Amanda\Desktop\RKreport[2]_D_01032013_02d1421.txt 2013-01-03 11:20 - 2013-01-03 11:20 - 00002614 ____A C:\Users\Amanda\Desktop\RKreport[1]_S_01032013_02d1420.txt 2013-01-03 11:18 - 2013-01-03 11:21 - 00000000 ____D C:\Users\Amanda\Desktop\RK_Quarantine 2013-01-03 10:29 - 2013-01-03 10:29 - 00007609 ____A C:\AdwCleaner[s1].txt 2013-01-03 10:27 - 2013-01-03 10:27 - 00551997 ____A C:\Users\Amanda\Downloads\adwcleaner.exe 2013-01-03 10:22 - 2013-01-03 10:22 - 00856731 ____A C:\Users\Amanda\Downloads\SecurityCheck.exe 2013-01-03 10:17 - 2013-01-03 10:17 - 00004382 ____A C:\Users\Amanda\Documents\malewarebytes.txt 2013-01-03 09:35 - 2013-01-03 09:35 - 00028508 ____A C:\Users\Amanda\Desktop\dds.txt 2013-01-03 09:35 - 2013-01-03 09:35 - 00011205 ____A C:\Users\Amanda\Desktop\attach.txt 2013-01-03 07:30 - 2013-01-03 07:31 - 00000000 ____D C:\Users\Amanda\AppData\Local\{0B3C4691-7479-43CC-BC91-D14B3BB07D51} 2013-01-02 07:30 - 2013-01-02 19:30 - 00000000 ____D C:\Users\Amanda\AppData\Local\{562C84FC-9C6A-43F8-A97B-890321B5AFD4} 2013-01-01 18:57 - 2013-01-01 18:57 - 00000000 ____D C:\Users\Amanda\AppData\Local\{FE4F8D2B-9D0B-45B9-964C-2DEE5D8ABFEF} 2013-01-01 06:56 - 2013-01-01 06:57 - 00000000 ____D C:\Users\Amanda\AppData\Local\{17B04F02-5D7F-4898-B325-31601408E41F} 2012-12-31 06:55 - 2012-12-31 18:56 - 00000000 ____D C:\Users\Amanda\AppData\Local\{CA17C3DA-AD6C-49BA-A11C-097B33F46C74} 2012-12-30 17:12 - 2012-12-30 17:13 - 00000000 ____D C:\Users\Amanda\AppData\Local\{0676AFF4-2FCE-4D70-B7CF-17267F090A68} 2012-12-30 05:00 - 2012-12-30 05:01 - 00000000 ____D C:\Users\Amanda\AppData\Local\{028DC895-9265-4812-8009-73E1BCF11DA2} 2012-12-29 10:01 - 2012-12-29 10:01 - 00000000 ____D C:\Users\Amanda\AppData\Local\{F9329E83-1C63-4F35-8D9C-6FC0C01A0985} 2012-12-28 09:59 - 2012-12-28 22:00 - 00000000 ____D C:\Users\Amanda\AppData\Local\{A5FDCD53-7FD7-43EF-988E-04148CBA0E21} 2012-12-27 21:59 - 2012-12-27 21:59 - 00000000 ____D C:\Users\Amanda\AppData\Local\{D866A0BC-817B-4A94-9DD7-11209606F6C4} 2012-12-27 08:44 - 2012-12-27 08:44 - 00000000 ____D C:\Users\Amanda\AppData\Local\{BDCCDB9E-FD81-4945-A5D8-419C31609930} 2012-12-26 07:54 - 2012-12-26 19:55 - 00000000 ____D C:\Users\Amanda\AppData\Local\{38DA240D-4F40-4287-8157-45762154365D} 2012-12-25 21:21 - 2012-12-25 21:21 - 00001783 ____A C:\Users\Public\Desktop\iTunes.lnk 2012-12-25 21:19 - 2012-12-25 21:20 - 00000000 ____D C:\Users\All Users\34BE82C4-E596-4e99-A191-52C6199EBF69 2012-12-25 21:19 - 2012-12-25 21:20 - 00000000 ____D C:\Program Files\iTunes 2012-12-25 21:19 - 2012-12-25 21:20 - 00000000 ____D C:\Program Files (x86)\iTunes 2012-12-25 21:19 - 2012-12-25 21:19 - 00000000 ____D C:\Program Files\iPod 2012-12-25 19:30 - 2012-12-25 19:30 - 00000000 ____D C:\Users\Amanda\AppData\Local\{4E80C674-C6A5-4C48-BF62-006826A952C5} 2012-12-25 07:29 - 2012-12-25 07:30 - 00000000 ____D C:\Users\Amanda\AppData\Local\{168F42E3-E27C-417F-9F7F-C9FEA5587BF6} 2012-12-24 14:28 - 2012-12-24 14:28 - 00000000 ____D C:\Users\Amanda\AppData\Local\{7E988694-DF50-4046-85EA-01131A22961E} 2012-12-23 22:00 - 2012-12-23 22:01 - 00000000 ____D C:\Users\Amanda\AppData\Local\{97C4357F-859A-4CE8-B9CD-56A3D2F28476} 2012-12-23 10:00 - 2012-12-23 10:00 - 00000000 ____D C:\Users\Amanda\AppData\Local\{B1B36702-05C4-4226-A961-C24573A4E5FD} 2012-12-22 06:21 - 2012-12-22 18:22 - 00000000 ____D C:\Users\Amanda\AppData\Local\{95E19CEA-8A23-40A0-8181-061A84237CA2} 2012-12-21 21:41 - 2012-12-16 09:11 - 00046080 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll 2012-12-21 21:41 - 2012-12-16 06:45 - 00367616 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll 2012-12-21 21:41 - 2012-12-16 06:13 - 00295424 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2012-12-21 21:41 - 2012-12-16 06:13 - 00034304 ____A (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2012-12-21 05:36 - 2012-12-21 17:36 - 00000000 ____D C:\Users\Amanda\AppData\Local\{7D6FE86F-5C49-410A-B350-0A69CF05DA22} 2012-12-20 05:35 - 2012-12-20 17:35 - 00000000 ____D C:\Users\Amanda\AppData\Local\{86F38EDB-F76D-40F6-9919-75BDDA3D8526} 2012-12-19 10:49 - 2012-12-19 10:49 - 00000000 ____D C:\Users\Amanda\AppData\Local\{0AFD5A01-1F20-4C36-90C8-A87B75593C92} 2012-12-19 05:41 - 2012-12-27 06:04 - 00000336 ____A C:\Windows\Tasks\HPCeeScheduleForAmanda.job 2012-12-19 05:39 - 2012-12-19 05:39 - 00000000 __SHD C:\Windows\System32\%APPDATA% 2012-12-18 20:50 - 2012-12-18 20:50 - 00000000 ____D C:\Users\Amanda\AppData\Local\{8D875933-9820-46D4-8F85-C90704C543E2} 2012-12-18 18:43 - 2012-12-18 18:43 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA% 2012-12-18 18:41 - 2009-06-10 13:00 - 00000824 ____A C:\Windows\System32\Drivers\etc\hosts.20121218-214141.backup 2012-12-18 18:01 - 2012-12-18 18:40 - 00000000 ____D C:\Users\All Users\Spybot - Search & Destroy 2012-12-18 18:01 - 2012-12-18 18:08 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2012-12-18 18:01 - 2012-12-18 18:01 - 00001262 ____A C:\Users\Amanda\Desktop\Spybot - Search & Destroy.lnk 2012-12-18 05:53 - 2012-12-18 05:53 - 00000000 ____D C:\Users\Amanda\AppData\Local\{8FA09FCC-5E90-4E61-A38A-20B70C647FEE} 2012-12-17 20:08 - 2013-01-04 10:27 - 00000000 ____D C:\Windows\System32\Drivers\NSTx64 2012-12-17 20:08 - 2012-12-17 20:08 - 00000000 ____D C:\Program Files (x86)\Norton Identity Safe 2012-12-17 19:46 - 2012-12-17 20:08 - 00001294 ____A C:\Users\Amanda\Desktop\Norton Installation Files.lnk 2012-12-17 17:52 - 2012-12-17 17:52 - 00000000 ____D C:\Users\Amanda\AppData\Local\{A37FE5F4-8EFB-4521-83EA-C02F83F71444} 2012-12-17 06:35 - 2012-12-17 06:35 - 00000000 ____D C:\Users\Public\Documents\Downloaded Installers 2012-12-17 05:52 - 2012-12-17 05:52 - 00000000 ____D C:\Users\Amanda\AppData\Local\{BBAE4CDC-06E9-4030-BE0B-955925A030B6} 2012-12-16 16:42 - 2012-11-13 23:06 - 17811968 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2012-12-16 16:42 - 2012-11-13 22:32 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2012-12-16 16:42 - 2012-11-13 22:11 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2012-12-16 16:42 - 2012-11-13 22:04 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-12-16 16:42 - 2012-11-13 22:04 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2012-12-16 16:42 - 2012-11-13 22:02 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2012-12-16 16:42 - 2012-11-13 22:02 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2012-12-16 16:42 - 2012-11-13 21:59 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-12-16 16:42 - 2012-11-13 21:58 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2012-12-16 16:42 - 2012-11-13 21:57 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2012-12-16 16:42 - 2012-11-13 21:57 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2012-12-16 16:42 - 2012-11-13 21:55 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2012-12-16 16:42 - 2012-11-13 21:55 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2012-12-16 16:42 - 2012-11-13 21:53 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2012-12-16 16:42 - 2012-11-13 21:52 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2012-12-16 16:42 - 2012-11-13 21:46 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2012-12-16 16:42 - 2012-11-13 18:48 - 12320256 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2012-12-16 16:42 - 2012-11-13 18:14 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2012-12-16 16:42 - 2012-11-13 18:09 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2012-12-16 16:42 - 2012-11-13 17:58 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2012-12-16 16:42 - 2012-11-13 17:57 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2012-12-16 16:42 - 2012-11-13 17:57 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2012-12-16 16:42 - 2012-11-13 17:55 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2012-12-16 16:42 - 2012-11-13 17:51 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2012-12-16 16:42 - 2012-11-13 17:49 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2012-12-16 16:42 - 2012-11-13 17:49 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2012-12-16 16:42 - 2012-11-13 17:48 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2012-12-16 16:42 - 2012-11-13 17:47 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2012-12-16 16:42 - 2012-11-13 17:46 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2012-12-16 16:42 - 2012-11-13 17:45 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2012-12-16 16:42 - 2012-11-13 17:44 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2012-12-16 16:42 - 2012-11-13 17:41 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2012-12-16 15:40 - 2012-12-17 19:42 - 00000000 ____D C:\Users\Amanda\AppData\Local\NPE 2012-12-16 13:59 - 2012-12-16 14:00 - 01754528 ____A (Bleeping Computer, LLC) C:\Users\Amanda\Downloads\rkill.com 2012-12-16 12:48 - 2012-12-16 12:48 - 00000861 ____A C:\Windows\SysWOW64\InstallUtil.InstallLog 2012-12-16 10:35 - 2012-11-08 21:45 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll 2012-12-16 10:35 - 2012-11-08 20:42 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2012-12-16 10:35 - 2012-11-01 21:59 - 00478208 ____A (Microsoft Corporation) C:\Windows\System32\dpnet.dll 2012-12-16 10:35 - 2012-11-01 21:11 - 00376832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll 2012-12-16 10:32 - 2012-12-16 10:34 - 10669952 ____A (Malwarebytes Corporation ) C:\Users\Amanda\Downloads\mbam-setup-1.65.1.1000.exe 2012-12-16 10:22 - 2012-12-16 10:22 - 00000000 ____D C:\Users\Amanda\AppData\Local\{EDFCD47E-FE5F-4BCC-A69B-E84E685321E5} 2012-12-16 10:21 - 2012-12-16 10:21 - 00272464 ____A C:\Windows\Minidump\121612-46815-01.dmp 2012-12-16 06:43 - 2012-12-16 06:43 - 00000000 ____D C:\Users\Amanda\AppData\Local\{DBAC9BD4-B5BA-44E5-9CE9-2B3B3AE8F994} 2012-12-15 16:57 - 2012-12-15 16:57 - 00000000 ____D C:\Users\Amanda\AppData\Local\{4E1515CE-C589-49BE-991F-4FA0E0335881} 2012-12-15 04:57 - 2012-12-15 04:57 - 00000000 ____D C:\Users\Amanda\AppData\Local\{7BBE2769-804B-42B6-9BC2-7B02B3088607} 2012-12-14 16:48 - 2012-12-14 16:49 - 00000000 ____D C:\Users\Amanda\AppData\Local\{A9068C5C-729A-4FF6-8F8A-F1F8D38094C6} 2012-12-14 12:25 - 2012-12-14 12:25 - 00000000 ____D C:\Users\Amanda\AppData\Roaming\Mozilla 2012-12-14 12:25 - 2012-12-14 12:25 - 00000000 ____D C:\Users\Amanda\AppData\Local\Mozilla 2012-12-14 12:24 - 2012-12-16 13:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2012-12-14 12:24 - 2012-12-14 12:24 - 00000000 ____D C:\Users\All Users\Mozilla 2012-12-14 04:48 - 2012-12-14 04:48 - 00000000 ____D C:\Users\Amanda\AppData\Local\{8A306D11-597E-44C4-AF63-A8C76A005A8E} 2012-12-13 04:42 - 2012-12-13 16:42 - 00000000 ____D C:\Users\Amanda\AppData\Local\{3EEEBA01-F231-425A-87A8-5D7061AFF811} 2012-12-12 08:54 - 2012-12-12 08:54 - 00000000 ____D C:\Users\Amanda\AppData\Local\{ED58D4E2-F8E5-4C78-9561-458ADB2D68AC} 2012-12-12 05:40 - 2012-12-12 05:40 - 00272496 ____A C:\Windows\Minidump\121212-45006-01.dmp 2012-12-11 08:54 - 2012-12-11 20:54 - 00000000 ____D C:\Users\Amanda\AppData\Local\{53E8F4DC-22CA-4D48-A932-06D39D15C5DA} ==================== One Month Modified Files and Folders ======= 2013-01-10 11:59 - 2012-04-26 22:59 - 01090154 ____A C:\Windows\WindowsUpdate.log 2013-01-10 11:59 - 2009-07-13 21:13 - 00726316 ____A C:\Windows\System32\PerfStringBackup.INI 2013-01-10 11:58 - 2013-01-10 11:58 - 00000000 ____D C:\FRST 2013-01-10 11:57 - 2009-07-13 20:45 - 00032064 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-01-10 11:57 - 2009-07-13 20:45 - 00032064 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-01-10 11:55 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF 2013-01-10 11:50 - 2012-08-29 05:31 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-01-10 11:50 - 2012-07-12 15:48 - 00000000 ____D C:\Users\All Users\Kodak 2013-01-10 11:50 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-01-10 11:50 - 2009-07-13 20:51 - 00066663 ____A C:\Windows\setupact.log 2013-01-10 11:43 - 2012-08-29 05:31 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-01-10 11:06 - 2012-07-18 07:34 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-01-10 10:15 - 2013-01-10 10:15 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_WinUsb_01009.Wdf 2013-01-10 10:15 - 2013-01-10 10:15 - 00000000 ____D C:\Program Files (x86)\FS 2013-01-10 10:14 - 2013-01-10 10:14 - 00000000 ____D C:\Users\Amanda\AppData\Local\Downloaded Installations 2013-01-10 10:14 - 2013-01-10 10:14 - 00000000 ____D C:\Program Files\FS 2013-01-10 07:15 - 2013-01-10 07:15 - 00000000 ____D C:\Users\Amanda\AppData\Local\{A3514E8E-1DCA-4992-AAA4-35A85E064B1B} 2013-01-10 06:00 - 2009-07-13 20:45 - 00310952 ____A C:\Windows\System32\FNTCACHE.DAT 2013-01-09 21:30 - 2012-07-10 15:02 - 00000000 ____D C:\Users\All Users\Microsoft Help 2013-01-09 21:19 - 2012-08-07 18:39 - 67599240 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2013-01-09 19:15 - 2013-01-09 19:14 - 00000000 ____D C:\Users\Amanda\AppData\Local\{B2B32F44-514E-4D97-9358-C93D4372AC23} 2013-01-09 14:23 - 2012-08-15 05:06 - 00002019 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk 2013-01-09 14:07 - 2012-07-11 05:33 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log 2013-01-08 19:59 - 2013-01-08 19:59 - 00000000 ____D C:\Users\Amanda\AppData\Local\{D9F8517C-9933-460C-A1E0-758AE31F70C4} 2013-01-08 17:07 - 2012-07-18 07:34 - 00697864 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-01-08 17:07 - 2011-10-25 20:12 - 00074248 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-01-07 19:37 - 2013-01-07 19:37 - 00000000 ____D C:\Users\Amanda\AppData\Local\{E609700E-C39F-4084-8925-B5BAFA4F4DAA} 2013-01-07 07:37 - 2013-01-07 07:36 - 00000000 ____D C:\Users\Amanda\AppData\Local\{D9A3BA8D-F1E8-49E5-B19E-183D5C5CF438} 2013-01-07 05:43 - 2013-01-07 05:43 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2013-01-07 05:43 - 2013-01-07 05:43 - 00000000 ____D C:\Users\Amanda\AppData\Roaming\Malwarebytes 2013-01-07 05:43 - 2013-01-07 05:43 - 00000000 ____D C:\Users\All Users\Malwarebytes 2013-01-07 05:43 - 2013-01-07 05:43 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-01-07 05:43 - 2013-01-07 05:42 - 10156344 ____A (Malwarebytes Corporation ) C:\Users\Amanda\Downloads\mbam-setup-1.70.0.1100.exe 2013-01-07 05:37 - 2010-11-20 19:47 - 00634046 ____A C:\Windows\PFRO.log 2013-01-06 11:25 - 2013-01-06 11:25 - 00000000 ____D C:\Users\Amanda\AppData\Local\{6DE5B740-C8C6-4EE1-83A7-48B272E01B17} 2013-01-06 09:34 - 2013-01-04 20:35 - 00000432 ____A C:\Users\Amanda\Desktop\SystemLook.txt 2013-01-05 19:45 - 2012-09-04 13:33 - 00000344 ____A C:\Windows\Tasks\HPCeeScheduleForAMANDA-HP$.job 2013-01-05 11:53 - 2013-01-05 11:53 - 00000000 ____D C:\Users\Amanda\AppData\Local\{46E1EEAA-AEDD-47D4-9587-77B5F5227313} 2013-01-04 20:22 - 2013-01-04 20:22 - 00165376 ____A C:\Users\Amanda\Desktop\SystemLook_x64.exe 2013-01-04 18:43 - 2013-01-04 18:43 - 00000000 ____D C:\Users\Amanda\Desktop\mbar-1.01.0.1011 2013-01-04 18:42 - 2013-01-04 18:40 - 13485902 ____A C:\Users\Amanda\Desktop\mbar-1.01.0.1011.zip 2013-01-04 18:34 - 2013-01-04 17:14 - 00000000 ____D C:\ComboFix 2013-01-04 18:34 - 2013-01-03 15:23 - 00000000 ____D C:\Qoobox 2013-01-04 18:33 - 2013-01-04 18:33 - 00021237 ____A C:\ComboFix.txt 2013-01-04 18:31 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini 2013-01-04 10:36 - 2013-01-04 10:36 - 00000000 ____D C:\Users\Amanda\AppData\Local\{03F6BD2B-7269-46A6-8CA2-36486420A2C6} 2013-01-04 10:27 - 2012-12-17 20:08 - 00000000 ____D C:\Windows\System32\Drivers\NSTx64 2013-01-03 15:40 - 2013-01-03 15:23 - 00000000 ____D C:\Windows\erdnt 2013-01-03 15:17 - 2013-01-03 15:17 - 05018515 ____R (Swearware) C:\Users\Amanda\Desktop\ComboFix.exe 2013-01-03 15:11 - 2013-01-03 15:11 - 00001509 ____A C:\Users\Amanda\Documents\malewarebytes2.txt 2013-01-03 11:21 - 2013-01-03 11:21 - 00002669 ____A C:\Users\Amanda\Desktop\RKreport[2]_D_01032013_02d1421.txt 2013-01-03 11:21 - 2013-01-03 11:18 - 00000000 ____D C:\Users\Amanda\Desktop\RK_Quarantine 2013-01-03 11:20 - 2013-01-03 11:20 - 00002614 ____A C:\Users\Amanda\Desktop\RKreport[1]_S_01032013_02d1420.txt 2013-01-03 10:29 - 2013-01-03 10:29 - 00007609 ____A C:\AdwCleaner[s1].txt 2013-01-03 10:27 - 2013-01-03 10:27 - 00551997 ____A C:\Users\Amanda\Downloads\adwcleaner.exe 2013-01-03 10:22 - 2013-01-03 10:22 - 00856731 ____A C:\Users\Amanda\Downloads\SecurityCheck.exe 2013-01-03 10:17 - 2013-01-03 10:17 - 00004382 ____A C:\Users\Amanda\Documents\malewarebytes.txt 2013-01-03 09:35 - 2013-01-03 09:35 - 00028508 ____A C:\Users\Amanda\Desktop\dds.txt 2013-01-03 09:35 - 2013-01-03 09:35 - 00011205 ____A C:\Users\Amanda\Desktop\attach.txt 2013-01-03 07:31 - 2013-01-03 07:30 - 00000000 ____D C:\Users\Amanda\AppData\Local\{0B3C4691-7479-43CC-BC91-D14B3BB07D51} 2013-01-02 19:30 - 2013-01-02 07:30 - 00000000 ____D C:\Users\Amanda\AppData\Local\{562C84FC-9C6A-43F8-A97B-890321B5AFD4} 2013-01-01 18:57 - 2013-01-01 18:57 - 00000000 ____D C:\Users\Amanda\AppData\Local\{FE4F8D2B-9D0B-45B9-964C-2DEE5D8ABFEF} 2013-01-01 06:57 - 2013-01-01 06:56 - 00000000 ____D C:\Users\Amanda\AppData\Local\{17B04F02-5D7F-4898-B325-31601408E41F} 2012-12-31 18:56 - 2012-12-31 06:55 - 00000000 ____D C:\Users\Amanda\AppData\Local\{CA17C3DA-AD6C-49BA-A11C-097B33F46C74} 2012-12-30 17:13 - 2012-12-30 17:12 - 00000000 ____D C:\Users\Amanda\AppData\Local\{0676AFF4-2FCE-4D70-B7CF-17267F090A68} 2012-12-30 05:01 - 2012-12-30 05:00 - 00000000 ____D C:\Users\Amanda\AppData\Local\{028DC895-9265-4812-8009-73E1BCF11DA2} 2012-12-29 10:01 - 2012-12-29 10:01 - 00000000 ____D C:\Users\Amanda\AppData\Local\{F9329E83-1C63-4F35-8D9C-6FC0C01A0985} 2012-12-28 22:00 - 2012-12-28 09:59 - 00000000 ____D C:\Users\Amanda\AppData\Local\{A5FDCD53-7FD7-43EF-988E-04148CBA0E21} 2012-12-27 21:59 - 2012-12-27 21:59 - 00000000 ____D C:\Users\Amanda\AppData\Local\{D866A0BC-817B-4A94-9DD7-11209606F6C4} 2012-12-27 08:44 - 2012-12-27 08:44 - 00000000 ____D C:\Users\Amanda\AppData\Local\{BDCCDB9E-FD81-4945-A5D8-419C31609930} 2012-12-27 06:04 - 2012-12-19 05:41 - 00000336 ____A C:\Windows\Tasks\HPCeeScheduleForAmanda.job 2012-12-26 19:55 - 2012-12-26 07:54 - 00000000 ____D C:\Users\Amanda\AppData\Local\{38DA240D-4F40-4287-8157-45762154365D} 2012-12-26 08:06 - 2012-07-10 08:42 - 00000000 ____D C:\users\Amanda 2012-12-25 21:32 - 2012-07-11 14:31 - 00000000 ____D C:\Users\Amanda\AppData\Local\CrashDumps 2012-12-25 21:21 - 2012-12-25 21:21 - 00001783 ____A C:\Users\Public\Desktop\iTunes.lnk 2012-12-25 21:20 - 2012-12-25 21:19 - 00000000 ____D C:\Users\All Users\34BE82C4-E596-4e99-A191-52C6199EBF69 2012-12-25 21:20 - 2012-12-25 21:19 - 00000000 ____D C:\Program Files\iTunes 2012-12-25 21:20 - 2012-12-25 21:19 - 00000000 ____D C:\Program Files (x86)\iTunes 2012-12-25 21:19 - 2012-12-25 21:19 - 00000000 ____D C:\Program Files\iPod 2012-12-25 19:30 - 2012-12-25 19:30 - 00000000 ____D C:\Users\Amanda\AppData\Local\{4E80C674-C6A5-4C48-BF62-006826A952C5} 2012-12-25 14:49 - 2009-07-13 21:08 - 00032596 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2012-12-25 07:30 - 2012-12-25 07:29 - 00000000 ____D C:\Users\Amanda\AppData\Local\{168F42E3-E27C-417F-9F7F-C9FEA5587BF6} 2012-12-24 14:28 - 2012-12-24 14:28 - 00000000 ____D C:\Users\Amanda\AppData\Local\{7E988694-DF50-4046-85EA-01131A22961E} 2012-12-23 22:01 - 2012-12-23 22:00 - 00000000 ____D C:\Users\Amanda\AppData\Local\{97C4357F-859A-4CE8-B9CD-56A3D2F28476} 2012-12-23 10:00 - 2012-12-23 10:00 - 00000000 ____D C:\Users\Amanda\AppData\Local\{B1B36702-05C4-4226-A961-C24573A4E5FD} 2012-12-22 22:40 - 2012-11-04 09:28 - 00000000 ____D C:\Users\Amanda\Documents\Recipes 2012-12-22 18:22 - 2012-12-22 06:21 - 00000000 ____D C:\Users\Amanda\AppData\Local\{95E19CEA-8A23-40A0-8181-061A84237CA2} 2012-12-21 17:36 - 2012-12-21 05:36 - 00000000 ____D C:\Users\Amanda\AppData\Local\{7D6FE86F-5C49-410A-B350-0A69CF05DA22} 2012-12-20 17:35 - 2012-12-20 05:35 - 00000000 ____D C:\Users\Amanda\AppData\Local\{86F38EDB-F76D-40F6-9919-75BDDA3D8526} 2012-12-19 20:21 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache 2012-12-19 10:49 - 2012-12-19 10:49 - 00000000 ____D C:\Users\Amanda\AppData\Local\{0AFD5A01-1F20-4C36-90C8-A87B75593C92} 2012-12-19 05:40 - 2012-07-18 07:44 - 00000000 ____A C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt 2012-12-19 05:39 - 2012-12-19 05:39 - 00000000 __SHD C:\Windows\System32\%APPDATA% 2012-12-18 20:50 - 2012-12-18 20:50 - 00000000 ____D C:\Users\Amanda\AppData\Local\{8D875933-9820-46D4-8F85-C90704C543E2} 2012-12-18 18:43 - 2012-12-18 18:43 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA% 2012-12-18 18:40 - 2012-12-18 18:01 - 00000000 ____D C:\Users\All Users\Spybot - Search & Destroy 2012-12-18 18:08 - 2012-12-18 18:01 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2012-12-18 18:01 - 2012-12-18 18:01 - 00001262 ____A C:\Users\Amanda\Desktop\Spybot - Search & Destroy.lnk 2012-12-18 05:53 - 2012-12-18 05:53 - 00000000 ____D C:\Users\Amanda\AppData\Local\{8FA09FCC-5E90-4E61-A38A-20B70C647FEE} 2012-12-17 20:11 - 2012-04-26 23:10 - 00000000 ____D C:\Users\All Users\Norton 2012-12-17 20:10 - 2012-07-16 12:19 - 00000000 ____D C:\Windows\System32\Drivers\NAVx64 2012-12-17 20:08 - 2012-12-17 20:08 - 00000000 ____D C:\Program Files (x86)\Norton Identity Safe 2012-12-17 20:08 - 2012-12-17 19:46 - 00001294 ____A C:\Users\Amanda\Desktop\Norton Installation Files.lnk 2012-12-17 20:08 - 2012-07-16 12:20 - 00002316 ____A C:\Users\Public\Desktop\Norton AntiVirus.lnk 2012-12-17 20:06 - 2012-07-16 12:20 - 00177312 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT64x86.SYS 2012-12-17 20:06 - 2012-07-16 12:20 - 00007466 ____A C:\Windows\System32\Drivers\SYMEVENT64x86.CAT 2012-12-17 20:06 - 2012-07-16 12:20 - 00000000 ____D C:\Program Files\Symantec 2012-12-17 19:46 - 2012-07-16 12:06 - 00000000 ____D C:\Users\Public\Downloads\Norton 2012-12-17 19:42 - 2012-12-16 15:40 - 00000000 ____D C:\Users\Amanda\AppData\Local\NPE 2012-12-17 17:52 - 2012-12-17 17:52 - 00000000 ____D C:\Users\Amanda\AppData\Local\{A37FE5F4-8EFB-4521-83EA-C02F83F71444} 2012-12-17 06:35 - 2012-12-17 06:35 - 00000000 ____D C:\Users\Public\Documents\Downloaded Installers 2012-12-17 05:52 - 2012-12-17 05:52 - 00000000 ____D C:\Users\Amanda\AppData\Local\{BBAE4CDC-06E9-4030-BE0B-955925A030B6} 2012-12-16 14:00 - 2012-12-16 13:59 - 01754528 ____A (Bleeping Computer, LLC) C:\Users\Amanda\Downloads\rkill.com 2012-12-16 13:14 - 2012-12-14 12:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2012-12-16 13:14 - 2011-10-25 20:33 - 00000000 ____D C:\Users\All Users\Hewlett-Packard 2012-12-16 13:14 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration 2012-12-16 13:14 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\AppCompat 2012-12-16 13:12 - 2012-08-29 05:31 - 00000000 ____D C:\Program Files (x86)\Google 2012-12-16 12:48 - 2012-12-16 12:48 - 00000861 ____A C:\Windows\SysWOW64\InstallUtil.InstallLog 2012-12-16 12:47 - 2012-04-26 23:48 - 00000000 ___RD C:\Users\Public\Recorded TV 2012-12-16 10:34 - 2012-12-16 10:32 - 10669952 ____A (Malwarebytes Corporation ) C:\Users\Amanda\Downloads\mbam-setup-1.65.1.1000.exe 2012-12-16 10:22 - 2012-12-16 10:22 - 00000000 ____D C:\Users\Amanda\AppData\Local\{EDFCD47E-FE5F-4BCC-A69B-E84E685321E5} 2012-12-16 10:21 - 2012-12-16 10:21 - 00272464 ____A C:\Windows\Minidump\121612-46815-01.dmp 2012-12-16 10:21 - 2012-09-12 04:46 - 00000000 ____D C:\Windows\Minidump 2012-12-16 10:20 - 2012-09-12 04:46 - 401557580 ____A C:\Windows\MEMORY.DMP 2012-12-16 09:11 - 2012-12-21 21:41 - 00046080 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll 2012-12-16 06:45 - 2012-12-21 21:41 - 00367616 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll 2012-12-16 06:43 - 2012-12-16 06:43 - 00000000 ____D C:\Users\Amanda\AppData\Local\{DBAC9BD4-B5BA-44E5-9CE9-2B3B3AE8F994} 2012-12-16 06:13 - 2012-12-21 21:41 - 00295424 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2012-12-16 06:13 - 2012-12-21 21:41 - 00034304 ____A (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2012-12-15 16:57 - 2012-12-15 16:57 - 00000000 ____D C:\Users\Amanda\AppData\Local\{4E1515CE-C589-49BE-991F-4FA0E0335881} 2012-12-15 04:57 - 2012-12-15 04:57 - 00000000 ____D C:\Users\Amanda\AppData\Local\{7BBE2769-804B-42B6-9BC2-7B02B3088607} 2012-12-14 16:49 - 2012-12-14 16:48 - 00000000 ____D C:\Users\Amanda\AppData\Local\{A9068C5C-729A-4FF6-8F8A-F1F8D38094C6} 2012-12-14 13:49 - 2013-01-07 05:43 - 00024176 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2012-12-14 12:25 - 2012-12-14 12:25 - 00000000 ____D C:\Users\Amanda\AppData\Roaming\Mozilla 2012-12-14 12:25 - 2012-12-14 12:25 - 00000000 ____D C:\Users\Amanda\AppData\Local\Mozilla 2012-12-14 12:24 - 2012-12-14 12:24 - 00000000 ____D C:\Users\All Users\Mozilla 2012-12-14 04:48 - 2012-12-14 04:48 - 00000000 ____D C:\Users\Amanda\AppData\Local\{8A306D11-597E-44C4-AF63-A8C76A005A8E} 2012-12-13 16:42 - 2012-12-13 04:42 - 00000000 ____D C:\Users\Amanda\AppData\Local\{3EEEBA01-F231-425A-87A8-5D7061AFF811} 2012-12-12 15:24 - 2009-07-13 21:38 - 00067584 ___AS C:\Windows\bootstat(33).dat 2012-12-12 11:44 - 2012-07-10 11:05 - 00000000 ____D C:\Users\Amanda\Documents\Bill Payments 2012-12-12 11:42 - 2012-08-29 05:33 - 00002378 ____A C:\Users\Public\Desktop\Google Chrome.lnk 2012-12-12 08:54 - 2012-12-12 08:54 - 00000000 ____D C:\Users\Amanda\AppData\Local\{ED58D4E2-F8E5-4C78-9561-458ADB2D68AC} 2012-12-12 05:40 - 2012-12-12 05:40 - 00272496 ____A C:\Windows\Minidump\121212-45006-01.dmp 2012-12-11 20:54 - 2012-12-11 08:54 - 00000000 ____D C:\Users\Amanda\AppData\Local\{53E8F4DC-22CA-4D48-A932-06D39D15C5DA} ==================== Known DLLs (Whitelisted) ================= ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= ==================== Memory info =========================== Percentage of memory in use: 19% Total physical RAM: 3562.91 MB Available physical RAM: 2856.57 MB Total Pagefile: 3561.05 MB Available Pagefile: 2848.78 MB Total Virtual: 8192 MB Available Virtual: 8191.91 MB ==================== Partitions ============================= 1 Drive c: () (Fixed) (Total:440.78 GB) (Free:326.7 GB) NTFS ==>[system with boot components (obtained from reading drive)] 2 Drive e: (Recovery) (Fixed) (Total:20.82 GB) (Free:2.25 GB) NTFS ==>[system with boot components (obtained from reading drive)] 3 Drive f: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:1.08 GB) FAT32 5 Drive h: () (Removable) (Total:14.9 GB) (Free:14.2 GB) FAT32 6 Drive x: (Boot) (Fixed) (Total:0.25 GB) (Free:0.25 GB) NTFS 7 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[system with boot components (obtained from reading drive)] Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 465 GB 0 B Disk 1 Online 14 GB 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 199 MB 1024 KB Partition 2 Primary 440 GB 200 MB Partition 3 Primary 20 GB 440 GB Partition 4 Primary 4063 MB 461 GB ================================================================================== Disk: 0 Partition 1 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 Y SYSTEM NTFS Partition 199 MB Healthy ========================================================= Disk: 0 Partition 2 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 C NTFS Partition 440 GB Healthy ========================================================= Disk: 0 Partition 3 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 E Recovery NTFS Partition 20 GB Healthy ========================================================= Disk: 0 Partition 4 Type : 0C Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 4 F HP_TOOLS FAT32 Partition 4063 MB Healthy ========================================================= Partitions of Disk 1: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 14 GB 16 KB ================================================================================== Disk: 1 Partition 1 Type : 0C Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 5 H FAT32 Removable 14 GB Healthy ========================================================= Last Boot: 2013-01-04 11:10 ==================== End Of Log ============================= And the Search Report: Farbar Recovery Scan Tool (x64) Version: 09-01-2013 Ran by SYSTEM at 2013-01-10 15:09:41 Running from H:\ ================== Search: "services.exe" =================== C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB C:\Windows\System32\services.exe [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB C:\Windows\erdnt\cache64\services.exe [2013-01-03 15:40] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB ====== End Of Search ======
- January 10, 2013
- 38 replies
I have a trojan according to your scan

hotdogdoxie replied to hotdogdoxie's topic in Resolved Malware Removal Logs

Did you get a chance to look at the report yet?
- January 10, 2013
- 38 replies
I have a trojan according to your scan

hotdogdoxie replied to hotdogdoxie's topic in Resolved Malware Removal Logs

I just ran it again. I was out all day. Sorry for the delay. Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Database version: v2013.01.07.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Amanda :: AMANDA-HP [administrator] 1/8/2013 7:07:34 PM mbam-log-2013-01-08 (19-07-34).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 211719 Time elapsed: 5 minute(s), Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 1 c:\windows\system32\msaunperp.dll (Trojan.Agent) -> Delete on reboot. Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 c:\windows\system32\msaunperp.dll (Trojan.Agent) -> Delete on reboot. (end)
- January 9, 2013
- 38 replies
I have a trojan according to your scan

hotdogdoxie replied to hotdogdoxie's topic in Resolved Malware Removal Logs

The virus is still there. Is there anything else I can do? Is this something that is dangerous to my system?
- January 8, 2013
- 38 replies
I have a trojan according to your scan

hotdogdoxie replied to hotdogdoxie's topic in Resolved Malware Removal Logs

Still there. Should I try to remove them or is there something else I should try first?
- January 7, 2013
- 38 replies
I have a trojan according to your scan

hotdogdoxie replied to hotdogdoxie's topic in Resolved Malware Removal Logs

OK I have done all you instructed as above. I am assuming you want me to run the scan now, but I want to be sure that is the next step you'd like me to do first. Thanks!
- January 7, 2013
- 38 replies
I have a trojan according to your scan

hotdogdoxie replied to hotdogdoxie's topic in Resolved Malware Removal Logs

Sorry, I was out yesterday. Here is the report. SystemLook 30.07.11 by jpshortstuff Log created at 12:31 on 06/01/2013 by Amanda Administrator - Elevation successful ========== filefind ========== Searching for "msaunperp.dll" No files found. -= EOF =- FYI Upon running Malwarebytes again after running this report it found the trojan again.
- January 6, 2013
- 38 replies
I have a trojan according to your scan

hotdogdoxie replied to hotdogdoxie's topic in Resolved Malware Removal Logs

I'm so confused. Going to bed now and will pick up with this tomorrow please: SystemLook 30.07.11 by jpshortstuff Log created at 23:35 on 04/01/2013 by Amanda Administrator - Elevation successful ========== filefind ========== Searching for "msaunperp.dll " No files found. -= EOF =-
- January 5, 2013
- 38 replies
I have a trojan according to your scan

hotdogdoxie replied to hotdogdoxie's topic in Resolved Malware Removal Logs

OK I've run the anti-root kit 3 times now and it keeps coming back. I didn't see a report to post on this one. The file is under syswow64\msaunperp.dll but when I run malwarebytes it's under system32\msaunperp.dll under file and memory module. Everything else seems to be functioning properly (internet, firewall, windows update)
- January 5, 2013
- 38 replies
I have a trojan according to your scan

hotdogdoxie replied to hotdogdoxie's topic in Resolved Malware Removal Logs

The ComboFix scan is completed and the report is listed below. It took an hour and 20 minutes to complete and was hung up on stage 5 for half an hour. The trojan is still there. I will now run the second part of the post while you review the log. (By the way, I really appreciate your help) ComboFix 13-01-03.05 - Amanda 01/04/2013 20:16:14.4.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3563.2106 [GMT -5:00] Running from: c:\users\Amanda\Desktop\ComboFix.exe Command switches used :: c:\users\Amanda\Desktop\CFScript.txt AV: Norton AntiVirus *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} SP: Norton AntiVirus *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((( Files Created from 2012-12-05 to 2013-01-05 ))))))))))))))))))))))))))))))) . . 2013-01-05 02:31 . 2013-01-05 02:31 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp 2013-01-05 02:31 . 2013-01-05 02:31 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-01-03 20:14 . 2013-01-03 20:14 -------- d-----w- c:\users\Amanda\AppData\Local\Programs 2012-12-26 05:19 . 2012-12-26 05:19 -------- d-----w- c:\program files\iPod 2012-12-26 05:19 . 2012-12-26 05:20 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69 2012-12-26 05:19 . 2012-12-26 05:20 -------- d-----w- c:\program files\iTunes 2012-12-26 05:19 . 2012-12-26 05:20 -------- d-----w- c:\program files (x86)\iTunes 2012-12-22 05:41 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2012-12-22 05:41 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll 2012-12-22 05:41 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll 2012-12-22 05:41 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll 2012-12-19 13:39 . 2012-12-19 13:39 -------- d-sh--w- c:\windows\system32\%APPDATA% 2012-12-19 02:43 . 2012-12-19 02:43 -------- d-sh--w- c:\windows\SysWow64\%APPDATA% 2012-12-19 02:01 . 2012-12-19 02:40 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2012-12-19 02:01 . 2012-12-19 02:08 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2012-12-18 04:08 . 2013-01-04 18:27 -------- d-----w- c:\windows\system32\drivers\NSTx64 2012-12-18 04:08 . 2012-12-18 04:08 -------- d-----w- c:\program files (x86)\Norton Identity Safe 2012-12-18 04:05 . 2012-12-18 04:07 -------- d-----w- c:\windows\system32\drivers\NAVx64\1402000.013 2012-12-16 23:40 . 2012-12-18 03:42 -------- d-----w- c:\users\Amanda\AppData\Local\NPE 2012-12-16 18:50 . 2012-12-16 18:50 -------- d-----w- c:\users\Amanda\AppData\Roaming\Malwarebytes 2012-12-16 18:50 . 2012-12-16 18:50 -------- d-----w- c:\programdata\Malwarebytes 2012-12-16 18:50 . 2013-01-03 20:15 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-12-16 18:50 . 2012-12-14 21:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-12-16 18:35 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll 2012-12-16 18:35 . 2012-11-09 04:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-12-16 18:35 . 2012-11-02 05:59 478208 ----a-w- c:\windows\system32\dpnet.dll 2012-12-16 18:35 . 2012-11-02 05:11 376832 ----a-w- c:\windows\SysWow64\dpnet.dll 2012-12-16 18:35 . 2012-11-22 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys 2012-12-14 20:25 . 2012-12-14 20:25 -------- d-----w- c:\users\Amanda\AppData\Local\Mozilla 2012-12-08 03:59 . 2012-12-08 03:59 -------- d-----w- c:\users\Amanda\AppData\Roaming\Catalina Marketing Corp 2012-12-08 03:59 . 2012-12-08 04:06 489712 ----a-w- c:\users\Amanda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catalina Marketing Corp\UninstallCouponActivator.exe . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-12-18 04:06 . 2012-07-16 20:20 177312 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS 2012-12-17 00:43 . 2012-08-08 02:39 67413224 ----a-w- c:\windows\system32\MRT.exe 2012-12-12 01:07 . 2012-07-18 15:34 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-12-12 01:07 . 2011-10-26 04:12 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-10-25 08:12 . 2012-10-25 08:12 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx 2012-10-25 08:12 . 2012-10-25 08:12 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts 2012-10-19 23:18 . 2012-10-14 04:46 652160 ----a-w- c:\windows\couponprinter_x64.ocx 2012-10-19 23:18 . 2012-10-14 04:45 440704 ----a-w- c:\windows\CouponPrinter.ocx 2012-10-16 08:38 . 2012-11-28 13:48 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2012-10-16 08:38 . 2012-11-28 13:48 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2012-10-16 07:39 . 2012-11-28 13:48 561664 ----a-w- c:\windows\apppatch\AcLayers.dll 2012-10-09 18:17 . 2012-11-15 00:27 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll 2012-10-09 18:17 . 2012-11-15 00:27 226816 ----a-w- c:\windows\system32\dhcpcore6.dll 2012-10-09 17:40 . 2012-11-15 00:27 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll 2012-10-09 17:40 . 2012-11-15 00:27 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{f3954c17-b785-b6e4-e583-60efe47cb84a}"= "c:\program files (x86)\MyPoints Toolbar\Helper.dll" [2012-09-19 361472] . [HKEY_CLASSES_ROOT\clsid\{f3954c17-b785-b6e4-e583-60efe47cb84a}] [HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1] [HKEY_CLASSES_ROOT\TypeLib\{44B4024E-E741-7714-B513-8750120100CF}] [HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook] . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{948548C2-1801-7A14-F509-7FE523202B1D}] 2012-09-19 13:38 1624576 ----a-w- c:\program files (x86)\MyPoints Toolbar\Toolbar.dll . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{AB4C7833-A6EC-433f-B9FE-6B14B1A2F836}] 2012-12-18 02:16 509416 ----a-r- c:\program files (x86)\Norton Identity Safe\Engine\2013.2.1.33\coieplg.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{5495B7A2-8F65-DEE4-A9FF-9BB6409140D4}"= "c:\program files (x86)\MyPoints Toolbar\Toolbar.dll" [2012-09-19 1624576] "{A13C2648-91D4-4bf3-BC6D-0079707C4389}"= "c:\program files (x86)\Norton Identity Safe\Engine\2013.2.1.33\coIEPlg.dll" [2012-12-18 509416] . [HKEY_CLASSES_ROOT\clsid\{5495b7a2-8f65-dee4-a9ff-9bb6409140d4}] [HKEY_CLASSES_ROOT\FCTB000100757.IEToolbar.1] [HKEY_CLASSES_ROOT\TypeLib\{2F580E29-6056-3844-D9B5-6D363608DD88}] [HKEY_CLASSES_ROOT\FCTB000100757.IEToolbar] . [HKEY_CLASSES_ROOT\clsid\{a13c2648-91d4-4bf3-bc6d-0079707c4389}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-09-15 343168] "HPQuickWebProxy"="c:\program files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [2011-10-08 169528] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960] "HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-03-05 578944] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544] "Conime"="c:\windows\system32\conime.exe" [bU] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "KodakHomeCenter"="c:\program files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe" [2012-06-19 2234840] . c:\users\Amanda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944] R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-08-01 195320] R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2012-06-27 46176] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-07-13 1255736] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2011-06-17 79488] S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2011-06-17 40064] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAVx64\1402000.013\SYMDS64.SYS [2012-10-04 493216] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAVx64\1402000.013\SYMEFA64.SYS [2012-10-04 1133216] S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.2.0.19\Definitions\BASHDefs\20121130.005\BHDrvx64.sys [2012-11-29 1384608] S1 ccSet_NAV;Norton AntiVirus Settings Manager;c:\windows\system32\drivers\NAVx64\1402000.013\ccSetx64.sys [2012-10-04 168096] S1 ccSet_NST;Norton Identity Safe Settings Manager;c:\windows\system32\drivers\NSTx64\7DD02010.021\ccSetx64.sys [2012-08-20 168096] S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.2.0.19\Definitions\IPSDefs\20130103.002\IDSvia64.sys [2012-12-15 513184] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAVx64\1402000.013\Ironx64.SYS [2012-09-07 224416] S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NAVx64\1402000.013\SYMNETS.SYS [2012-09-07 432800] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-09-16 204288] S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-09-15 361984] S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-07-20 249648] S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528] S2 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-02-17 682040] S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168] S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-08-10 197536] S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-03-05 35200] S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-08-29 2424424] S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2012-06-19 394712] S2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;c:\program files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [2012-06-19 777728] S2 NAV;Norton AntiVirus;c:\program files (x86)\Norton AntiVirus\Engine\20.2.0.19\ccSvcHst.exe [2012-10-11 143928] S2 NCO;Norton Identity Safe;c:\program files (x86)\Norton Identity Safe\Engine\2013.2.1.33\ccSvcHst.exe [2012-12-05 143928] S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368] S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136] S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-03-30 114704] S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-07-28 31088] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-09 138912] S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2012-04-12 1860672] S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-08-29 339048] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240] S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2011-08-18 53376] . . Contents of the 'Scheduled Tasks' folder . 2013-01-05 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-18 01:07] . 2013-01-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-29 13:31] . 2013-01-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-29 13:31] . 2012-12-07 c:\windows\Tasks\HPCeeScheduleForAMANDA-HP$.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 11:43] . 2012-12-27 c:\windows\Tasks\HPCeeScheduleForAmanda.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 11:43] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-09-08 1424896] "SetDefault"="c:\program files\Hewlett-Packard\HP LaunchBox\SetDefault.exe" [2011-12-20 44880] . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.254.254 192.168.254.254 . - - - - ORPHANS REMOVED - - - - . WebBrowser-{5495B7A2-8F65-DEE4-A9FF-9BB6409140D4} - (no file) AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe AddRemove-MyPoints Toolbar - c:\program files (x86)\MyPoints Toolbar\Uninst.exe AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\NAV] "ImagePath"="\"c:\program files (x86)\Norton AntiVirus\Engine\20.2.0.19\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files (x86)\Norton AntiVirus\Engine\20.2.0.19\diMaster.dll\" /prefetch:1" -- . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\NCO] "ImagePath"="\"c:\program files (x86)\Norton Identity Safe\Engine\2013.2.1.33\ccSvcHst.exe\" /s \"NCO\" /m \"c:\program files (x86)\Norton Identity Safe\Engine\2013.2.1.33\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-01-04 21:33:59 ComboFix-quarantined-files.txt 2013-01-05 02:33 ComboFix2.txt 2013-01-04 22:01 ComboFix3.txt 2013-01-03 23:44 . Pre-Run: 356,141,101,056 bytes free Post-Run: 356,066,357,248 bytes free . - - End Of File - - 2F321FAFB0A3E56752C7CEB22ADEC3C8
- January 5, 2013
- 38 replies
I have a trojan according to your scan

hotdogdoxie replied to hotdogdoxie's topic in Resolved Malware Removal Logs

The computer is running fine, but Malewarebytes is still picking up the trojan....
- January 4, 2013
- 38 replies
I have a trojan according to your scan

hotdogdoxie replied to hotdogdoxie's topic in Resolved Malware Removal Logs

Here is the report from Combofix. It took an extremely long time to run. I have not rebooted yet but will in a moment and let you know how the computer is running. ComboFix 13-01-03.05 - Amanda 01/04/2013 16:02:11.3.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3563.2019 [GMT -5:00] Running from: c:\users\Amanda\Desktop\ComboFix.exe Command switches used :: c:\users\Amanda\Desktop\CFScript.txt AV: Norton AntiVirus *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} SP: Norton AntiVirus *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Previous Run ------- . c:\windows\wininit.ini . . ((((((((((((((((((((((((( Files Created from 2012-12-04 to 2013-01-04 ))))))))))))))))))))))))))))))) . . 2013-01-04 21:20 . 2013-01-04 21:20 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp 2013-01-04 21:20 . 2013-01-04 21:20 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-01-03 20:14 . 2013-01-03 20:14 -------- d-----w- c:\users\Amanda\AppData\Local\Programs 2012-12-26 05:19 . 2012-12-26 05:19 -------- d-----w- c:\program files\iPod 2012-12-26 05:19 . 2012-12-26 05:20 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69 2012-12-26 05:19 . 2012-12-26 05:20 -------- d-----w- c:\program files\iTunes 2012-12-26 05:19 . 2012-12-26 05:20 -------- d-----w- c:\program files (x86)\iTunes 2012-12-22 05:41 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2012-12-22 05:41 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll 2012-12-22 05:41 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll 2012-12-22 05:41 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll 2012-12-19 13:39 . 2012-12-19 13:39 -------- d-sh--w- c:\windows\system32\%APPDATA% 2012-12-19 02:43 . 2012-12-19 02:43 -------- d-sh--w- c:\windows\SysWow64\%APPDATA% 2012-12-19 02:01 . 2012-12-19 02:40 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2012-12-19 02:01 . 2012-12-19 02:08 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2012-12-18 04:08 . 2013-01-04 18:27 -------- d-----w- c:\windows\system32\drivers\NSTx64 2012-12-18 04:08 . 2012-12-18 04:08 -------- d-----w- c:\program files (x86)\Norton Identity Safe 2012-12-18 04:05 . 2012-12-18 04:07 -------- d-----w- c:\windows\system32\drivers\NAVx64\1402000.013 2012-12-16 23:40 . 2012-12-18 03:42 -------- d-----w- c:\users\Amanda\AppData\Local\NPE 2012-12-16 18:50 . 2012-12-16 18:50 -------- d-----w- c:\users\Amanda\AppData\Roaming\Malwarebytes 2012-12-16 18:50 . 2012-12-16 18:50 -------- d-----w- c:\programdata\Malwarebytes 2012-12-16 18:50 . 2013-01-03 20:15 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-12-16 18:50 . 2012-12-14 21:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-12-16 18:35 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll 2012-12-16 18:35 . 2012-11-09 04:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-12-16 18:35 . 2012-11-02 05:59 478208 ----a-w- c:\windows\system32\dpnet.dll 2012-12-16 18:35 . 2012-11-02 05:11 376832 ----a-w- c:\windows\SysWow64\dpnet.dll 2012-12-16 18:35 . 2012-11-22 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys 2012-12-14 20:25 . 2012-12-14 20:25 -------- d-----w- c:\users\Amanda\AppData\Local\Mozilla 2012-12-08 03:59 . 2012-12-08 03:59 -------- d-----w- c:\users\Amanda\AppData\Roaming\Catalina Marketing Corp 2012-12-08 03:59 . 2012-12-08 04:06 489712 ----a-w- c:\users\Amanda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catalina Marketing Corp\UninstallCouponActivator.exe . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-12-18 04:06 . 2012-07-16 20:20 177312 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS 2012-12-17 00:43 . 2012-08-08 02:39 67413224 ----a-w- c:\windows\system32\MRT.exe 2012-12-12 01:07 . 2012-07-18 15:34 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-12-12 01:07 . 2011-10-26 04:12 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-10-25 08:12 . 2012-10-25 08:12 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx 2012-10-25 08:12 . 2012-10-25 08:12 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts 2012-10-19 23:18 . 2012-10-14 04:46 652160 ----a-w- c:\windows\couponprinter_x64.ocx 2012-10-19 23:18 . 2012-10-14 04:45 440704 ----a-w- c:\windows\CouponPrinter.ocx 2012-10-16 08:38 . 2012-11-28 13:48 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2012-10-16 08:38 . 2012-11-28 13:48 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2012-10-16 07:39 . 2012-11-28 13:48 561664 ----a-w- c:\windows\apppatch\AcLayers.dll 2012-10-09 18:17 . 2012-11-15 00:27 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll 2012-10-09 18:17 . 2012-11-15 00:27 226816 ----a-w- c:\windows\system32\dhcpcore6.dll 2012-10-09 17:40 . 2012-11-15 00:27 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll 2012-10-09 17:40 . 2012-11-15 00:27 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{f3954c17-b785-b6e4-e583-60efe47cb84a}"= "c:\program files (x86)\MyPoints Toolbar\Helper.dll" [2012-09-19 361472] . [HKEY_CLASSES_ROOT\clsid\{f3954c17-b785-b6e4-e583-60efe47cb84a}] [HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1] [HKEY_CLASSES_ROOT\TypeLib\{44B4024E-E741-7714-B513-8750120100CF}] [HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook] . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{948548C2-1801-7A14-F509-7FE523202B1D}] 2012-09-19 13:38 1624576 ----a-w- c:\program files (x86)\MyPoints Toolbar\Toolbar.dll . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{AB4C7833-A6EC-433f-B9FE-6B14B1A2F836}] 2012-12-18 02:16 509416 ----a-r- c:\program files (x86)\Norton Identity Safe\Engine\2013.2.1.33\coieplg.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{5495B7A2-8F65-DEE4-A9FF-9BB6409140D4}"= "c:\program files (x86)\MyPoints Toolbar\Toolbar.dll" [2012-09-19 1624576] "{A13C2648-91D4-4bf3-BC6D-0079707C4389}"= "c:\program files (x86)\Norton Identity Safe\Engine\2013.2.1.33\coIEPlg.dll" [2012-12-18 509416] . [HKEY_CLASSES_ROOT\clsid\{5495b7a2-8f65-dee4-a9ff-9bb6409140d4}] [HKEY_CLASSES_ROOT\FCTB000100757.IEToolbar.1] [HKEY_CLASSES_ROOT\TypeLib\{2F580E29-6056-3844-D9B5-6D363608DD88}] [HKEY_CLASSES_ROOT\FCTB000100757.IEToolbar] . [HKEY_CLASSES_ROOT\clsid\{a13c2648-91d4-4bf3-bc6d-0079707c4389}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-09-15 343168] "HPQuickWebProxy"="c:\program files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [2011-10-08 169528] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960] "HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-03-05 578944] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544] "Conime"="c:\windows\system32\conime.exe" [bU] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "KodakHomeCenter"="c:\program files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe" [2012-06-19 2234840] . c:\users\Amanda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944] R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-08-01 195320] R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2012-06-27 46176] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-07-13 1255736] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2011-06-17 79488] S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2011-06-17 40064] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAVx64\1402000.013\SYMDS64.SYS [2012-10-04 493216] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAVx64\1402000.013\SYMEFA64.SYS [2012-10-04 1133216] S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.2.0.19\Definitions\BASHDefs\20121130.005\BHDrvx64.sys [2012-11-29 1384608] S1 ccSet_NAV;Norton AntiVirus Settings Manager;c:\windows\system32\drivers\NAVx64\1402000.013\ccSetx64.sys [2012-10-04 168096] S1 ccSet_NST;Norton Identity Safe Settings Manager;c:\windows\system32\drivers\NSTx64\7DD02010.021\ccSetx64.sys [2012-08-20 168096] S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.2.0.19\Definitions\IPSDefs\20130103.002\IDSvia64.sys [2012-12-15 513184] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAVx64\1402000.013\Ironx64.SYS [2012-09-07 224416] S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NAVx64\1402000.013\SYMNETS.SYS [2012-09-07 432800] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-09-16 204288] S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-09-15 361984] S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-07-20 249648] S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528] S2 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-02-17 682040] S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168] S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-08-10 197536] S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-03-05 35200] S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-08-29 2424424] S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2012-06-19 394712] S2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;c:\program files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [2012-06-19 777728] S2 NAV;Norton AntiVirus;c:\program files (x86)\Norton AntiVirus\Engine\20.2.0.19\ccSvcHst.exe [2012-10-11 143928] S2 NCO;Norton Identity Safe;c:\program files (x86)\Norton Identity Safe\Engine\2013.2.1.33\ccSvcHst.exe [2012-12-05 143928] S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368] S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136] S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-03-30 114704] S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-07-28 31088] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-09 138912] S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2012-04-12 1860672] S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-08-29 339048] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240] S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2011-08-18 53376] . . Contents of the 'Scheduled Tasks' folder . 2013-01-04 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-18 01:07] . 2013-01-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-29 13:31] . 2013-01-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-29 13:31] . 2012-12-07 c:\windows\Tasks\HPCeeScheduleForAMANDA-HP$.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 11:43] . 2012-12-27 c:\windows\Tasks\HPCeeScheduleForAmanda.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 11:43] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-09-08 1424896] "SetDefault"="c:\program files\Hewlett-Packard\HP LaunchBox\SetDefault.exe" [2011-12-20 44880] . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.254.254 192.168.254.254 . - - - - ORPHANS REMOVED - - - - . WebBrowser-{5495B7A2-8F65-DEE4-A9FF-9BB6409140D4} - (no file) AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe AddRemove-MyPoints Toolbar - c:\program files (x86)\MyPoints Toolbar\Uninst.exe AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\NAV] "ImagePath"="\"c:\program files (x86)\Norton AntiVirus\Engine\20.2.0.19\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files (x86)\Norton AntiVirus\Engine\20.2.0.19\diMaster.dll\" /prefetch:1" -- . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\NCO] "ImagePath"="\"c:\program files (x86)\Norton Identity Safe\Engine\2013.2.1.33\ccSvcHst.exe\" /s \"NCO\" /m \"c:\program files (x86)\Norton Identity Safe\Engine\2013.2.1.33\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-01-04 17:01:38 ComboFix-quarantined-files.txt 2013-01-04 22:01 ComboFix2.txt 2013-01-03 23:44 . Pre-Run: 356,207,222,784 bytes free Post-Run: 356,125,523,968 bytes free . - - End Of File - - 9874A90EC1C9551EEC35902B592EC164
- January 4, 2013
- 38 replies
I have a trojan according to your scan

hotdogdoxie replied to hotdogdoxie's topic in Resolved Malware Removal Logs

Here you are. Upon reboot the file is still infected. Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Database version: v2013.01.03.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Amanda :: AMANDA-HP [administrator] 1/3/2013 6:55:56 PM mbam-log-2013-01-03 (18-55-56).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 210689 Time elapsed: 3 minute(s), 10 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 1 c:\windows\system32\msaunperp.dll (Trojan.Agent) -> Delete on reboot. Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 c:\windows\system32\msaunperp.dll (Trojan.Agent) -> Delete on reboot. (end)
- January 4, 2013
- 38 replies
I have a trojan according to your scan

hotdogdoxie replied to hotdogdoxie's topic in Resolved Malware Removal Logs

Maleware is still picking up the virus. I will post the log when it is done running.
- January 3, 2013
- 38 replies
I have a trojan according to your scan

hotdogdoxie replied to hotdogdoxie's topic in Resolved Malware Removal Logs

Hi Gringo, OK here is the log, I had no problems running it. I am running the malewarebytes program now to see if the infection is gone. ComboFix 13-01-03.05 - Amanda 01/03/2013 18:27:52.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3563.1852 [GMT -5:00] Running from: c:\users\Amanda\Desktop\ComboFix.exe AV: Norton AntiVirus *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} SP: Norton AntiVirus *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\isRS-000.tmp . . ((((((((((((((((((((((((( Files Created from 2012-12-03 to 2013-01-03 ))))))))))))))))))))))))))))))) . . 2013-01-03 23:38 . 2013-01-03 23:38 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-01-03 20:14 . 2013-01-03 20:14 -------- d-----w- c:\users\Amanda\AppData\Local\Programs 2012-12-26 05:19 . 2012-12-26 05:19 -------- d-----w- c:\program files\iPod 2012-12-26 05:19 . 2012-12-26 05:20 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69 2012-12-26 05:19 . 2012-12-26 05:20 -------- d-----w- c:\program files\iTunes 2012-12-26 05:19 . 2012-12-26 05:20 -------- d-----w- c:\program files (x86)\iTunes 2012-12-22 05:41 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2012-12-22 05:41 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll 2012-12-22 05:41 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll 2012-12-22 05:41 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll 2012-12-19 13:39 . 2012-12-19 13:39 -------- d-sh--w- c:\windows\system32\%APPDATA% 2012-12-19 02:43 . 2012-12-19 02:43 -------- d-sh--w- c:\windows\SysWow64\%APPDATA% 2012-12-19 02:01 . 2012-12-19 02:40 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2012-12-19 02:01 . 2012-12-19 02:08 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2012-12-18 04:08 . 2012-12-18 04:08 -------- d-----w- c:\windows\system32\drivers\NSTx64 2012-12-18 04:08 . 2012-12-18 04:08 -------- d-----w- c:\program files (x86)\Norton Identity Safe 2012-12-18 04:05 . 2012-12-18 04:07 -------- d-----w- c:\windows\system32\drivers\NAVx64\1402000.013 2012-12-16 23:40 . 2012-12-18 03:42 -------- d-----w- c:\users\Amanda\AppData\Local\NPE 2012-12-16 18:50 . 2012-12-16 18:50 -------- d-----w- c:\users\Amanda\AppData\Roaming\Malwarebytes 2012-12-16 18:50 . 2012-12-16 18:50 -------- d-----w- c:\programdata\Malwarebytes 2012-12-16 18:50 . 2013-01-03 20:15 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-12-16 18:50 . 2012-12-14 21:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-12-16 18:35 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll 2012-12-16 18:35 . 2012-11-09 04:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-12-16 18:35 . 2012-11-02 05:59 478208 ----a-w- c:\windows\system32\dpnet.dll 2012-12-16 18:35 . 2012-11-02 05:11 376832 ----a-w- c:\windows\SysWow64\dpnet.dll 2012-12-16 18:35 . 2012-11-22 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys 2012-12-14 20:25 . 2012-12-14 20:25 -------- d-----w- c:\users\Amanda\AppData\Local\Mozilla 2012-12-08 03:59 . 2012-12-08 03:59 -------- d-----w- c:\users\Amanda\AppData\Roaming\Catalina Marketing Corp 2012-12-08 03:59 . 2012-12-08 04:06 489712 ----a-w- c:\users\Amanda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catalina Marketing Corp\UninstallCouponActivator.exe . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-12-18 04:06 . 2012-07-16 20:20 177312 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS 2012-12-17 00:43 . 2012-08-08 02:39 67413224 ----a-w- c:\windows\system32\MRT.exe 2012-12-12 01:07 . 2012-07-18 15:34 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-12-12 01:07 . 2011-10-26 04:12 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-10-25 08:12 . 2012-10-25 08:12 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx 2012-10-25 08:12 . 2012-10-25 08:12 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts 2012-10-19 23:18 . 2012-10-14 04:46 652160 ----a-w- c:\windows\couponprinter_x64.ocx 2012-10-19 23:18 . 2012-10-14 04:45 440704 ----a-w- c:\windows\CouponPrinter.ocx 2012-10-16 08:38 . 2012-11-28 13:48 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2012-10-16 08:38 . 2012-11-28 13:48 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2012-10-16 07:39 . 2012-11-28 13:48 561664 ----a-w- c:\windows\apppatch\AcLayers.dll 2012-10-09 18:17 . 2012-11-15 00:27 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll 2012-10-09 18:17 . 2012-11-15 00:27 226816 ----a-w- c:\windows\system32\dhcpcore6.dll 2012-10-09 17:40 . 2012-11-15 00:27 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll 2012-10-09 17:40 . 2012-11-15 00:27 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{f3954c17-b785-b6e4-e583-60efe47cb84a}"= "c:\program files (x86)\MyPoints Toolbar\Helper.dll" [2012-09-19 361472] . [HKEY_CLASSES_ROOT\clsid\{f3954c17-b785-b6e4-e583-60efe47cb84a}] [HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1] [HKEY_CLASSES_ROOT\TypeLib\{44B4024E-E741-7714-B513-8750120100CF}] [HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook] . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{948548C2-1801-7A14-F509-7FE523202B1D}] 2012-09-19 13:38 1624576 ----a-w- c:\program files (x86)\MyPoints Toolbar\Toolbar.dll . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{AB4C7833-A6EC-433f-B9FE-6B14B1A2F836}] 2012-10-18 17:57 498584 ----a-r- c:\program files (x86)\Norton Identity Safe\Engine\2013.2.0.18\CoIEPlg.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{5495B7A2-8F65-DEE4-A9FF-9BB6409140D4}"= "c:\program files (x86)\MyPoints Toolbar\Toolbar.dll" [2012-09-19 1624576] "{A13C2648-91D4-4bf3-BC6D-0079707C4389}"= "c:\program files (x86)\Norton Identity Safe\Engine\2013.2.0.18\coIEPlg.dll" [2012-10-18 498584] . [HKEY_CLASSES_ROOT\clsid\{5495b7a2-8f65-dee4-a9ff-9bb6409140d4}] [HKEY_CLASSES_ROOT\FCTB000100757.IEToolbar.1] [HKEY_CLASSES_ROOT\TypeLib\{2F580E29-6056-3844-D9B5-6D363608DD88}] [HKEY_CLASSES_ROOT\FCTB000100757.IEToolbar] . [HKEY_CLASSES_ROOT\clsid\{a13c2648-91d4-4bf3-bc6d-0079707c4389}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-09-15 343168] "HPQuickWebProxy"="c:\program files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [2011-10-08 169528] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960] "HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-03-05 578944] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "KodakHomeCenter"="c:\program files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe" [2012-06-19 2234840] . c:\users\Amanda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944] R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-08-01 195320] R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2012-06-27 46176] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-07-13 1255736] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2011-06-17 79488] S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2011-06-17 40064] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAVx64\1402000.013\SYMDS64.SYS [2012-10-04 493216] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAVx64\1402000.013\SYMEFA64.SYS [2012-10-04 1133216] S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.2.0.19\Definitions\BASHDefs\20121130.005\BHDrvx64.sys [2012-11-29 1384608] S1 ccSet_NAV;Norton AntiVirus Settings Manager;c:\windows\system32\drivers\NAVx64\1402000.013\ccSetx64.sys [2012-10-04 168096] S1 ccSet_NST;Norton Identity Safe Settings Manager;c:\windows\system32\drivers\NSTx64\7DD02000.012\ccSetx64.sys [2012-10-04 168096] S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.2.0.19\Definitions\IPSDefs\20130102.001\IDSvia64.sys [2012-12-15 513184] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAVx64\1402000.013\Ironx64.SYS [2012-09-07 224416] S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NAVx64\1402000.013\SYMNETS.SYS [2012-09-07 432800] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-09-16 204288] S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-09-15 361984] S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-07-20 249648] S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528] S2 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-02-17 682040] S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168] S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-08-10 197536] S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-03-05 35200] S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-08-29 2424424] S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2012-06-19 394712] S2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;c:\program files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [2012-06-19 777728] S2 NAV;Norton AntiVirus;c:\program files (x86)\Norton AntiVirus\Engine\20.2.0.19\ccSvcHst.exe [2012-10-11 143928] S2 NCO;Norton Identity Safe;c:\program files (x86)\Norton Identity Safe\Engine\2013.2.0.18\ccSvcHst.exe [2012-10-11 143928] S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368] S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136] S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-03-30 114704] S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-07-28 31088] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-09 138912] S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2012-04-12 1860672] S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-08-29 339048] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240] S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2011-08-18 53376] . . Contents of the 'Scheduled Tasks' folder . 2013-01-03 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-18 01:07] . 2013-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-29 13:31] . 2013-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-29 13:31] . 2012-12-07 c:\windows\Tasks\HPCeeScheduleForAMANDA-HP$.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 11:43] . 2012-12-27 c:\windows\Tasks\HPCeeScheduleForAmanda.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 11:43] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-09-08 1424896] "SetDefault"="c:\program files\Hewlett-Packard\HP LaunchBox\SetDefault.exe" [2011-12-20 44880] . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.254.254 192.168.254.254 . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKCU-Run-MobileDocuments - c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe Wow6432Node-HKLM-Run-Conime - c:\windows\system32\conime.exe HKLM_Wow6432Node-ActiveSetup-{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec WebBrowser-{5495B7A2-8F65-DEE4-A9FF-9BB6409140D4} - (no file) HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe AddRemove-MyPoints Toolbar - c:\program files (x86)\MyPoints Toolbar\Uninst.exe AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\NAV] "ImagePath"="\"c:\program files (x86)\Norton AntiVirus\Engine\20.2.0.19\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files (x86)\Norton AntiVirus\Engine\20.2.0.19\diMaster.dll\" /prefetch:1" -- . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\NCO] "ImagePath"="\"c:\program files (x86)\Norton Identity Safe\Engine\2013.2.0.18\ccSvcHst.exe\" /s \"NCO\" /m \"c:\program files (x86)\Norton Identity Safe\Engine\2013.2.0.18\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-01-03 18:44:18 ComboFix-quarantined-files.txt 2013-01-03 23:44 . Pre-Run: 356,616,937,472 bytes free Post-Run: 356,819,529,728 bytes free . - - End Of File - - 2FF381D30D478CE644EEB2B07D3D4872
- January 3, 2013
- 38 replies
I have a trojan according to your scan

hotdogdoxie replied to hotdogdoxie's topic in Resolved Malware Removal Logs

I turned off Norton. Here is the report RogueKiller V8.4.2 [Dec 31 2012] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Amanda [Admin rights] Mode : Remove -- Date : 01/03/2013 14:21:12 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 3 ¤¤¤ [TASK][sUSP PATH] RunAsStdUser Task : "C:\Users\Amanda\AppData\Local\vidshakeSA\bin\1.0.8.0\VidShakeSA.exe" -> DELETED [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0) [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 www.100sexlinks.com 127.0.0.1 100sexlinks.com [...] ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST500LM0 12 HN-M500MBB SATA Disk Device +++++ --- User --- [MBR] dcff82cb65881dd3f79d0cf723053517 [bSP] 4d418d3c667ba0ecd9b5e11daf380f57 : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 451354 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 924782592 | Size: 21322 Mo 3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 968450048 | Size: 4063 Mo User = LL1 ... OK! User != LL2 ... KO! --- LL2 --- [MBR] 15253e84d3099f1e7c11d78750ef9d71 [bSP] 4d418d3c667ba0ecd9b5e11daf380f57 : Windows 7/8 MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 77824 Mo 1 - [XXXXXX] FAT16 (0x06) [VISIBLE] Offset (sectors): 159793152 | Size: 4000 Mo 2 - [ACTIVE] FAT16 (0x06) [VISIBLE] Offset (sectors): 167985152 | Size: 2000 Mo 3 - [XXXXXX] FAT16 (0x06) [VISIBLE] Offset (sectors): 172081152 | Size: 25000 Mo Finished : << RKreport[2]_D_01032013_02d1421.txt >> RKreport[1]_S_01032013_02d1420.txt ; RKreport[2]_D_01032013_02d1421.txt
- January 3, 2013
- 38 replies
I have a trojan according to your scan

hotdogdoxie replied to hotdogdoxie's topic in Resolved Malware Removal Logs

Norton will not allow RogueKiller to be downloaded on my computer....
- January 3, 2013
- 38 replies
I have a trojan according to your scan

hotdogdoxie replied to hotdogdoxie's topic in Resolved Malware Removal Logs

Here is the AdwCleaner report: # AdwCleaner v2.104 - Logfile created 01/03/2013 at 13:29:04 # Updated 29/12/2012 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : Amanda - AMANDA-HP # Boot Mode : Normal # Running from : C:\Users\Amanda\Downloads\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** File Deleted : C:\Users\Amanda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk File Deleted : C:\Users\Amanda\Desktop\iLivid.lnk Folder Deleted : C:\Program Files (x86)\Inbox Toolbar Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inbox Toolbar Folder Deleted : C:\ProgramData\Tarma Installer Folder Deleted : C:\Users\Amanda\AppData\Local\Ilivid Folder Deleted : C:\Users\Amanda\AppData\LocalLow\Inbox Toolbar ***** [Registry] ***** Key Deleted : HKCU\Software\AppDataLow\Software\Freecause Key Deleted : HKCU\Software\ilivid Key Deleted : HKCU\Software\Inbox Toolbar Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D3D233D5-9F6D-436C-B6C7-E63F77503B30} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{042DA63B-0933-403D-9395-B49307691690} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D3D233D5-9F6D-436C-B6C7-E63F77503B30} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0} Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100757.FCTB000100757Pos Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100757.FCTB000100757Pos.1 Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100757.IEToolbar Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100757.IEToolbar.1 Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100757.JSOptionsImpl Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100757.JSOptionsImpl.1 Key Deleted : HKLM\SOFTWARE\Classes\FreeCauseURLSearchHook.FCToolbarURLSearchHook Key Deleted : HKLM\SOFTWARE\Classes\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1 Key Deleted : HKLM\SOFTWARE\Classes\Inbox.AppServer Key Deleted : HKLM\SOFTWARE\Classes\Inbox.IBX404 Key Deleted : HKLM\SOFTWARE\Classes\Inbox.JSServer Key Deleted : HKLM\SOFTWARE\Classes\Inbox.Toolbar Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\inbox Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{615E8AA1-6BB8-4A3D-A1CC-373194DB612C} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CBEF8724-D080-4737-88DA-111EEC6651AA} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967} Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1 Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1 Key Deleted : HKLM\Software\Inbox Toolbar Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{042DA63B-0933-403D-9395-B49307691690} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{37540F19-DD4C-478B-B2DF-C19281BCAF27} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{612AD33D-9824-4E87-8396-92374E91C4BB} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D3D233D5-9F6D-436C-B6C7-E63F77503B30} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{28C3737A-32D1-492D-B76B-8D75EBBFB887} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{CE057E0D-2D7E-4DFF-A890-07BA69B8C762} Key Deleted : HKLM\SOFTWARE\Wow6432Node\FCTB000100757 Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{612AD33D-9824-4E87-8396-92374E91C4BB} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D3D233D5-9F6D-436C-B6C7-E63F77503B30} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{612AD33D-9824-4E87-8396-92374E91C4BB}_is1 Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ilivid Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{28C3737A-32D1-492D-B76B-8D75EBBFB887} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CE057E0D-2D7E-4DFF-A890-07BA69B8C762} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{612AD33D-9824-4E87-8396-92374E91C4BB} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B} Key Deleted : HKLM\SOFTWARE\Tarma Installer Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [inboxToolbar] Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}] ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16457 [OK] Registry is clean. -\\ Mozilla Firefox v [unable to get version] -\\ Google Chrome v23.0.1271.97 File : C:\Users\Amanda\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[s1].txt - [7500 octets] - [03/01/2013 13:29:04] ########## EOF - C:\AdwCleaner[s1].txt - [7560 octets] ##########
- January 3, 2013
- 38 replies
I have a trojan according to your scan

hotdogdoxie replied to hotdogdoxie's topic in Resolved Malware Removal Logs

OK here is the first report Security Check: Results of screen317's Security Check version 0.99.56 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Norton AntiVirus WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` MVPS Hosts File Spybot - Search & Destroy Malwarebytes Anti-Malware version 1.65.1.1000 Adobe Reader 10.1.4 Adobe Reader out of Date! Google Chrome 21.0.1180.83 Google Chrome 21.0.1180.89 Google Chrome 22.0.1229.79 Google Chrome 22.0.1229.92 Google Chrome 22.0.1229.94 Google Chrome 23.0.1271.64 Google Chrome 23.0.1271.91 Google Chrome 23.0.1271.95 Google Chrome 23.0.1271.97 Google Chrome plugins... ````````Process Check: objlist.exe by Laurent```````` Norton ccSvcHst.exe Norton AntiVirus Engine 20.2.0.19 ccSvcHst.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log``````````````````````
- January 3, 2013
- 38 replies
I have a trojan according to your scan

hotdogdoxie posted a topic in Resolved Malware Removal Logs

Please help - I was having issues with facebook loading and it was suggested that I download your program, which I did. It found a trojan file and memory module both under system32 named msaunperp.dll. I can not get rid of this thing. I've had it for a month and I'm afraid to use my computer to do banking that I NEED to get done. Please help me. Norton does not recognize the problem.... DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16457 Run by Amanda at 12:34:12 on 2013-01-03 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3563.1924 [GMT -5:00] . AV: Norton AntiVirus *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Norton AntiVirus *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch c:\windows\SysWOW64\XTSYNX~1.EXE C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files\IDT\WDM\STacSV64.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\atieclxx.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\Explorer.EXE C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe c:\program files (x86)\lkqfpgavsontis\xtsynxoi.exe c:\program files (x86)\lkqfpgavsontis\xtsynxoi.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\IDT\WDM\sttray64.exe C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe C:\Program Files (x86)\Inbox Toolbar\Inbox.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe C:\Program Files (x86)\Norton AntiVirus\Engine\20.2.0.19\ccSvcHst.exe C:\Program Files (x86)\Norton Identity Safe\Engine\2013.2.0.18\ccSvcHst.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\Norton Identity Safe\Engine\2013.2.0.18\ccSvcHst.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\Norton AntiVirus\Engine\20.2.0.19\ccSvcHst.exe c:\windows\system32\xtsynxoi.exe C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe C:\Program Files (x86)\Internet Explorer\IELowutil.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uURLSearchHooks: <No Name>: - LocalServer32 - <no file> uURLSearchHooks: FCToolbarURLSearchHook Class: {f3954c17-b785-b6e4-e583-60efe47cb84a} - C:\Program Files (x86)\MyPoints Toolbar\Helper.dll mWinlogon: Userinit = userinit.exe, BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\20.2.0.19\IPS\IPSBHO.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: MyPoints Toolbar BHO: {948548C2-1801-7A14-F509-7FE523202B1D} - C:\Program Files (x86)\MyPoints Toolbar\Toolbar.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Norton Identity Protection: {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files (x86)\Norton Identity Safe\Engine\2013.2.0.18\CoIEPlg.dll BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - BHO: Inbox Toolbar: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll BHO: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - TB: MyPoints Toolbar: {5495B7A2-8F65-DEE4-A9FF-9BB6409140D4} - C:\Program Files (x86)\MyPoints Toolbar\Toolbar.dll TB: &Inbox Toolbar: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll TB: MyPoints Toolbar: {5495B7A2-8F65-DEE4-A9FF-9BB6409140D4} - C:\Program Files (x86)\MyPoints Toolbar\Toolbar.dll TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB: &Inbox Toolbar: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll TB: Norton Identity Safe Toolbar: {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2013.2.0.18\CoIEPlg.dll uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe mRun: [Conime] C:\Windows\System32\conime.exe mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [inboxToolbar] "C:\Program Files (x86)\Inbox Toolbar\Inbox.exe" /STARTUP mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" dRunOnce: [KodakHomeCenter] "C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe" StartupFolder: C:\Users\Amanda\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll . INFO: HKCU has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . . INFO: HKLM has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . TCP: NameServer = 192.168.254.254 192.168.254.254 TCP: Interfaces\{25C608CA-97E2-41A3-A9BD-4324223AE2C5} : DHCPNameServer = 192.168.254.254 192.168.254.254 TCP: Interfaces\{25C608CA-97E2-41A3-A9BD-4324223AE2C5}\131364850313236313233313 : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{25C608CA-97E2-41A3-A9BD-4324223AE2C5}\E416E63697023416C6467756C6C6 : DHCPNameServer = 192.168.2.1 Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> mASetup: {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec /fu {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} /qn x64-BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe x64-Run: [setDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe . INFO: x64-HKLM has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . x64-Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll x64-Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll x64-Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - <orphaned> x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-SSODL: WebCheck - <orphaned> x64-mASetup: {6032497A-4479-462B-ADB8-A0A372BB9A23} - msiexec /fu {6032497A-4479-462B-ADB8-A0A372BB9A23} /qn Hosts: 127.0.0.1 www.spywareinfo.com . ============= SERVICES / DRIVERS =============== . R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2011-6-17 79488] R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2011-6-17 40064] R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NAVx64\1402000.013\SymDS64.sys [2012-12-17 493216] R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NAVx64\1402000.013\SymEFA64.sys [2012-12-17 1133216] R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.2.0.19\Definitions\BASHDefs\20121130.005\BHDrvx64.sys [2012-11-29 1384608] R1 ccSet_NAV;Norton AntiVirus Settings Manager;C:\Windows\System32\drivers\NAVx64\1402000.013\ccSetx64.sys [2012-12-17 168096] R1 ccSet_NST;Norton Identity Safe Settings Manager;C:\Windows\System32\drivers\NSTx64\7DD02000.012\ccSetx64.sys [2012-12-17 168096] R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.2.0.19\Definitions\IPSDefs\20130102.001\IDSviA64.sys [2013-1-3 513184] R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NAVx64\1402000.013\Ironx64.sys [2012-12-17 224416] R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NAVx64\1402000.013\symnets.sys [2012-12-17 432800] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-9-16 204288] R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-9-15 361984] R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-7-20 249648] R2 ehffigzyvkiukf;ehffigzyvkiukf;C:\Windows\SysWOW64\XTSYNX~1.EXE [2010-12-15 98304] R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528] R2 HPAuto;HP Auto;C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-2-17 682040] R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168] R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-8-10 197536] R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-3-5 35200] R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-4-27 2424424] R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2012-6-18 394712] R2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [2012-6-19 777728] R2 NAV;Norton AntiVirus;C:\Program Files (x86)\Norton AntiVirus\Engine\20.2.0.19\ccSvcHst.exe [2012-12-17 143928] R2 NCO;Norton Identity Safe;C:\Program Files (x86)\Norton Identity Safe\Engine\2013.2.0.18\ccSvcHst.exe [2012-12-17 143928] R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-12-18 1153368] R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2012-4-27 46136] R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2011-3-30 114704] R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-7-28 31088] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-8-9 138912] R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2012-4-27 1860672] R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2012-4-27 339048] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-4-27 539240] R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2012-4-27 53376] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944] S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-8-1 195320] S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864] S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312] S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-7-13 1255736] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2013-01-03 15:30:52 -------- d-----w- C:\Users\Amanda\AppData\Local\{0B3C4691-7479-43CC-BC91-D14B3BB07D51} 2013-01-02 15:30:06 -------- d-----w- C:\Users\Amanda\AppData\Local\{562C84FC-9C6A-43F8-A97B-890321B5AFD4} 2013-01-02 02:57:17 -------- d-----w- C:\Users\Amanda\AppData\Local\{FE4F8D2B-9D0B-45B9-964C-2DEE5D8ABFEF} 2013-01-01 14:56:51 -------- d-----w- C:\Users\Amanda\AppData\Local\{17B04F02-5D7F-4898-B325-31601408E41F} 2012-12-31 14:55:47 -------- d-----w- C:\Users\Amanda\AppData\Local\{CA17C3DA-AD6C-49BA-A11C-097B33F46C74} 2012-12-31 01:12:44 -------- d-----w- C:\Users\Amanda\AppData\Local\{0676AFF4-2FCE-4D70-B7CF-17267F090A68} 2012-12-30 13:00:47 -------- d-----w- C:\Users\Amanda\AppData\Local\{028DC895-9265-4812-8009-73E1BCF11DA2} 2012-12-29 18:01:31 -------- d-----w- C:\Users\Amanda\AppData\Local\{F9329E83-1C63-4F35-8D9C-6FC0C01A0985} 2012-12-28 17:59:50 -------- d-----w- C:\Users\Amanda\AppData\Local\{A5FDCD53-7FD7-43EF-988E-04148CBA0E21} 2012-12-28 05:59:09 -------- d-----w- C:\Users\Amanda\AppData\Local\{D866A0BC-817B-4A94-9DD7-11209606F6C4} 2012-12-27 16:44:06 -------- d-----w- C:\Users\Amanda\AppData\Local\{BDCCDB9E-FD81-4945-A5D8-419C31609930} 2012-12-26 15:54:47 -------- d-----w- C:\Users\Amanda\AppData\Local\{38DA240D-4F40-4287-8157-45762154365D} 2012-12-26 05:19:57 -------- d-----w- C:\Program Files\iPod 2012-12-26 05:19:56 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2012-12-26 05:19:56 -------- d-----w- C:\Program Files\iTunes 2012-12-26 05:19:56 -------- d-----w- C:\Program Files (x86)\iTunes 2012-12-26 03:30:16 -------- d-----w- C:\Users\Amanda\AppData\Local\{4E80C674-C6A5-4C48-BF62-006826A952C5} 2012-12-25 15:29:23 -------- d-----w- C:\Users\Amanda\AppData\Local\{168F42E3-E27C-417F-9F7F-C9FEA5587BF6} 2012-12-24 22:28:12 -------- d-----w- C:\Users\Amanda\AppData\Local\{7E988694-DF50-4046-85EA-01131A22961E} 2012-12-24 06:00:57 -------- d-----w- C:\Users\Amanda\AppData\Local\{97C4357F-859A-4CE8-B9CD-56A3D2F28476} 2012-12-23 18:00:11 -------- d-----w- C:\Users\Amanda\AppData\Local\{B1B36702-05C4-4226-A961-C24573A4E5FD} 2012-12-22 14:21:42 -------- d-----w- C:\Users\Amanda\AppData\Local\{95E19CEA-8A23-40A0-8181-061A84237CA2} 2012-12-22 05:41:23 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll 2012-12-22 05:41:22 46080 ----a-w- C:\Windows\System32\atmlib.dll 2012-12-22 05:41:22 367616 ----a-w- C:\Windows\System32\atmfd.dll 2012-12-22 05:41:22 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll 2012-12-21 13:36:10 -------- d-----w- C:\Users\Amanda\AppData\Local\{7D6FE86F-5C49-410A-B350-0A69CF05DA22} 2012-12-20 13:35:32 -------- d-----w- C:\Users\Amanda\AppData\Local\{86F38EDB-F76D-40F6-9919-75BDDA3D8526} 2012-12-19 18:49:29 -------- d-----w- C:\Users\Amanda\AppData\Local\{0AFD5A01-1F20-4C36-90C8-A87B75593C92} 2012-12-19 13:39:21 -------- d-sh--w- C:\Windows\System32\%APPDATA% 2012-12-19 04:50:16 -------- d-----w- C:\Users\Amanda\AppData\Local\{8D875933-9820-46D4-8F85-C90704C543E2} 2012-12-19 02:43:37 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA% 2012-12-19 02:01:41 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy 2012-12-19 02:01:41 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2012-12-18 13:53:06 -------- d-----w- C:\Users\Amanda\AppData\Local\{8FA09FCC-5E90-4E61-A38A-20B70C647FEE} 2012-12-18 04:08:16 168096 ----a-r- C:\Windows\System32\drivers\NSTx64\7DD02000.012\ccSetx64.sys 2012-12-18 04:08:12 -------- d-----w- C:\Windows\System32\drivers\NSTx64\7DD02000.012 2012-12-18 04:08:12 -------- d-----w- C:\Windows\System32\drivers\NSTx64 2012-12-18 04:08:11 -------- d-----w- C:\Program Files (x86)\Norton Identity Safe 2012-12-18 04:05:43 776864 ----a-r- C:\Windows\System32\drivers\NAVx64\1402000.013\srtsp64.sys 2012-12-18 04:05:43 493216 ----a-r- C:\Windows\System32\drivers\NAVx64\1402000.013\SymDS64.sys 2012-12-18 04:05:43 432800 ----a-r- C:\Windows\System32\drivers\NAVx64\1402000.013\symnets.sys 2012-12-18 04:05:43 37496 ----a-r- C:\Windows\System32\drivers\NAVx64\1402000.013\srtspx64.sys 2012-12-18 04:05:43 23448 ----a-r- C:\Windows\System32\drivers\NAVx64\1402000.013\SymELAM.sys 2012-12-18 04:05:43 224416 ----a-r- C:\Windows\System32\drivers\NAVx64\1402000.013\Ironx64.sys 2012-12-18 04:05:43 168096 ----a-r- C:\Windows\System32\drivers\NAVx64\1402000.013\ccSetx64.sys 2012-12-18 04:05:43 1133216 ----a-r- C:\Windows\System32\drivers\NAVx64\1402000.013\SymEFA64.sys 2012-12-18 04:05:32 -------- d-----w- C:\Windows\System32\drivers\NAVx64\1402000.013 2012-12-18 01:52:42 -------- d-----w- C:\Users\Amanda\AppData\Local\{A37FE5F4-8EFB-4521-83EA-C02F83F71444} 2012-12-17 13:52:17 -------- d-----w- C:\Users\Amanda\AppData\Local\{BBAE4CDC-06E9-4030-BE0B-955925A030B6} 2012-12-16 23:40:07 -------- d-----w- C:\Users\Amanda\AppData\Local\NPE 2012-12-16 18:50:22 -------- d-----w- C:\Users\Amanda\AppData\Roaming\Malwarebytes 2012-12-16 18:50:08 -------- d-----w- C:\ProgramData\Malwarebytes 2012-12-16 18:50:07 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-12-16 18:50:07 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-12-16 18:35:45 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2012-12-16 18:35:45 2048 ----a-w- C:\Windows\System32\tzres.dll 2012-12-16 18:35:30 478208 ----a-w- C:\Windows\System32\dpnet.dll 2012-12-16 18:35:30 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll 2012-12-16 18:35:26 3149824 ----a-w- C:\Windows\System32\win32k.sys 2012-12-16 18:22:38 -------- d-----w- C:\Users\Amanda\AppData\Local\{EDFCD47E-FE5F-4BCC-A69B-E84E685321E5} 2012-12-16 14:43:05 -------- d-----w- C:\Users\Amanda\AppData\Local\{DBAC9BD4-B5BA-44E5-9CE9-2B3B3AE8F994} 2012-12-16 00:57:46 -------- d-----w- C:\Users\Amanda\AppData\Local\{4E1515CE-C589-49BE-991F-4FA0E0335881} 2012-12-15 12:57:21 -------- d-----w- C:\Users\Amanda\AppData\Local\{7BBE2769-804B-42B6-9BC2-7B02B3088607} 2012-12-15 00:48:54 -------- d-----w- C:\Users\Amanda\AppData\Local\{A9068C5C-729A-4FF6-8F8A-F1F8D38094C6} 2012-12-14 20:25:03 -------- d-----w- C:\Users\Amanda\AppData\Local\Mozilla 2012-12-14 20:24:51 115168 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe 2012-12-14 12:48:29 -------- d-----w- C:\Users\Amanda\AppData\Local\{8A306D11-597E-44C4-AF63-A8C76A005A8E} 2012-12-13 12:42:30 -------- d-----w- C:\Users\Amanda\AppData\Local\{3EEEBA01-F231-425A-87A8-5D7061AFF811} 2012-12-12 16:54:41 -------- d-----w- C:\Users\Amanda\AppData\Local\{ED58D4E2-F8E5-4C78-9561-458ADB2D68AC} 2012-12-11 16:54:02 -------- d-----w- C:\Users\Amanda\AppData\Local\{53E8F4DC-22CA-4D48-A932-06D39D15C5DA} 2012-12-10 15:34:03 -------- d-----w- C:\Users\Amanda\AppData\Local\{382D13DF-FFCF-40FC-9703-C9FF6BF39EC6} 2012-12-10 03:31:14 -------- d-----w- C:\Users\Amanda\AppData\Local\{340640E5-187B-43C4-9A2B-14EA6AA6CD6B} 2012-12-09 15:02:50 -------- d-----w- C:\Users\Amanda\AppData\Local\{74E5F787-1CAF-4CF0-949C-E884AFD885C3} 2012-12-09 00:59:19 -------- d-----w- C:\Users\Amanda\AppData\Local\{86ECEFAC-2CA6-42CF-9D32-FAECF48E5A48} 2012-12-08 12:58:54 -------- d-----w- C:\Users\Amanda\AppData\Local\{A0B7AB4D-CB9F-4EF1-835F-A3A10FA16CB2} 2012-12-08 03:59:47 -------- d-----w- C:\Users\Amanda\AppData\Roaming\Catalina Marketing Corp 2012-12-08 03:59:23 489712 ----a-w- C:\Users\Amanda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catalina Marketing Corp\UninstallCouponActivator.exe 2012-12-07 20:55:23 -------- d-----w- C:\Users\Amanda\AppData\Local\{FD78CE44-6F46-44E9-987A-A676FE7A2777} 2012-12-07 01:51:02 -------- d-----w- C:\Users\Amanda\AppData\Local\{9B63041F-CFC9-4E55-B853-D4540512DD5B} 2012-12-06 13:50:51 -------- d-----w- C:\Users\Amanda\AppData\Local\{3D3848E6-F15A-427D-BB25-8DE7151F1E5E} 2012-12-06 01:50:27 -------- d-----w- C:\Users\Amanda\AppData\Local\{D947B6F8-9AAA-4A69-98EE-DC97B22A4220} 2012-12-05 13:50:03 -------- d-----w- C:\Users\Amanda\AppData\Local\{4A69A5FC-133B-414B-A7A5-B930FD0BD3CA} 2012-12-05 01:47:38 -------- d-----w- C:\Users\Amanda\AppData\Local\{03A06E3C-2424-4D90-9962-5E53334DA229} . ==================== Find3M ==================== . 2012-12-18 04:06:00 177312 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS 2012-12-12 01:07:51 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-12-12 01:07:51 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll 2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll 2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-10-25 08:12:26 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx 2012-10-25 08:12:26 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts 2012-10-19 23:18:22 652160 ----a-w- C:\Windows\couponprinter_x64.ocx 2012-10-19 23:18:02 440704 ----a-w- C:\Windows\CouponPrinter.ocx 2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll 2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll 2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll 2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll 2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll 2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll 2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll . ============= FINISH: 12:35:13.91 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 7/10/2012 12:42:17 PM System Uptime: 1/3/2013 9:21:47 AM (3 hours ago) . Motherboard: Hewlett-Packard | | 169B Processor: AMD A6-3420M APU with Radeon HD Graphics | Socket FS1 | 1500/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 441 GiB total, 332.185 GiB free. D: is FIXED (NTFS) - 21 GiB total, 2.247 GiB free. E: is FIXED (FAT32) - 4 GiB total, 1.078 GiB free. F: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . No restore point in system. . ==== Installed Programs ====================== . Adobe Digital Editions Adobe Flash Player 11 ActiveX Adobe Reader X (10.1.4) MUI Adobe Shockwave Player 11.6 aioscnnr Alabama Smith in the Quest of Fate Alexandra Fortune - Mystery of the Lunar Archipelago AMD APP SDK Runtime AMD Catalyst Install Manager AMD Fuel AMD Media Foundation Decoders AMD Steady Video Plug-In AMD VISION Engine Control Center Apple Application Support Apple Mobile Device Support Apple Software Update Bejeweled 3 Bing Bar Blackhawk Striker 2 Blio Bonjour C4USelfUpdater Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-utility64 CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish center Chuzzle Deluxe Clockwork Man 2 (remove only) Coupon Printer for Windows Cradle of Rome 2 CyberLink YouCam D3DX10 Dora's World Adventure essentials ESU for Microsoft Windows 7 SP1 Evernote v. 4.2.3 Farm Frenzy Farmscapes FATE Final Drive Fury Gimp 2.6.11 Google Chrome Google Toolbar for Internet Explorer Google Update Helper Hewlett-Packard ACLM.NET v1.2.1.1 Hoyle Card Games HP Application Assistant HP Auto HP Client Services HP Customer Experience Enhancements HP Documentation HP Games HP Launch Box HP MovieStore HP On Screen Display HP Power Manager HP Quick Launch HP QuickWeb HP Recovery Manager HP Security Assistant HP Setup HP Setup Manager HP Software Framework HP Support Assistant iCloud IDT Audio iLivid Inbox Toolbar iTunes Jewel Match 3 Jewel Quest Mysteries: The Seventh Gate Collector's Edition John Deere Drive Green Junk Mail filter update Kodak AIO Printer KODAK AiO Software Letters from Nowhere 2 Luxor HD Mah Jong Medley Malwarebytes Anti-Malware version 1.65.1.1000 Mesh Runtime Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office 2010 Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office Home and Student 2007 Microsoft Office Office 64-bit Components 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Shared 64-bit MUI (English) 2007 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Microsoft WSE 3.0 Runtime Mortimer Beckett and the Lost King Collectors Edition(remove only) Mortimer Beckett and the Secrets of Spooky Manor Mortimer Beckett and the Time Paradox MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MyPoints Toolbar Norton AntiVirus Norton Identity Safe ocr opensource Peggle Deluxe 1.0 Penguins! Plants vs. Zombies - Game of the Year PlayReady PC Runtime x86 Poker Superstars III Polar Bowler Polar Golfer PreReq QuickTime Ralink RT5390 802.11b/g/n WiFi Adapter Realtek Ethernet Controller Driver Realtek PCIE Card Reader RollerCoaster Tycoon 3: Platinum Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition Skype™ 5.10 Sprill and Ritchie - Adventures In Time Spybot - Search & Destroy swMSM Synaptics TouchPad Driver The Treasures of Mystery Island: The Ghost Ship Torchlight Treasure Masters, Inc. Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) Update Installer for WildTangent Games App Virtual Villagers 4 - The Tree of Life WildTangent Games App (HP Games) Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Yahoo! Messenger Yahoo! Software Update Yahoo! Toolbar Yontoo 1.10.02 Zuma's Revenge . ==== Event Viewer Messages From Past Week ======== . 12/28/2012 5:33:37 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPAuto service. 12/28/2012 12:58:56 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "109" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69} 12/28/2012 12:58:55 AM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The pipe has been ended. 12/28/2012 12:25:04 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service. 1/3/2013 9:27:39 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} and APPID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user Amanda-HP\Amanda SID (S-1-5-21-2424382445-1395676361-3193568451-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. 1/3/2013 8:48:58 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. 1/3/2013 10:14:34 AM, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 107. 1/3/2013 10:14:34 AM, Error: Schannel [36874] - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed. 1/1/2013 4:33:21 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPWMISVC service. . ==== End Of File ===========================
- January 3, 2013
- 38 replies

Events

Profiles

Forums

Everything posted by hotdogdoxie

Important Information