Jump to content

LiveSearch Mal Ware


Recommended Posts

  • Staff

Please do the following:

Download the appropriate version for your system of the Farbar Recovery Scan Tool and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

On the System Recovery Options menu you will get the following options:


    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt

[*]Select Command Prompt

[*]In the command window type in notepad and press Enter.

[*]The notepad opens. Under File menu select Open.

[*]Select "Computer" and find your flash drive letter and close the notepad.

[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter

Note: Replace letter e with the drive letter of your flash drive.

[*]The tool will start to run.

[*]When the tool opens click Yes to the disclaimer.

[*]Place a check next to List Drivers MD5 as well as the default check marks that are already there

[*]Press Scan button.

[*]type exit and reboot the computer normally

[*]FRST will make a log (FRST.txt) on the flash drive, please copy and paste the log in your reply.

Link to post
Share on other sites

thank you for the advice, but for some reason the F8 option is not available to me only the F2 and F12 options are available to me. When I used either one of these options they did not take me to the next step of Advanced Boot Options or Reapir your Computer option.

Any ideas? Is it because I have a Dell?

Link to post
Share on other sites

  • Staff

you will need to make a repair disk as it doesn't appear the recovery environment is pre-installed on your machine:

  • Click on Start(Windows 7 Orb) >> Run...(or the Windows key and R together) to bring up the Run box, then copy/paste the following command into the box and click on OK:
    recdisc.exe
  • Allow the UAC(User Account Control) prompt via selecting Yes.
  • You should now see a menu like the below:-

WTSRD1.gif

  • Put a blank rewritable CD/DVD in your optical(CD/DVD) drive and then click on Create disc.
  • Note: If a AutoPlay window pops up, just close it.
  • When the SRD has been created you will see the below:-

WTSRD2.gif

  • Now click on Close >> OK. Leave the disc in the drive as we will be using it shortly.
  • You now have a Windows 7 System Repair Disc.

Use this CD to boot the ailing computer instead of tapping on F8, and proceed with the instructions above in the command prompt.

Link to post
Share on other sites

Thank You for the help thus far, here is what the report says:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-12-2012 (ATTENTION: FRST version is 7 days old)

Ran by SYSTEM at 18-12-2012 22:05:59

Running from E:\

Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)

The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe [608112 2011-03-29] (Alps Electric Co., Ltd.)

HKLM\...\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-05-27] (IDT, Inc.)

HKLM\...\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe [3668336 2011-03-24] (Dell Inc.)

HKLM\...\Run: [AtherosBtStack] "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe" [1021056 2012-03-08] (Atheros Commnucations)

HKLM\...\Run: [AthBtTray] "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe" [800896 2012-03-08] (Atheros Commnucations)

HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [499608 2011-06-16] (Adobe Systems Incorporated)

HKLM\...\Run: [MouseDriver] TiltWheelMouse.exe [x]

HKLM-x32\...\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-12] (Intel Corporation)

HKLM-x32\...\Run: [] [x]

HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1535112 2012-09-12] (McAfee, Inc.)

HKLM-x32\...\Run: [instaLAN] "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup [1884064 2011-11-14] (Affinegy, Inc.)

HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-11-28] (Apple Inc.)

HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [151952 2012-11-28] (Apple Inc.)

HKLM-x32\...\Run: [sendori Tray] "C:\Program Files (x86)\Sendori\SendoriTray.exe" [82792 2012-12-10] (Sendori, Inc.)

HKU\Kyle\...\Run: [Google Update] "C:\Users\Kyle\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-05-23] (Google Inc.)

HKU\Kyle\...\Run: [Facebook Update] "C:\Users\Kyle\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-07-11] (Facebook Inc.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

Startup: C:\Users\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe (McAfee, Inc.)

==================== Services (Whitelisted) ===================

4 AdobeActiveFileMonitor10.0; C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-01] (Adobe Systems Incorporated)

2 AffinegyService; "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe" [563104 2011-11-14] (Affinegy, Inc.)

2 Application Sendori; C:\Program Files (x86)\Sendori\SendoriSvc.exe [118632 2012-12-10] (Sendori, Inc.)

2 bProtector; C:\ProgramData\bProtectorForWindows\2.2.453.59\bProtect.exe [1677856 2012-06-21] (bProtector)

2 Giraffic; C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe --service [2232504 2012-07-02] (Giraffic)

2 ioloSystemService; "C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe" [1053184 2012-12-06] (iolo technologies, LLC)

2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [399432 2012-09-29] (Malwarebytes Corporation)

2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [676936 2012-09-29] (Malwarebytes Corporation)

2 McAfee SiteAdvisor Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.)

3 McAWFwk; C:\PROGRA~1\mcafee\msc\mcawfwk.exe [220528 2010-08-30] (McAfee, Inc.)

3 McComponentHostService; "C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe" [234776 2012-09-05] (McAfee, Inc.)

2 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.)

2 mcmscsvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.)

2 McNaiAnn; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.)

2 McNASvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.)

3 McODS; "C:\Program Files\McAfee\VirusScan\mcods.exe" [383608 2012-11-16] (McAfee, Inc.)

4 McOobeSv; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.)

2 McProxy; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.)

2 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [241016 2012-11-09] (McAfee, Inc.)

2 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [218320 2012-11-09] (McAfee, Inc.)

2 mfevtp; "C:\windows\system32\mfevtps.exe" [177680 2012-11-09] (McAfee, Inc.)

2 Service Sendori; C:\Program Files (x86)\Sendori\Sendori.Service.exe [14696 2012-12-10] (sendori)

2 sndappv2; C:\Program Files (x86)\Sendori\sndappv2.exe [3569512 2012-12-10] (Sendori)

4 WajamUpdater; "C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe" [109064 2012-06-14] (Wajam)

2 YNanoService; C:\Program Files (x86)\Yahoo!\YNanoClient\cpn0\YNanoService.exe [157016 2012-07-25] (Yahoo! Inc.)

2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [159360 2012-03-08] (Atheros)

2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [77824 2012-03-28] (Atheros)

==================== Drivers (Whitelisted) =====================

3 cfwids; C:\Windows\System32\Drivers\cfwids.sys [69672 2012-11-09] (McAfee, Inc.)

1 ElRawDisk; \??\C:\windows\system32\drivers\ElRawDsk.sys [31432 2012-04-17] (EldoS Corporation)

3 HipShieldK; C:\Windows\System32\Drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)

3 MBAMProtector; \??\C:\windows\system32\drivers\mbam.sys [25928 2012-09-29] (Malwarebytes Corporation)

3 mfeapfk; C:\Windows\System32\Drivers\mfeapfk.sys [178840 2012-11-09] (McAfee, Inc.)

3 mfeavfk; C:\Windows\System32\Drivers\mfeavfk.sys [309400 2012-11-09] (McAfee, Inc.)

3 mfefirek; C:\Windows\System32\Drivers\mfefirek.sys [515528 2012-11-09] (McAfee, Inc.)

0 mfehidk; C:\Windows\System32\Drivers\mfehidk.sys [771096 2012-11-09] (McAfee, Inc.)

3 mferkdet; C:\Windows\System32\Drivers\mferkdet.sys [106112 2012-11-09] (McAfee, Inc.)

0 mfewfpk; C:\Windows\System32\Drivers\mfewfpk.sys [339776 2012-11-09] (McAfee, Inc.)

3 t_mouse.sys; C:\Windows\System32\DRIVERS\t_mouse.sys [25088 2009-04-16] ()

3 mfeavfk01; [x]

3 PCDSRVC{1E208CE0-FB7451FF-06020200}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [x]

==================== NetSvcs (Whitelisted) ====================

==================== One Month Created Files and Folders ========

2012-12-18 22:05 - 2012-12-18 22:05 - 00000000 ____D C:\FRST

2012-12-17 19:01 - 2012-12-17 19:01 - 00000000 ____D C:\Users\Kyle\Application Data\Malwarebytes

2012-12-17 19:01 - 2012-12-17 19:01 - 00000000 ____D C:\Users\Kyle\AppData\Roaming\Malwarebytes

2012-12-17 19:00 - 2012-12-17 19:00 - 00000000 ____D C:\Users\All Users\Malwarebytes

2012-12-17 19:00 - 2012-12-17 19:00 - 00000000 ____D C:\Users\All Users\Application Data\Malwarebytes

2012-12-17 19:00 - 2012-12-17 19:00 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-12-17 19:00 - 2012-12-17 16:53 - 10669952 ____A (Malwarebytes Corporation ) C:\Users\Kyle\Desktop\mbam-setup-1.65.1.1000.exe

2012-12-17 19:00 - 2012-09-29 18:54 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2012-12-16 10:58 - 2012-12-16 10:58 - 493449529 ____A C:\Windows\MEMORY.DMP

2012-12-16 10:58 - 2012-12-16 10:58 - 00771312 ____A C:\Windows\Minidump\121612-20514-01.dmp

2012-12-12 12:28 - 2012-12-12 12:28 - 00000000 ___HD C:\Windows\msdownld.tmp

2012-12-12 12:28 - 2012-12-12 12:28 - 00000000 ____D C:\Users\Kyle\Local Settings\Yahoo!

2012-12-12 12:28 - 2012-12-12 12:28 - 00000000 ____D C:\Users\Kyle\Local Settings\NanoService

2012-12-12 12:28 - 2012-12-12 12:28 - 00000000 ____D C:\Users\Kyle\Local Settings\Application Data\Yahoo!

2012-12-12 12:28 - 2012-12-12 12:28 - 00000000 ____D C:\Users\Kyle\Local Settings\Application Data\NanoService

2012-12-12 12:28 - 2012-12-12 12:28 - 00000000 ____D C:\Users\Kyle\Application Data\Yahoo!

2012-12-12 12:28 - 2012-12-12 12:28 - 00000000 ____D C:\Users\Kyle\AppData\Roaming\Yahoo!

2012-12-12 12:28 - 2012-12-12 12:28 - 00000000 ____D C:\Users\Kyle\AppData\Local\Yahoo!

2012-12-12 12:28 - 2012-12-12 12:28 - 00000000 ____D C:\Users\Kyle\AppData\Local\NanoService

2012-12-12 12:28 - 2012-12-12 12:28 - 00000000 ____D C:\Users\All Users\Yahoo! Companion

2012-12-12 12:28 - 2012-12-12 12:28 - 00000000 ____D C:\Users\All Users\Yahoo!

2012-12-12 12:28 - 2012-12-12 12:28 - 00000000 ____D C:\Users\All Users\Application Data\Yahoo! Companion

2012-12-12 12:28 - 2012-12-12 12:28 - 00000000 ____D C:\Users\All Users\Application Data\Yahoo!

2012-12-12 12:28 - 2012-12-12 12:28 - 00000000 ____D C:\Program Files (x86)\Yahoo!

2012-12-12 12:26 - 2012-12-12 12:28 - 40642392 ____A (Microsoft Corporation) C:\Users\Kyle\Downloads\IE9_YAxis_setup_Win7_x64_v1_0_1_20120731.exe

2012-12-12 09:57 - 2012-11-13 21:57 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2012-12-12 09:57 - 2012-11-13 21:53 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2012-12-12 09:57 - 2012-11-13 21:52 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2012-12-12 09:57 - 2012-11-13 21:46 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2012-12-12 09:57 - 2012-11-13 17:48 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2012-12-12 09:57 - 2012-11-13 17:45 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2012-12-12 09:57 - 2012-11-13 17:44 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2012-12-12 09:57 - 2012-11-13 17:41 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2012-12-12 09:56 - 2012-11-13 23:06 - 17811968 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2012-12-12 09:56 - 2012-11-13 22:32 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2012-12-12 09:56 - 2012-11-13 22:11 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2012-12-12 09:56 - 2012-11-13 22:04 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2012-12-12 09:56 - 2012-11-13 22:04 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2012-12-12 09:56 - 2012-11-13 22:02 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2012-12-12 09:56 - 2012-11-13 22:02 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2012-12-12 09:56 - 2012-11-13 21:59 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2012-12-12 09:56 - 2012-11-13 21:58 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2012-12-12 09:56 - 2012-11-13 21:57 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll

2012-12-12 09:56 - 2012-11-13 21:55 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2012-12-12 09:56 - 2012-11-13 21:55 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

2012-12-12 09:56 - 2012-11-13 18:48 - 12320256 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2012-12-12 09:56 - 2012-11-13 18:14 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2012-12-12 09:56 - 2012-11-13 18:09 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2012-12-12 09:56 - 2012-11-13 17:58 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2012-12-12 09:56 - 2012-11-13 17:57 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2012-12-12 09:56 - 2012-11-13 17:57 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2012-12-12 09:56 - 2012-11-13 17:55 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2012-12-12 09:56 - 2012-11-13 17:51 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2012-12-12 09:56 - 2012-11-13 17:49 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2012-12-12 09:56 - 2012-11-13 17:49 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2012-12-12 09:56 - 2012-11-13 17:47 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2012-12-12 09:56 - 2012-11-13 17:46 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2012-12-12 02:12 - 2012-11-08 21:45 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll

2012-12-12 02:12 - 2012-11-08 20:42 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

2012-12-12 02:11 - 2012-11-21 19:26 - 03149824 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2012-12-12 02:11 - 2012-11-05 13:35 - 00046080 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll

2012-12-12 02:11 - 2012-11-05 12:41 - 00367616 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll

2012-12-12 02:11 - 2012-11-05 12:32 - 00295424 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll

2012-12-12 02:11 - 2012-11-05 12:32 - 00034304 ____A (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll

2012-12-12 02:11 - 2012-10-04 09:46 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll

2012-12-12 02:11 - 2012-10-04 09:46 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll

2012-12-12 02:11 - 2012-10-04 09:46 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll

2012-12-12 02:11 - 2012-10-04 09:45 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll

2012-12-12 02:11 - 2012-10-04 09:43 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll

2012-12-12 02:11 - 2012-10-04 09:41 - 01161216 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll

2012-12-12 02:11 - 2012-10-04 09:41 - 00424960 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll

2012-12-12 02:11 - 2012-10-04 09:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll

2012-12-12 02:11 - 2012-10-04 09:38 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll

2012-12-12 02:11 - 2012-10-04 09:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll

2012-12-12 02:11 - 2012-10-04 09:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll

2012-12-12 02:11 - 2012-10-04 09:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll

2012-12-12 02:11 - 2012-10-04 09:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll

2012-12-12 02:11 - 2012-10-04 09:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll

2012-12-12 02:11 - 2012-10-04 09:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll

2012-12-12 02:11 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll

2012-12-12 02:11 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll

2012-12-12 02:11 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll

2012-12-12 02:11 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll

2012-12-12 02:11 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll

2012-12-12 02:11 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll

2012-12-12 02:11 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll

2012-12-12 02:11 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll

2012-12-12 02:11 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll

2012-12-12 02:11 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll

2012-12-12 02:11 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll

2012-12-12 02:11 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll

2012-12-12 02:11 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll

2012-12-12 02:11 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll

2012-12-12 02:11 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll

2012-12-12 02:11 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll

2012-12-12 02:11 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll

2012-12-12 02:11 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll

2012-12-12 02:11 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll

2012-12-12 02:11 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll

2012-12-12 02:11 - 2012-10-04 08:47 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll

2012-12-12 02:11 - 2012-10-04 08:47 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll

2012-12-12 02:11 - 2012-10-04 08:47 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll

2012-12-12 02:11 - 2012-10-04 08:40 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll

2012-12-12 02:11 - 2012-10-04 08:40 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll

2012-12-12 02:11 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll

2012-12-12 02:11 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll

2012-12-12 02:11 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll

2012-12-12 02:11 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll

2012-12-12 02:11 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll

2012-12-12 02:11 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll

2012-12-12 02:11 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll

2012-12-12 02:11 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll

2012-12-12 02:11 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll

2012-12-12 02:11 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll

2012-12-12 02:11 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll

2012-12-12 02:11 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll

2012-12-12 02:11 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll

2012-12-12 02:11 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll

2012-12-12 02:11 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll

2012-12-12 02:11 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll

2012-12-12 02:11 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll

2012-12-12 02:11 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll

2012-12-12 02:11 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll

2012-12-12 02:11 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll

2012-12-12 02:11 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll

2012-12-12 02:11 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll

2012-12-12 02:11 - 2012-10-04 07:21 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe

2012-12-12 02:11 - 2012-10-04 06:46 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe

2012-12-12 02:11 - 2012-10-04 06:46 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll

2012-12-12 02:11 - 2012-10-04 06:46 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe

2012-12-12 02:11 - 2012-10-04 06:46 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe

2012-12-12 02:11 - 2012-10-04 06:41 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll

2012-12-12 02:11 - 2012-10-04 06:41 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll

2012-12-12 02:11 - 2012-10-04 06:41 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll

2012-12-12 02:11 - 2012-10-04 06:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll

2012-12-12 02:10 - 2012-11-01 21:59 - 00478208 ____A (Microsoft Corporation) C:\Windows\System32\dpnet.dll

2012-12-12 02:10 - 2012-11-01 21:11 - 00376832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll

2012-12-11 22:05 - 2012-12-16 20:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2012-12-11 21:54 - 2012-12-11 21:54 - 00000000 ____D C:\Users\Kyle\Local Settings\Macromedia

2012-12-11 21:54 - 2012-12-11 21:54 - 00000000 ____D C:\Users\Kyle\Local Settings\Application Data\Macromedia

2012-12-11 21:54 - 2012-12-11 21:54 - 00000000 ____D C:\Users\Kyle\AppData\Local\Macromedia

2012-12-11 21:29 - 2012-12-11 21:29 - 00000000 ____D C:\Users\Kyle\Local Settings\Mozilla

2012-12-11 21:29 - 2012-12-11 21:29 - 00000000 ____D C:\Users\Kyle\Local Settings\Application Data\Mozilla

2012-12-11 21:29 - 2012-12-11 21:29 - 00000000 ____D C:\Users\Kyle\AppData\Local\Mozilla

2012-12-11 21:28 - 2012-12-12 11:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2012-12-11 21:28 - 2012-12-11 21:28 - 00001149 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk

2012-12-11 21:28 - 2012-12-11 21:28 - 00001149 ____A C:\Users\All Users\Desktop\Mozilla Firefox.lnk

2012-12-11 21:28 - 2012-12-11 21:28 - 00000000 ____D C:\Users\All Users\Mozilla

2012-12-11 21:28 - 2012-12-11 21:28 - 00000000 ____D C:\Users\All Users\Application Data\Mozilla

2012-12-11 21:27 - 2012-12-15 04:31 - 00000000 ____D C:\Program Files (x86)\Sendori

2012-12-11 21:27 - 2012-12-15 04:29 - 00000000 ____D C:\Users\All Users\Sendori

2012-12-11 21:27 - 2012-12-15 04:29 - 00000000 ____D C:\Users\All Users\Application Data\Sendori

2012-12-11 21:27 - 2012-12-11 21:27 - 00000000 ____D C:\Program Files (x86)\Yontoo

2012-12-11 21:27 - 2012-12-11 21:27 - 00000000 ____D C:\Program Files (x86)\PricePeep

2012-12-11 21:27 - 2012-12-11 21:26 - 19380192 ____A (Mozilla) C:\Users\Kyle\Downloads\Firefox_Setup_17.0 [1].exe

2012-12-11 21:27 - 2012-12-10 15:01 - 00321384 ____A (Sendori) C:\Windows\SysWOW64\Sendori.dll

2012-12-11 21:25 - 2012-12-11 21:25 - 01104520 ____A C:\Users\Kyle\Downloads\Firefox_Setup_17.0.exe

2012-12-11 20:06 - 2012-12-11 20:06 - 00262144 ____A C:\Windows\System32\config\ELAM

2012-12-07 22:09 - 2012-12-18 20:44 - 00000308 ____A C:\Windows\Tasks\zjiytzflv.job

2012-12-07 22:09 - 2012-12-07 22:09 - 00114688 _RASH C:\Windows\SysWOW64\NAPCLCFG7.dll

2012-12-07 22:08 - 2012-12-07 22:08 - 00412351 ____A C:\Users\Kyle\Downloads\adobe__install.zip

2012-12-06 16:35 - 2012-12-06 16:36 - 00000000 ____D C:\Program Files (x86)\iTunes

2012-12-06 16:35 - 2012-12-06 16:35 - 00001785 ____A C:\Users\Public\Desktop\iTunes.lnk

2012-12-06 16:35 - 2012-12-06 16:35 - 00001785 ____A C:\Users\All Users\Desktop\iTunes.lnk

2012-12-06 16:35 - 2012-12-06 16:35 - 00000000 ____D C:\Program Files\iTunes

2012-12-06 16:35 - 2012-12-06 16:35 - 00000000 ____D C:\Program Files\iPod

2012-12-01 19:37 - 2012-12-05 20:46 - 00000000 ____D C:\Program Files (x86)\McAfee Security Scan

2012-12-01 19:37 - 2012-12-01 19:37 - 00000000 ____D C:\Users\All Users\McAfee Security Scan

2012-12-01 19:37 - 2012-12-01 19:37 - 00000000 ____D C:\Users\All Users\Application Data\McAfee Security Scan

2012-12-01 19:32 - 2012-12-01 19:32 - 00000946 ____A C:\Users\Public\Desktop\LeapFrog Connect.lnk

2012-12-01 19:32 - 2012-12-01 19:32 - 00000946 ____A C:\Users\All Users\Desktop\LeapFrog Connect.lnk

2012-12-01 19:32 - 2012-12-01 19:32 - 00000000 ____D C:\Windows\F1A6A09F5FF34648B293CDF044348A24.TMP

2012-12-01 19:32 - 2012-12-01 19:32 - 00000000 ____D C:\Program Files\DIFX

2012-12-01 19:31 - 2012-12-01 19:31 - 00000000 ____D C:\Users\All Users\Leapfrog

2012-12-01 19:31 - 2012-12-01 19:31 - 00000000 ____D C:\Users\All Users\Application Data\Leapfrog

2012-12-01 19:31 - 2012-12-01 19:31 - 00000000 ____D C:\Program Files (x86)\LeapFrog

2012-12-01 19:30 - 2012-12-01 19:31 - 44664712 ____A C:\Users\Kyle\Downloads\LeapFrogConnectOfflineSetup_MyPals.exe

2012-11-26 04:33 - 2012-11-26 04:34 - 00000000 ____D C:\Users\Kyle\Application Data\Apple Computer

2012-11-26 04:33 - 2012-11-26 04:34 - 00000000 ____D C:\Users\Kyle\AppData\Roaming\Apple Computer

2012-11-26 04:33 - 2012-11-26 04:33 - 00000000 ____D C:\Users\Kyle\Local Settings\Application Data\Apple Computer

2012-11-26 04:33 - 2012-11-26 04:33 - 00000000 ____D C:\Users\Kyle\Local Settings\Apple Computer

2012-11-26 04:33 - 2012-11-26 04:33 - 00000000 ____D C:\Users\Kyle\AppData\Local\Apple Computer

2012-11-26 04:32 - 2012-08-21 12:01 - 00033240 ____A (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys

2012-11-26 04:31 - 2012-12-06 16:35 - 00000000 ____D C:\Users\All Users\Application Data\34BE82C4-E596-4e99-A191-52C6199EBF69

2012-11-26 04:31 - 2012-12-06 16:35 - 00000000 ____D C:\Users\All Users\34BE82C4-E596-4e99-A191-52C6199EBF69

2012-11-26 04:31 - 2012-11-26 04:31 - 00000000 ____D C:\Users\All Users\Application Data\Apple Computer

2012-11-26 04:31 - 2012-11-26 04:31 - 00000000 ____D C:\Users\All Users\Apple Computer

2012-11-26 04:29 - 2012-11-26 04:29 - 00000000 ____D C:\Users\Kyle\Local Settings\Application Data\Apple

2012-11-26 04:29 - 2012-11-26 04:29 - 00000000 ____D C:\Users\Kyle\Local Settings\Apple

2012-11-26 04:29 - 2012-11-26 04:29 - 00000000 ____D C:\Users\Kyle\AppData\Local\Apple

2012-11-26 04:29 - 2012-11-26 04:29 - 00000000 ____D C:\Program Files\Common Files\Apple

2012-11-26 04:29 - 2012-11-26 04:29 - 00000000 ____D C:\Program Files (x86)\Apple Software Update

2012-11-26 04:28 - 2012-11-26 04:29 - 00000000 ____D C:\Users\All Users\Application Data\Apple

2012-11-26 04:28 - 2012-11-26 04:29 - 00000000 ____D C:\Users\All Users\Apple

2012-11-26 04:28 - 2012-11-26 04:28 - 00000000 ____D C:\Program Files\Bonjour

2012-11-26 04:28 - 2012-11-26 04:28 - 00000000 ____D C:\Program Files (x86)\Bonjour

2012-11-26 04:17 - 2012-11-26 04:25 - 80521624 ____A (Apple Inc.) C:\Users\Kyle\Downloads\iTunes64Setup (1).exe

2012-11-26 04:16 - 2012-11-26 04:37 - 464677319 ____A C:\Users\Kyle\Downloads\Carol Tuttle - The Child Whisperer.m4b

2012-11-24 02:16 - 2012-11-26 15:15 - 00000000 ____D C:\Users\Kyle\My Documents\Becca's Crafts

2012-11-24 02:16 - 2012-11-26 15:15 - 00000000 ____D C:\Users\Kyle\Documents\Becca's Crafts

==================== One Month Modified Files and Folders =======

2012-12-18 22:05 - 2012-12-18 22:05 - 00000000 ____D C:\FRST

2012-12-18 20:54 - 2012-05-14 15:59 - 01915410 ____A C:\Windows\WindowsUpdate.log

2012-12-18 20:54 - 2009-07-13 21:13 - 00779788 ____A C:\Windows\System32\PerfStringBackup.INI

2012-12-18 20:53 - 2009-07-13 20:45 - 00020928 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2012-12-18 20:53 - 2009-07-13 20:45 - 00020928 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2012-12-18 20:46 - 2009-07-13 20:51 - 00062281 ____A C:\Windows\setupact.log

2012-12-18 20:45 - 2012-06-21 08:55 - 00000000 ____D C:\Program Files (x86)\Giraffic

2012-12-18 20:44 - 2012-12-07 22:09 - 00000308 ____A C:\Windows\Tasks\zjiytzflv.job

2012-12-18 20:44 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2012-12-18 19:55 - 2012-05-23 15:30 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1657353511-1214735398-303165672-1000UA.job

2012-12-18 19:13 - 2012-05-14 16:07 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2012-12-18 19:03 - 2012-06-10 17:53 - 00000924 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1657353511-1214735398-303165672-1000UA.job

2012-12-18 19:02 - 2012-05-21 19:32 - 00001830 ____A C:\Users\Public\Desktop\McAfee AntiVirus Plus.lnk

2012-12-18 19:02 - 2012-05-21 19:32 - 00001830 ____A C:\Users\All Users\Desktop\McAfee AntiVirus Plus.lnk

2012-12-18 16:11 - 2012-06-10 17:53 - 00000902 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1657353511-1214735398-303165672-1000Core.job

2012-12-18 15:16 - 2012-05-21 18:31 - 00000000 ____D C:\Users\Kyle\My Documents\Bluetooth Folder

2012-12-18 15:16 - 2012-05-21 18:31 - 00000000 ____D C:\Users\Kyle\Documents\Bluetooth Folder

2012-12-18 07:23 - 2012-07-21 21:48 - 00000000 ____D C:\Users\Kyle\Application Data\vlc

2012-12-18 07:23 - 2012-07-21 21:48 - 00000000 ____D C:\Users\Kyle\AppData\Roaming\vlc

2012-12-18 05:55 - 2012-05-23 15:30 - 00000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1657353511-1214735398-303165672-1000Core.job

2012-12-17 19:57 - 2012-05-21 19:31 - 00000000 ____D C:\Program Files (x86)\McAfee

2012-12-17 19:57 - 2010-11-20 19:47 - 00035498 ____A C:\Windows\PFRO.log

2012-12-17 19:01 - 2012-12-17 19:01 - 00000000 ____D C:\Users\Kyle\Application Data\Malwarebytes

2012-12-17 19:01 - 2012-12-17 19:01 - 00000000 ____D C:\Users\Kyle\AppData\Roaming\Malwarebytes

2012-12-17 19:00 - 2012-12-17 19:00 - 00000000 ____D C:\Users\All Users\Malwarebytes

2012-12-17 19:00 - 2012-12-17 19:00 - 00000000 ____D C:\Users\All Users\Application Data\Malwarebytes

2012-12-17 19:00 - 2012-12-17 19:00 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-12-17 16:53 - 2012-12-17 19:00 - 10669952 ____A (Malwarebytes Corporation ) C:\Users\Kyle\Desktop\mbam-setup-1.65.1.1000.exe

2012-12-16 21:13 - 2012-05-21 18:27 - 00000000 ____D C:\users\Kyle

2012-12-16 20:14 - 2012-12-11 22:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2012-12-16 10:58 - 2012-12-16 10:58 - 493449529 ____A C:\Windows\MEMORY.DMP

2012-12-16 10:58 - 2012-12-16 10:58 - 00771312 ____A C:\Windows\Minidump\121612-20514-01.dmp

2012-12-16 10:58 - 2012-08-17 05:40 - 00000000 ____D C:\Windows\Minidump

2012-12-16 06:57 - 2012-05-21 19:00 - 00000000 ____D C:\Users\Kyle\Application Data\Mozilla

2012-12-16 06:57 - 2012-05-21 19:00 - 00000000 ____D C:\Users\Kyle\AppData\Roaming\Mozilla

2012-12-16 06:15 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF

2012-12-15 04:31 - 2012-12-11 21:27 - 00000000 ____D C:\Program Files (x86)\Sendori

2012-12-15 04:29 - 2012-12-11 21:27 - 00000000 ____D C:\Users\All Users\Sendori

2012-12-15 04:29 - 2012-12-11 21:27 - 00000000 ____D C:\Users\All Users\Application Data\Sendori

2012-12-14 05:14 - 2012-07-06 16:36 - 00001030 ____A C:\Users\Kyle\My Documents\Resume.txt

2012-12-14 05:14 - 2012-07-06 16:36 - 00001030 ____A C:\Users\Kyle\Documents\Resume.txt

2012-12-12 15:18 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache

2012-12-12 12:30 - 2012-05-14 16:07 - 00019525 ____A C:\Windows\IE9_main.log

2012-12-12 12:28 - 2012-12-12 12:28 - 00000000 ___HD C:\Windows\msdownld.tmp

2012-12-12 12:28 - 2012-12-12 12:28 - 00000000 ____D C:\Users\Kyle\Local Settings\Yahoo!

2012-12-12 12:28 - 2012-12-12 12:28 - 00000000 ____D C:\Users\Kyle\Local Settings\NanoService

2012-12-12 12:28 - 2012-12-12 12:28 - 00000000 ____D C:\Users\Kyle\Local Settings\Application Data\Yahoo!

2012-12-12 12:28 - 2012-12-12 12:28 - 00000000 ____D C:\Users\Kyle\Local Settings\Application Data\NanoService

2012-12-12 12:28 - 2012-12-12 12:28 - 00000000 ____D C:\Users\Kyle\Application Data\Yahoo!

2012-12-12 12:28 - 2012-12-12 12:28 - 00000000 ____D C:\Users\Kyle\AppData\Roaming\Yahoo!

2012-12-12 12:28 - 2012-12-12 12:28 - 00000000 ____D C:\Users\Kyle\AppData\Local\Yahoo!

2012-12-12 12:28 - 2012-12-12 12:28 - 00000000 ____D C:\Users\Kyle\AppData\Local\NanoService

2012-12-12 12:28 - 2012-12-12 12:28 - 00000000 ____D C:\Users\All Users\Yahoo! Companion

2012-12-12 12:28 - 2012-12-12 12:28 - 00000000 ____D C:\Users\All Users\Yahoo!

2012-12-12 12:28 - 2012-12-12 12:28 - 00000000 ____D C:\Users\All Users\Application Data\Yahoo! Companion

2012-12-12 12:28 - 2012-12-12 12:28 - 00000000 ____D C:\Users\All Users\Application Data\Yahoo!

2012-12-12 12:28 - 2012-12-12 12:28 - 00000000 ____D C:\Program Files (x86)\Yahoo!

2012-12-12 12:28 - 2012-12-12 12:26 - 40642392 ____A (Microsoft Corporation) C:\Users\Kyle\Downloads\IE9_YAxis_setup_Win7_x64_v1_0_1_20120731.exe

2012-12-12 11:32 - 2009-07-13 20:45 - 00325456 ____A C:\Windows\System32\FNTCACHE.DAT

2012-12-12 11:31 - 2012-12-11 21:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2012-12-12 09:58 - 2012-07-04 21:30 - 67413224 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

2012-12-11 21:54 - 2012-12-11 21:54 - 00000000 ____D C:\Users\Kyle\Local Settings\Macromedia

2012-12-11 21:54 - 2012-12-11 21:54 - 00000000 ____D C:\Users\Kyle\Local Settings\Application Data\Macromedia

2012-12-11 21:54 - 2012-12-11 21:54 - 00000000 ____D C:\Users\Kyle\AppData\Local\Macromedia

2012-12-11 21:29 - 2012-12-11 21:29 - 00000000 ____D C:\Users\Kyle\Local Settings\Mozilla

2012-12-11 21:29 - 2012-12-11 21:29 - 00000000 ____D C:\Users\Kyle\Local Settings\Application Data\Mozilla

2012-12-11 21:29 - 2012-12-11 21:29 - 00000000 ____D C:\Users\Kyle\AppData\Local\Mozilla

2012-12-11 21:28 - 2012-12-11 21:28 - 00001149 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk

2012-12-11 21:28 - 2012-12-11 21:28 - 00001149 ____A C:\Users\All Users\Desktop\Mozilla Firefox.lnk

2012-12-11 21:28 - 2012-12-11 21:28 - 00000000 ____D C:\Users\All Users\Mozilla

2012-12-11 21:28 - 2012-12-11 21:28 - 00000000 ____D C:\Users\All Users\Application Data\Mozilla

2012-12-11 21:27 - 2012-12-11 21:27 - 00000000 ____D C:\Program Files (x86)\Yontoo

2012-12-11 21:27 - 2012-12-11 21:27 - 00000000 ____D C:\Program Files (x86)\PricePeep

2012-12-11 21:26 - 2012-12-11 21:27 - 19380192 ____A (Mozilla) C:\Users\Kyle\Downloads\Firefox_Setup_17.0 [1].exe

2012-12-11 21:25 - 2012-12-11 21:25 - 01104520 ____A C:\Users\Kyle\Downloads\Firefox_Setup_17.0.exe

2012-12-11 20:52 - 2012-05-21 19:52 - 00000000 ____D C:\Users\All Users\iolo

2012-12-11 20:52 - 2012-05-21 19:52 - 00000000 ____D C:\Users\All Users\Application Data\iolo

2012-12-11 20:51 - 2012-05-21 19:55 - 00002221 ____A C:\Users\Kyle\Desktop\System Mechanic.lnk

2012-12-11 20:20 - 2012-05-21 19:31 - 00000000 ____D C:\Program Files\Common Files\McAfee

2012-12-11 20:06 - 2012-12-11 20:06 - 00262144 ____A C:\Windows\System32\config\ELAM

2012-12-10 15:01 - 2012-12-11 21:27 - 00321384 ____A (Sendori) C:\Windows\SysWOW64\Sendori.dll

2012-12-07 22:09 - 2012-12-07 22:09 - 00114688 _RASH C:\Windows\SysWOW64\NAPCLCFG7.dll

2012-12-07 22:08 - 2012-12-07 22:08 - 00412351 ____A C:\Users\Kyle\Downloads\adobe__install.zip

2012-12-06 22:58 - 2012-05-21 19:54 - 00057144 ____A (iolo technologies, LLC) C:\Windows\System32\iolobtdfg.exe

2012-12-06 22:57 - 2012-05-21 19:54 - 00025744 ____A (iolo technologies, LLC) C:\Windows\System32\smrgdf.exe

2012-12-06 22:42 - 2012-05-21 19:54 - 02155248 ____A (iolo technologies, LLC) C:\Windows\System32\Incinerator64.dll

2012-12-06 22:42 - 2012-05-21 19:54 - 02097032 ____A (iolo technologies, LLC) C:\Windows\SysWOW64\Incinerator32.dll

2012-12-06 16:36 - 2012-12-06 16:35 - 00000000 ____D C:\Program Files (x86)\iTunes

2012-12-06 16:35 - 2012-12-06 16:35 - 00001785 ____A C:\Users\Public\Desktop\iTunes.lnk

2012-12-06 16:35 - 2012-12-06 16:35 - 00001785 ____A C:\Users\All Users\Desktop\iTunes.lnk

2012-12-06 16:35 - 2012-12-06 16:35 - 00000000 ____D C:\Program Files\iTunes

2012-12-06 16:35 - 2012-12-06 16:35 - 00000000 ____D C:\Program Files\iPod

2012-12-06 16:35 - 2012-11-26 04:31 - 00000000 ____D C:\Users\All Users\Application Data\34BE82C4-E596-4e99-A191-52C6199EBF69

2012-12-06 16:35 - 2012-11-26 04:31 - 00000000 ____D C:\Users\All Users\34BE82C4-E596-4e99-A191-52C6199EBF69

2012-12-05 20:56 - 2012-05-24 08:04 - 00000000 ____D C:\Program Files\Dell Support Center

2012-12-05 20:56 - 2012-05-23 08:00 - 00000000 ____D C:\Users\All Users\PCDr

2012-12-05 20:56 - 2012-05-23 08:00 - 00000000 ____D C:\Users\All Users\Application Data\PCDr

2012-12-05 20:46 - 2012-12-01 19:37 - 00000000 ____D C:\Program Files (x86)\McAfee Security Scan

2012-12-04 14:57 - 2012-10-26 16:38 - 00000000 ____D C:\Users\Kyle\AbiSuite

2012-12-04 04:46 - 2012-10-23 11:46 - 00000000 ____D C:\Users\Kyle\My Documents\Recipies

2012-12-04 04:46 - 2012-10-23 11:46 - 00000000 ____D C:\Users\Kyle\Documents\Recipies

2012-12-01 19:37 - 2012-12-01 19:37 - 00000000 ____D C:\Users\All Users\McAfee Security Scan

2012-12-01 19:37 - 2012-12-01 19:37 - 00000000 ____D C:\Users\All Users\Application Data\McAfee Security Scan

2012-12-01 19:37 - 2012-05-14 16:38 - 00000000 ____D C:\Users\All Users\Application Data\Adobe

2012-12-01 19:37 - 2012-05-14 16:38 - 00000000 ____D C:\Users\All Users\Adobe

2012-12-01 19:37 - 2012-05-14 16:07 - 00697272 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2012-12-01 19:37 - 2012-05-14 16:07 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2012-12-01 19:32 - 2012-12-01 19:32 - 00000946 ____A C:\Users\Public\Desktop\LeapFrog Connect.lnk

2012-12-01 19:32 - 2012-12-01 19:32 - 00000946 ____A C:\Users\All Users\Desktop\LeapFrog Connect.lnk

2012-12-01 19:32 - 2012-12-01 19:32 - 00000000 ____D C:\Windows\F1A6A09F5FF34648B293CDF044348A24.TMP

2012-12-01 19:32 - 2012-12-01 19:32 - 00000000 ____D C:\Program Files\DIFX

2012-12-01 19:32 - 2012-05-14 16:08 - 00014328 ____A C:\Windows\DPINST.LOG

2012-12-01 19:31 - 2012-12-01 19:31 - 00000000 ____D C:\Users\All Users\Leapfrog

2012-12-01 19:31 - 2012-12-01 19:31 - 00000000 ____D C:\Users\All Users\Application Data\Leapfrog

2012-12-01 19:31 - 2012-12-01 19:31 - 00000000 ____D C:\Program Files (x86)\LeapFrog

2012-12-01 19:31 - 2012-12-01 19:30 - 44664712 ____A C:\Users\Kyle\Downloads\LeapFrogConnectOfflineSetup_MyPals.exe

2012-12-01 16:47 - 2012-05-23 15:00 - 00000000 ____D C:\Users\Kyle\Local Settings\CrashDumps

2012-12-01 16:47 - 2012-05-23 15:00 - 00000000 ____D C:\Users\Kyle\Local Settings\Application Data\CrashDumps

2012-12-01 16:47 - 2012-05-23 15:00 - 00000000 ____D C:\Users\Kyle\AppData\Local\CrashDumps

2012-11-26 15:15 - 2012-11-24 02:16 - 00000000 ____D C:\Users\Kyle\My Documents\Becca's Crafts

2012-11-26 15:15 - 2012-11-24 02:16 - 00000000 ____D C:\Users\Kyle\Documents\Becca's Crafts

2012-11-26 04:37 - 2012-11-26 04:16 - 464677319 ____A C:\Users\Kyle\Downloads\Carol Tuttle - The Child Whisperer.m4b

2012-11-26 04:34 - 2012-11-26 04:33 - 00000000 ____D C:\Users\Kyle\Application Data\Apple Computer

2012-11-26 04:34 - 2012-11-26 04:33 - 00000000 ____D C:\Users\Kyle\AppData\Roaming\Apple Computer

2012-11-26 04:33 - 2012-11-26 04:33 - 00000000 ____D C:\Users\Kyle\Local Settings\Application Data\Apple Computer

2012-11-26 04:33 - 2012-11-26 04:33 - 00000000 ____D C:\Users\Kyle\Local Settings\Apple Computer

2012-11-26 04:33 - 2012-11-26 04:33 - 00000000 ____D C:\Users\Kyle\AppData\Local\Apple Computer

2012-11-26 04:31 - 2012-11-26 04:31 - 00000000 ____D C:\Users\All Users\Application Data\Apple Computer

2012-11-26 04:31 - 2012-11-26 04:31 - 00000000 ____D C:\Users\All Users\Apple Computer

2012-11-26 04:29 - 2012-11-26 04:29 - 00000000 ____D C:\Users\Kyle\Local Settings\Application Data\Apple

2012-11-26 04:29 - 2012-11-26 04:29 - 00000000 ____D C:\Users\Kyle\Local Settings\Apple

2012-11-26 04:29 - 2012-11-26 04:29 - 00000000 ____D C:\Users\Kyle\AppData\Local\Apple

2012-11-26 04:29 - 2012-11-26 04:29 - 00000000 ____D C:\Program Files\Common Files\Apple

2012-11-26 04:29 - 2012-11-26 04:29 - 00000000 ____D C:\Program Files (x86)\Apple Software Update

2012-11-26 04:29 - 2012-11-26 04:28 - 00000000 ____D C:\Users\All Users\Application Data\Apple

2012-11-26 04:29 - 2012-11-26 04:28 - 00000000 ____D C:\Users\All Users\Apple

2012-11-26 04:28 - 2012-11-26 04:28 - 00000000 ____D C:\Program Files\Bonjour

2012-11-26 04:28 - 2012-11-26 04:28 - 00000000 ____D C:\Program Files (x86)\Bonjour

2012-11-26 04:25 - 2012-11-26 04:17 - 80521624 ____A (Apple Inc.) C:\Users\Kyle\Downloads\iTunes64Setup (1).exe

2012-11-21 19:26 - 2012-12-12 02:11 - 03149824 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

==================== Known DLLs (Whitelisted) =================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

==================== Memory info ===========================

Percentage of memory in use: 23%

Total physical RAM: 4004.27 MB

Available physical RAM: 3068.13 MB

Total Pagefile: 4002.47 MB

Available Pagefile: 3058.72 MB

Total Virtual: 8192 MB

Available Virtual: 8191.9 MB

==================== Partitions =============================

1 Drive c: (OS) (Fixed) (Total:446.13 GB) (Free:406.79 GB) NTFS

2 Drive d: (Recovery) (Fixed) (Total:19.53 GB) (Free:11.41 GB) NTFS ==>[system with boot components (obtained from reading drive)]

3 Drive e: () (Removable) (Total:3.73 GB) (Free:3.67 GB) FAT32

4 Drive g: (Repair disc Windows 7 64-bit) (CDROM) (Total:0.47 GB) (Free:0 GB) UDF

5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt

-------- ------------- ------- ------- --- ---

Disk 0 Online 465 GB 0 B

Disk 1 Online 3819 MB 0 B

Partitions of Disk 0:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 OEM 100 MB 1024 KB

Partition 2 Primary 19 GB 101 MB

Partition 3 Primary 446 GB 19 GB

==================================================================================

Disk: 0

Partition 1

Type : DE

Hidden: Yes

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 4 DELLUTILITY FAT Partition 100 MB Healthy Hidden

=========================================================

Disk: 0

Partition 2

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 1 D Recovery NTFS Partition 19 GB Healthy

=========================================================

Disk: 0

Partition 3

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 C OS NTFS Partition 446 GB Healthy

=========================================================

Partitions of Disk 1:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 3818 MB 16 KB

==================================================================================

Disk: 1

Partition 1

Type : 0B

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 3 E FAT32 Removable 3818 MB Healthy

=========================================================

Last Boot: 2012-12-15 02:16

==================== End Of Log =============================

Link to post
Share on other sites

  • Staff

it will take us a few rounds with different tools to eradicate this, so stick with me

Please do the following:

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
HKLM-x32\...\Run: [] [x]
2012-12-07 22:09 - 2012-12-18 20:44 - 00000308 ____A C:\Windows\Tasks\zjiytzflv.job
2012-12-07 22:09 - 2012-12-07 22:09 - 00114688 _RASH C:\Windows\SysWOW64\NAPCLCFG7.dll
2012-12-07 22:08 - 2012-12-07 22:08 - 00412351 ____A C:\Users\Kyle\Downloads\adobe__install.zip
end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options then select Command Prompt

Run FRST (or FRST64 if you have the 64bit version) and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Reboot Normally.

NEXT

Refer to the ComboFix User's Guide

  1. Download ComboFix from the following location:
    Link
    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  2. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  3. Double click on ComboFix.exe & follow the prompts.
  4. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  5. When finished, it shall produce a log for you. Post that log in your next reply
    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
    ---------------------------------------------------------------------------------------------
  6. Ensure your AntiVirus and AntiSpyware applications are re-enabled.
    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Link to post
Share on other sites

Heres this first, Im working on the next step now....

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-12-2012

Ran by SYSTEM at 2012-12-19 16:05:44 Run:1

Running from E:\

==============================================

HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ Default Value restored successfully.

==== End of Fixlog ====

Link to post
Share on other sites

And here is the Report after the ComboFix ran. Is that the whole of erraticating the malware or are there any other steps?

ComboFix 12-12-19.02 - Kyle 12/19/2012 16:35:29.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4004.2684 [GMT -7:00]

Running from: c:\users\Kyle\Desktop\ComboFix.exe

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}

FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}

SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\Install.exe

c:\programdata\PCDr\6032\AddOnDownloaded\016060e8-e1de-4d82-bd11-b667007b1f12.dll

c:\programdata\PCDr\6032\AddOnDownloaded\111e1115-314f-4404-be4a-ad58e8e2423d.dll

c:\programdata\PCDr\6032\AddOnDownloaded\1d151f53-1500-414d-85b4-ab85d24f0785.dll

c:\programdata\PCDr\6032\AddOnDownloaded\2390e056-e2db-44ed-91a5-5ca43aefea83.dll

c:\programdata\PCDr\6032\AddOnDownloaded\406007ac-5ba8-43e6-97b6-0c6ed58bb6e8.dll

c:\programdata\PCDr\6032\AddOnDownloaded\468d25c7-baa8-4db4-a17f-ceac895a9bc8.dll

c:\programdata\PCDr\6032\AddOnDownloaded\4cfdf1e7-d0b2-449c-bd2d-084cd975e5d8.dll

c:\programdata\PCDr\6032\AddOnDownloaded\4f1c58d6-ca02-4906-b156-709481baca61.dll

c:\programdata\PCDr\6032\AddOnDownloaded\59bb1a7b-2122-4c71-82b0-30bee96f063e.dll

c:\programdata\PCDr\6032\AddOnDownloaded\62089595-46e8-4c4f-9d7b-48be969390bb.dll

c:\programdata\PCDr\6032\AddOnDownloaded\73a14ca6-4567-413f-a60f-d04159cb72eb.dll

c:\programdata\PCDr\6032\AddOnDownloaded\7779c9df-2dc0-4fd5-92bb-c64027285f8b.dll

c:\programdata\PCDr\6032\AddOnDownloaded\788ad19e-7745-402f-a5a5-20d2ab8b5f1b.dll

c:\programdata\PCDr\6032\AddOnDownloaded\9881c561-a45a-4c53-9d45-de93a99e2898.dll

c:\programdata\PCDr\6032\AddOnDownloaded\b72409f9-df97-4592-bbfd-fff1ce0a9559.dll

c:\programdata\PCDr\6032\AddOnDownloaded\ba58cab8-833c-4868-95e2-cff538a852a7.dll

c:\programdata\PCDr\6032\AddOnDownloaded\bbd4d2b0-9dc6-46d0-a352-dbcd92f63c4d.dll

c:\programdata\PCDr\6032\AddOnDownloaded\cb7af81b-44d9-4f99-b223-18a71e8c85b6.dll

c:\programdata\PCDr\6032\AddOnDownloaded\d220b53c-6a3c-4b5d-8797-965d39e82fff.dll

c:\programdata\PCDr\6032\AddOnDownloaded\e16f2788-babe-4a60-93d0-d507a5228753.dll

c:\programdata\PCDr\6032\AddOnDownloaded\ff24953d-0c6e-4af9-a727-84ce58c99035.dll

c:\users\Kyle\AppData\Local\Temp\AFF1.tmp\F_IN_BOX.dll

c:\windows\RPSETUP.EXE.LOG

.

.

((((((((((((((((((((((((( Files Created from 2012-11-20 to 2012-12-20 )))))))))))))))))))))))))))))))

.

.

2012-12-20 00:35 . 2012-12-20 00:35 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-12-19 06:05 . 2012-12-19 06:05 -------- d-----w- C:\FRST

2012-12-18 03:01 . 2012-12-18 03:01 -------- d-----w- c:\users\Kyle\AppData\Roaming\Malwarebytes

2012-12-18 03:00 . 2012-12-18 03:00 -------- d-----w- c:\programdata\Malwarebytes

2012-12-18 03:00 . 2012-12-18 03:00 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-12-18 03:00 . 2012-09-30 02:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-12-12 20:28 . 2012-12-12 20:28 -------- d-----w- c:\users\Kyle\AppData\Local\Yahoo!

2012-12-12 20:28 . 2012-12-12 20:28 -------- d-----w- c:\users\Kyle\AppData\Local\NanoService

2012-12-12 20:28 . 2012-12-12 20:28 -------- d-----w- c:\programdata\Yahoo!

2012-12-12 20:28 . 2012-12-12 20:28 -------- d-----w- c:\programdata\Yahoo! Companion

2012-12-12 20:28 . 2012-12-12 20:28 -------- d-----w- c:\users\Kyle\AppData\Roaming\Yahoo!

2012-12-12 20:28 . 2012-12-12 20:28 -------- d-----w- c:\program files (x86)\Yahoo!

2012-12-12 20:28 . 2012-12-12 20:28 -------- d--h--w- c:\windows\msdownld.tmp

2012-12-12 17:57 . 2012-11-14 05:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-12-12 17:57 . 2012-11-14 07:11 182816 ----a-w- c:\program files\Internet Explorer\sqmapi.dll

2012-12-12 17:57 . 2012-11-14 06:00 304640 ----a-w- c:\program files\Internet Explorer\IEShims.dll

2012-12-12 17:57 . 2012-11-14 05:57 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2012-12-12 17:57 . 2012-11-14 05:53 96768 ----a-w- c:\windows\system32\mshtmled.dll

2012-12-12 17:57 . 2012-11-14 05:46 248320 ----a-w- c:\windows\system32\ieui.dll

2012-12-12 17:57 . 2012-11-14 02:56 149552 ----a-w- c:\program files (x86)\Internet Explorer\sqmapi.dll

2012-12-12 17:57 . 2012-11-14 01:51 194048 ----a-w- c:\program files (x86)\Internet Explorer\IEShims.dll

2012-12-12 17:57 . 2012-11-14 01:48 420864 ----a-w- c:\windows\SysWow64\vbscript.dll

2012-12-12 17:57 . 2012-11-14 01:44 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2012-12-12 10:12 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll

2012-12-12 10:12 . 2012-11-09 04:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2012-12-12 10:10 . 2012-11-02 05:59 478208 ----a-w- c:\windows\system32\dpnet.dll

2012-12-12 10:10 . 2012-11-02 05:11 376832 ----a-w- c:\windows\SysWow64\dpnet.dll

2012-12-12 05:54 . 2012-12-12 05:54 -------- d-----w- c:\users\Kyle\AppData\Local\Macromedia

2012-12-12 05:29 . 2012-12-12 05:29 -------- d-----w- c:\users\Kyle\AppData\Local\Mozilla

2012-12-12 05:28 . 2012-12-12 19:31 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service

2012-12-12 05:27 . 2012-12-10 23:01 321384 ----a-w- c:\windows\SysWow64\Sendori.dll

2012-12-12 05:27 . 2012-12-12 05:27 -------- d-----w- c:\program files (x86)\Yontoo

2012-12-12 05:27 . 2012-12-15 12:29 -------- d-----w- c:\programdata\Sendori

2012-12-12 05:27 . 2012-12-12 05:27 -------- d-----w- c:\programdata\Tarma Installer

2012-12-12 05:27 . 2012-12-15 12:31 -------- d-----w- c:\program files (x86)\Sendori

2012-12-12 05:27 . 2012-12-12 05:27 -------- d-----w- c:\program files (x86)\PricePeep

2012-12-08 06:09 . 2012-12-08 06:09 114688 --sha-r- c:\windows\SysWow64\NAPCLCFG7.dll

2012-12-07 00:35 . 2012-12-07 00:36 -------- d-----w- c:\program files (x86)\iTunes

2012-11-26 12:31 . 2012-11-26 12:31 -------- d-----w- c:\programdata\Apple Computer

2012-11-26 12:29 . 2012-11-26 12:29 -------- d-----w- c:\users\Kyle\AppData\Local\Apple

2012-11-26 12:29 . 2012-11-26 12:29 -------- d-----w- c:\program files (x86)\Apple Software Update

2012-11-26 12:29 . 2012-11-26 12:29 -------- d-----w- c:\program files\Common Files\Apple

2012-11-26 12:28 . 2012-11-26 12:28 -------- d-----w- c:\program files\Bonjour

2012-11-26 12:28 . 2012-11-26 12:28 -------- d-----w- c:\program files (x86)\Bonjour

2012-11-26 12:28 . 2012-12-07 00:35 -------- d-----w- c:\program files (x86)\Common Files\Apple

2012-11-26 12:28 . 2012-11-26 12:29 -------- d-----w- c:\programdata\Apple

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-12-19 22:55 . 2012-05-15 00:07 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-12-12 17:58 . 2012-07-05 05:30 67413224 ----a-w- c:\windows\system32\MRT.exe

2012-12-07 06:58 . 2012-05-22 03:54 57144 ----a-w- c:\windows\system32\iolobtdfg.exe

2012-12-07 06:57 . 2012-05-22 03:54 25744 ----a-w- c:\windows\system32\smrgdf.exe

2012-12-07 06:42 . 2012-05-22 03:54 2155248 ----a-w- c:\windows\system32\Incinerator64.dll

2012-12-07 06:42 . 2012-05-22 03:54 2097032 ----a-w- c:\windows\SysWow64\Incinerator32.dll

2012-12-02 03:37 . 2012-05-15 00:07 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-11-09 13:40 . 2012-05-22 03:31 69672 ----a-w- c:\windows\system32\drivers\cfwids.sys

2012-11-09 13:37 . 2012-05-22 03:31 339776 ----a-w- c:\windows\system32\drivers\mfewfpk.sys

2012-11-09 13:37 . 2012-05-22 03:29 177680 ----a-w- c:\windows\system32\mfevtps.exe

2012-11-09 13:36 . 2012-05-22 03:31 10288 ----a-w- c:\windows\system32\drivers\mfeclnk.sys

2012-11-09 13:36 . 2012-05-22 03:31 106112 ----a-w- c:\windows\system32\drivers\mferkdet.sys

2012-11-09 13:35 . 2012-04-18 14:24 771096 ----a-w- c:\windows\system32\drivers\mfehidk.sys

2012-11-09 13:34 . 2012-05-22 03:31 515528 ----a-w- c:\windows\system32\drivers\mfefirek.sys

2012-11-09 13:34 . 2012-05-22 03:31 309400 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

2012-11-09 13:33 . 2012-04-18 14:24 178840 ----a-w- c:\windows\system32\drivers\mfeapfk.sys

2012-10-31 22:10 . 2012-10-31 22:10 829264 ----a-w- c:\windows\system32\msvcr100.dll

2012-10-31 22:10 . 2012-10-31 22:10 773968 ----a-w- c:\windows\SysWow64\msvcr100.dll

2012-10-31 22:10 . 2012-10-31 22:10 421200 ----a-w- c:\windows\SysWow64\msvcp100.dll

2012-10-31 22:10 . 2012-10-31 22:10 158536 ----a-w- c:\windows\system32\atl100.dll

2012-10-31 22:10 . 2012-10-31 22:10 138056 ----a-w- c:\windows\SysWow64\atl100.dll

2012-10-16 08:38 . 2012-11-28 13:50 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2012-10-16 08:38 . 2012-11-28 13:50 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2012-10-16 07:39 . 2012-11-28 13:50 561664 ----a-w- c:\windows\apppatch\AcLayers.dll

2012-10-09 18:17 . 2012-11-15 02:41 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll

2012-10-09 18:17 . 2012-11-15 02:41 226816 ----a-w- c:\windows\system32\dhcpcore6.dll

2012-10-09 17:40 . 2012-11-15 02:41 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll

2012-10-09 17:40 . 2012-11-15 02:41 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll

2012-10-04 16:40 . 2012-12-12 10:11 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2012-10-03 17:56 . 2012-11-15 02:38 1914248 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-10-03 17:44 . 2012-11-15 02:38 70656 ----a-w- c:\windows\system32\nlaapi.dll

2012-10-03 17:44 . 2012-11-15 02:38 303104 ----a-w- c:\windows\system32\nlasvc.dll

2012-10-03 17:44 . 2012-11-15 02:38 18944 ----a-w- c:\windows\system32\netevent.dll

2012-10-03 17:44 . 2012-11-15 02:38 246272 ----a-w- c:\windows\system32\netcorehc.dll

2012-10-03 17:44 . 2012-11-15 02:38 216576 ----a-w- c:\windows\system32\ncsi.dll

2012-10-03 17:42 . 2012-11-15 02:38 569344 ----a-w- c:\windows\system32\iphlpsvc.dll

2012-10-03 16:42 . 2012-11-15 02:38 18944 ----a-w- c:\windows\SysWow64\netevent.dll

2012-10-03 16:42 . 2012-11-15 02:38 175104 ----a-w- c:\windows\SysWow64\netcorehc.dll

2012-10-03 16:42 . 2012-11-15 02:38 156672 ----a-w- c:\windows\SysWow64\ncsi.dll

2012-10-03 16:07 . 2012-11-15 02:38 45568 ----a-w- c:\windows\system32\drivers\tcpipreg.sys

2012-09-25 22:47 . 2012-11-15 02:31 78336 ----a-w- c:\windows\SysWow64\synceng.dll

2012-09-25 22:46 . 2012-11-15 02:31 95744 ----a-w- c:\windows\system32\synceng.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}]

2012-10-24 18:55 497008 ----a-w- c:\program files (x86)\PricePeep\pricepeep.dll

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]

2012-10-24 00:36 194928 ----a-w- c:\program files (x86)\Yontoo\YontooIEClient.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Facebook Update"="c:\users\Kyle\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-11 138096]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-01-12 283160]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-09-12 1535112]

"InstaLAN"="c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2011-11-14 1884064]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-11-29 151952]

"Sendori Tray"="c:\program files (x86)\Sendori\SendoriTray.exe" [2012-12-10 82792]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe [2012-9-5 271808]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~3\bprote~1\22453~1.59\protec~1.dll

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2012-03-09 36480]

R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2012-03-09 340096]

R3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [2012-03-09 111232]

R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2012-03-09 168064]

R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2012-03-09 68736]

R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2012-03-09 281472]

R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2012-03-09 551552]

R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-04-20 196440]

R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe [2010-08-30 220528]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe [2012-09-05 234776]

R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-11-09 106112]

R3 PCDSRVC{1E208CE0-FB7451FF-06020200}_0;PCDSRVC{1E208CE0-FB7451FF-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2012-08-17 25584]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-10-30 250984]

R3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]

R3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]

R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]

R3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]

R3 t_mouse.sys;iBall Advanced Mouse;c:\windows\system32\DRIVERS\t_mouse.sys [2009-04-16 25088]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-05-24 1255736]

R4 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;c:\program files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [2011-09-01 169624]

R4 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]

R4 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]

R4 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]

R4 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]

R4 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

R4 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2012-02-16 1695040]

R4 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

R4 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-07-06 3048136]

R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]

R4 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]

R4 WajamUpdater;WajamUpdater;c:\program files (x86)\Wajam\Updater\WajamUpdater.exe [2012-06-14 109064]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-11-09 339776]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]

S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys [2012-04-17 31432]

S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]

S2 Application Sendori;Application Sendori;c:\program files (x86)\Sendori\SendoriSvc.exe [2012-12-10 118632]

S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [2012-03-09 107648]

S2 bProtector;bProtector;c:\programdata\bProtectorForWindows\2.2.453.59\bProtect.exe [2012-06-21 1677856]

S2 DellDigitalDelivery;Dell Digital Delivery Service;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe [2012-10-09 173568]

S2 Giraffic;Veoh Giraffic Video Accelerator;c:\program files (x86)\Giraffic\Veoh_GirafficWatchdog.exe [2012-07-02 2232504]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-12 13336]

S2 ioloSystemService;iolo System Service;c:\program files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2012-12-07 1053184]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-30 399432]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-30 676936]

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]

S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]

S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]

S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-11-09 218320]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-11-09 177680]

S2 PDFsFilter;PDFsFilter;c:\windows\system32\DRIVERS\PDFsFilter.sys [2012-08-02 82160]

S2 Service Sendori;Service Sendori;c:\program files (x86)\Sendori\Sendori.Service.exe [2012-12-10 14696]

S2 sndappv2;sndappv2;c:\program files (x86)\Sendori\sndappv2.exe [2012-12-10 3569512]

S2 YNanoService;Yahoo! NanoClient Service;c:\program files (x86)\Yahoo!\YNanoClient\cpn0\YNanoService.exe [2012-07-25 157016]

S2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;c:\program files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [2012-03-09 159360]

S2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;c:\program files (x86)\Dell Wireless\Ath_WlanAgent.exe [2012-03-28 77824]

S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2012-03-09 30848]

S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-11-09 69672]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2011-01-20 176096]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-30 25928]

S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-11-09 515528]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]

.

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - mfeavfk01

.

Contents of the 'Scheduled Tasks' folder

.

2012-12-20 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-15 22:55]

.

2012-12-20 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1657353511-1214735398-303165672-1000Core.job

- c:\users\Kyle\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-11 22:58]

.

2012-12-20 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1657353511-1214735398-303165672-1000UA.job

- c:\users\Kyle\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-11 22:58]

.

2012-12-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1657353511-1214735398-303165672-1000Core.job

- c:\users\Kyle\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-23 23:30]

.

2012-12-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1657353511-1214735398-303165672-1000UA.job

- c:\users\Kyle\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-23 23:30]

.

2012-12-20 c:\windows\Tasks\zjiytzflv.job

- c:\windows\system32\rundll32.exe [2009-07-13 01:14]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-30 167960]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-30 391704]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-30 418840]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-03-29 608112]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-05-27 1128448]

"AtherosBtStack"="c:\program files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe" [2012-03-09 1021056]

"AthBtTray"="c:\program files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe" [2012-03-09 800896]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-06-16 499608]

"MouseDriver"="TiltWheelMouse.exe" [2010-11-01 241152]

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = *.local

TCP: DhcpNameServer = 192.168.2.1

TCP: Interfaces\{30201004-7525-4481-AE99-D6A57190DE2D}: NameServer = 216.146.35.240,216.146.36.240,192.168.2.1

FF - ProfilePath - c:\users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\s8vsyhqe.default\

FF - prefs.js: browser.search.selectedEngine - Secure Search

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=

FF - ExtSQL: 2012-12-11 21:03; {4ED1F68A-5463-4931-9384-8FFF5ED91D92}; c:\program files (x86)\McAfee\SiteAdvisor

.

.

------- File Associations -------

.

JSEFile=NOTEPAD.EXE "%1"

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020200}_0]

"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe

c:\windows\SysWOW64\rundll32.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe

c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

c:\program files (x86)\Giraffic\Veoh_Giraffic.exe

c:\windows\SysWOW64\rundll32.exe

c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

c:\program files (x86)\Sendori\SendoriUp.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

.

**************************************************************************

.

Completion time: 2012-12-19 17:57:32 - machine was rebooted

ComboFix-quarantined-files.txt 2012-12-20 00:57

.

Pre-Run: 436,604,710,912 bytes free

Post-Run: 436,474,081,280 bytes free

.

- - End Of File - - B42D87A4C960A359EAE95A341BC604B3

Link to post
Share on other sites

  • Staff
are there any other steps?
Yes, we have a few more tools to run to make sure there are no leftovers, so stay with me till we are done

Please do the following:

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:

Press the WinKey + R to open a run box, type Notepad > click OK.

This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')


File::
c:\windows\Tasks\zjiytzflv.job

ClearJavaCache::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;

2.Click Save As... Change the directory to your desktop;

3.Change the Save as type to "All Files";

4.Type in the file name: CFScript

5.Click Save ...

CFScriptB-4.gif

  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

NEXT

Please download Junkware Removal Tool to your desktop.

  • Shutdown your antivirus to avoid any conflicts.
  • Right-mouse click JRT.exe and select Run as administrator
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message

NEXT

Download AdwCleaner from here and save it to your desktop.

  • Run AdwCleaner and select Delete
  • Once done it will ask to reboot, allow the reboot
  • On reboot a log will be produced, please attach the content of the log to your next reply

NEXT

  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

NEXT

Go here to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Link to post
Share on other sites

Here is the Report after the first step:

ComboFix 12-12-19.02 - Kyle 12/20/2012 14:44:36.2.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4004.2318 [GMT -7:00]

Running from: c:\users\Kyle\Desktop\ComboFix.exe

Command switches used :: c:\users\Kyle\Desktop\cfscript.txt

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}

FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}

SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Kyle\AppData\Local\Temp\AFF1.tmp\F_IN_BOX.dll

.

.

((((((((((((((((((((((((( Files Created from 2012-11-20 to 2012-12-20 )))))))))))))))))))))))))))))))

.

.

2012-12-20 21:55 . 2012-12-20 21:55 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-12-19 06:05 . 2012-12-19 06:05 -------- d-----w- C:\FRST

2012-12-18 03:01 . 2012-12-18 03:01 -------- d-----w- c:\users\Kyle\AppData\Roaming\Malwarebytes

2012-12-18 03:00 . 2012-12-18 03:00 -------- d-----w- c:\programdata\Malwarebytes

2012-12-18 03:00 . 2012-12-18 03:00 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-12-18 03:00 . 2012-09-30 02:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-12-12 20:28 . 2012-12-12 20:28 -------- d-----w- c:\users\Kyle\AppData\Local\Yahoo!

2012-12-12 20:28 . 2012-12-12 20:28 -------- d-----w- c:\users\Kyle\AppData\Local\NanoService

2012-12-12 20:28 . 2012-12-12 20:28 -------- d-----w- c:\programdata\Yahoo!

2012-12-12 20:28 . 2012-12-12 20:28 -------- d-----w- c:\programdata\Yahoo! Companion

2012-12-12 20:28 . 2012-12-12 20:28 -------- d-----w- c:\users\Kyle\AppData\Roaming\Yahoo!

2012-12-12 20:28 . 2012-12-12 20:28 -------- d-----w- c:\program files (x86)\Yahoo!

2012-12-12 20:28 . 2012-12-12 20:28 -------- d--h--w- c:\windows\msdownld.tmp

2012-12-12 17:57 . 2012-11-14 05:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-12-12 17:57 . 2012-11-14 07:11 182816 ----a-w- c:\program files\Internet Explorer\sqmapi.dll

2012-12-12 17:57 . 2012-11-14 06:00 304640 ----a-w- c:\program files\Internet Explorer\IEShims.dll

2012-12-12 17:57 . 2012-11-14 05:57 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2012-12-12 17:57 . 2012-11-14 05:53 96768 ----a-w- c:\windows\system32\mshtmled.dll

2012-12-12 17:57 . 2012-11-14 05:46 248320 ----a-w- c:\windows\system32\ieui.dll

2012-12-12 17:57 . 2012-11-14 02:56 149552 ----a-w- c:\program files (x86)\Internet Explorer\sqmapi.dll

2012-12-12 17:57 . 2012-11-14 01:51 194048 ----a-w- c:\program files (x86)\Internet Explorer\IEShims.dll

2012-12-12 17:57 . 2012-11-14 01:48 420864 ----a-w- c:\windows\SysWow64\vbscript.dll

2012-12-12 17:57 . 2012-11-14 01:44 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2012-12-12 10:12 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll

2012-12-12 10:12 . 2012-11-09 04:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2012-12-12 10:10 . 2012-11-02 05:59 478208 ----a-w- c:\windows\system32\dpnet.dll

2012-12-12 10:10 . 2012-11-02 05:11 376832 ----a-w- c:\windows\SysWow64\dpnet.dll

2012-12-12 05:54 . 2012-12-12 05:54 -------- d-----w- c:\users\Kyle\AppData\Local\Macromedia

2012-12-12 05:29 . 2012-12-12 05:29 -------- d-----w- c:\users\Kyle\AppData\Local\Mozilla

2012-12-12 05:28 . 2012-12-12 19:31 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service

2012-12-12 05:27 . 2012-12-10 23:01 321384 ----a-w- c:\windows\SysWow64\Sendori.dll

2012-12-12 05:27 . 2012-12-12 05:27 -------- d-----w- c:\program files (x86)\Yontoo

2012-12-12 05:27 . 2012-12-15 12:29 -------- d-----w- c:\programdata\Sendori

2012-12-12 05:27 . 2012-12-12 05:27 -------- d-----w- c:\programdata\Tarma Installer

2012-12-12 05:27 . 2012-12-15 12:31 -------- d-----w- c:\program files (x86)\Sendori

2012-12-12 05:27 . 2012-12-12 05:27 -------- d-----w- c:\program files (x86)\PricePeep

2012-12-08 06:09 . 2012-12-08 06:09 114688 --sha-r- c:\windows\SysWow64\NAPCLCFG7.dll

2012-12-07 00:35 . 2012-12-07 00:36 -------- d-----w- c:\program files (x86)\iTunes

2012-11-26 12:31 . 2012-11-26 12:31 -------- d-----w- c:\programdata\Apple Computer

2012-11-26 12:29 . 2012-11-26 12:29 -------- d-----w- c:\users\Kyle\AppData\Local\Apple

2012-11-26 12:29 . 2012-11-26 12:29 -------- d-----w- c:\program files (x86)\Apple Software Update

2012-11-26 12:29 . 2012-11-26 12:29 -------- d-----w- c:\program files\Common Files\Apple

2012-11-26 12:28 . 2012-11-26 12:28 -------- d-----w- c:\program files\Bonjour

2012-11-26 12:28 . 2012-11-26 12:28 -------- d-----w- c:\program files (x86)\Bonjour

2012-11-26 12:28 . 2012-12-07 00:35 -------- d-----w- c:\program files (x86)\Common Files\Apple

2012-11-26 12:28 . 2012-11-26 12:29 -------- d-----w- c:\programdata\Apple

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-12-19 22:55 . 2012-05-15 00:07 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-12-12 17:58 . 2012-07-05 05:30 67413224 ----a-w- c:\windows\system32\MRT.exe

2012-12-07 06:58 . 2012-05-22 03:54 57144 ----a-w- c:\windows\system32\iolobtdfg.exe

2012-12-07 06:57 . 2012-05-22 03:54 25744 ----a-w- c:\windows\system32\smrgdf.exe

2012-12-07 06:42 . 2012-05-22 03:54 2155248 ----a-w- c:\windows\system32\Incinerator64.dll

2012-12-07 06:42 . 2012-05-22 03:54 2097032 ----a-w- c:\windows\SysWow64\Incinerator32.dll

2012-12-02 03:37 . 2012-05-15 00:07 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-11-09 13:40 . 2012-05-22 03:31 69672 ----a-w- c:\windows\system32\drivers\cfwids.sys

2012-11-09 13:37 . 2012-05-22 03:31 339776 ----a-w- c:\windows\system32\drivers\mfewfpk.sys

2012-11-09 13:37 . 2012-05-22 03:29 177680 ----a-w- c:\windows\system32\mfevtps.exe

2012-11-09 13:36 . 2012-05-22 03:31 10288 ----a-w- c:\windows\system32\drivers\mfeclnk.sys

2012-11-09 13:36 . 2012-05-22 03:31 106112 ----a-w- c:\windows\system32\drivers\mferkdet.sys

2012-11-09 13:35 . 2012-04-18 14:24 771096 ----a-w- c:\windows\system32\drivers\mfehidk.sys

2012-11-09 13:34 . 2012-05-22 03:31 515528 ----a-w- c:\windows\system32\drivers\mfefirek.sys

2012-11-09 13:34 . 2012-05-22 03:31 309400 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

2012-11-09 13:33 . 2012-04-18 14:24 178840 ----a-w- c:\windows\system32\drivers\mfeapfk.sys

2012-10-31 22:10 . 2012-10-31 22:10 829264 ----a-w- c:\windows\system32\msvcr100.dll

2012-10-31 22:10 . 2012-10-31 22:10 773968 ----a-w- c:\windows\SysWow64\msvcr100.dll

2012-10-31 22:10 . 2012-10-31 22:10 421200 ----a-w- c:\windows\SysWow64\msvcp100.dll

2012-10-31 22:10 . 2012-10-31 22:10 158536 ----a-w- c:\windows\system32\atl100.dll

2012-10-31 22:10 . 2012-10-31 22:10 138056 ----a-w- c:\windows\SysWow64\atl100.dll

2012-10-16 08:38 . 2012-11-28 13:50 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2012-10-16 08:38 . 2012-11-28 13:50 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2012-10-16 07:39 . 2012-11-28 13:50 561664 ----a-w- c:\windows\apppatch\AcLayers.dll

2012-10-09 18:17 . 2012-11-15 02:41 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll

2012-10-09 18:17 . 2012-11-15 02:41 226816 ----a-w- c:\windows\system32\dhcpcore6.dll

2012-10-09 17:40 . 2012-11-15 02:41 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll

2012-10-09 17:40 . 2012-11-15 02:41 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll

2012-10-04 16:40 . 2012-12-12 10:11 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2012-10-03 17:56 . 2012-11-15 02:38 1914248 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-10-03 17:44 . 2012-11-15 02:38 70656 ----a-w- c:\windows\system32\nlaapi.dll

2012-10-03 17:44 . 2012-11-15 02:38 303104 ----a-w- c:\windows\system32\nlasvc.dll

2012-10-03 17:44 . 2012-11-15 02:38 18944 ----a-w- c:\windows\system32\netevent.dll

2012-10-03 17:44 . 2012-11-15 02:38 246272 ----a-w- c:\windows\system32\netcorehc.dll

2012-10-03 17:44 . 2012-11-15 02:38 216576 ----a-w- c:\windows\system32\ncsi.dll

2012-10-03 17:42 . 2012-11-15 02:38 569344 ----a-w- c:\windows\system32\iphlpsvc.dll

2012-10-03 16:42 . 2012-11-15 02:38 18944 ----a-w- c:\windows\SysWow64\netevent.dll

2012-10-03 16:42 . 2012-11-15 02:38 175104 ----a-w- c:\windows\SysWow64\netcorehc.dll

2012-10-03 16:42 . 2012-11-15 02:38 156672 ----a-w- c:\windows\SysWow64\ncsi.dll

2012-10-03 16:07 . 2012-11-15 02:38 45568 ----a-w- c:\windows\system32\drivers\tcpipreg.sys

2012-09-25 22:47 . 2012-11-15 02:31 78336 ----a-w- c:\windows\SysWow64\synceng.dll

2012-09-25 22:46 . 2012-11-15 02:31 95744 ----a-w- c:\windows\system32\synceng.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}]

2012-10-24 18:55 497008 ----a-w- c:\program files (x86)\PricePeep\pricepeep.dll

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]

2012-10-24 00:36 194928 ----a-w- c:\program files (x86)\Yontoo\YontooIEClient.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Facebook Update"="c:\users\Kyle\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-11 138096]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-01-12 283160]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-09-12 1535112]

"InstaLAN"="c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2011-11-14 1884064]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-11-29 151952]

"Sendori Tray"="c:\program files (x86)\Sendori\SendoriTray.exe" [2012-12-10 82792]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe [2012-9-5 271808]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~3\bprote~1\22453~1.59\protec~1.dll

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2012-03-09 36480]

R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2012-03-09 340096]

R3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [2012-03-09 111232]

R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2012-03-09 168064]

R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2012-03-09 68736]

R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2012-03-09 281472]

R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2012-03-09 551552]

R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-04-20 196440]

R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe [2010-08-30 220528]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe [2012-09-05 234776]

R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-11-09 106112]

R3 PCDSRVC{1E208CE0-FB7451FF-06020200}_0;PCDSRVC{1E208CE0-FB7451FF-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2012-08-17 25584]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-10-30 250984]

R3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]

R3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]

R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]

R3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]

R3 t_mouse.sys;iBall Advanced Mouse;c:\windows\system32\DRIVERS\t_mouse.sys [2009-04-16 25088]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-05-24 1255736]

R4 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;c:\program files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [2011-09-01 169624]

R4 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]

R4 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]

R4 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]

R4 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]

R4 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

R4 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2012-02-16 1695040]

R4 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

R4 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-07-06 3048136]

R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]

R4 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]

R4 WajamUpdater;WajamUpdater;c:\program files (x86)\Wajam\Updater\WajamUpdater.exe [2012-06-14 109064]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-11-09 339776]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]

S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys [2012-04-17 31432]

S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]

S2 Application Sendori;Application Sendori;c:\program files (x86)\Sendori\SendoriSvc.exe [2012-12-10 118632]

S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [2012-03-09 107648]

S2 bProtector;bProtector;c:\programdata\bProtectorForWindows\2.2.453.59\bProtect.exe [2012-06-21 1677856]

S2 DellDigitalDelivery;Dell Digital Delivery Service;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe [2012-10-09 173568]

S2 Giraffic;Veoh Giraffic Video Accelerator;c:\program files (x86)\Giraffic\Veoh_GirafficWatchdog.exe [2012-07-02 2232504]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-12 13336]

S2 ioloSystemService;iolo System Service;c:\program files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2012-12-07 1053184]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-30 399432]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-30 676936]

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]

S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]

S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]

S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-11-09 218320]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-11-09 177680]

S2 PDFsFilter;PDFsFilter;c:\windows\system32\DRIVERS\PDFsFilter.sys [2012-08-02 82160]

S2 Service Sendori;Service Sendori;c:\program files (x86)\Sendori\Sendori.Service.exe [2012-12-10 14696]

S2 sndappv2;sndappv2;c:\program files (x86)\Sendori\sndappv2.exe [2012-12-10 3569512]

S2 YNanoService;Yahoo! NanoClient Service;c:\program files (x86)\Yahoo!\YNanoClient\cpn0\YNanoService.exe [2012-07-25 157016]

S2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;c:\program files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [2012-03-09 159360]

S2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;c:\program files (x86)\Dell Wireless\Ath_WlanAgent.exe [2012-03-28 77824]

S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2012-03-09 30848]

S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-11-09 69672]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2011-01-20 176096]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-30 25928]

S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-11-09 515528]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]

.

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - mfeavfk01

.

Contents of the 'Scheduled Tasks' folder

.

2012-12-20 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-15 22:55]

.

2012-12-20 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1657353511-1214735398-303165672-1000Core.job

- c:\users\Kyle\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-11 22:58]

.

2012-12-20 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1657353511-1214735398-303165672-1000UA.job

- c:\users\Kyle\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-11 22:58]

.

2012-12-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1657353511-1214735398-303165672-1000Core.job

- c:\users\Kyle\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-23 23:30]

.

2012-12-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1657353511-1214735398-303165672-1000UA.job

- c:\users\Kyle\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-23 23:30]

.

2012-12-20 c:\windows\Tasks\zjiytzflv.job

- c:\windows\system32\rundll32.exe [2009-07-13 01:14]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-30 167960]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-30 391704]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-30 418840]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-03-29 608112]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-05-27 1128448]

"AtherosBtStack"="c:\program files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe" [2012-03-09 1021056]

"AthBtTray"="c:\program files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe" [2012-03-09 800896]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-06-16 499608]

"MouseDriver"="TiltWheelMouse.exe" [2010-11-01 241152]

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = *.local

TCP: DhcpNameServer = 192.168.2.1

TCP: Interfaces\{30201004-7525-4481-AE99-D6A57190DE2D}: NameServer = 192.168.2.1

FF - ProfilePath - c:\users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\s8vsyhqe.default\

FF - prefs.js: browser.search.selectedEngine - Secure Search

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=

FF - ExtSQL: 2012-12-11 21:03; {4ED1F68A-5463-4931-9384-8FFF5ED91D92}; c:\program files (x86)\McAfee\SiteAdvisor

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020200}_0]

"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe

c:\windows\SysWOW64\rundll32.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe

c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

c:\program files (x86)\Giraffic\Veoh_Giraffic.exe

c:\windows\SysWOW64\rundll32.exe

c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

c:\program files (x86)\Sendori\SendoriUp.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

.

**************************************************************************

.

Completion time: 2012-12-20 15:18:58 - machine was rebooted

ComboFix-quarantined-files.txt 2012-12-20 22:18

ComboFix2.txt 2012-12-20 00:57

.

Pre-Run: 437,033,381,888 bytes free

Post-Run: 436,969,861,120 bytes free

.

- - End Of File - - 145E0B120809A99B06BF3179F3BFEC06

Link to post
Share on other sites

And here is the report after the Junk Ware pog:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 4.2.1 (12.20.2012:1)

OS: Windows 7 Home Premium x64

Ran by Kyle on Thu 12/20/2012 at 15:33:19.42

Blog: http://thisisudax.blogspot.com

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

Successfully stopped: [service] bprotector

Successfully deleted: [service] bprotector

Successfully stopped: [service] wajamupdater

Successfully deleted: [service] wajamupdater

~~~ Registry Values

Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\windows nt\currentversion\windows\\AppInit_DLLs

Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\bprotector start page

Failed to delete: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\\bprotectordefaultscope

Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{ef99bd32-c1fb-11d2-892f-0090271d4f88}

Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\\DefaultScope

Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\\DefaultScope

Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\searchscopes\\DefaultScope

Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\searchscopes\\DefaultScope

Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\searchscopes\\DefaultScope

Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\searchscopes\\DefaultScope

Successfully repaired: [Registry Value] hkey_users\S-1-5-21-1657353511-1214735398-303165672-1000\software\microsoft\internet explorer\searchscopes\\DefaultScope

~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_local_machine\software\babylon

Successfully deleted: [Registry Key] hkey_current_user\software\bprotector

Successfully deleted: [Registry Key] hkey_local_machine\software\conduit

Failed to delete: [Registry Key] hkey_local_machine\software\datamngr

Failed to delete: [Registry Key] hkey_current_user\software\datamngr_toolbar

Successfully deleted: [Registry Key] hkey_current_user\software\wajam

Successfully deleted: [Registry Key] hkey_local_machine\software\wajam

Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\crossrider

Failed to delete: [Registry Key] hkey_current_user\software\microsoft\windows\currentversion\ext\bprotectsettings

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\escort.dll

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\yontooieclient.dll

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\features\a28b4d68debaa244eb686953b7074fef

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\products\a28b4d68debaa244eb686953b7074fef

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\prod.cap

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\wajam.wajambho

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\wajam.wajambho.1

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\wajam.wajamdownloader

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\wajam.wajamdownloader.1

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\yontooieclient.api

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\yontooieclient.api.1

Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\mybabylontb_rasapi32

Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\mybabylontb_rasmancs

Failed to delete: [Registry Key] hkey_local_machine\software\wow6432node\datamngr

Failed to delete: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}

Successfully deleted: [Registry Key] hkey_classes_root\clsid\{a7a6995d-6ee1-4fd1-a258-49395d5bf99c}

Successfully deleted: [Registry Key] hkey_classes_root\clsid\{ef99bd32-c1fb-11d2-892f-0090271d4f88}

Successfully deleted: [Registry Key] hkey_classes_root\clsid\{fd6d90c0-e6ee-4bc6-b9f7-9ed319698007}

Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{fd6d90c0-e6ee-4bc6-b9f7-9ed319698007}

Successfully deleted: [Registry Key] hkey_classes_root\clsid\{fd72061e-9fde-484d-a58a-0bab4151cad8}

Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{fd72061e-9fde-484d-a58a-0bab4151cad8}

Successfully deleted: [Registry Key] hkey_classes_root\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}

Successfully deleted: [Registry Key] hkey_classes_root\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}

Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\asktoolbarinfo"

Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\software\asktoolbar"

Successfully deleted: [Registry Key] "hkey_current_user\software\ask.com"

Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\appid\genericasktoolbar.dll"

~~~ Files

Successfully deleted: [File] C:\eula.1028.txt

Successfully deleted: [File] C:\eula.1031.txt

Successfully deleted: [File] C:\eula.1033.txt

Successfully deleted: [File] C:\eula.1036.txt

Successfully deleted: [File] C:\eula.1040.txt

Successfully deleted: [File] C:\eula.1041.txt

Successfully deleted: [File] C:\eula.1042.txt

Successfully deleted: [File] C:\eula.2052.txt

Successfully deleted: [File] C:\install.res.1028.dll

Successfully deleted: [File] C:\install.res.1031.dll

Successfully deleted: [File] C:\install.res.1033.dll

Successfully deleted: [File] C:\install.res.1036.dll

Successfully deleted: [File] C:\install.res.1040.dll

Successfully deleted: [File] C:\install.res.1041.dll

Successfully deleted: [File] C:\install.res.1042.dll

Successfully deleted: [File] C:\install.res.2052.dll

Successfully deleted: [File] C:\install.res.3082.dll

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\babylon"

Failed to delete: [Folder] "C:\ProgramData\bprotectorforwindows"

Successfully deleted: [Folder] "C:\ProgramData\tarma installer"

Successfully deleted: [Folder] "C:\Users\Kyle\AppData\Roaming\babylon"

Successfully deleted: [Folder] "C:\Users\Kyle\appdata\local\wajam"

Successfully deleted: [Folder] "C:\Users\Kyle\appdata\locallow\babylontoolbar"

Successfully deleted: [Folder] "C:\Program Files (x86)\pricepeep"

Successfully deleted: [Folder] "C:\Program Files (x86)\wajam"

Successfully deleted: [Folder] "C:\Program Files (x86)\yontoo"

Successfully deleted: [Folder] "C:\Users\Kyle\AppData\Roaming\microsoft\windows\start menu\programs\wajam"

Successfully deleted: [Folder] "C:\Program Files (x86)\ask.com"

Successfully deleted: [Folder] "C:\windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}"

~~~ FireFox

Successfully deleted: [File] C:\user.js

Successfully deleted: [File] C:\Users\Kyle\AppData\Roaming\mozilla\firefox\profiles\s8vsyhqe.default\bprotector_extensions.sqlite

Successfully deleted: [Registry Value] hkey_current_user\software\mozilla\firefox\extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Thu 12/20/2012 at 15:56:08.85

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Link to post
Share on other sites

Here is Ad Ware's report:

# AdwCleaner v2.101 - Logfile created 12/20/2012 at 16:03:12

# Updated 16/12/2012 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : Kyle - KYLE-PC

# Boot Mode : Normal

# Running from : C:\Users\Kyle\Desktop\adwcleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

Folder Found : C:\ProgramData\bProtectorForWindows

Folder Found : C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc

***** [Registry] *****

Key Found : HKCU\Software\DataMngr_Toolbar

Key Found : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Key Found : HKLM\SOFTWARE\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}

Key Found : HKLM\SOFTWARE\Classes\AppID\{38A066B0-DD5F-4226-AC4F-6A27C1BFB892}

Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}

Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Key Found : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}

Key Found : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D}

Key Found : HKLM\Software\DataMngr

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011441179}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5D64294B-1341-4FE7-B6D8-7C36828D4DD5}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1B97A696-5576-43AC-A73B-E1D2C78F21E8}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{75BF416E-4326-45B5-8A2D-AE32D05B930B}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}

Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp

Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\licjnkifamhpbaefhdpacpmihicfbomb

Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011441179}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\PricePeep

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Wajam

Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Found : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Key Found : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}

Key Found : HKLM\SOFTWARE\Classes\Interface\{1B97A696-5576-43AC-A73B-E1D2C78F21E8}

Key Found : HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}

Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}

Key Found : HKLM\SOFTWARE\Classes\Interface\{75BF416E-4326-45B5-8A2D-AE32D05B930B}

Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}

Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}

Key Found : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Key Found : HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Key Found : HKU\S-1-5-21-1657353511-1214735398-303165672-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Value Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Mozilla Firefox v17.0.1 (en-US)

Profile name : default

File : C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\s8vsyhqe.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [6627 octets] - [20/12/2012 16:03:12]

########## EOF - C:\AdwCleaner[R1].txt - [6687 octets] ##########

Link to post
Share on other sites

Malwarebytes log:

Malwarebytes Anti-Malware (Trial) 1.65.1.1000

www.malwarebytes.org

Database version: v2012.12.20.12

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Kyle :: KYLE-PC [administrator]

Protection: Enabled

12/20/2012 4:10:05 PM

mbam-log-2012-12-20 (16-10-05).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 219300

Time elapsed: 4 minute(s), 32 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

  • Staff

in addition to completing the ESET scan, please upload the following files as the script does not appear to have worked

Please open this page in your browser:

http://www.bleepingcomputer.com/submit-malware.php?channel=107

Fill in the link to topic field with a link to this topic

Copy/paste the following into the Browse to the file you want to submit field:

c:\windows\Tasks\zjiytzflv.job

Then press Send File, this will upload the file for analysis

once the file has been uploaded, navigate to the file and delete it

Link to post
Share on other sites

I believe you said that the ESET does not really work, is that correct? Because yes I could not get that website to work without buying the product. It found 6 things to get rid of but did not allow me toerase them using their product w/o typing in a method of payment.

Thanks oso much for the help, is there any other steps you believe?

Link to post
Share on other sites

  • Staff
I believe you said that the ESET does not really work, is that correct?
not sure where you are getting this from?

The ESET online scanner is free, there should be no request for payment. Please post the log of the ESET detections

did you upload that .job file then delete it?

please run the following:

Please download Malwarebytes Anti-Rootkit and save it to your desktop.

  • Be sure to print out and follow the instructions provided on that same page for performing a scan.
  • Caution: This is a beta version so also read the disclaimer and back up all your data before using.
  • When the scan completes, click on the Cleanup button to remove any threats found and reboot the computer if prompted to do so.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • If there are problems with Internet access, Windows Update, Windows Firewall or other system issues, run the fixdamage tool located in the folder Malwarebytes Anti-Rootkit was run from and reboot your computer.
  • Two files (mbar-log-YYYY-MM-DD, system-log.txt) will be created and saved within that same folder.
  • Copy and paste the contents of these two log files in your next reply.

Note: Further documentation can be found in the ReadMe.rtf file which is located in the Malwarebytes Anti-Rootkit folder.

Link to post
Share on other sites

  • 2 weeks later...

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.