Jump to content

shnncof

Members
  • Posts

    20
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Okay I uninstalled Combofix and everything seems to be working ok thus far with no other problems or issues to speak of. May I ask exactly what the type of infection I had on my system does, like steal passwords or....? Just curious as now I am weary of actually using my computer for many of the things in which I used it for prior. THANK YOU for all of your help and hopefully this has all been resolved
  2. Quick Scan MBAM log: Malwarebytes Anti-Malware (Trial) 1.75.0.1300 www.malwarebytes.org Database version: v2013.06.27.09 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16618 Shannon Shoemake :: SHANNONSHOEMAKE [administrator] Protection: Disabled 6/27/2013 4:32:46 PM mbam-log-2013-06-27 (16-32-46).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 212990 Time elapsed: 5 minute(s), 39 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Computer seems to running better, I have had no more website redirects or blue screens so far.
  3. DDS Log: DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16611 BrowserJavaVersion: 1.6.0_33 Run by Shannon Shoemake at 14:57:41 on 2013-06-27 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1978.920 [GMT -7:00] . AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\WLANExt.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Launch Manager\dsiwmis.exe C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Workspace\offSyncService.exe C:\Program Files (x86)\Acer\Registration\GREGsvc.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Acer\Acer Updater\UpdaterService.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\taskhost.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\System32\spool\drivers\x64\3\E_YATIHWA.EXE C:\Windows\System32\StikyNot.exe C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uURLSearchHooks: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - <orphaned> BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - <orphaned> BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll uRun: [EPLTarget\P0000000000000000] C:\Windows\System32\spool\DRIVERS\x64\3\E_YATIHWA.EXE /EPT "EPLTarget\P0000000000000000" /M "WorkForce 545" uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe" mRun: [FUFAXRCV] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe" mRun: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" StartupFolder: C:\Users\SHANNO~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE uPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: NoDrives = dword:0 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: Add to AMV/AVI Video Converter... - C:\Program Files (x86)\Media Player Utilities 4.41\AMVConverter\grab.html IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} TCP: NameServer = 10.0.0.1 TCP: Interfaces\{08A8225A-D7F4-4C61-BFC7-0DE84F4ABFE3} : DHCPNameServer = 10.0.0.1 Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - <orphaned> Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - <orphaned> Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - <orphaned> x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - <orphaned> x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Notify: igfxcui - igfxdev.dll x64-SSODL: WebCheck - <orphaned> . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Shannon Shoemake\AppData\Roaming\Mozilla\Firefox\Profiles\f81vlw0g.default-1372310567857\ FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Users\Shannon Shoemake\AppData\Roaming\Mozilla\Plugins\npoff.dll FF - plugin: C:\Users\Shannon Shoemake\AppData\Roaming\Mozilla\plugins\npoff.dll FF - plugin: C:\Users\Shannon Shoemake\AppData\Roaming\Mozilla\plugins\npoff64.dll FF - plugin: C:\Users\Shannon Shoemake\AppData\Roaming\Mozilla\Plugins\npoff64.dll FF - plugin: C:\Users\Shannon Shoemake\AppData\Roaming\Mozilla\Plugins\npwbe.dll FF - plugin: C:\Users\Shannon Shoemake\AppData\Roaming\Mozilla\plugins\npwbe.dll FF - plugin: C:\Users\Shannon Shoemake\AppData\Roaming\Mozilla\plugins\npwbe64.dll FF - plugin: C:\Users\Shannon Shoemake\AppData\Roaming\Mozilla\Plugins\npwbe64.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll . ============= SERVICES / DRIVERS =============== . R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320] R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\drivers\mwlPSDFilter.sys [2009-6-2 22576] R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\drivers\mwlPSDNserv.sys [2009-6-2 20016] R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\drivers\mwlPSDVDisk.sys [2009-6-2 60464] R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-5-14 759048] R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-4-26 325200] R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2010-7-13 865824] R2 EPSON_PM_RPCV4_05;EPSON V3 Service4(05);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE [2013-1-7 136576] R2 EpsonCustomerParticipation;EpsonCustomerParticipation;C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [2011-6-9 555392] R2 File Backup;File Backup Service;C:\Program Files (x86)\Workspace\offSyncService.exe [2012-2-21 1175336] R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2010-1-8 23584] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-4-26 13336] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-5-20 418376] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-5-20 701512] R2 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-2-1 305520] R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-3-8 250368] R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-11-5 144640] R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2010-4-26 243232] R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2010-4-26 75304] R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-5-20 25928] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-6-27 48488] S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840] S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 130008] S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360] S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-11-5 50432] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-26 19456] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-4-26 225280] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-26 57856] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-11-17 1255736] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2013-06-27 20:43:34 9552976 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E2A4130C-8671-44CB-94FA-E27723236083}\mpengine.dll 2013-06-27 19:09:40 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{44E436AE-472D-4042-95C5-866E19B410DE}\offreg.dll 2013-06-26 23:55:27 -------- dc----w- C:\Users\Shannon Shoemake\AppData\Local\ElevatedDiagnostics 2013-06-25 05:51:18 9552976 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-06-25 01:04:51 98816 -c--a-w- C:\Windows\sed.exe 2013-06-25 01:04:51 256000 -c--a-w- C:\Windows\PEV.exe 2013-06-25 01:04:51 208896 -c--a-w- C:\Windows\MBR.exe 2013-06-24 22:26:48 -------- dc----w- C:\Program Files (x86)\ESET 2013-06-24 21:53:51 -------- dc----w- C:\Windows\ERUNT 2013-06-24 21:53:31 -------- dc----w- C:\JRT 2013-06-20 22:52:58 964552 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{340195E5-29FF-4E58-97DF-3A60D705FB22}\gapaengine.dll 2013-06-17 19:57:08 71048 -c--a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-06-17 19:57:08 692104 -c--a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-06-16 23:56:31 -------- dc----w- C:\Users\Shannon Shoemake\AppData\Roaming\WildTangent 2013-06-16 22:26:53 -------- dc----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2013-06-16 18:44:56 -------- dc----w- C:\Stinger_Quarantine 2013-06-16 16:33:31 -------- dc----w- C:\Verizon_Android 2013-06-15 17:38:05 -------- dc----w- C:\Users\Shannon Shoemake\AppData\Local\7c8e1740-9fd8-46c8-8332-018ca09201fbad 2013-06-14 16:47:24 -------- dc----w- C:\Users\Shannon Shoemake\AppData\Roaming\wabEventSupport16 2013-06-13 21:02:59 2706432 ----a-w- C:\Windows\System32\mshtml.tlb 2013-06-13 20:47:49 9089416 -c--a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe 2013-06-13 16:53:44 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll 2013-06-13 16:53:43 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll 2013-06-13 16:51:24 30720 ----a-w- C:\Windows\System32\cryptdlg.dll 2013-06-13 16:51:23 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll 2013-06-13 16:49:13 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2013-06-13 16:48:49 1192448 ----a-w- C:\Windows\System32\certutil.exe 2013-06-13 16:48:48 903168 ----a-w- C:\Windows\SysWow64\certutil.exe 2013-06-13 16:48:47 184320 ----a-w- C:\Windows\System32\cryptsvc.dll 2013-06-13 16:48:47 1464320 ----a-w- C:\Windows\System32\crypt32.dll 2013-06-13 16:48:47 139776 ----a-w- C:\Windows\System32\cryptnet.dll 2013-06-13 16:48:47 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll 2013-06-13 16:48:46 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll 2013-06-13 16:48:45 52224 ----a-w- C:\Windows\System32\certenc.dll 2013-06-13 16:48:45 43008 ----a-w- C:\Windows\SysWow64\certenc.dll 2013-06-13 16:48:45 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2013-06-13 16:38:13 -------- dc----w- C:\d8a921097c5d80eb60 2013-06-13 16:18:29 751104 ----a-w- C:\Windows\System32\win32spl.dll 2013-06-13 16:18:28 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll 2013-06-13 16:02:25 1887232 ----a-w- C:\Windows\System32\d3d11.dll 2013-06-13 16:02:25 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll . ==================== Find3M ==================== . 2013-06-13 21:24:22 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe 2013-06-13 21:24:22 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll 2013-06-13 21:24:22 2241024 ----a-w- C:\Windows\System32\wininet.dll 2013-06-13 21:24:22 136704 ----a-w- C:\Windows\System32\iesysprep.dll 2013-06-13 21:24:21 3958784 ----a-w- C:\Windows\System32\jscript9.dll 2013-06-13 21:24:20 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll 2013-06-13 21:24:19 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll 2013-06-13 21:24:18 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe 2013-06-13 21:24:18 67072 ----a-w- C:\Windows\System32\iesetup.dll 2013-06-13 21:24:18 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll 2013-06-13 21:03:38 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2013-05-16 12:50:06 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys 2013-05-16 12:50:06 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys 2013-05-16 12:50:06 144384 ----a-w- C:\Windows\System32\cdd.dll 2013-05-16 12:49:47 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll 2013-05-16 12:49:47 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll 2013-05-16 12:49:47 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll 2013-05-16 12:49:47 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll 2013-05-16 12:49:47 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll 2013-05-16 12:49:47 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll 2013-05-16 12:48:53 70144 ----a-w- C:\Windows\System32\appinfo.dll 2013-05-16 12:48:53 1930752 ----a-w- C:\Windows\System32\authui.dll 2013-05-16 12:48:53 1796096 ----a-w- C:\Windows\SysWow64\authui.dll 2013-05-16 12:48:53 111448 ----a-w- C:\Windows\System32\consent.exe 2013-05-16 12:48:00 48640 ----a-w- C:\Windows\System32\wwanprotdim.dll 2013-05-16 12:48:00 230400 ----a-w- C:\Windows\System32\wwansvc.dll 2013-05-16 12:47:31 3153920 ----a-w- C:\Windows\System32\win32k.sys 2013-05-02 09:06:08 278800 -c----w- C:\Windows\System32\MpSigStub.exe 2013-04-25 03:54:18 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys 2013-04-11 03:53:15 223752 ----a-w- C:\Windows\System32\drivers\fvevol.sys 2013-04-11 03:52:57 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll 2013-04-11 03:52:57 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe 2013-04-11 03:52:57 43520 ----a-w- C:\Windows\System32\csrsrv.dll 2013-04-11 03:52:57 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2013-04-11 03:52:57 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2013-04-11 03:52:57 112640 ----a-w- C:\Windows\System32\smss.exe 2013-04-04 21:50:32 25928 -c--a-w- C:\Windows\System32\drivers\mbam.sys . ============= FINISH: 14:58:38.44 =============== Here is the Attach log: . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 11/15/2010 11:59:07 AM System Uptime: 6/27/2013 12:29:09 PM (2 hours ago) . Motherboard: Acer | | Aspire 5334 Processor: Intel® Celeron® CPU 900 @ 2.20GHz | uPGA-478 | 2194/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 220 GiB total, 18.078 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP383: 6/16/2013 12:05:22 PM - Removed Adobe Reader X (10.1.7). RP384: 6/18/2013 1:08:02 PM - Windows Update RP386: 6/18/2013 5:08:13 PM - Microsoft Antimalware Checkpoint RP387: 6/21/2013 12:40:26 AM - newrestore RP388: 6/23/2013 9:31:39 PM - Windows Update RP389: 6/26/2013 10:34:58 PM - Windows Update . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) ABBYY FineReader 9.0 Sprint Acer Backup Manager Acer Crystal Eye webcam Acer ePower Management Acer eRecovery Management Acer Game Console Acer Games Acer Registration Acer ScreenSaver Acer Updater Acrobat.com Adobe AIR Adobe Flash Player 11 Plugin Adobe Reader XI (11.0.03) Adobe Shockwave Player 11.6 Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver Backup Manager Basic Bejeweled 2 Deluxe Blackhawk Striker 2 Bob the Builder Can-Do-Zoo Build-a-lot 2 CCleaner Compatibility Pack for the 2007 Office system CyberLink PowerDVD 9 D3DX10 Epson Connect Epson Customer Participation Epson Download Navigator Epson Event Manager Epson FAX Utility Epson PC-FAX Driver EPSON Scan EPSON WorkForce 545 Series Printer Uninstall EpsonNet Print ERUNT 1.1j Escape Rosecliff Island ESET Online Scanner v3 eSobi v2 Faerie Solitaire FATE - The Traitor Soul FileZilla Client 3.5.3 Google Update Helper Identity Card Intel® Control Center Intel® Graphics Media Accelerator Driver Intel® Rapid Storage Technology Java Auto Updater Java 6 Update 33 Jewel Quest Solitaire 3 Launch Manager Malwarebytes Anti-Malware version 1.75.0.1300 Media Player Utilities 4.41 Mesh Runtime Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office Home and Student 2007 Microsoft Office Office 64-bit Components 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Shared 64-bit MUI (English) 2007 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Suite Activation Assistant Microsoft Office Word MUI (English) 2007 Microsoft Security Client Microsoft Security Essentials Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Works Microsoft_VC80_ATL_x86 Microsoft_VC80_ATL_x86_x64 Microsoft_VC80_CRT_x86 Microsoft_VC80_CRT_x86_x64 Microsoft_VC80_MFC_x86 Microsoft_VC80_MFC_x86_x64 Microsoft_VC80_MFCLOC_x86 Microsoft_VC80_MFCLOC_x86_x64 Microsoft_VC90_ATL_x86 Microsoft_VC90_ATL_x86_x64 Microsoft_VC90_CRT_x86 Microsoft_VC90_CRT_x86_x64 Microsoft_VC90_MFC_x86 Microsoft_VC90_MFC_x86_x64 Microsoft_VC90_MFCLOC_x86 Microsoft_VC90_MFCLOC_x86_x64 Monopoly Mozilla Firefox 22.0 (x86 en-US) Mozilla Maintenance Service MSVCRT MSVCRT_amd64 MSXML 4.0 SP3 Parser MSXML 4.0 SP3 Parser (KB2721691) MSXML 4.0 SP3 Parser (KB2758694) MSXML 4.0 SP3 Parser (KB973685) Mystery P.I. - Lost in Los Angeles MyWinLocker MyWinLocker Suite Norton Online Backup NTI Backup Now 5 NTI Backup Now Standard NTI Media Maker 8 Penguins! Plants vs. Zombies Polar Bowler Polar Golfer Realtek High Definition Audio Driver Realtek USB 2.0 Card Reader Scrabble Plus Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576) Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition Shared C Run-time for x64 Shredder Synaptics Pointing Device Driver The Price is Right Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) Virtual Account Numbers Virtual Families Virtual Villagers - A New Home Welcome Center Windows Live Communications Platform Windows Live Essentials Windows Live Family Safety Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live Sync Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Workspace Desktop Yahoo! Software Update Yahtzee Zuma Deluxe . ==== Event Viewer Messages From Past Week ======== . 6/27/2013 12:48:37 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 6/26/2013 9:32:31 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.153.562.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9607.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode 6/26/2013 5:00:02 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} 6/26/2013 4:31:45 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.153.562.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9607.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode 6/26/2013 4:28:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {395633B1-EED9-4DFC-B67F-9788B51C9F06} 6/26/2013 4:25:48 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40} 6/26/2013 4:22:27 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McAfee SiteAdvisor Service with arguments "" in order to run the server: {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C} 6/26/2013 4:22:08 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start. 6/26/2013 4:22:08 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 6/26/2013 4:22:07 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 6/26/2013 4:22:04 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 6/26/2013 4:21:59 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 6/26/2013 4:21:58 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\bcmihvsrv64.dll Error Code: 21 6/26/2013 4:21:46 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache MpFilter mwlPSDFilter mwlPSDNServ mwlPSDVDisk spldr Wanarpv6 6/26/2013 4:21:45 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000e1 (0xfffff800033cdd50, 0x0000000000000002, 0xfffffa8006b99900, 0xfffffa8006b99900). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 062613-34382-01. 6/26/2013 4:17:24 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000e1 (0xfffff80003388d50, 0x0000000000000002, 0xfffffa8005e49900, 0xfffffa8005e49900). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 062613-31871-01. 6/26/2013 11:36:13 PM, Error: Service Control Manager [7034] - The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s). 6/26/2013 11:31:42 PM, Error: Service Control Manager [7034] - The ABBYY FineReader 9.0 Sprint Licensing Service service terminated unexpectedly. It has done this 1 time(s). 6/26/2013 10:39:33 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.153.562.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9607.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 6/26/2013 10:19:47 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 6/24/2013 9:08:13 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. . ==== End Of File ===========================
  4. Sorry, but which is the DDS scan? Combofix? Also upon rebooting my computer I am getting an error message everytime stating : Warning Error saving file C:\\Windows\ERDNT\AutoBackup\6-27-2013\BCD ! Continue with the next file? [RegCreateKeyEx: 5 - Access is denied ]
  5. Here is the Combfix log: ComboFix 13-06-27.01 - Shannon Shoemake 06/26/2013 23:57:30.3.1 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1978.1095 [GMT -7:00] Running from: c:\users\Shannon Shoemake\Downloads\ComboFix.exe AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892} AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5} FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9} SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F} SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2013-05-27 to 2013-06-27 ))))))))))))))))))))))))))))))) . . 2013-06-27 07:07 . 2013-06-27 07:07 -------- dc----w- c:\users\Default\AppData\Local\temp 2013-06-27 05:37 . 2013-06-12 03:08 9552976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F8B05471-6188-48AF-895A-545295CB9D13}\mpengine.dll 2013-06-26 23:55 . 2013-06-26 23:57 -------- dc----w- c:\users\Shannon Shoemake\AppData\Local\ElevatedDiagnostics 2013-06-26 20:36 . 2013-06-26 20:36 -------- dc----w- c:\programdata\McAfee Security Scan 2013-06-26 20:36 . 2013-06-26 21:07 -------- dc----w- c:\program files (x86)\McAfee Security Scan 2013-06-25 19:55 . 2012-04-20 23:40 196440 -c--a-w- c:\windows\system32\drivers\HipShieldK.sys 2013-06-25 19:54 . 2013-06-25 19:54 -------- dc----w- c:\program files (x86)\McAfee.com 2013-06-25 19:54 . 2013-02-19 20:55 10728 -c--a-w- c:\windows\system32\drivers\mfeclnk.sys 2013-06-25 19:54 . 2013-02-19 20:59 70112 -c--a-w- c:\windows\system32\drivers\cfwids.sys 2013-06-25 19:54 . 2013-02-19 20:55 106552 -c--a-w- c:\windows\system32\drivers\mferkdet.sys 2013-06-25 19:54 . 2013-02-19 20:53 515968 -c--a-w- c:\windows\system32\drivers\mfefirek.sys 2013-06-25 19:54 . 2013-02-19 20:53 309840 -c--a-w- c:\windows\system32\drivers\mfeavfk.sys 2013-06-25 19:53 . 2013-06-25 19:54 -------- dc----w- c:\program files\Common Files\McAfee 2013-06-25 19:53 . 2013-06-25 19:55 -------- dc----w- c:\program files\McAfee 2013-06-25 18:36 . 2013-02-19 20:56 182752 -c--a-w- c:\windows\system32\mfevtps.exe 2013-06-25 05:51 . 2013-06-12 03:08 9552976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-06-24 22:26 . 2013-06-24 22:26 -------- dc----w- c:\program files (x86)\ESET 2013-06-24 21:53 . 2013-06-24 21:53 -------- dc----w- c:\windows\ERUNT 2013-06-24 21:53 . 2013-06-24 21:53 -------- dc----w- C:\JRT 2013-06-24 20:41 . 2013-06-24 20:41 -------- dc----w- c:\program files (x86)\ERUNT 2013-06-20 22:52 . 2013-06-20 22:52 964552 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{340195E5-29FF-4E58-97DF-3A60D705FB22}\gapaengine.dll 2013-06-17 19:57 . 2013-06-17 19:57 71048 -c--a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-06-17 19:57 . 2013-06-17 19:57 692104 -c--a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-06-16 23:56 . 2013-06-16 23:56 -------- dc----w- c:\users\Shannon Shoemake\AppData\Roaming\WildTangent 2013-06-16 22:26 . 2013-06-27 05:55 -------- dc----w- c:\programdata\Malwarebytes' Anti-Malware (portable) 2013-06-16 18:44 . 2013-06-16 18:44 -------- dc----w- C:\Stinger_Quarantine 2013-06-16 16:33 . 2013-06-16 16:33 -------- dc----w- C:\Verizon_Android 2013-06-15 17:38 . 2013-06-16 18:55 -------- dc----w- c:\users\Shannon Shoemake\AppData\Local\7c8e1740-9fd8-46c8-8332-018ca09201fbad 2013-06-14 16:47 . 2013-06-25 04:08 -------- dc----w- c:\users\Shannon Shoemake\AppData\Roaming\wabEventSupport16 2013-06-13 21:02 . 2013-06-13 21:03 2706432 ----a-w- c:\windows\system32\mshtml.tlb 2013-06-13 20:47 . 2013-06-13 20:47 9089416 -c--a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe 2013-06-13 16:53 . 2013-06-13 21:01 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll 2013-06-13 16:53 . 2013-06-13 21:01 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll 2013-06-13 16:51 . 2013-06-13 21:02 30720 ----a-w- c:\windows\system32\cryptdlg.dll 2013-06-13 16:51 . 2013-06-13 21:02 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll 2013-06-13 16:49 . 2013-06-13 21:26 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-06-13 16:48 . 2013-06-13 21:01 1192448 ----a-w- c:\windows\system32\certutil.exe 2013-06-13 16:48 . 2013-06-13 21:01 903168 ----a-w- c:\windows\SysWow64\certutil.exe 2013-06-13 16:48 . 2013-06-13 21:01 184320 ----a-w- c:\windows\system32\cryptsvc.dll 2013-06-13 16:48 . 2013-06-13 21:01 1464320 ----a-w- c:\windows\system32\crypt32.dll 2013-06-13 16:48 . 2013-06-13 21:01 139776 ----a-w- c:\windows\system32\cryptnet.dll 2013-06-13 16:48 . 2013-06-13 21:01 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll 2013-06-13 16:48 . 2013-06-13 21:01 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll 2013-06-13 16:48 . 2013-06-13 21:01 52224 ----a-w- c:\windows\system32\certenc.dll 2013-06-13 16:48 . 2013-06-13 21:01 43008 ----a-w- c:\windows\SysWow64\certenc.dll 2013-06-13 16:48 . 2013-06-13 21:01 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2013-06-13 16:38 . 2013-06-13 16:58 -------- dc----w- C:\d8a921097c5d80eb60 2013-06-13 16:18 . 2013-06-13 21:03 751104 ----a-w- c:\windows\system32\win32spl.dll 2013-06-13 16:18 . 2013-06-13 21:03 492544 ----a-w- c:\windows\SysWow64\win32spl.dll 2013-06-13 16:02 . 2013-06-13 21:00 1887232 ----a-w- c:\windows\system32\d3d11.dll 2013-06-13 16:02 . 2013-06-13 21:00 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-06-04 01:16 . 2011-05-05 02:38 75898224 -c--a-w- c:\windows\system32\MRT.exe 2013-05-21 03:41 . 2012-02-10 23:28 964552 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2013-05-16 12:50 . 2013-05-15 15:24 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys 2013-05-16 12:50 . 2013-05-15 15:24 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys 2013-05-16 12:50 . 2013-05-15 15:24 144384 ----a-w- c:\windows\system32\cdd.dll 2013-05-16 12:49 . 2013-05-15 15:24 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2013-05-16 12:49 . 2013-05-15 15:24 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll 2013-05-16 12:49 . 2013-05-15 15:24 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2013-05-16 12:49 . 2013-05-15 15:24 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2013-05-16 12:49 . 2013-05-15 15:24 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll 2013-05-16 12:49 . 2013-05-15 15:24 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll 2013-05-16 12:48 . 2013-05-15 15:23 14172672 ----a-w- c:\windows\system32\shell32.dll 2013-05-16 12:48 . 2013-05-15 15:23 197120 ----a-w- c:\windows\system32\shdocvw.dll 2013-05-16 12:48 . 2013-05-15 15:23 1930752 ----a-w- c:\windows\system32\authui.dll 2013-05-16 12:48 . 2013-05-15 15:23 1796096 ----a-w- c:\windows\SysWow64\authui.dll 2013-05-16 12:48 . 2013-05-15 15:23 111448 ----a-w- c:\windows\system32\consent.exe 2013-05-16 12:48 . 2013-05-15 15:23 70144 ----a-w- c:\windows\system32\appinfo.dll 2013-05-16 12:48 . 2013-05-15 15:22 48640 ----a-w- c:\windows\system32\wwanprotdim.dll 2013-05-16 12:48 . 2013-05-15 15:22 230400 ----a-w- c:\windows\system32\wwansvc.dll 2013-05-16 12:47 . 2013-05-15 15:22 3153920 ----a-w- c:\windows\system32\win32k.sys 2013-05-15 02:08 . 2012-06-27 14:49 22240 -c--a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2013-05-02 09:06 . 2011-06-24 22:18 278800 -c----w- c:\windows\system32\MpSigStub.exe 2013-04-25 03:54 . 2013-04-24 13:00 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys 2013-04-11 03:53 . 2013-04-10 12:21 223752 ----a-w- c:\windows\system32\drivers\fvevol.sys 2013-04-11 03:52 . 2013-04-10 12:21 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-04-11 03:52 . 2013-04-10 12:21 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2013-04-11 03:52 . 2013-04-10 12:21 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2013-04-11 03:52 . 2013-04-10 12:21 43520 ----a-w- c:\windows\system32\csrsrv.dll 2013-04-11 03:52 . 2013-04-10 12:21 112640 ----a-w- c:\windows\system32\smss.exe 2013-04-11 03:52 . 2013-04-10 12:21 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll 2013-04-04 21:50 . 2013-05-21 02:15 25928 -c--a-w- c:\windows\system32\drivers\mbam.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2010-02-01 18:03 120176 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "EPLTarget\P0000000000000000"="c:\windows\system32\spool\DRIVERS\x64\3\E_YATIHWA.EXE" [2013-01-07 241280] "RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [bU] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2010-10-12 979328] "FUFAXRCV"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe" [2011-03-09 495616] "FUFAXSTM"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [2011-03-09 856064] "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-03-14 1532992] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576] . c:\users\Shannon Shoemake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ ERUNT AutoBackup.lnk - c:\program files (x86)\ERUNT\AUTOBACK.EXE %SystemRoot%\ERDNT\AutoBackup\#Date# /noconfirmdelete /noprogresswindow [2005-10-20 38912] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys;c:\windows\SYSNATIVE\drivers\HipShieldK.sys [x] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [x] R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys;c:\windows\SYSNATIVE\drivers\mferkdet.sys [x] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x] R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x] S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x] S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x] S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x] S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x] S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x] S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x] S2 EPSON_PM_RPCV4_05;EPSON V3 Service4(05);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE [x] S2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe [x] S2 File Backup;File Backup Service;c:\program files (x86)\Workspace\offSyncService.exe;c:\program files (x86)\Workspace\offSyncService.exe [x] S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x] S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\McSACore.exe;c:\progra~2\mcafee\SITEAD~1\McSACore.exe [x] S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x] S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x] S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x] S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x] S2 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [x] S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [x] S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [x] S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x] S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys;c:\windows\SYSNATIVE\drivers\cfwids.sys [x] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys;c:\windows\SYSNATIVE\drivers\mfefirek.sys [x] . . --- Other Services/Drivers In Memory --- . *Deregistered* - mfeavfk01 . Contents of the 'Scheduled Tasks' folder . 2013-06-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-15 23:51] . 2013-06-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-15 23:51] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2010-02-01 18:06 137584 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\off0] @="{8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5}" [HKEY_CLASSES_ROOT\CLSID\{8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5}] 2012-05-25 13:25 1308432 -c--a-w- c:\program files (x86)\Workspace\offsyncext64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\off1] @="{8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5}" [HKEY_CLASSES_ROOT\CLSID\{8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5}] 2012-05-25 13:25 1308432 -c--a-w- c:\program files (x86)\Workspace\offsyncext64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: Add to AMV/AVI Video Converter... - c:\program files (x86)\Media Player Utilities 4.41\AMVConverter\grab.html Trusted Zone: taxact.com\www Trusted Zone: yahoo.com\games TCP: DhcpNameServer = 10.0.0.1 FF - ProfilePath - c:\users\Shannon Shoemake\AppData\Roaming\Mozilla\Firefox\Profiles\f81vlw0g.default-1372310567857\ FF - ExtSQL: 2013-06-26 16:16; {4ED1F68A-5463-4931-9384-8FFF5ED91D92}; c:\program files (x86)\McAfee\SiteAdvisor . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe AddRemove-Octoshape add-in for Adobe Flash Player - c:\users\Shannon Shoemake\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-3291179897-1488255658-4253967872-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_LOCAL_MACHINE\software\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-06-27 00:11:56 ComboFix-quarantined-files.txt 2013-06-27 07:11 ComboFix2.txt 2013-06-25 04:17 ComboFix3.txt 2013-06-25 01:55 . Pre-Run: 19,741,470,720 bytes free Post-Run: 19,613,630,464 bytes free . - - End Of File - - 05930C36E9D4C7DC19D7EF5C3DA96CB3 D41D8CD98F00B204E9800998ECF8427E
  6. Restored Firefox to factory settings and here is the MBAR Anti-Rootkit Log: Malwarebytes Anti-Rootkit BETA 1.06.0.1003 www.malwarebytes.org Database version: v2013.06.26.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16618 Shannon Shoemake :: SHANNONSHOEMAKE [administrator] 6/26/2013 10:26:31 PM mbar-log-2013-06-26 (22-26-31).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P Scan options disabled: Deep Anti-Rootkit Scan | PUP Objects scanned: 234973 Time elapsed: 28 minute(s), 25 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) Physical Sectors Detected: 0 (No malicious items detected) (end)
  7. Here is the zipped up DMP file. It happened several times and this is the file from the last time it happened. DMPfile062613-34382-01.zip
  8. Today I was using Fire Fox and all of a sudden a I got a blue screen stating windows had to shut down due to an unexpected error. It restarts and happens all over again. I am in safe mode now. This is the info I got while in safe mode about the problem. Problem signature: Problem Event Name: BlueScreen OS Version: 6.1.7601.2.1.0.768.3 Locale ID: 1033 Additional information about the problem: BCCode: e1 BCP1: FFFFF800033CDD50 BCP2: 0000000000000002 BCP3: FFFFFA8006B99900 BCP4: FFFFFA8006B99900 OS Version: 6_1_7601 Service Pack: 1_0 Product: 768_1 Files that help describe the problem: C:\Windows\Minidump\062613-34382-01.dmp C:\Users\Shannon Shoemake\AppData\Local\Temp\WER-56035-0.sysdata.xml Read our privacy statement online: http://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0409 If the online privacy statement is not available, please read our privacy statement offline: C:\Windows\system32\en-US\erofflps.txt I am also getting unresponsive web browsers and website redirects again. I have run scans and nothing is detected. I have never had this blue screen situation and unsure what else I am to do now.
  9. Uninstalled McAfee and ran Microsoft Security Essentials. No threats were detected. Yesterday I ran Microsoft Security Essentials, McAfee, and MWB before posting on here for help, and none of them detected this infected file, yet it was there all along. Is there a reason for this? Should I use another anti-virus software maybe? Do I need to do anything about all of the files that are being compressed that was found in an earlier scan? As far as how my computer is now operating, I have had no redirects from web pages now which I was getting all of the time prior. IE and FireFox both still become unresponsive over and over and my computer is still running slow or stalls still which I never had these issues prior to all of the infections. Thank you for all your help!
  10. Or maybe I could use another virus scan protection utility to scan my computer? I currently have Microsoft Security Essentials and MWB (the free one).
  11. I updated McAfee and am unable to perform any type of scan on my computer now. I get an error. Would it be ok to uninstall and re-install McAfee? I am unsure why the error is happening and have tried for hours and I am still unable to scan my computer using McAfee now.
  12. Updated ComboFix log: ComboFix 13-06-24.01 - Shannon Shoemake 06/24/2013 21:01:42.2.1 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1978.1076 [GMT -7:00] Running from: c:\users\Shannon Shoemake\Downloads\ComboFix.exe Command switches used :: c:\users\Shannon Shoemake\Downloads\CFScript.txt AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892} AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5} FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9} SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F} SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . FILE :: "c:\users\Shannon Shoemake\AppData\Roaming\wabEventSupport16\{08f70139-daa2-d9d9-d255-d8e0e399db12}.exe" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Shannon Shoemake\AppData\Roaming\wabEventSupport16\{08f70139-daa2-d9d9-d255-d8e0e399db12}.exe . Infected copy of c:\windows\SysWow64\userinit.exe was found and disinfected Restored copy from - c:\windows\erdnt\cache86\userinit.exe . . ((((((((((((((((((((((((( Files Created from 2013-05-25 to 2013-06-25 ))))))))))))))))))))))))))))))) . . 2013-06-25 04:08 . 2013-06-25 04:08 -------- dc----w- c:\users\Default\AppData\Local\temp 2013-06-24 22:26 . 2013-06-24 22:26 -------- dc----w- c:\program files (x86)\ESET 2013-06-24 22:05 . 2013-06-12 03:08 9552976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{68CB1E9D-2B5C-4CC3-A1BC-DD720FFC705F}\mpengine.dll 2013-06-24 21:53 . 2013-06-24 21:53 -------- dc----w- c:\windows\ERUNT 2013-06-24 21:53 . 2013-06-24 21:53 -------- dc----w- C:\JRT 2013-06-24 20:41 . 2013-06-24 20:41 -------- dc----w- c:\program files (x86)\ERUNT 2013-06-20 22:52 . 2013-06-20 22:52 964552 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{340195E5-29FF-4E58-97DF-3A60D705FB22}\gapaengine.dll 2013-06-20 22:52 . 2013-06-12 03:08 9552976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-06-17 19:57 . 2013-06-17 19:57 71048 -c--a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-06-17 19:57 . 2013-06-17 19:57 692104 -c--a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-06-16 23:56 . 2013-06-16 23:56 -------- dc----w- c:\users\Shannon Shoemake\AppData\Roaming\WildTangent 2013-06-16 22:26 . 2013-06-24 21:36 -------- dc----w- c:\programdata\Malwarebytes' Anti-Malware (portable) 2013-06-16 18:44 . 2013-06-16 18:44 -------- dc----w- C:\Stinger_Quarantine 2013-06-16 16:33 . 2013-06-16 16:33 -------- dc----w- C:\Verizon_Android 2013-06-15 18:10 . 2012-04-20 23:40 196440 -c--a-w- c:\windows\system32\drivers\HipShieldK.sys 2013-06-15 18:09 . 2013-06-15 18:09 -------- dc----w- c:\program files (x86)\McAfee.com 2013-06-15 18:09 . 2013-02-19 20:55 10728 -c--a-w- c:\windows\system32\drivers\mfeclnk.sys 2013-06-15 18:09 . 2013-02-19 20:59 70112 -c--a-w- c:\windows\system32\drivers\cfwids.sys 2013-06-15 18:09 . 2013-02-19 20:55 106552 -c--a-w- c:\windows\system32\drivers\mferkdet.sys 2013-06-15 18:09 . 2013-02-19 20:53 515968 -c--a-w- c:\windows\system32\drivers\mfefirek.sys 2013-06-15 18:09 . 2013-02-19 20:53 309840 -c--a-w- c:\windows\system32\drivers\mfeavfk.sys 2013-06-15 18:09 . 2013-06-15 18:09 -------- dc----w- c:\program files\McAfee.com 2013-06-15 17:38 . 2013-06-16 18:55 -------- dc----w- c:\users\Shannon Shoemake\AppData\Local\7c8e1740-9fd8-46c8-8332-018ca09201fbad 2013-06-15 16:45 . 2013-02-19 20:56 182752 -c--a-w- c:\windows\system32\mfevtps.exe 2013-06-14 16:47 . 2013-06-25 04:08 -------- dc----w- c:\users\Shannon Shoemake\AppData\Roaming\wabEventSupport16 2013-06-13 21:02 . 2013-06-13 21:03 2706432 ----a-w- c:\windows\system32\mshtml.tlb 2013-06-13 20:47 . 2013-06-13 20:47 9089416 -c--a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe 2013-06-13 16:53 . 2013-06-13 21:01 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll 2013-06-13 16:53 . 2013-06-13 21:01 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll 2013-06-13 16:51 . 2013-06-13 21:02 30720 ----a-w- c:\windows\system32\cryptdlg.dll 2013-06-13 16:51 . 2013-06-13 21:02 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll 2013-06-13 16:49 . 2013-06-13 21:26 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-06-13 16:48 . 2013-06-13 21:01 1192448 ----a-w- c:\windows\system32\certutil.exe 2013-06-13 16:48 . 2013-06-13 21:01 903168 ----a-w- c:\windows\SysWow64\certutil.exe 2013-06-13 16:48 . 2013-06-13 21:01 184320 ----a-w- c:\windows\system32\cryptsvc.dll 2013-06-13 16:48 . 2013-06-13 21:01 1464320 ----a-w- c:\windows\system32\crypt32.dll 2013-06-13 16:48 . 2013-06-13 21:01 139776 ----a-w- c:\windows\system32\cryptnet.dll 2013-06-13 16:48 . 2013-06-13 21:01 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll 2013-06-13 16:48 . 2013-06-13 21:01 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll 2013-06-13 16:48 . 2013-06-13 21:01 52224 ----a-w- c:\windows\system32\certenc.dll 2013-06-13 16:48 . 2013-06-13 21:01 43008 ----a-w- c:\windows\SysWow64\certenc.dll 2013-06-13 16:48 . 2013-06-13 21:01 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2013-06-13 16:38 . 2013-06-13 16:58 -------- dc----w- C:\d8a921097c5d80eb60 2013-06-13 16:18 . 2013-06-13 21:03 751104 ----a-w- c:\windows\system32\win32spl.dll 2013-06-13 16:18 . 2013-06-13 21:03 492544 ----a-w- c:\windows\SysWow64\win32spl.dll 2013-06-13 16:02 . 2013-06-13 21:00 1887232 ----a-w- c:\windows\system32\d3d11.dll 2013-06-13 16:02 . 2013-06-13 21:00 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-06-04 01:16 . 2011-05-05 02:38 75898224 -c--a-w- c:\windows\system32\MRT.exe 2013-05-21 03:41 . 2012-02-10 23:28 964552 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2013-05-16 12:50 . 2013-05-15 15:24 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys 2013-05-16 12:50 . 2013-05-15 15:24 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys 2013-05-16 12:50 . 2013-05-15 15:24 144384 ----a-w- c:\windows\system32\cdd.dll 2013-05-16 12:49 . 2013-05-15 15:24 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2013-05-16 12:49 . 2013-05-15 15:24 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll 2013-05-16 12:49 . 2013-05-15 15:24 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2013-05-16 12:49 . 2013-05-15 15:24 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2013-05-16 12:49 . 2013-05-15 15:24 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll 2013-05-16 12:49 . 2013-05-15 15:24 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll 2013-05-16 12:48 . 2013-05-15 15:23 14172672 ----a-w- c:\windows\system32\shell32.dll 2013-05-16 12:48 . 2013-05-15 15:23 197120 ----a-w- c:\windows\system32\shdocvw.dll 2013-05-16 12:48 . 2013-05-15 15:23 1930752 ----a-w- c:\windows\system32\authui.dll 2013-05-16 12:48 . 2013-05-15 15:23 1796096 ----a-w- c:\windows\SysWow64\authui.dll 2013-05-16 12:48 . 2013-05-15 15:23 111448 ----a-w- c:\windows\system32\consent.exe 2013-05-16 12:48 . 2013-05-15 15:23 70144 ----a-w- c:\windows\system32\appinfo.dll 2013-05-16 12:48 . 2013-05-15 15:22 48640 ----a-w- c:\windows\system32\wwanprotdim.dll 2013-05-16 12:48 . 2013-05-15 15:22 230400 ----a-w- c:\windows\system32\wwansvc.dll 2013-05-16 12:47 . 2013-05-15 15:22 3153920 ----a-w- c:\windows\system32\win32k.sys 2013-05-15 02:08 . 2012-06-27 14:49 22240 -c--a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2013-05-02 09:06 . 2011-06-24 22:18 278800 -c----w- c:\windows\system32\MpSigStub.exe 2013-04-25 03:54 . 2013-04-24 13:00 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys 2013-04-11 03:53 . 2013-04-10 12:21 223752 ----a-w- c:\windows\system32\drivers\fvevol.sys 2013-04-11 03:52 . 2013-04-10 12:21 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-04-11 03:52 . 2013-04-10 12:21 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2013-04-11 03:52 . 2013-04-10 12:21 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2013-04-11 03:52 . 2013-04-10 12:21 43520 ----a-w- c:\windows\system32\csrsrv.dll 2013-04-11 03:52 . 2013-04-10 12:21 112640 ----a-w- c:\windows\system32\smss.exe 2013-04-11 03:52 . 2013-04-10 12:21 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll 2013-04-04 21:50 . 2013-05-21 02:15 25928 -c--a-w- c:\windows\system32\drivers\mbam.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2010-02-01 18:03 120176 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "EPLTarget\P0000000000000000"="c:\windows\system32\spool\DRIVERS\x64\3\E_YATIHWA.EXE" [2013-01-07 241280] "NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-24 588648] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2010-10-12 979328] "FUFAXRCV"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe" [2011-03-09 495616] "FUFAXSTM"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [2011-03-09 856064] "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-03-14 1532992] . c:\users\Shannon Shoemake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ ERUNT AutoBackup.lnk - c:\program files (x86)\ERUNT\AUTOBACK.EXE %SystemRoot%\ERDNT\AutoBackup\#Date# /noconfirmdelete /noprogresswindow [2005-10-20 38912] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys;c:\windows\SYSNATIVE\drivers\HipShieldK.sys [x] R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys;c:\windows\SYSNATIVE\drivers\mferkdet.sys [x] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x] R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x] S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x] S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x] S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x] S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x] S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [x] S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x] S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x] S2 EPSON_PM_RPCV4_05;EPSON V3 Service4(05);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE [x] S2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe [x] S2 File Backup;File Backup Service;c:\program files (x86)\Workspace\offSyncService.exe;c:\program files (x86)\Workspace\offSyncService.exe [x] S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x] S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\McSACore.exe;c:\progra~2\mcafee\SITEAD~1\McSACore.exe [x] S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x] S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x] S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x] S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x] S2 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [x] S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [x] S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [x] S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x] S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys;c:\windows\SYSNATIVE\drivers\cfwids.sys [x] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x] S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys;c:\windows\SYSNATIVE\drivers\mfefirek.sys [x] . . --- Other Services/Drivers In Memory --- . *Deregistered* - mfeavfk01 . Contents of the 'Scheduled Tasks' folder . 2013-06-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-15 23:51] . 2013-06-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-15 23:51] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2010-02-01 18:06 137584 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\off0] @="{8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5}" [HKEY_CLASSES_ROOT\CLSID\{8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5}] 2012-05-25 13:25 1308432 -c--a-w- c:\program files (x86)\Workspace\offsyncext64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\off1] @="{8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5}" [HKEY_CLASSES_ROOT\CLSID\{8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5}] 2012-05-25 13:25 1308432 -c--a-w- c:\program files (x86)\Workspace\offsyncext64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: Add to AMV/AVI Video Converter... - c:\program files (x86)\Media Player Utilities 4.41\AMVConverter\grab.html Trusted Zone: taxact.com\www Trusted Zone: yahoo.com\games TCP: DhcpNameServer = 10.0.0.1 FF - ProfilePath - c:\users\Shannon Shoemake\AppData\Roaming\Mozilla\Firefox\Profiles\sv6y3npz.default\ FF - ExtSQL: 2013-06-14 09:47; {8A0689E3-2A95-E5F1-31B7-712A9D839912}; c:\users\Shannon Shoemake\AppData\Roaming\Mozilla\Firefox\Profiles\sv6y3npz.default\extensions\{8A0689E3-2A95-E5F1-31B7-712A9D839912} . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-3291179897-1488255658-4253967872-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_LOCAL_MACHINE\software\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\windows\SysWOW64\rundll32.exe c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe . ************************************************************************** . Completion time: 2013-06-24 21:17:01 - machine was rebooted ComboFix-quarantined-files.txt 2013-06-25 04:17 ComboFix2.txt 2013-06-25 01:55 . Pre-Run: 18,778,963,968 bytes free Post-Run: 18,650,947,584 bytes free . - - End Of File - - A04A98166967384D3633AADD8B0246C6 D41D8CD98F00B204E9800998ECF8427E
  13. ComboFix log: ComboFix 13-06-24.01 - Shannon Shoemake 06/24/2013 18:07:12.1.1 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1978.1017 [GMT -7:00] Running from: c:\users\Shannon Shoemake\Downloads\ComboFix.exe AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892} AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5} FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9} SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F} SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\Microsoft\Windows\DRM\E970.tmp c:\programdata\Microsoft\Windows\DRM\EB18.tmp c:\users\Shannon Shoemake\acrobatreader.exe c:\users\Shannon Shoemake\alg.exe c:\users\Shannon Shoemake\chrome.exe c:\users\Shannon Shoemake\conhost933010.exe c:\users\Shannon Shoemake\flashplayer.exe c:\users\Shannon Shoemake\iexplore675775.exe c:\users\Shannon Shoemake\jucheck.exe c:\users\Shannon Shoemake\notepad.exe c:\users\Shannon Shoemake\opera.exe c:\users\Shannon Shoemake\opera489636.exe c:\users\Shannon Shoemake\skype.exe c:\users\Shannon Shoemake\teamviewer.exe c:\users\Shannon Shoemake\vlcplayer.exe c:\windows\wininit.ini . . ((((((((((((((((((((((((( Files Created from 2013-05-25 to 2013-06-25 ))))))))))))))))))))))))))))))) . . 2013-06-25 01:49 . 2013-06-25 01:49 -------- dc----w- c:\users\Default\AppData\Local\temp 2013-06-24 22:26 . 2013-06-24 22:26 -------- dc----w- c:\program files (x86)\ESET 2013-06-24 22:05 . 2013-06-12 03:08 9552976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{68CB1E9D-2B5C-4CC3-A1BC-DD720FFC705F}\mpengine.dll 2013-06-24 21:53 . 2013-06-24 21:53 -------- dc----w- c:\windows\ERUNT 2013-06-24 21:53 . 2013-06-24 21:53 -------- dc----w- C:\JRT 2013-06-24 20:41 . 2013-06-24 20:41 -------- dc----w- c:\program files (x86)\ERUNT 2013-06-20 22:52 . 2013-06-20 22:52 964552 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{340195E5-29FF-4E58-97DF-3A60D705FB22}\gapaengine.dll 2013-06-20 22:52 . 2013-06-12 03:08 9552976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-06-17 19:57 . 2013-06-17 19:57 71048 -c--a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-06-17 19:57 . 2013-06-17 19:57 692104 -c--a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-06-16 23:56 . 2013-06-16 23:56 -------- dc----w- c:\users\Shannon Shoemake\AppData\Roaming\WildTangent 2013-06-16 22:26 . 2013-06-24 21:36 -------- dc----w- c:\programdata\Malwarebytes' Anti-Malware (portable) 2013-06-16 18:44 . 2013-06-16 18:44 -------- dc----w- C:\Stinger_Quarantine 2013-06-16 16:33 . 2013-06-16 16:33 -------- dc----w- C:\Verizon_Android 2013-06-15 18:10 . 2012-04-20 23:40 196440 -c--a-w- c:\windows\system32\drivers\HipShieldK.sys 2013-06-15 18:09 . 2013-06-15 18:09 -------- dc----w- c:\program files (x86)\McAfee.com 2013-06-15 18:09 . 2013-02-19 20:55 10728 -c--a-w- c:\windows\system32\drivers\mfeclnk.sys 2013-06-15 18:09 . 2013-02-19 20:59 70112 -c--a-w- c:\windows\system32\drivers\cfwids.sys 2013-06-15 18:09 . 2013-02-19 20:55 106552 -c--a-w- c:\windows\system32\drivers\mferkdet.sys 2013-06-15 18:09 . 2013-02-19 20:53 515968 -c--a-w- c:\windows\system32\drivers\mfefirek.sys 2013-06-15 18:09 . 2013-02-19 20:53 309840 -c--a-w- c:\windows\system32\drivers\mfeavfk.sys 2013-06-15 18:09 . 2013-06-15 18:09 -------- dc----w- c:\program files\McAfee.com 2013-06-15 17:38 . 2013-06-16 18:55 -------- dc----w- c:\users\Shannon Shoemake\AppData\Local\7c8e1740-9fd8-46c8-8332-018ca09201fbad 2013-06-15 16:45 . 2013-02-19 20:56 182752 -c--a-w- c:\windows\system32\mfevtps.exe 2013-06-14 16:47 . 2013-06-16 21:44 -------- dc----w- c:\users\Shannon Shoemake\AppData\Roaming\wabEventSupport16 2013-06-13 21:02 . 2013-06-13 21:03 2706432 ----a-w- c:\windows\system32\mshtml.tlb 2013-06-13 20:47 . 2013-06-13 20:47 9089416 -c--a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe 2013-06-13 16:53 . 2013-06-13 21:01 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll 2013-06-13 16:53 . 2013-06-13 21:01 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll 2013-06-13 16:51 . 2013-06-13 21:02 30720 ----a-w- c:\windows\system32\cryptdlg.dll 2013-06-13 16:51 . 2013-06-13 21:02 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll 2013-06-13 16:49 . 2013-06-13 21:26 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-06-13 16:48 . 2013-06-13 21:01 1192448 ----a-w- c:\windows\system32\certutil.exe 2013-06-13 16:48 . 2013-06-13 21:01 903168 ----a-w- c:\windows\SysWow64\certutil.exe 2013-06-13 16:48 . 2013-06-13 21:01 184320 ----a-w- c:\windows\system32\cryptsvc.dll 2013-06-13 16:48 . 2013-06-13 21:01 1464320 ----a-w- c:\windows\system32\crypt32.dll 2013-06-13 16:48 . 2013-06-13 21:01 139776 ----a-w- c:\windows\system32\cryptnet.dll 2013-06-13 16:48 . 2013-06-13 21:01 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll 2013-06-13 16:48 . 2013-06-13 21:01 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll 2013-06-13 16:48 . 2013-06-13 21:01 52224 ----a-w- c:\windows\system32\certenc.dll 2013-06-13 16:48 . 2013-06-13 21:01 43008 ----a-w- c:\windows\SysWow64\certenc.dll 2013-06-13 16:48 . 2013-06-13 21:01 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2013-06-13 16:38 . 2013-06-13 16:58 -------- dc----w- C:\d8a921097c5d80eb60 2013-06-13 16:18 . 2013-06-13 21:03 751104 ----a-w- c:\windows\system32\win32spl.dll 2013-06-13 16:18 . 2013-06-13 21:03 492544 ----a-w- c:\windows\SysWow64\win32spl.dll 2013-06-13 16:02 . 2013-06-13 21:00 1887232 ----a-w- c:\windows\system32\d3d11.dll 2013-06-13 16:02 . 2013-06-13 21:00 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-06-04 01:16 . 2011-05-05 02:38 75898224 -c--a-w- c:\windows\system32\MRT.exe 2013-05-21 03:41 . 2012-02-10 23:28 964552 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2013-05-16 12:50 . 2013-05-15 15:24 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys 2013-05-16 12:50 . 2013-05-15 15:24 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys 2013-05-16 12:50 . 2013-05-15 15:24 144384 ----a-w- c:\windows\system32\cdd.dll 2013-05-16 12:49 . 2013-05-15 15:24 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2013-05-16 12:49 . 2013-05-15 15:24 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll 2013-05-16 12:49 . 2013-05-15 15:24 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2013-05-16 12:49 . 2013-05-15 15:24 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2013-05-16 12:49 . 2013-05-15 15:24 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll 2013-05-16 12:49 . 2013-05-15 15:24 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll 2013-05-16 12:48 . 2013-05-15 15:23 14172672 ----a-w- c:\windows\system32\shell32.dll 2013-05-16 12:48 . 2013-05-15 15:23 197120 ----a-w- c:\windows\system32\shdocvw.dll 2013-05-16 12:48 . 2013-05-15 15:23 1930752 ----a-w- c:\windows\system32\authui.dll 2013-05-16 12:48 . 2013-05-15 15:23 1796096 ----a-w- c:\windows\SysWow64\authui.dll 2013-05-16 12:48 . 2013-05-15 15:23 111448 ----a-w- c:\windows\system32\consent.exe 2013-05-16 12:48 . 2013-05-15 15:23 70144 ----a-w- c:\windows\system32\appinfo.dll 2013-05-16 12:48 . 2013-05-15 15:22 48640 ----a-w- c:\windows\system32\wwanprotdim.dll 2013-05-16 12:48 . 2013-05-15 15:22 230400 ----a-w- c:\windows\system32\wwansvc.dll 2013-05-16 12:47 . 2013-05-15 15:22 3153920 ----a-w- c:\windows\system32\win32k.sys 2013-05-15 02:08 . 2012-06-27 14:49 22240 -c--a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2013-05-02 09:06 . 2011-06-24 22:18 278800 -c----w- c:\windows\system32\MpSigStub.exe 2013-04-25 03:54 . 2013-04-24 13:00 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys 2013-04-11 03:53 . 2013-04-10 12:21 223752 ----a-w- c:\windows\system32\drivers\fvevol.sys 2013-04-11 03:52 . 2013-04-10 12:21 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-04-11 03:52 . 2013-04-10 12:21 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2013-04-11 03:52 . 2013-04-10 12:21 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2013-04-11 03:52 . 2013-04-10 12:21 43520 ----a-w- c:\windows\system32\csrsrv.dll 2013-04-11 03:52 . 2013-04-10 12:21 112640 ----a-w- c:\windows\system32\smss.exe 2013-04-11 03:52 . 2013-04-10 12:21 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll 2013-04-04 21:50 . 2013-05-21 02:15 25928 -c--a-w- c:\windows\system32\drivers\mbam.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2010-02-01 18:03 120176 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "EPLTarget\P0000000000000000"="c:\windows\system32\spool\DRIVERS\x64\3\E_YATIHWA.EXE" [2013-01-07 241280] "NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-24 588648] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2010-10-12 979328] "FUFAXRCV"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe" [2011-03-09 495616] "FUFAXSTM"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [2011-03-09 856064] "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-03-14 1532992] . c:\users\Shannon Shoemake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ ERUNT AutoBackup.lnk - c:\program files (x86)\ERUNT\AUTOBACK.EXE %SystemRoot%\ERDNT\AutoBackup\#Date# /noconfirmdelete /noprogresswindow [2005-10-20 38912] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys;c:\windows\SYSNATIVE\drivers\HipShieldK.sys [x] R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys;c:\windows\SYSNATIVE\drivers\mferkdet.sys [x] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x] R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x] S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x] S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x] S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x] S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x] S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [x] S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x] S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x] S2 EPSON_PM_RPCV4_05;EPSON V3 Service4(05);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE [x] S2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe [x] S2 File Backup;File Backup Service;c:\program files (x86)\Workspace\offSyncService.exe;c:\program files (x86)\Workspace\offSyncService.exe [x] S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x] S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\McSACore.exe;c:\progra~2\mcafee\SITEAD~1\McSACore.exe [x] S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x] S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x] S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x] S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x] S2 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [x] S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [x] S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [x] S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x] S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys;c:\windows\SYSNATIVE\drivers\cfwids.sys [x] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x] S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys;c:\windows\SYSNATIVE\drivers\mfefirek.sys [x] . . --- Other Services/Drivers In Memory --- . *Deregistered* - mfeavfk01 . Contents of the 'Scheduled Tasks' folder . 2013-06-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-15 23:51] . 2013-06-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-15 23:51] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2010-02-01 18:06 137584 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\off0] @="{8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5}" [HKEY_CLASSES_ROOT\CLSID\{8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5}] 2012-05-25 13:25 1308432 -c--a-w- c:\program files (x86)\Workspace\offsyncext64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\off1] @="{8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5}" [HKEY_CLASSES_ROOT\CLSID\{8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5}] 2012-05-25 13:25 1308432 -c--a-w- c:\program files (x86)\Workspace\offsyncext64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: Add to AMV/AVI Video Converter... - c:\program files (x86)\Media Player Utilities 4.41\AMVConverter\grab.html Trusted Zone: taxact.com\www Trusted Zone: yahoo.com\games TCP: DhcpNameServer = 10.0.0.1 FF - ProfilePath - c:\users\Shannon Shoemake\AppData\Roaming\Mozilla\Firefox\Profiles\sv6y3npz.default\ FF - ExtSQL: 2013-06-14 09:47; {8A0689E3-2A95-E5F1-31B7-712A9D839912}; c:\users\Shannon Shoemake\AppData\Roaming\Mozilla\Firefox\Profiles\sv6y3npz.default\extensions\{8A0689E3-2A95-E5F1-31B7-712A9D839912} FF - ExtSQL: 2013-06-24 15:12; {D19CA586-DD6C-4a0a-96F8-14644F340D60}; c:\program files (x86)\Common Files\McAfee\SystemCore . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Wow6432Node-HKCU-Run-AdobeBridge - (no file) Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe SafeBoot-76552741.sys HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start Toolbar-Locked - (no file) AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-3291179897-1488255658-4253967872-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_LOCAL_MACHINE\software\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-06-24 18:55:06 ComboFix-quarantined-files.txt 2013-06-25 01:55 . Pre-Run: 20,059,918,336 bytes free Post-Run: 19,954,556,928 bytes free . - - End Of File - - D86D7F88AA48D3081C04BA0B06F694AF D41D8CD98F00B204E9800998ECF8427E
  14. Or do I search my computer and remove it myself? Sorry, I just want to make sure I am doing things correctly.
  15. I have no option to delete this file only the option to export the file or to click "FINISH". Will it be deleted when I click "finish" or must I rescan with ESET and tick Remove Found Threats? Thank You.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.