zero access?

dixiechs88 · July 11, 2012

i keep getting a dtection of zero access by mcafee. but it cant quarantine it...or remove.

so i ran malware, but it doesnt even detect it...

can anyone help?

log from malware is below:

Registry Keys Detected: 2

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

MrCharlie · July 11, 2012

Welcome to the forum, please start at the link below:

http://forums.malwar...?showtopic=9573

Post back the 2 logs.....DDS.txt and Attach.txt

<====><====><====><====><====><====><====><====>

Next.......

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system (don't run any other options, they're not all bad!!!!!!)

Post back the report.

MrC

dixiechs88 · July 11, 2012

here is the rogue killer report.t

the dds ran once and no log popped up. i am running it a second time as we speak

RogueKiller V7.6.3 [07/08/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6001 Service Pack 1) 64 bits version

Started in : Normal mode

User: Amy [Admin rights]

Mode: Scan -- Date: 07/11/2012 14:06:09

¤¤¤ Bad processes: 5 ¤¤¤

[sUSP PATH] CNYHKey.exe -- C:\Windows\CNYHKey.exe -> KILLED [TermProc]

[sUSP PATH] ChiFuncExt.exe -- C:\Windows\ChiFuncExt.exe -> KILLED [TermProc]

[sUSP PATH] ModLEDKey.exe -- C:\Windows\ModLedKey.exe -> KILLED [TermProc]

[sUSP PATH] dds[1].scr -- c:\Users\Amy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\259RH4N0\dds[1].scr -> KILLED [TermProc]

[RESIDUE] dds[1].scr -- c:\Users\Amy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\259RH4N0\dds[1].scr -> KILLED [TermProc]

¤¤¤ Registry Entries: 6 ¤¤¤

[RANDOMNAME] HKLM\[...]\Run : EKAIO2StatusMonitor (C:\Windows\system32\spool\DRIVERS\x64\3\EKAiO2MUI.exe) -> FOUND

[ZeroAccess] HKCR\[...]\InprocServer32 : (C:\Users\Amy\AppData\Local\{0561cdcb-d04c-42a8-dbdd-e535a4706eb5}\n.) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

[HJ] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

[ZeroAccess][FILE] @ : c:\windows\installer\{0561cdcb-d04c-42a8-dbdd-e535a4706eb5}\@ --> FOUND

[ZeroAccess][FOLDER] U : c:\windows\installer\{0561cdcb-d04c-42a8-dbdd-e535a4706eb5}\U --> FOUND

[ZeroAccess][FOLDER] L : c:\windows\installer\{0561cdcb-d04c-42a8-dbdd-e535a4706eb5}\L --> FOUND

[ZeroAccess][FILE] n : c:\users\amy\appdata\local\{0561cdcb-d04c-42a8-dbdd-e535a4706eb5}\n --> FOUND

[ZeroAccess][FILE] @ : c:\users\amy\appdata\local\{0561cdcb-d04c-42a8-dbdd-e535a4706eb5}\@ --> FOUND

[ZeroAccess][FOLDER] U : c:\users\amy\appdata\local\{0561cdcb-d04c-42a8-dbdd-e535a4706eb5}\U --> FOUND

[ZeroAccess][FOLDER] L : c:\users\amy\appdata\local\{0561cdcb-d04c-42a8-dbdd-e535a4706eb5}\L --> FOUND

[ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_32\desktop.ini --> FOUND

[ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_64\desktop.ini --> FOUND

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

::1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HDT721010SLA360 ATA Device +++++

--- User ---

[MBR] cf68788bec0301e74a5cde91827a2c18

[bSP] 0954b4e64961a5d2bd991e7fe7172b12 : Acer tatooed MBR Code

Partition table:

0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 15000 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 30722048 | Size: 938867 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive2: Generic USB SD Reader USB Device +++++

Error reading User MBR!

User = LL1 ... OK!

Error reading LL2 MBR!

+++++ PhysicalDrive3: Generic USB CF Reader USB Device +++++

Error reading User MBR!

User = LL1 ... OK!

Error reading LL2 MBR!

+++++ PhysicalDrive4: Generic USB xD/SM Reader USB Device +++++

Error reading User MBR!

User = LL1 ... OK!

Error reading LL2 MBR!

Finished : << RKreport[1].txt >>

RKreport[1].txt

dixiechs88 · July 11, 2012

i have ran the dds twice, it just quits, no log box pops up?

MrCharlie · July 11, 2012

OK...please read this:

Your computer is infected with a nasty rootkit. Please read the following information first.
You're infected with Rootkit.ZeroAccess, a BackDoor Trojan.
BACKDOOR WARNING
------------------------------
One or more of the identified infections is known to use a backdoor.
This allows hackers to remotely control your computer, steal critical system information and download and execute files.
I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.
Though the infection has been identified and because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
http://www.dslreports.com/faq/10451
When Should I Format, How Should I Reinstall
http://www.dslreports.com/faq/10063
I will try my best to clean this machine but I can't guarantee that it will be 100% secure afterwards and......
There's a possibility that you'll lose your internet connections which I may not be able to correct and will require a repair install.
There's also a possibility that during the cleaning procedure the computer will become unusable (won't boot) which will result in a repair install or complete format and install.
I strongly suggest you back up all of the important items on the system before we continue.
Please let me know you have read this and agree to it.
Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
Use the arrow keys to select the Repair your computer menu item.
Select US as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

Insert the installation disc.
Restart your computer.
If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
Click Repair your computer.
Select US as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

- Startup Repair
  System Restore
  Windows Complete PC Restore
  Windows Memory Diagnostic Tool
  Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

MrC

dixiechs88 · July 11, 2012

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.6001.19088 BrowserJavaVersion: 1.6.0_31

Run by Amy at 14:15:07 on 2012-07-11

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.7934.3531 [GMT -5:00]

.

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\system32\Ati2evxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\svchost.exe -k yksvcs

C:\Windows\system32\Ati2evxx.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Windows\MHotKey.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Windows\System32\spool\drivers\x64\3\EKAiO2MUI.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Windows\ehome\ehmsas.exe

C:\Users\Amy\AppData\Local\Akamai\netsession_win.exe

C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe

C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe

C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe

C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Users\Amy\AppData\Local\Akamai\netsession_win.exe

C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\system32\agr64svc.exe

C:\Windows\SysWOW64\atashost.exe

C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

C:\Windows\system32\dlcccoms.exe

C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe

C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe

C:\Windows\system32\mfevtps.exe

C:\Windows\system32\rundll32.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Program Files (x86)\Common Files\Protexis\License Service\PSIService.exe

C:\Windows\system32\locator.exe

C:\Windows\SysWOW64\SAiAdmin.exe

C:\Program Files (x86)\SAi\SAi Production Suite\Program\SAiDownloaderVistaUI.exe

C:\Windows\SysWOW64\SAiDownloaderVista.exe

C:\Windows\SysWOW64\SAiLicSvr.exe

C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe

C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe

C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\McAfee\VirusScan\mcods.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe

C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files (x86)\SAi\SAi Production Suite\Program\App.exe

C:\Windows\splwow64.exe

C:\Windows\system32\LogonUI.exe

C:\GN\SmartSizerPlatinum\SmartSizerPlatinum.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe

C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE

C:\Windows\SysWOW64\svchost.exe -k Akamai

c:\program files (x86)\common files\installshield\updateservice\isuspm.exe

C:\Program Files (x86)\Common Files\InstallShield\UpdateService\agent.exe

C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn6\ytbb.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Windows Mail\WinMail.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Users\Amy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LALBYEOD\RogueKiller[1].exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe

c:\windows\SysWOW64\notepad.exe

C:\Windows\system32\wermgr.exe

C:\Program Files\Common Files\McAfee\Core\mchost.exe

C:\Windows\system32\vssvc.exe

C:\Windows\System32\svchost.exe -k swprv

"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uDefault_Page_URL = hxxp://www.msn.com

mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4300&r=1v3607099306p0325vqk5k46j15206

mDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4300&r=1v3607099306p0325vqk5k46j15206

uInternet Settings,ProxyOverride = <local>

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn6\yt.dll

uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

uURLSearchHooks: YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn6\yt.dll

mWinlogon: Userinit=userinit.exe,

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn6\yt.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Shop to Win: {1f44b5b5-7976-4378-9a7f-fe6435e9660f} - C:\Program Files (x86)\Shop to Win 12\Shop to Win 12.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: StartNow Toolbar Helper: {6e13d095-45c3-4271-9475-f3b48227dd9f} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120625090711.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\YTSingleInstance.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn6\yt.dll

TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

TB: StartNow Toolbar: {5911488e-9d1e-40ec-8cbb-06b231cc153f} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File

uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter

uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

uRun: [iSUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe

uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

uRun: [Akamai NetSession Interface] "C:\Users\Amy\AppData\Local\Akamai\netsession_win.exe"

uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet

uRunOnce: [spybotDeletingB269] command.com /c del "C:\Program Files (x86)\Free Offers from Freeze.com\control.txt"

uRunOnce: [spybotDeletingD6981] cmd.exe /c del "C:\Program Files (x86)\Free Offers from Freeze.com\control.txt"

uRunOnce: [spybotDeletingB6998] command.com /c del "C:\Program Files (x86)\Free Offers from Freeze.com\dolphinico.ico"

uRunOnce: [spybotDeletingD4142] cmd.exe /c del "C:\Program Files (x86)\Free Offers from Freeze.com\dolphinico.ico"

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [Gateway Photo Frame] "C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe" -A

mRun: [LchDrvKey] LchDrvKey.exe

mRun: [LedKey] CNYHKey.exe

mRun: [CLMLServer] "C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe"

mRun: [iSUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

mRun: [startNowToolbarHelper] "C:\Program Files (x86)\StartNow Toolbar\ToolbarHelper.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [Conime] %windir%\system32\conime.exe

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRunOnce: [spybotDeletingA555] command.com /c del "C:\Program Files (x86)\Free Offers from Freeze.com\control.txt"

mRunOnce: [spybotDeletingC4755] cmd.exe /c del "C:\Program Files (x86)\Free Offers from Freeze.com\control.txt"

mRunOnce: [spybotDeletingA3965] command.com /c del "C:\Program Files (x86)\Free Offers from Freeze.com\dolphinico.ico"

mRunOnce: [spybotDeletingC3798] cmd.exe /c del "C:\Program Files (x86)\Free Offers from Freeze.com\dolphinico.ico"

mRunOnce: [Malwarebytes Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /install /silent

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WDDMST~1.LNK - C:\Program Files (x86)\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WDSMAR~1.LNK - C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

LSP: mswsock.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://kodak.webex.com/client/T27L10NSP25/support/ieatgpc1.cab

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{2358983E-27A3-4B12-8C83-E6254158173C} : DhcpNameServer = 192.168.1.254

TCP: Interfaces\{73ACEA04-A5B2-4976-8523-4FDE784EAC52} : DhcpNameServer = 168.94.0.14 168.94.0.15

TCP: Interfaces\{AF08932B-DFE7-4D9D-96C6-989E5DE66CFC} : DhcpNameServer = 192.168.1.254

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn6\yt.dll

BHO-X64: 0x1 - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Shop to Win: {1F44B5B5-7976-4378-9A7F-FE6435E9660F} - C:\Program Files (x86)\Shop to Win 12\Shop to Win 12.dll

BHO-X64: Freecause Shopping BHO - No File

BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO-X64: StartNow Toolbar Helper: {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll

BHO-X64: StartNow Toolbar Helper - No File

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120625090711.dll

BHO-X64: scriptproxy - No File

BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll

BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\YTSingleInstance.dll

TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn6\yt.dll

TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

TB-X64: StartNow Toolbar: {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll

TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [Gateway Photo Frame] "C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe" -A

mRun-x64: [LchDrvKey] LchDrvKey.exe

mRun-x64: [LedKey] CNYHKey.exe

mRun-x64: [CLMLServer] "C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe"

mRun-x64: [iSUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

mRun-x64: [startNowToolbarHelper] "C:\Program Files (x86)\StartNow Toolbar\ToolbarHelper.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [Conime] %windir%\system32\conime.exe

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRunOnce-x64: [spybotDeletingA555] command.com /c del "C:\Program Files (x86)\Free Offers from Freeze.com\control.txt"

mRunOnce-x64: [spybotDeletingC4755] cmd.exe /c del "C:\Program Files (x86)\Free Offers from Freeze.com\control.txt"

mRunOnce-x64: [spybotDeletingA3965] command.com /c del "C:\Program Files (x86)\Free Offers from Freeze.com\dolphinico.ico"

mRunOnce-x64: [spybotDeletingC3798] cmd.exe /c del "C:\Program Files (x86)\Free Offers from Freeze.com\dolphinico.ico"

mRunOnce-x64: [Malwarebytes Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /install /silent

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\1eo4ssn2.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=

FF - prefs.js: browser.search.selectedEngine - Yahoo

FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=

FF - plugin: c:\progra~2\mcafee\msc\npMcSnFFPl.dll

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll

FF - plugin: C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\Amy\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

============= SERVICES / DRIVERS ===============

.

R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]

R1 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]

R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-9-30 169408]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]

R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2008-1-20 21504]

R2 aksdf;aksdf;C:\Windows\system32\DRIVERS\aksdf.sys --> C:\Windows\system32\DRIVERS\aksdf.sys [?]

R2 atashost;WebEx Service Host for Support Center;C:\Windows\SysWOW64\atashost.exe [2012-4-20 133944]

R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-6-15 249648]

R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2012-3-16 389120]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-11 654408]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [2010-10-5 102608]

R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-3-1 249936]

R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-3-1 249936]

R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-3-1 249936]

R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2011-3-1 199272]

R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2011-3-1 210584]

R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]

R2 SAiAdmin;SAiAdmin;C:\Windows\SysWOW64\SAiAdmin.exe [2009-9-24 65536]

R2 SAiDownloader;SAiDownloader;C:\Program Files (x86)\SAi\SAi Production Suite\Program\SAiDownloaderVistaUI.exe [2009-9-24 417792]

R2 SAiDownloaderVista;SAiDownloaderVista;C:\Windows\SysWOW64\SAiDownloaderVista.exe [2009-9-24 77824]

R2 SAiLicSvr;SAiLicSvr;C:\Windows\SysWOW64\SAiLicSvr.exe [2009-9-24 86016]

R2 SentinelKeysServer;Sentinel Keys Server;C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [2008-7-11 328992]

R2 SpyHunter 4 Service;SpyHunter 4 Service;C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [2012-6-2 1019328]

R2 Updater Service for StartNow Toolbar;Updater Service for StartNow Toolbar;C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe [2011-7-27 267488]

R2 WDDMService;WD SmartWare Drive Manager Service;C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2009-10-14 116224]

R2 WDSmartWareBackgroundService;WD SmartWare Background Service;C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]

R2 yksvc;Marvell Yukon Service;C:\Windows\System32\svchost.exe -k yksvcs [2008-1-20 21504]

R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]

R3 cxpl_mhd;CX23885/8 PCI-E AvStream Video Capture (PalomarMHD);C:\Windows\system32\drivers\y_cx88x.sys --> C:\Windows\system32\drivers\y_cx88x.sys [?]

R3 esgiguard;esgiguard;C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [2011-3-2 13088]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]

R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]

R3 RTL85n64;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;C:\Windows\system32\DRIVERS\RTL85n64.sys --> C:\Windows\system32\DRIVERS\RTL85n64.sys [?]

R3 SNTUSB64;SafeNet USB SuperPro/UltraPro/HardwareKey;C:\Windows\system32\DRIVERS\SNTUSB64.SYS --> C:\Windows\system32\DRIVERS\SNTUSB64.SYS [?]

R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x64.sys --> C:\Windows\system32\DRIVERS\yk60x64.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-3 135664]

S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-9-21 1153368]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-9 257224]

S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-7-7 195336]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-3 135664]

S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-14 129976]

S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]

S3 SydexFDD;Sydex Diskette Driver;C:\Windows\SysWOW64\drivers\SYDEXFDD.SYS [2010-12-6 13359]

S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]

S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]

S4 ahcix64s;ahcix64s;C:\Windows\system32\drivers\ahcix64s.sys --> C:\Windows\system32\drivers\ahcix64s.sys [?]

S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-9-18 93184]

.

=============== File Associations ===============

.

JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*

.

=============== Created Last 30 ================

.

2012-07-11 13:43:11 -------- d-----w- C:\Users\Amy\AppData\Roaming\Malwarebytes

2012-07-11 13:42:51 -------- d-----w- C:\ProgramData\Malwarebytes

2012-07-11 13:42:48 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-07-11 13:42:48 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-07-10 21:12:53 110080 ----a-r- C:\Users\Amy\AppData\Roaming\Microsoft\Installer\{18F97AF0-4F88-4494-AFE2-5A5702E142CC}\IconF7A21AF7.exe

2012-07-10 21:12:53 110080 ----a-r- C:\Users\Amy\AppData\Roaming\Microsoft\Installer\{18F97AF0-4F88-4494-AFE2-5A5702E142CC}\IconD7F16134.exe

2012-07-10 21:12:53 110080 ----a-r- C:\Users\Amy\AppData\Roaming\Microsoft\Installer\{18F97AF0-4F88-4494-AFE2-5A5702E142CC}\Icon1226A4C5.exe

2012-07-10 21:12:46 -------- d-----w- C:\sh4ldr

2012-07-10 21:12:46 -------- d-----w- C:\Program Files\Enigma Software Group

2012-07-10 21:11:49 -------- d-----w- C:\Windows\18F97AF04F884494AFE25A5702E142CC.TMP

2012-07-10 21:11:46 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard

2012-07-06 18:32:53 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%

2012-07-06 18:26:15 -------- d-----w- C:\Users\Amy\AppData\Roaming\McAfee

2012-06-25 15:10:54 -------- d-----w- C:\Users\Amy\AppData\Local\Macromedia

2012-06-25 14:07:10 29312 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ScriptFF.dll

.

==================== Find3M ====================

.

2012-07-03 16:52:40 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-03 16:52:40 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-05-16 16:27:51 2984 --sha-w- C:\Windows\SysWow64\KGyGaAvL.sys

2012-05-16 16:27:48 88 --sh--r- C:\Windows\SysWow64\8901C0D7E9.sys

2012-04-20 15:57:48 133944 ----a-w- C:\Windows\SysWow64\atashost.exe

2012-04-20 15:57:46 215864 ----a-w- C:\Windows\SysWow64\atsckernel.exe

.

============= FINISH: 14:16:28.79 ===============

dixiechs88 · July 11, 2012

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft® Windows Vista™ Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 7/6/2009 10:46:25 AM

System Uptime: 7/6/2012 1:31:17 PM (121 hours ago)

.

Motherboard: Gateway | | RS780

Processor: AMD Phenom 9750 Quad-Core Processor | AM2 | 2400/200mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (NTFS) - 917 GiB total, 726.858 GiB free.

D: is CDROM (CDFS)

E: is Removable

F: is Removable

G: is Removable

H: is Removable

I: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Microsoft Tun Miniport Adapter

Device ID: ROOT\*TUNMP\0001

Manufacturer: Microsoft

Name: Teredo Tunneling Pseudo-Interface

PNP Device ID: ROOT\*TUNMP\0001

Service: tunmp

.

Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}

Description: Microsoft PS/2 Mouse

Device ID: ACPI\PNP0F03\4&2A700557&0

Manufacturer: Microsoft

Name: Microsoft PS/2 Mouse

PNP Device ID: ACPI\PNP0F03\4&2A700557&0

Service: i8042prt

.

==== System Restore Points ===================

.

RP1132: 5/13/2012 3:00:11 AM - Windows Update

RP1133: 5/14/2012 3:00:11 AM - Windows Update

RP1134: 5/15/2012 3:00:11 AM - Windows Update

RP1135: 5/16/2012 3:00:11 AM - Windows Update

RP1136: 5/17/2012 3:00:11 AM - Windows Update

RP1137: 5/18/2012 3:00:11 AM - Windows Update

RP1138: 5/19/2012 3:00:11 AM - Windows Update

RP1139: 5/20/2012 3:00:11 AM - Windows Update

RP1140: 5/21/2012 3:00:11 AM - Windows Update

RP1141: 5/22/2012 3:00:11 AM - Windows Update

RP1142: 5/23/2012 3:01:18 AM - Windows Update

RP1143: 5/24/2012 3:02:29 AM - Windows Update

RP1144: 5/25/2012 3:02:25 AM - Windows Update

RP1145: 5/26/2012 3:00:11 AM - Windows Update

RP1146: 5/27/2012 3:00:11 AM - Windows Update

RP1147: 5/28/2012 3:01:20 AM - Windows Update

RP1148: 5/29/2012 3:02:29 AM - Windows Update

RP1149: 5/30/2012 3:02:27 AM - Windows Update

RP1150: 5/30/2012 2:42:23 PM - Windows Update

RP1151: 5/31/2012 3:01:20 AM - Windows Update

RP1152: 6/1/2012 3:00:11 AM - Windows Update

RP1153: 6/2/2012 3:01:15 AM - Windows Update

RP1154: 6/3/2012 3:01:19 AM - Windows Update

RP1155: 6/4/2012 3:01:18 AM - Windows Update

RP1156: 6/5/2012 3:02:27 AM - Windows Update

RP1157: 6/6/2012 3:00:11 AM - Windows Update

RP1158: 6/7/2012 3:01:18 AM - Windows Update

RP1159: 6/8/2012 3:01:18 AM - Windows Update

RP1160: 6/9/2012 3:02:36 AM - Windows Update

RP1161: 6/10/2012 3:02:25 AM - Windows Update

RP1162: 6/11/2012 3:02:28 AM - Windows Update

RP1163: 6/12/2012 3:00:12 AM - Windows Update

RP1164: 6/13/2012 3:01:19 AM - Windows Update

RP1165: 6/14/2012 3:02:25 AM - Windows Update

RP1166: 6/15/2012 3:00:28 AM - Windows Update

RP1167: 6/16/2012 3:00:11 AM - Windows Update

RP1168: 6/17/2012 3:01:17 AM - Windows Update

RP1169: 6/18/2012 3:01:18 AM - Windows Update

RP1170: 6/19/2012 3:01:18 AM - Windows Update

RP1171: 6/20/2012 3:00:11 AM - Windows Update

RP1172: 6/20/2012 12:57:47 PM - Windows Update

RP1173: 6/26/2012 3:02:24 AM - Windows Update

RP1174: 6/26/2012 8:43:23 AM - Windows Update

RP1175: 6/27/2012 3:00:11 AM - Windows Update

RP1176: 7/10/2012 4:11:53 PM - Installed SpyHunter

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

Acrobat.com

Adobe AIR

Adobe Community Help

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Photoshop Elements 9

Adobe Photoshop.com Inspiration Browser

Adobe Reader X (10.1.3)

aioscnnr

Akamai NetSession Interface

Akamai NetSession Interface Service

Apple Application Support

Apple Software Update

Audacity 2.0

Bing Bar

C4USelfUpdater

Catalyst Control Center - Branding

Catalyst Control Center Core Implementation

Catalyst Control Center Graphics Full Existing

Catalyst Control Center Graphics Full New

Catalyst Control Center Graphics Light

Catalyst Control Center Graphics Previews Vista

Catalyst Control Center InstallProxy

Catalyst Control Center Localization Danish

Catalyst Control Center Localization Dutch

Catalyst Control Center Localization Finnish

Catalyst Control Center Localization French

Catalyst Control Center Localization German

Catalyst Control Center Localization Italian

Catalyst Control Center Localization Japanese

Catalyst Control Center Localization Norwegian

Catalyst Control Center Localization Spanish

Catalyst Control Center Localization Swedish

ccc-core-static

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Italian

CCC Help Japanese

CCC Help Norwegian

CCC Help Spanish

CCC Help Swedish

center

Clip Art Collection

Compatibility Pack for the 2007 Office system

CorelDRAW Graphics Suite 12

CorelDRAW Graphics Suite X3

CyberLink Power2Go

Elements 9 Organizer

Elements STI Installer

Embroidery Fonts Plus

EN

essentials

EZ Fonts

Fantastic Fonts for Embroidery

File Type Assistant

FlexiSIGN 7.5v5

FontNav

Free File Viewer 2011

Gateway Games

Gateway Photo Frame 4.2.3.6

Gateway Recovery Management

Gateway ScreenSaver

GIMP 2.6.11

Google Toolbar for Internet Explorer

Google Update Helper

HASP Device Drivers

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Java Auto Updater

Java 6 Update 31

Java 6 Update 5

Junk Mail filter update

KB0817 Keyboard Driver

KODAK AiO Software

Malwarebytes Anti-Malware version 1.61.0.1400

Marvell Miniport Driver

McAfee SecurityCenter

McAfee Virtual Technician

Meebo Notifier

Microsoft Choice Guard

Microsoft Money Essentials

Microsoft Money Shared Libraries

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Home and Student 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Suite Activation Assistant

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Works

Microsoft_VC80_CRT_x86

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFCLOC_x86

Microsoft_VC90_CRT_x86

Mozilla Firefox 12.0 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

ocr

PL-2303 USB-to-Serial

PreReq

QuickTime

Realtek High Definition Audio Driver

SAi Production Suite

SecondLifeViewer2 (remove only)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition

Sentinel Protection Installer 7.5.0

Shop To Win

Skins

Skype Toolbars

Skype™ 5.3

Smart Sizer Platinum

Spybot - Search & Destroy

StartNow Toolbar

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Update Manager

VBA

Visual C++ 8.0 Runtime Setup Package (x64)

WebEx

Wilcom TrueSizer

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Mail

Windows Live Messenger

Windows Live Photo Gallery

Windows Live Sign-in Assistant

Windows Live Sync

Windows Live Upload Tool

Windows Live Writer

Xvid 1.2.2 final uninstall

Yahoo! BrowserPlus 2.9.8

Yahoo! Messenger

Yahoo! Software Update

Yahoo! Toolbar

.

==== Event Viewer Messages From Past Week ========

.

7/6/2012 1:06:35 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.

7/6/2012 1:06:35 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Security with the following error: Access is denied.

7/6/2012 1:06:35 PM, Error: Service Control Manager [7003] - The SBSD Security Center Service service depends the following service: wscsvc. This service might not be installed.

7/6/2012 1:06:35 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

7/6/2012 1:06:35 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

7/6/2012 1:06:35 PM, Error: Service Control Manager [7000] - The wntpport service failed to start due to the following error: The system cannot find the file specified.

7/6/2012 1:06:35 PM, Error: Service Control Manager [7000] - The Par1284 service failed to start due to the following error: This driver has been blocked from loading

7/6/2012 1:06:35 PM, Error: Service Control Manager [7000] - The Haspnt service failed to start due to the following error: This driver has been blocked from loading

7/6/2012 1:06:28 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

7/6/2012 1:05:36 PM, Error: Application Popup [1060] - \??\C:\Program Files (x86)\FlexiSIGN 7.5v5\Program\Par1284.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

7/6/2012 1:05:33 PM, Error: Application Popup [1060] - \??\C:\Windows\SysWow64\drivers\Haspnt.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

7/6/2012 1:05:17 PM, Error: Application Popup [1060] - \??\C:\Windows\SysWOW64\Drivers\sydexfdd.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

7/10/2012 4:10:02 PM, Error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.

7/10/2012 1:07:45 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Akamai service.

.

==== End Of File ===========================

dixiechs88 · July 11, 2012

finally, the dds gave logs...a root kit?

crap..i read zero access was no longer a rootkit on the rogue killer website

*sighs*

how likely is it i can fix without losing internet or having a system crash?

MrCharlie · July 11, 2012

We should be able to fix it, you read the warning about backdoor trojan... correct?

You have to do this..........

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
Use the arrow keys to select the Repair your computer menu item.
Select US as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

Insert the installation disc.
Restart your computer.
If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
Click Repair your computer.
Select US as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

- Startup Repair
  System Restore
  Windows Complete PC Restore
  Windows Memory Diagnostic Tool
  Command Prompt

[*]Select Command Prompt

[*]In the command window type in notepad and press Enter.

[*]The notepad opens. Under File menu select Open.

[*]Select "Computer" and find your flash drive letter and close the notepad.

[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter

Note: Replace letter e with the drive letter of your flash drive.

[*]The tool will start to run.

[*]When the tool opens click Yes to disclaimer.

[*]Press Scan button.

[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

MrC

dixiechs88 · July 11, 2012

am i not running a 32 bit system? it says it wont work on that (x86)?

MrCharlie · July 11, 2012

It says....

System: Windows Vista (6.0.6001 Service Pack 1) 64 bits version

Here's the links for both:

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

MrC

dixiechs88 · July 11, 2012

Scan result of Farbar Recovery Scan Tool Version: 11-07-2012

Ran by SYSTEM at 11-07-2012 15:14:19

Running from E:\

Windows Vista Home Premium Service Pack 1 (X64) OS Language: English(US)

The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7574048 2009-03-30] (Realtek Semiconductor)

HKLM\...\Run: [skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-03-30] (Realtek Semiconductor Corp.)

HKLM\...\Run: [DLCCCATS] rundll32 C:\Windows\system32\spool\DRIVERS\x64\3\DLCCtime.dll,RunDLLEntry [28672 2006-02-24] ()

HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [497648 2010-07-28] (Adobe Systems Incorporated)

HKLM\...\Run: [EKAIO2StatusMonitor] C:\Windows\system32\spool\DRIVERS\x64\3\EKAiO2MUI.exe [3240448 2012-03-16] (Eastman Kodak Company)

HKLM-x32\...\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [61440 2008-08-29] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [Gateway Photo Frame] "C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe" -A [123904 2009-05-05] (IOI)

HKLM-x32\...\Run: [LchDrvKey] LchDrvKey.exe [x]

HKLM-x32\...\Run: [LedKey] CNYHKey.exe [x]

HKLM-x32\...\Run: [CLMLServer] "C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe" [103720 2008-12-24] (CyberLink)

HKLM-x32\...\Run: [iSUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start [81920 2005-02-16] (InstallShield Software Corporation)

HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-03-17] (Apple Inc.)

HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1675160 2012-03-21] (McAfee, Inc.)

HKLM-x32\...\Run: [startNowToolbarHelper] "C:\Program Files (x86)\StartNow Toolbar\ToolbarHelper.exe" [x]

HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-03] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)

HKLM-x32\...\Run: [Conime] %windir%\system32\conime.exe [69120 2008-01-20] (Microsoft Corporation)

HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462408 2012-04-04] (Malwarebytes Corporation)

HKU\Amy\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [2438656 2008-01-20] (Microsoft Corporation)

HKU\Amy\...\Run: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)

HKU\Amy\...\Run: [iSUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup [221184 2005-02-16] (InstallShield Software Corporation)

HKU\Amy\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)

HKU\Amy\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [3883856 2009-07-26] (Microsoft Corporation)

HKU\Amy\...\Run: [Akamai NetSession Interface] "C:\Users\Amy\AppData\Local\Akamai\netsession_win.exe" [4327744 2012-05-26] (Akamai Technologies, Inc)

HKU\Amy\...\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet [6591800 2012-02-22] (Yahoo! Inc.)

HKU\Default\...\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2008-01-20] (Microsoft Corporation)

HKU\Default\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [2438656 2008-01-20] (Microsoft Corporation)

HKU\Default User\...\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2008-01-20] (Microsoft Corporation)

HKU\Default User\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [2438656 2008-01-20] (Microsoft Corporation)

HKLM-x32\...\Runonce: [spybotDeletingA555] command.com /c del "C:\Program Files (x86)\Free Offers from Freeze.com\control.txt" [x]

HKLM-x32\...\Runonce: [spybotDeletingC4755] cmd.exe /c del "C:\Program Files (x86)\Free Offers from Freeze.com\control.txt" [x]

HKLM-x32\...\Runonce: [spybotDeletingA3965] command.com /c del "C:\Program Files (x86)\Free Offers from Freeze.com\dolphinico.ico" [x]

HKLM-x32\...\Runonce: [spybotDeletingC3798] cmd.exe /c del "C:\Program Files (x86)\Free Offers from Freeze.com\dolphinico.ico" [x]

HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /install /silent [462408 2012-04-04] (Malwarebytes Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

Startup: C:\Users\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk

ShortcutTarget: WDDMStatus.lnk -> C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)

Startup: C:\Users\All Users\Start Menu\Programs\Startup\WDSmartWare.lnk

ShortcutTarget: WDSmartWare.lnk -> C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital)

==================== Services (Whitelisted) ======

2 Akamai; C:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll [4419392 2012-07-10] (Akamai Technologies, Inc)

2 atashost; "C:\Windows\SysWOW64\atashost.exe" [133944 2012-04-20] (Cisco WebEx LLC)

2 dlcc_device; C:\Windows\system32\dlcccoms.exe -service [566768 2007-02-14] ( )

2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [654408 2012-04-04] (Malwarebytes Corporation)

2 McAfee SiteAdvisor Service; "C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe" [102608 2011-08-10] (McAfee, Inc.)

2 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)

2 mcmscsvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)

2 McNaiAnn; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)

2 McNASvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)

3 McODS; "C:\Program Files\McAfee\VirusScan\mcods.exe" [502032 2012-04-19] (McAfee, Inc.)

2 McProxy; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)

2 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [199272 2012-03-20] (McAfee, Inc.)

2 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [210584 2012-03-20] (McAfee, Inc.)

2 mfevtp; "C:\Windows\system32\mfevtps.exe" [162192 2012-03-20] (McAfee, Inc.)

2 ProtexisLicensing; "C:\Program Files (x86)\Common Files\Protexis\License Service\PSIService.exe" [174656 2006-11-02] ()

2 SAiAdmin; "C:\Windows\SysWOW64\SAiAdmin.exe" [65536 2007-08-27] (TODO: <Company name>)

2 SAiDownloader; "C:\Program Files (x86)\SAi\SAi Production Suite\Program\SAiDownloaderVistaUI.exe" [417792 2007-09-11] (TODO: <Company name>)

2 SAiDownloaderVista; "C:\Windows\SysWOW64\SAiDownloaderVista.exe" [77824 2007-09-11] (TODO: <Company name>)

2 SAiLicSvr; "C:\Windows\SysWOW64\SAiLicSvr.exe" [86016 2007-12-19] (SA International)

2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)

2 SentinelKeysServer; "C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe" [328992 2008-07-10] (SafeNet, Inc.)

2 SpyHunter 4 Service; C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [1019328 2012-06-02] (Enigma Software Group USA, LLC.)

2 Updater Service for StartNow Toolbar; C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe [267488 2011-07-27] ()

2 yksvc; C:\Windows\System32\ykx64mpcoinst.dll [382464 2009-01-08] (Marvell)

========================== Drivers (Whitelisted) =============

3 akshasp; C:\Windows\System32\Drivers\akshasp.sys [90240 2006-12-04] (Aladdin Knowledge Systems Ltd.)

3 aksusb; C:\Windows\System32\Drivers\aksusb.sys [18688 2006-12-04] (Aladdin Knowledge Systems Ltd.)

3 cfwids; C:\Windows\System32\Drivers\cfwids.sys [65264 2012-02-22] (McAfee, Inc.)

3 cxpl_mhd; C:\Windows\System32\drivers\y_cx88x.sys [676992 2009-03-20] (Conexant Systems, Inc.)

3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [13088 2011-03-02] ()

2 Haspnt; C:\Windows\SysWow64\Drivers\Haspnt.sys [47616 2009-09-17] (Aladdin Knowledge Systems)

3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-04-04] (Malwarebytes Corporation)

3 mfeapfk; C:\Windows\System32\Drivers\mfeapfk.sys [160792 2012-02-22] (McAfee, Inc.)

3 mfeavfk; C:\Windows\System32\Drivers\mfeavfk.sys [229528 2012-02-22] (McAfee, Inc.)

3 mfefirek; C:\Windows\System32\Drivers\mfefirek.sys [487296 2012-02-22] (McAfee, Inc.)

0 mfehidk; C:\Windows\System32\Drivers\mfehidk.sys [647208 2012-02-22] (McAfee, Inc.)

1 mfenlfk; C:\Windows\System32\Drivers\mfenlfk.sys [75936 2012-02-22] (McAfee, Inc.)

3 mferkdet; C:\Windows\System32\Drivers\mferkdet.sys [100912 2012-02-22] (McAfee, Inc.)

1 mfewfpk; C:\Windows\System32\Drivers\mfewfpk.sys [289664 2012-02-22] (McAfee, Inc.)

2 Par1284; \??\C:\Program Files (x86)\FlexiSIGN 7.5v5\Program\Par1284.sys [53344 2004-07-13] (Warp Nine Engineering)

3 RTL85n64; C:\Windows\System32\Drivers\RTL85n64.sys [444960 2008-05-08] (Realtek)

3 Ser2pl; C:\Windows\System32\DRIVERS\ser2pl64.sys [92672 2009-01-14] (Prolific Technology Inc.)

3 SNTUSB64; C:\Windows\System32\Drivers\SNTUSB64.sys [58664 2008-07-11] (SafeNet, Inc.)

3 SydexFDD; C:\Windows\SysWow64\Drivers\SydexFDD.sys [13359 2009-08-06] (Windows ® 2000 DDK provider)

3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]

3 mfeavfk01; [x]

3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]

3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]

2 wntpport; [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-07-11 12:02 - 2012-07-11 12:02 - 00000000 ____D C:\FRST

2012-07-11 11:14 - 2012-07-11 11:15 - 00607260 ____R (Swearware) C:\Users\Amy\Desktop\dds.com

2012-07-11 11:06 - 2012-07-11 11:06 - 00003496 ____A C:\Users\Amy\Desktop\RKreport[1].txt

2012-07-11 11:00 - 2012-07-11 11:05 - 00000000 ____D C:\Users\Amy\Desktop\RK_Quarantine

2012-07-11 10:58 - 2012-07-11 10:58 - 00014366 ____A C:\Users\Amy\Desktop\1NewBreed1.dst

2012-07-11 10:38 - 2012-07-11 10:38 - 00008192 ____A C:\Users\Amy\Desktop\NewBreed11.dst

2012-07-11 07:16 - 2012-07-11 07:16 - 00014357 ____A C:\Users\Amy\Desktop\NewBreed1.dst

2012-07-11 05:43 - 2012-07-11 05:43 - 00000000 ____D C:\Users\Amy\AppData\Roaming\Malwarebytes

2012-07-11 05:42 - 2012-07-11 05:43 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-07-11 05:42 - 2012-07-11 05:42 - 00000950 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2012-07-11 05:42 - 2012-07-11 05:42 - 00000000 ____D C:\Users\All Users\Malwarebytes

2012-07-11 05:42 - 2012-07-11 05:42 - 00000000 ____D C:\Users\All Users\Application Data\Malwarebytes

2012-07-11 05:42 - 2012-04-04 12:56 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2012-07-10 13:19 - 2012-07-10 13:20 - 01445888 ____A (Option^Explicit Software Solutions) C:\Users\Amy\Desktop\WinsockxpFix.exe

2012-07-10 13:12 - 2012-07-10 13:13 - 00000000 ____D C:\sh4ldr

2012-07-10 13:12 - 2012-07-10 13:12 - 00000000 ____D C:\Program Files\Enigma Software Group

2012-07-10 13:11 - 2012-07-10 13:12 - 00000000 ____D C:\Windows\18F97AF04F884494AFE25A5702E142CC.TMP

2012-07-06 10:32 - 2012-07-06 10:32 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%

2012-07-06 10:26 - 2012-07-11 05:39 - 00000410 ____A C:\Windows\Tasks\vtscheduletask.job

2012-07-06 10:26 - 2012-07-06 10:26 - 00001985 ____A C:\Users\Public\Desktop\McAfee Virtual Technician.lnk

2012-07-06 10:26 - 2012-07-06 10:26 - 00000000 ____D C:\Users\Amy\AppData\Roaming\McAfee

2012-07-06 10:24 - 2012-07-06 10:24 - 00526800 ____A (McAfee, Inc.) C:\Users\Amy\Downloads\MVTInstaller.exe

2012-07-06 10:02 - 2012-07-06 10:02 - 00023937 ____A C:\Users\Amy\Desktop\smMJpitchfork2 (2).dst

2012-07-06 09:19 - 2012-07-06 09:19 - 00056832 ____A C:\Users\Amy\Desktop\enon2.fs

2012-07-06 09:16 - 2012-07-06 09:16 - 00062464 ____A C:\Users\Amy\Desktop\enon1.fs

2012-07-06 09:14 - 2012-07-06 09:17 - 00000000 ____D C:\Users\Amy\Documents\Enon Chlidrens T 2012

2012-07-06 09:11 - 2012-07-06 09:11 - 00104960 ____A C:\Users\Amy\Desktop\al oil.fs

2012-07-06 09:08 - 2012-07-06 09:09 - 00000000 ____D C:\Users\Amy\Documents\Ala Oil FINAL

2012-07-06 08:10 - 2012-07-06 08:10 - 00337800 ____A C:\Users\Amy\Desktop\1New Breed Archery logo.EPS

2012-07-06 08:07 - 2012-07-06 08:07 - 00376838 ____A C:\Users\Amy\Desktop\New Breed Archery No Hype Just Hunt.EPS

2012-07-03 12:08 - 2012-07-03 12:08 - 04843130 ____A C:\Users\Amy\Desktop\wiredtogetherfinal.eps

2012-07-03 12:08 - 2012-07-03 12:08 - 04554914 ____A C:\Users\Amy\Desktop\volunteer2.eps

2012-07-03 12:08 - 2012-07-03 12:08 - 02695350 ____A C:\Users\Amy\Desktop\lcfinal.eps

2012-07-03 08:27 - 2012-07-03 08:27 - 00000000 __RSD C:\Users\Amy\Documents\My Stationery

2012-07-02 10:19 - 2012-07-06 10:02 - 00094720 ____A C:\Users\Amy\Desktop\argi.fs

2012-06-26 11:54 - 2012-06-26 11:54 - 00285184 ____A C:\Users\Amy\Desktop\SB-CUP LOGO CIRCLE.fs

2012-06-26 11:20 - 2012-06-26 11:20 - 00067127 ____A C:\Users\Amy\Desktop\Macon_Braves.eps

2012-06-25 11:00 - 2012-06-25 11:00 - 00005280 ____A C:\Users\Amy\Desktop\building.exp

2012-06-25 09:37 - 2012-06-25 09:37 - 00004344 ____A C:\Users\Amy\Desktop\bs.exp

2012-06-25 07:10 - 2012-06-25 07:10 - 00000000 ____D C:\Users\Amy\AppData\Local\Macromedia

2012-06-19 12:05 - 2012-06-19 12:05 - 01338521 ____A C:\Users\Amy\Desktop\Fruit of the Spirit.eps

2012-06-19 12:05 - 2012-06-19 12:05 - 00136367 ____A C:\Users\Amy\Desktop\Camp Logo.eps

2012-06-14 08:26 - 2012-06-14 08:29 - 00005182 ____A C:\Users\Amy\Desktop\mustangs.exp

2012-06-14 08:10 - 2012-06-14 08:32 - 00004820 ____A C:\Users\Amy\Desktop\basball.exp

2012-06-14 08:09 - 2012-06-14 08:09 - 00005188 ____A C:\Users\Amy\Documents\stangs.exp

2012-06-12 12:52 - 2012-06-26 12:09 - 00121856 ____A C:\Users\Amy\Desktop\Hand Landscaping Logo.fs

2012-06-12 12:50 - 2012-06-12 12:50 - 00449372 ____A C:\Users\Amy\Desktop\Hand Landscaping Logo.eps

2012-06-12 12:30 - 2012-06-12 12:31 - 11937628 ____A C:\Users\Amy\Desktop\Alabama Oil Logo.tif

2012-06-12 12:26 - 2012-06-12 12:26 - 03824975 ____A C:\Users\Amy\Desktop\Hand Logo.eps

============ 3 Months Modified Files ========================

2012-07-11 12:07 - 2009-07-06 07:42 - 01630492 ____A C:\Windows\WindowsUpdate.log

2012-07-11 12:07 - 2006-11-02 07:42 - 00032580 ____A C:\Windows\Tasks\SCHEDLGU.TXT

2012-07-11 12:07 - 2006-11-02 07:42 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2012-07-11 12:07 - 2006-11-02 07:22 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

2012-07-11 12:07 - 2006-11-02 07:22 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

2012-07-11 11:34 - 2006-11-02 04:46 - 00709582 ____A C:\Windows\System32\PerfStringBackup.INI

2012-07-11 11:22 - 2010-02-03 06:22 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2012-07-11 11:15 - 2012-07-11 11:14 - 00607260 ____R (Swearware) C:\Users\Amy\Desktop\dds.com

2012-07-11 11:09 - 2012-04-09 05:50 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2012-07-11 11:06 - 2012-07-11 11:06 - 00003496 ____A C:\Users\Amy\Desktop\RKreport[1].txt

2012-07-11 10:58 - 2012-07-11 10:58 - 00014366 ____A C:\Users\Amy\Desktop\1NewBreed1.dst

2012-07-11 10:38 - 2012-07-11 10:38 - 00008192 ____A C:\Users\Amy\Desktop\NewBreed11.dst

2012-07-11 07:16 - 2012-07-11 07:16 - 00014357 ____A C:\Users\Amy\Desktop\NewBreed1.dst

2012-07-11 06:25 - 2012-03-01 07:25 - 00000398 ____A C:\Windows\Tasks\FreeFileViewerUpdateChecker.job

2012-07-11 05:42 - 2012-07-11 05:42 - 00000950 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2012-07-11 05:39 - 2012-07-06 10:26 - 00000410 ____A C:\Windows\Tasks\vtscheduletask.job

2012-07-11 05:38 - 2010-02-03 06:22 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2012-07-10 13:20 - 2012-07-10 13:19 - 01445888 ____A (Option^Explicit Software Solutions) C:\Users\Amy\Desktop\WinsockxpFix.exe

2012-07-10 05:52 - 2009-09-17 12:34 - 00000740 ____A C:\Windows\wininit.ini

2012-07-06 10:26 - 2012-07-06 10:26 - 00001985 ____A C:\Users\Public\Desktop\McAfee Virtual Technician.lnk

2012-07-06 10:24 - 2012-07-06 10:24 - 00526800 ____A (McAfee, Inc.) C:\Users\Amy\Downloads\MVTInstaller.exe

2012-07-06 10:14 - 2008-01-20 19:26 - 00332044 ____A C:\Windows\PFRO.log

2012-07-06 10:02 - 2012-07-06 10:02 - 00023937 ____A C:\Users\Amy\Desktop\smMJpitchfork2 (2).dst

2012-07-06 10:02 - 2012-07-02 10:19 - 00094720 ____A C:\Users\Amy\Desktop\argi.fs

2012-07-06 10:02 - 2009-09-21 11:11 - 00017158 ____A C:\Windows\winltr.ini

2012-07-06 09:19 - 2012-07-06 09:19 - 00056832 ____A C:\Users\Amy\Desktop\enon2.fs

2012-07-06 09:16 - 2012-07-06 09:16 - 00062464 ____A C:\Users\Amy\Desktop\enon1.fs

2012-07-06 09:11 - 2012-07-06 09:11 - 00104960 ____A C:\Users\Amy\Desktop\al oil.fs

2012-07-06 08:10 - 2012-07-06 08:10 - 00337800 ____A C:\Users\Amy\Desktop\1New Breed Archery logo.EPS

2012-07-06 08:07 - 2012-07-06 08:07 - 00376838 ____A C:\Users\Amy\Desktop\New Breed Archery No Hype Just Hunt.EPS

2012-07-06 07:46 - 2010-02-12 09:14 - 00002655 ____A C:\Users\Amy\Desktop\CorelDRAW 12.lnk

2012-07-03 12:08 - 2012-07-03 12:08 - 04843130 ____A C:\Users\Amy\Desktop\wiredtogetherfinal.eps

2012-07-03 12:08 - 2012-07-03 12:08 - 04554914 ____A C:\Users\Amy\Desktop\volunteer2.eps

2012-07-03 12:08 - 2012-07-03 12:08 - 02695350 ____A C:\Users\Amy\Desktop\lcfinal.eps

2012-07-03 08:52 - 2012-04-09 05:50 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2012-07-03 08:52 - 2011-09-12 05:20 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2012-06-26 12:09 - 2012-06-12 12:52 - 00121856 ____A C:\Users\Amy\Desktop\Hand Landscaping Logo.fs

2012-06-26 11:54 - 2012-06-26 11:54 - 00285184 ____A C:\Users\Amy\Desktop\SB-CUP LOGO CIRCLE.fs

2012-06-26 11:20 - 2012-06-26 11:20 - 00067127 ____A C:\Users\Amy\Desktop\Macon_Braves.eps

2012-06-26 05:44 - 2009-04-09 21:43 - 00001048 ____A C:\Users\Public\Desktop\Microsoft Works.lnk

2012-06-25 11:00 - 2012-06-25 11:00 - 00005280 ____A C:\Users\Amy\Desktop\building.exp

2012-06-25 09:37 - 2012-06-25 09:37 - 00004344 ____A C:\Users\Amy\Desktop\bs.exp

2012-06-19 12:05 - 2012-06-19 12:05 - 01338521 ____A C:\Users\Amy\Desktop\Fruit of the Spirit.eps

2012-06-19 12:05 - 2012-06-19 12:05 - 00136367 ____A C:\Users\Amy\Desktop\Camp Logo.eps

2012-06-14 08:32 - 2012-06-14 08:10 - 00004820 ____A C:\Users\Amy\Desktop\basball.exp

2012-06-14 08:29 - 2012-06-14 08:26 - 00005182 ____A C:\Users\Amy\Desktop\mustangs.exp

2012-06-14 08:09 - 2012-06-14 08:09 - 00005188 ____A C:\Users\Amy\Documents\stangs.exp

2012-06-13 00:01 - 2006-11-02 04:35 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe

2012-06-12 12:50 - 2012-06-12 12:50 - 00449372 ____A C:\Users\Amy\Desktop\Hand Landscaping Logo.eps

2012-06-12 12:31 - 2012-06-12 12:30 - 11937628 ____A C:\Users\Amy\Desktop\Alabama Oil Logo.tif

2012-06-12 12:26 - 2012-06-12 12:26 - 03824975 ____A C:\Users\Amy\Desktop\Hand Logo.eps

2012-06-06 11:18 - 2012-06-06 11:18 - 00038123 ____A C:\Users\Amy\Desktop\Advocare.dst

2012-06-01 06:17 - 2012-06-01 06:17 - 00133120 ____A C:\Users\Amy\Desktop\rooted.fs

2012-06-01 06:13 - 2012-06-01 06:12 - 01533957 ____A C:\Users\Amy\Desktop\rooted_softball_bw.eps

2012-06-01 05:41 - 2012-06-01 05:41 - 01083645 ____A C:\Users\Amy\Desktop\rooted_softball_grey.eps

2012-06-01 05:41 - 2012-06-01 05:41 - 01081386 ____A C:\Users\Amy\Desktop\rooted_softball_blue.eps

2012-06-01 05:37 - 2012-06-01 05:37 - 01081842 ____A C:\Users\Amy\Desktop\rooted_softball_carolina.eps

2012-05-30 11:52 - 2006-11-02 07:21 - 01025768 ____A C:\Windows\System32\FNTCACHE.DAT

2012-05-25 06:46 - 2009-09-16 09:03 - 00355696 ____A C:\Users\Amy\AppData\Local\GDIPFONTCACHEV1.DAT

2012-05-24 12:20 - 2012-06-07 07:52 - 00029166 ____A C:\Users\Amy\Desktop\bart.dst

2012-05-23 12:24 - 2012-05-23 12:24 - 00083968 ____A C:\Users\Amy\Desktop\flames.fs

2012-05-23 08:25 - 2012-05-23 08:25 - 00011447 ____A C:\Users\Amy\Desktop\Bermco1.dst

2012-05-18 05:55 - 2012-06-07 07:53 - 00018708 ____A C:\Users\Amy\Desktop\USFA.dst

2012-05-16 08:27 - 2009-09-28 07:04 - 00002984 __ASH C:\Windows\SysWOW64\KGyGaAvL.sys

2012-05-16 08:27 - 2009-09-28 07:04 - 00000088 __RSH C:\Windows\SysWOW64\8901C0D7E9.sys

2012-05-15 09:16 - 2012-06-07 07:52 - 00014283 ____A C:\Users\Amy\Desktop\argie.dst

2012-05-11 11:31 - 2012-06-07 07:53 - 00010167 ____A C:\Users\Amy\Desktop\speed.dst

2012-05-11 11:11 - 2012-05-11 11:11 - 00004056 ____A C:\Users\Amy\Documents\sct1.exp

2012-05-08 11:49 - 2012-05-08 11:49 - 00001898 ____A C:\Users\Public\Desktop\EZ Fonts.lnk

2012-05-08 10:03 - 2012-05-08 10:03 - 01401427 ____A C:\Users\Amy\Desktop\Untitled3.eps

2012-04-30 10:50 - 2006-11-02 07:27 - 00101666 ____A C:\Windows\setupact.log

2012-04-25 13:32 - 2012-04-25 13:32 - 05333031 ____A C:\Users\Amy\Downloads\ornate-frames.zip

2012-04-20 07:57 - 2012-04-20 07:57 - 00215864 ____A (Cisco WebEx LLC) C:\Windows\SysWOW64\atsckernel.exe

2012-04-20 07:57 - 2012-04-20 07:57 - 00133944 ____A (Cisco WebEx LLC) C:\Windows\SysWOW64\atashost.exe

2012-04-20 07:13 - 2012-04-20 07:11 - 00002570 ____A C:\Users\Amy\AppData\Local\installer.log

2012-04-20 07:03 - 2012-04-20 07:03 - 00002061 ____A C:\Users\Public\Desktop\KODAK AiO Home Center.lnk

2012-04-17 08:15 - 2009-12-18 06:52 - 00002256 ____A C:\Users\Amy\AppData\Roaming\wklnhst.dat

2012-04-17 08:14 - 2012-04-17 08:14 - 01485077 ____A C:\Users\Amy\Downloads\attachments_2012_04_17.zip

ZeroAccess:

C:\Windows\Installer\{0561cdcb-d04c-42a8-dbdd-e535a4706eb5}

C:\Windows\Installer\{0561cdcb-d04c-42a8-dbdd-e535a4706eb5}\@

C:\Windows\Installer\{0561cdcb-d04c-42a8-dbdd-e535a4706eb5}\L

C:\Windows\Installer\{0561cdcb-d04c-42a8-dbdd-e535a4706eb5}\U

C:\Windows\Installer\{0561cdcb-d04c-42a8-dbdd-e535a4706eb5}\L\00000004.@

C:\Windows\Installer\{0561cdcb-d04c-42a8-dbdd-e535a4706eb5}\L\1afb2d56

C:\Windows\Installer\{0561cdcb-d04c-42a8-dbdd-e535a4706eb5}\L\201d3dde

C:\Windows\Installer\{0561cdcb-d04c-42a8-dbdd-e535a4706eb5}\U\00000004.@

C:\Windows\Installer\{0561cdcb-d04c-42a8-dbdd-e535a4706eb5}\U\00000008.@

C:\Windows\Installer\{0561cdcb-d04c-42a8-dbdd-e535a4706eb5}\U\000000cb.@

C:\Windows\Installer\{0561cdcb-d04c-42a8-dbdd-e535a4706eb5}\U\80000000.@

C:\Windows\Installer\{0561cdcb-d04c-42a8-dbdd-e535a4706eb5}\U\80000032.@

C:\Windows\Installer\{0561cdcb-d04c-42a8-dbdd-e535a4706eb5}\U\80000064.@

ZeroAccess:

C:\Users\Amy\AppData\Local\{0561cdcb-d04c-42a8-dbdd-e535a4706eb5}

C:\Users\Amy\AppData\Local\{0561cdcb-d04c-42a8-dbdd-e535a4706eb5}\@

C:\Users\Amy\AppData\Local\{0561cdcb-d04c-42a8-dbdd-e535a4706eb5}\L

C:\Users\Amy\AppData\Local\{0561cdcb-d04c-42a8-dbdd-e535a4706eb5}\n

C:\Users\Amy\AppData\Local\{0561cdcb-d04c-42a8-dbdd-e535a4706eb5}\U

ZeroAccess:

C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:

C:\Windows\assembly\GAC_64\Desktop.ini

========================= Known DLLs (Whitelisted) ============

========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe BA539D2CE99C05A180EC518EA2040D6A ZeroAccess <==== ATTENTION!.

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 8%

Total physical RAM: 7934.26 MB

Available physical RAM: 7292.02 MB

Total Pagefile: 7693.14 MB

Available Pagefile: 7269.6 MB

Total Virtual: 8192 MB

Available Virtual: 8191.91 MB

======================= Partitions =========================

2 Drive c: (OS) (Fixed) (Total:916.86 GB) (Free:727.23 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

3 Drive d: (040722_1136) (CDROM) (Total:0.57 GB) (Free:0 GB) CDFS

4 Drive e: () (Removable) (Total:0.99 GB) (Free:0.9 GB) FAT

10 Drive x: (PQSERVICE) (Fixed) (Total:14.65 GB) (Free:4.5 GB) NTFS

Disk ### Status Size Free Dyn Gpt

-------- ---------- ------- ------- --- ---

Disk 0 Online 932 GB 0 B

Disk 1 Online 1010 MB 0 B

Disk 2 No Media 0 B 0 B

Disk 3 No Media 0 B 0 B

Disk 4 No Media 0 B 0 B

Disk 5 No Media 0 B 0 B

Disk 6 No Media 0 B 0 B

Partitions of Disk 0:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 OEM 15 GB 1024 KB

Partition 2 Primary 917 GB 15 GB

==================================================================================

Disk: 0

Partition 1

Type : 27

Hidden: Yes

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 8 X PQSERVICE NTFS Partition 15 GB Healthy Hidden

==================================================================================

Disk: 0

Partition 2

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 1 C OS NTFS Partition 917 GB Healthy

==================================================================================

Partitions of Disk 1:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

* Partition 1 Primary 1010 MB 0 B

==================================================================================

Disk: 1

There is no partition selected.

Please select a partition and try again.

==================================================================================

==========================================================

Last Boot: 2012-07-11 11:11

======================= End Of Log ==========================

MrCharlie · July 11, 2012

OK......

services.exe is infected and has to be replaced:

C:\Windows\System32\services.exe BA539D2CE99C05A180EC518EA2040D6A ZeroAccess <==== ATTENTION!.

In Vista or Windows 7: Boot to System Recovery Options and run FRST.

Type the following in the edit box after "Search:".

services.exe

It then should look like:

Search: services.exe

Click Search button and post the log (Search.txt) it makes to your reply.

MrC

dixiechs88 · July 11, 2012

Farbar Recovery Scan Tool Version: 11-07-2012

Ran by SYSTEM at 2012-07-11 15:39:20

Running from D:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe

[2008-01-20 18:50] - [2008-01-20 18:50] - 0279040 ____A (Microsoft Corporation) 2B336AB6286D6C81FA02CBAB914E3C6C

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_2b7e5beb85a67240\services.exe

[2008-01-20 18:49] - [2008-01-20 18:49] - 0384512 ____A (Microsoft Corporation) DFAC660F0F139276CC9299812DE42719

C:\Windows\SysWOW64\services.exe

[2008-01-20 18:50] - [2008-01-20 18:50] - 0279040 ____A (Microsoft Corporation) 2B336AB6286D6C81FA02CBAB914E3C6C

C:\Windows\System32\services.exe

[2008-01-20 18:49] - [2008-01-20 18:49] - 0384512 ____A (Microsoft Corporation) BA539D2CE99C05A180EC518EA2040D6A

C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe

[2009-09-21 06:10] - [2009-04-10 22:27] - 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B

C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe

[2009-09-21 06:10] - [2009-04-10 23:10] - 0384512 ____A (Microsoft Corporation) 934E0B7D77FF78C18D9F8891221B6DE3

====== End Of Search ======

MrCharlie · July 11, 2012

OK, here you go......

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt


C:\Windows\Installer\{0561cdcb-d04c-42a8-dbdd-e535a4706eb5}
C:\Windows\Installer\{0561cdcb-d04c-42a8-dbdd-e535a4706eb5}\@
C:\Windows\Installer\{0561cdcb-d04c-42a8-dbdd-e535a4706eb5}\L
C:\Windows\Installer\{0561cdcb-d04c-42a8-dbdd-e535a4706eb5}\U
C:\Windows\Installer\{0561cdcb-d04c-42a8-dbdd-e535a4706eb5}\L\00000004.@
C:\Windows\Installer\{0561cdcb-d04c-42a8-dbdd-e535a4706eb5}\L\1afb2d56
C:\Windows\Installer\{0561cdcb-d04c-42a8-dbdd-e535a4706eb5}\L\201d3dde
C:\Windows\Installer\{0561cdcb-d04c-42a8-dbdd-e535a4706eb5}\U\00000004.@
C:\Windows\Installer\{0561cdcb-d04c-42a8-dbdd-e535a4706eb5}\U\00000008.@
C:\Windows\Installer\{0561cdcb-d04c-42a8-dbdd-e535a4706eb5}\U\000000cb.@
C:\Windows\Installer\{0561cdcb-d04c-42a8-dbdd-e535a4706eb5}\U\80000000.@
C:\Windows\Installer\{0561cdcb-d04c-42a8-dbdd-e535a4706eb5}\U\80000032.@
C:\Windows\Installer\{0561cdcb-d04c-42a8-dbdd-e535a4706eb5}\U\80000064.@
C:\Users\Amy\AppData\Local\{0561cdcb-d04c-42a8-dbdd-e535a4706eb5}
C:\Users\Amy\AppData\Local\{0561cdcb-d04c-42a8-dbdd-e535a4706eb5}\@
C:\Users\Amy\AppData\Local\{0561cdcb-d04c-42a8-dbdd-e535a4706eb5}\L
C:\Users\Amy\AppData\Local\{0561cdcb-d04c-42a8-dbdd-e535a4706eb5}\n
C:\Users\Amy\AppData\Local\{0561cdcb-d04c-42a8-dbdd-e535a4706eb5}\U
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
Replace: C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_2b7e5beb85a67240\services.exe C:\Windows\System32\services.exe

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST64 and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

MrC

dixiechs88 · July 11, 2012

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 11-07-2012

Ran by SYSTEM at 2012-07-11 16:00:13 Run:1

Running from D:\

==============================================

Could not find cb-d04c-42a8-dbdd-e535a4706eb5}C:\Windows\Installer\{0561cdcb-d04c-42a8-dbdd-e535a4706eb5}\@C:\Windows\Installer\{0561cdcb-d04c-42a8-dbdd-e535a4706eb5}\LC:\Windows\Installer\{0561cdcb-d04c-42a8-dbdd-e535a4706eb5}\UC:\Windows\Installer\{0561cdcb-d04c-42a8-dbdd-e535a4706eb5}\L\00000004.@C:\Windows\Installer\{0561cdcb-d04c-42a8-dbdd-e535a4706eb5}\L\1afb2d56C:\Windows\Installer\{0561cdcb-d04c-42a8-dbdd-e535a4706eb5}\L\201d3ddeC:\Windows\Installer\{0561cdcb-d04c-42a8-dbdd-e535a4706eb5}\U\00000004.@C:\Windows\Installer\{0561cdcb-d04c-42a8-dbdd-e535a4706eb5}\U\00000008.@C:\Windows\Installer\{0561cdcb-d04c-42a8-dbdd-e535a4706eb5}\U\000000cb.@C:\Windows\Installer\{0561cdcb-d04c-42a8-dbdd-e535a4706eb5}\U\80000000.@C:\Windows\Installer\{0561cdcb-d04c-42a8-dbdd-e535a4706eb5}\U\80000032.@C:\Windows\Installer\{0561cdcb-d04c-42a8-dbdd-e535a4706eb5}\U\80000064.@C:\Users\Amy\AppData\Local\{0561cdcb-d04c-42a8-dbdd-e535a4706eb5}C:\Users\Amy\AppData\Local\{0561cdcb-d04c-42a8-dbdd-e535a4706eb5}\@C:\Users\Amy\AppData\Local\{0561cdcb-d04c-42a8-dbdd-e535a4706eb5}\LC:\Users\Amy\AppData\Local\{0561cdcb-d04c-42a8-dbdd-e535a4706eb5}\nC:\Users\Amy\AppData\Local\{0561cdcb-d04c-42a8-dbdd-e535a4706eb5}\UC:\Windows\assembly\GAC_32\Desktop.iniC:\Windows\assembly\GAC_64\Desktop.iniC:\Windows\System32\services.exe.

Could not find cb-d04c-42a8-dbdd-e535a4706eb5}C:\Windows\Installer\{0561cdcb-d04c-42a8-dbdd-e535a4706eb5}\@C:\Windows\Installer\{0561cdcb-d04c-42a8-dbdd-e535a4706eb5}\LC:\Windows\Installer\{0561cdcb-d04c-42a8-dbdd-e535a4706eb5}\UC:\Windows\Installer\{0561cdcb-d04c-42a8-dbdd-e535a4706eb5}\L\00000004.@C:\Windows\Installer\{0561cdcb-d04c-42a8-dbdd-e535a4706eb5}\L\1afb2d56C:\Windows\Installer\{0561cdcb-d04c-42a8-dbdd-e535a4706eb5}\L\201d3ddeC:\Windows\Installer\{0561cdcb-d04c-42a8-dbdd-e535a4706eb5}\U\00000004.@C:\Windows\Installer\{0561cdcb-d04c-42a8-dbdd-e535a4706eb5}\U\00000008.@C:\Windows\Installer\{0561cdcb-d04c-42a8-dbdd-e535a4706eb5}\U\000000cb.@C:\Windows\Installer\{0561cdcb-d04c-42a8-dbdd-e535a4706eb5}\U\80000000.@C:\Windows\Installer\{0561cdcb-d04c-42a8-dbdd-e535a4706eb5}\U\80000032.@C:\Windows\Installer\{0561cdcb-d04c-42a8-dbdd-e535a4706eb5}\U\80000064.@C:\Users\Amy\AppData\Local\{0561cdcb-d04c-42a8-dbdd-e535a4706eb5}C:\Users\Amy\AppData\Local\{0561cdcb-d04c-42a8-dbdd-e535a4706eb5}\@C:\Users\Amy\AppData\Local\{0561cdcb-d04c-42a8-dbdd-e535a4706eb5}\LC:\Users\Amy\AppData\Local\{0561cdcb-d04c-42a8-dbdd-e535a4706eb5}\nC:\Users\Amy\AppData\Local\{0561cdcb-d04c-42a8-dbdd-e535a4706eb5}\UC:\Windows\assembly\GAC_32\Desktop.iniC:\Windows\assembly\GAC_64\Desktop.iniC:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_2b7e5beb85a67240\services.exe.

==== End of Fixlog ====

MrCharlie · July 11, 2012

That doesn't look right, run me another scan as before:

http://forums.malwarebytes.org/index.php?showtopic=112325&view=findpost&p=569441

MrC

dixiechs88 · July 11, 2012

MrC

will do, but it will be in the am

otherwise, i am going to be locked into my work overnight!

hope to continue in the am

amy

MrCharlie · July 11, 2012

OK, no problem...MrC

dixiechs88 · July 11, 2012

Scan result of Farbar Recovery Scan Tool Version: 11-07-2012

Ran by SYSTEM at 11-07-2012 16:33:22

Running from D:\

Windows Vista ™ Home Premium Service Pack 1 (X64) OS Language: English(US)