dixiechs88 Posted August 8, 2013 ID:712545 Share Posted August 8, 2013 the other day my computer cut off on its own, blue screen, had to restart..it ran a startup repair, i ran spybot and found 3 issues..fixed, tried to update malware..it wouldnt do it, now i cant unistall it and alot of other things either..ran spyhunter and it found all kinds of stuff, the main one being lop.com?my ie is all botched,my computer seems all skitzed out!! help!!!!!i dont know where to even start... Link to post Share on other sites More sharing options...
dixiechs88 Posted August 8, 2013 Author ID:712548 Share Posted August 8, 2013 also it may be worthy of mentioning that all kinds of words in email and even these forums are now underlined and green and pull up crap when scrolled over.. Link to post Share on other sites More sharing options...
dixiechs88 Posted August 9, 2013 Author ID:712875 Share Posted August 9, 2013 can someone help me? practically every other word is now a link for some type of ad... Link to post Share on other sites More sharing options...
Maniac Posted August 9, 2013 ID:712876 Share Posted August 9, 2013 Hello dixiechs88! My name is Borislav and I will be glad to help you solve your malware problem. Please note:If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.Make sure you read all of the instructions and fixes thoroughly before continuing with them.Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.Please follow the instructions here and then post the log files in your next reply. http://forums.malwarebytes.org/index.php?showtopic=9573 Link to post Share on other sites More sharing options...
dixiechs88 Posted August 9, 2013 Author ID:712887 Share Posted August 9, 2013 i have all 3 logs malware and both dds, but it will NOT let me paste into the reply! Link to post Share on other sites More sharing options...
dixiechs88 Posted August 9, 2013 Author ID:712888 Share Posted August 9, 2013 FINALLY got it(had to disable bbc code mode) Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.08.08.04 Windows Vista Service Pack 2 x64 NTFS Internet Explorer 9.0.8112.16421 Amy :: TOP-BRASS [administrator] 8/9/2013 9:05:32 AM mbam-log-2013-08-09 (09-05-32).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 226329 Time elapsed: 8 minute(s), 47 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16496 BrowserJavaVersion: 1.6.0_31 Run by Amy at 9:20:24 on 2013-08-09 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.7934.5554 [GMT -5:00] . AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892} SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\atieclxx.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\svchost.exe -k yksvcs C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Windows\system32\taskeng.exe C:\Windows\MHotKey.exe C:\Windows\ChiFuncExt.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Windows\system32\agr64svc.exe C:\Windows\SysWOW64\svchost.exe -k Akamai C:\Windows\SysWOW64\atashost.exe C:\Program Files (x86)\ATT\8.2.1.6\ma\bin\MAHostService.exe C:\Program Files (x86)\ATT\8.2.1.6\ma\bin\node.exe C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE C:\Windows\system32\dlcccoms.exe C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe C:\Windows\system32\mfevtps.exe C:\Windows\system32\rundll32.exe C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\Common Files\Motive\pcCMService.exe C:\Program Files\Common Files\Motive\pcCMService.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files (x86)\Common Files\Protexis\License Service\PSIService.exe C:\Windows\system32\locator.exe C:\Windows\SysWOW64\SAiAdmin.exe C:\Program Files (x86)\SAi\SAi Production Suite\Program\SAiDownloaderVistaUI.exe C:\Windows\SysWOW64\SAiDownloaderVista.exe C:\Windows\SysWOW64\SAiLicSvr.exe C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Windows\System32\WUDFHost.exe C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT6.EXE C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe C:\Windows\ehome\ehtray.exe C:\Users\Amy\AppData\Local\Akamai\netsession_win.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe C:\Users\Amy\AppData\Local\Akamai\netsession_win.exe C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Windows\CNYHKey.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe C:\Windows\ModLedKey.exe C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\wuauclt.exe C:\Windows\system32\svchost.exe -k SDRSVC C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\program files (x86)\safe saver\safe saver-bg.exe C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe C:\Windows\splwow64.exe c:\PROGRA~2\mcafee\SITEAD~1\saui.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files\McAfee.com\Agent\mcagent.exe c:\program files (x86)\common files\installshield\updateservice\isuspm.exe C:\Program Files (x86)\Common Files\InstallShield\UpdateService\agent.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = about:blank uWindow Title = Windows Internet Explorer provided by Yahoo! uProxyOverride = <local> uURLSearchHooks: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn6\yt.dll uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll uURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn6\yt.dll BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn6\yt.dll BHO: Safe Saver: {11111111-1111-1111-1111-110311321154} - C:\Program Files (x86)\Safe Saver\Safe Saver-bho.dll BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned> BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120625090711.dll BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\YTSingleInstance.dll TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn6\yt.dll TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe uRun: [iSUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe uRun: [Akamai NetSession Interface] "C:\Users\Amy\AppData\Local\Akamai\netsession_win.exe" mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [Gateway Photo Frame] "C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe" -A mRun: [LchDrvKey] LchDrvKey.exe mRun: [LedKey] CNYHKey.exe mRun: [CLMLServer] "C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe" mRun: [iSUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [Conime] C:\Windows\System32\conime.exe mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WDDMST~1.LNK - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WDSMAR~1.LNK - C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe uPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll TCP: NameServer = 192.168.1.254 TCP: Interfaces\{2358983E-27A3-4B12-8C83-E6254158173C} : DHCPNameServer = 192.168.1.254 Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\Windows\SysWow64\browseui.dll x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120625090711.dll x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe x64-Run: [skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe x64-Run: [DLCCCATS] rundll32 C:\Windows\System32\spool\DRIVERS\x64\3\DLCCtime.dll,RunDLLEntry x64-Run: [EKAIO2StatusMonitor] C:\Windows\System32\spool\DRIVERS\x64\3\EKAiO2MUI.exe x64-Run: [MFNetworkScanUtility] C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT6.EXE x64-mPolicies-Explorer: NoDrives = dword:0 x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0 x64-mPolicies-System: EnableUIADesktopToggle = dword:0 x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\1eo4ssn2.default\ FF - prefs.js: browser.search.selectedEngine - Yahoo FF - plugin: c:\PROGRA~2\mcafee\msc\npMcSnFFPl.dll FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\ATT\8.2.1.6\ma\bin\npMotive.dll FF - plugin: C:\Program Files (x86)\Common Files\Motive\npMotiveRequest.dll FF - plugin: C:\Program Files (x86)\ConservativeTalkNow_4nEI\Installr\1.bin\NP4nEISb.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll FF - plugin: C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Users\Amy\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll FF - ExtSQL: !HIDDEN! 2009-09-22 08:37; {20a82645-c095-46ed-80e3-08825760534b}; c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension . ---- FIREFOX POLICIES ---- FF - user.js: yahoo.ytff.general.dontshowhpoffer - true . ============= SERVICES / DRIVERS =============== . R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2011-3-1 771536] R1 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2011-3-1 340216] R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2008-1-20 27648] R2 aksdf;aksdf;C:\Windows\System32\drivers\aksdf.sys [2009-9-18 65024] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-4-20 203776] R2 atashost;WebEx Service Host for Support Center;C:\Windows\SysWOW64\atashost.exe [2012-4-20 133944] R2 ATT MAHostService;ATT MAHostService;C:\Program Files (x86)\ATT\8.2.1.6\ma\bin\MAHostService.exe [2013-3-26 319488] R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-6-15 249648] R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648] R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2012-3-16 389120] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-8-7 418376] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-11 701512] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [2010-10-5 120592] R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-3-1 201304] R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-3-1 201304] R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-3-1 201304] R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2011-3-1 241456] R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2011-3-1 218760] R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2011-3-1 182752] R2 pcCMService;pcCMService;C:\Program Files (x86)\Common Files\Motive\pcCMService.exe [2013-4-17 369152] R2 pcCMService64;pcCMService64;C:\Program Files\Common Files\Motive\pcCMService.exe [2013-4-17 460288] R2 SAiAdmin;SAiAdmin;C:\Windows\SysWOW64\SAiAdmin.exe [2009-9-24 65536] R2 SAiDownloader;SAiDownloader;C:\Program Files (x86)\SAi\SAi Production Suite\Program\SAiDownloaderVistaUI.exe [2009-9-24 417792] R2 SAiDownloaderVista;SAiDownloaderVista;C:\Windows\SysWOW64\SAiDownloaderVista.exe [2009-9-24 77824] R2 SAiLicSvr;SAiLicSvr;C:\Windows\SysWOW64\SAiLicSvr.exe [2009-9-24 86016] R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-9-21 1153368] R2 SentinelKeysServer;Sentinel Keys Server;C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [2008-7-11 328992] R2 WDDMService;WD SmartWare Drive Manager Service;C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2009-10-14 116224] R2 WDSmartWareBackgroundService;WD SmartWare Background Service;C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480] R2 yksvc;Marvell Yukon Service;C:\Windows\System32\svchost.exe -k yksvcs [2008-1-20 27648] R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2011-3-1 70112] R3 cxpl_mhd;CX23885/8 PCI-E AvStream Video Capture (PalomarMHD);C:\Windows\System32\drivers\y_cx88x.sys [2009-3-23 676992] R3 esgiguard;esgiguard;C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [2011-3-2 13088] R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-7-11 25928] R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2011-3-1 309840] R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2011-3-1 515968] R3 RTL85n64;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;C:\Windows\System32\drivers\RTL85n64.sys [2009-4-9 444960] R3 SNTUSB64;SafeNet USB SuperPro/UltraPro/HardwareKey;C:\Windows\System32\drivers\SNTUSB64.SYS [2008-7-11 58664] R3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2009-2-13 14464] R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk60x64.sys [2009-1-8 405504] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-7-7 195336] S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\drivers\HipShieldK.sys [2012-10-23 196440] S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2011-3-1 106552] S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968] S3 SydexFDD;Sydex Diskette Driver;C:\Windows\SysWOW64\drivers\SYDEXFDD.SYS [2010-12-6 13359] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-4-19 1022632] S4 ahcix64s;ahcix64s;C:\Windows\System32\drivers\ahcix64s.sys [2009-4-9 225296] S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-9-21 89920] . =============== File Associations =============== . FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %* . =============== Created Last 30 ================ . . . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft® Windows Vista™ Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 7/6/2009 10:46:25 AM System Uptime: 8/8/2013 9:38:42 AM (24 hours ago) . Motherboard: Gateway | | RS780 Processor: AMD Phenom 9750 Quad-Core Processor | AM2 | 1200/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 917 GiB total, 721.966 GiB free. D: is CDROM (CDFS) E: is Removable F: is Removable G: is Removable H: is Removable I: is Removable J: is Removable K: is CDROM (UDF) L: is FIXED (NTFS) - 232 GiB total, 224.088 GiB free. . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Microsoft Tun Miniport Adapter Device ID: ROOT\*TUNMP\0001 Manufacturer: Microsoft Name: Microsoft Tun Miniport Adapter #2 PNP Device ID: ROOT\*TUNMP\0001 Service: tunmp . Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318} Description: Microsoft PS/2 Mouse Device ID: ACPI\PNP0F03\4&2A700557&0 Manufacturer: Microsoft Name: Microsoft PS/2 Mouse PNP Device ID: ACPI\PNP0F03\4&2A700557&0 Service: i8042prt . ==== System Restore Points =================== . . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) Acrobat.com Adobe AIR Adobe Community Help Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader Free Download Packages Adobe Reader XI (11.0.03) Agere Systems PCI-SV92PP Soft Modem aioscnnr Akamai NetSession Interface Akamai NetSession Interface Service Apple Application Support Apple Software Update ATI Catalyst Install Manager ATT Management Agent Bing Bar C4USelfUpdater Canon MF Toolbox 4.9.1.1.mf12 Canon MF4500w Series Catalyst Control Center - Branding Catalyst Control Center Core Implementation Catalyst Control Center Graphics Full Existing Catalyst Control Center Graphics Full New Catalyst Control Center Graphics Light Catalyst Control Center Graphics Previews Vista Catalyst Control Center InstallProxy Catalyst Control Center Localization Danish Catalyst Control Center Localization Dutch Catalyst Control Center Localization Finnish Catalyst Control Center Localization French Catalyst Control Center Localization German Catalyst Control Center Localization Italian Catalyst Control Center Localization Japanese Catalyst Control Center Localization Norwegian Catalyst Control Center Localization Spanish Catalyst Control Center Localization Swedish ccc-core-static ccc-utility64 CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Italian CCC Help Japanese CCC Help Norwegian CCC Help Spanish CCC Help Swedish center Clip Art Collection Compatibility Pack for the 2007 Office system CorelDRAW Graphics Suite 12 CyberLink Power2Go Embroidery Fonts Plus essentials EZ Fonts EZgram Home Edition Fantastic Fonts for Embroidery File Type Assistant FlexiSIGN 7.5v5 Gateway Games Gateway Photo Frame 4.2.3.6 Gateway Recovery Management Gateway ScreenSaver GIMP 2.6.11 Google Toolbar for Internet Explorer Google Update Helper HASP Device Drivers Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Java Auto Updater Java 6 Update 31 Java 6 Update 5 Junk Mail filter update KB0817 Keyboard Driver Kodak AIO Printer KODAK AiO Software Malwarebytes Anti-Malware version 1.75.0.1300 Marvell Miniport Driver McAfee SecurityCenter McAfee Virtual Technician Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Choice Guard Microsoft Money Essentials Microsoft Money Shared Libraries Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office Home and Student 2007 Microsoft Office Office 64-bit Components 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Shared 64-bit MUI (English) 2007 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Suite Activation Assistant Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Works Microsoft_VC80_CRT_x86 Microsoft_VC80_MFC_x86 Microsoft_VC80_MFCLOC_x86 Microsoft_VC90_CRT_x86 Mozilla Firefox 22.0 (x86 en-US) Mozilla Maintenance Service MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) NVIDIA Drivers ocr PL-2303 USB-to-Serial PreReq QuickTime Realtek High Definition Audio Driver Safe Saver SAi Production Suite Scrapbook Factory Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629) Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576) Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407) Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628) Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition Sentinel Protection Installer 7.5.0 Shared C Run-time for x64 Shop To Win Skins Smart Sizer Platinum Spybot - Search & Destroy SpyHunter StartNow Toolbar Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB2836940) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) Update Manager Visual C++ 8.0 Runtime Setup Package (x64) WD SmartWare WebEx Wilcom TrueSizer Windows Driver Package - YUAN TV DRIVER (cxpl_mhd) Media (03/21/2009 6.0.64.0057) Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Mail Windows Live Messenger Windows Live Photo Gallery Windows Live Sign-in Assistant Windows Live Sync Windows Live Upload Tool Windows Live Writer Yahoo! BrowserPlus 2.9.8 Yahoo! Software Update Yahoo! Toolbar . ==== End Of File =========================== Link to post Share on other sites More sharing options...
Maniac Posted August 9, 2013 ID:712938 Share Posted August 9, 2013 Step 1 Please uninstall the following applications: Safe Saver StartNow Toolbar Smart Sizer Platinum Shop To Win Step 2 Please download Junkware Removal Tool to your desktop.Shut down your protection software now to avoid potential conflicts.Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.The tool will open and start scanning your system.Please be patient as this can take a while to complete depending on your system's specifications.On completion, a log (JRT.txt) is saved to your desktop and will automatically open.Post the contents of JRT.txt into your next message.Step 3 Please download AdwCleaner by Xplode onto your desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click on Delete.Confirm each time with Ok.Your computer will be rebooted automatically. A text file will open after the restart.Please post the content of that logfile with your next answer.You can find the logfile at C:\AdwCleaner[s1].txt as well.Step 4Download on the desktop RogueKillerQuit all programsStart RogueKiller.exeWait until Prescan has finished ...Click on Scan. Click on Report and copy/paste the content of the notepad in your next reply.In your next reply, post the following log files:Junkware Removal Tool logAdwCleaner logRogueKIller log Link to post Share on other sites More sharing options...
dixiechs88 Posted August 9, 2013 Author ID:712997 Share Posted August 9, 2013 i have done steps 1 and 2..step 3 download keeps activating my mcAfee and saying not to download, even after i have turned off firewall and scanning...continue? Link to post Share on other sites More sharing options...
dixiechs88 Posted August 9, 2013 Author ID:713002 Share Posted August 9, 2013 got it.. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 5.3.9 (08.09.2013:1) OS: Windows Vista Home Premium x64 Ran by Amy on Fri 08/09/2013 at 12:22:57.33 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin.1 Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\toolbar.dll Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installcore Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\crossrider Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolbar.bandobject Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolbar.bandobject.1 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolbar.toolbarhelperobject Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolbar.toolbarhelperobject.1 Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\FCSB000063129.JSOptionsImpl Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\FCSB000063129.JSOptionsImpl.1 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\FCSB000063129.JSOptionsImpl Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\FCSB000063129.JSOptionsImpl.1 Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110311321154} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110311321154} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{28A29DB4-F095-4FCC-A2A0-1856CD236415} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670} ~~~ Files Successfully deleted: [File] "C:\Windows\wininit.ini" ~~~ Folders Successfully deleted: [Folder] "C:\Program Files (x86)\shop to win 12" ~~~ FireFox Successfully deleted: [File] C:\Users\Amy\AppData\Roaming\mozilla\firefox\profiles\1eo4ssn2.default\user.js Successfully deleted: [Folder] C:\Users\Amy\AppData\Roaming\mozilla\firefox\profiles\1eo4ssn2.default\fctb Successfully deleted the following from C:\Users\Amy\AppData\Roaming\mozilla\firefox\profiles\1eo4ssn2.default\prefs.js user_pref("extensions.crossrider.bic", "140555c62c49bacbfbb1ee8beb58326c"); user_pref("freecause70263cf9d46a4be4adc629500ba884e1.DNSCatch", false); user_pref("freecause70263cf9d46a4be4adc629500ba884e1.FirstLaunchShown", true); user_pref("freecause70263cf9d46a4be4adc629500ba884e1.LastDate", 19); user_pref("freecause70263cf9d46a4be4adc629500ba884e1.customNewTab", false); user_pref("freecause70263cf9d46a4be4adc629500ba884e1.processAddrBar", false); user_pref("freecause70263cf9d46a4be4adc629500ba884e1.session", "B4CFF5988EA1A4B0DC474377B5D44B51D327AAD0E8E14D5C601C2F7616FE66745137A6BB0CB398DABF93CC0D31C92B7F283D51B14EC9AFC user_pref("freecause70263cf9d46a4be4adc629500ba884e1.tb_lang", "en"); user_pref("freecause70263cf9d46a4be4adc629500ba884e1.user_id", "53705801"); user_pref("freecause70263cf9d46a4be4adc629500ba884e1.vars.disablecuidinject", "1"); user_pref("freecause70263cf9d46a4be4adc629500ba884e1.vars.lastcheck", "Tue%20Nov%2022%202011%2013%3A11%3A21%20GMT-0600%20%28Central%20Standard%20Time%29"); user_pref("freecause70263cf9d46a4be4adc629500ba884e1.yahooSearch", false); user_pref("{5911488E-9D1E-40ec-8CBB-06B231CC153F}.name", "StartNow Toolbar"); user_pref("{5911488E-9D1E-40ec-8CBB-06B231CC153F}.startpage", "adkn.startnow.com"); Emptied folder: C:\Users\Amy\AppData\Roaming\mozilla\firefox\profiles\1eo4ssn2.default\minidumps [17 files] # AdwCleaner v2.306 - Logfile created 08/09/2013 at 12:35:05 # Updated 19/07/2013 by Xplode # Operating system : Windows Vista Home Premium Service Pack 2 (64 bits) # User : Amy - TOP-BRASS # Boot Mode : Normal # Running from : C:\Users\Amy\Desktop\AdwCleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** Deleted on reboot : C:\Users\Amy\AppData\LocalLow\AVG Security Toolbar ***** [Registry] ***** Key Deleted : HKCU\Software\AppDataLow\Software\AVG Security Toolbar Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7E8A36EA-2501-4ED3-A3C8-CFA9143FB169} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6857AC4A-95B4-4E2C-B2D2-8A235FCCEF4A} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA} Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}] Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}] ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16496 [OK] Registry is clean. -\\ Mozilla Firefox v22.0 (en-US) File : C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\1eo4ssn2.default\prefs.js [OK] File is clean. -\\ Google Chrome v [unable to get version] File : C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[s1].txt - [2386 octets] - [09/08/2013 12:35:05] ########## EOF - C:\AdwCleaner[s1].txt - [2446 octets] ########## RogueKiller V8.6.5 [Aug 5 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.adlice.com/forum/ Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://tigzyrk.blogspot.com/ Operating System : Windows Vista (6.0.6002 Service Pack 2) 64 bits version Started in : Normal mode User : Amy [Admin rights] Mode : Scan -- Date : 08/09/2013 13:07:47 | ARK || FAK || MBR | ¤¤¤ Bad processes : 4 ¤¤¤ [sUSP PATH] mHotkey.exe -- C:\Windows\mHotkey.exe [-] -> KILLED [TermProc] [sUSP PATH] ChiFuncExt.exe -- C:\Windows\ChiFuncExt.exe [-] -> KILLED [TermProc] [sUSP PATH] CNYHKey.exe -- C:\Windows\CNYHKey.exe [-] -> KILLED [TermProc] [sUSP PATH] ModLEDKey.exe -- C:\Windows\ModLedKey.exe [-] -> KILLED [TermProc] ¤¤¤ Registry Entries : 10 ¤¤¤ [HJ POL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND [HJ POL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND [HJ POL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND [HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND [HJ POL] HKLM\[...]\Wow6432Node\[...]\System : DisableTaskMgr (0) -> FOUND [HJ POL] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND [HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND [HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 1 ¤¤¤ [V2][sUSP PATH] MHotkey : %SystemRoot%\MHotKey.exe [x] -> FOUND ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ [ZeroAccess][Junction] en-US : C:\Program Files\Windows Defender\en-US >> \systemroot\system32\config [-] --> FOUND [ZeroAccess][Junction] MpAsDesc.dll : C:\Program Files\Windows Defender\MpAsDesc.dll >> \systemroot\system32\config [-] --> FOUND [ZeroAccess][Junction] MpClient.dll : C:\Program Files\Windows Defender\MpClient.dll >> \systemroot\system32\config [-] --> FOUND [ZeroAccess][Junction] MpCmdRun.exe : C:\Program Files\Windows Defender\MpCmdRun.exe >> \systemroot\system32\config [-] --> FOUND [ZeroAccess][Junction] MpEvMsg.dll : C:\Program Files\Windows Defender\MpEvMsg.dll >> \systemroot\system32\config [-] --> FOUND [ZeroAccess][Junction] MpOAV.dll : C:\Program Files\Windows Defender\MpOAV.dll >> \systemroot\system32\config [-] --> FOUND [ZeroAccess][Junction] MpRtMon.dll : C:\Program Files\Windows Defender\MpRtMon.dll >> \systemroot\system32\config [-] --> FOUND [ZeroAccess][Junction] MpRtPlug.dll : C:\Program Files\Windows Defender\MpRtPlug.dll >> \systemroot\system32\config [-] --> FOUND [ZeroAccess][Junction] MpSigDwn.dll : C:\Program Files\Windows Defender\MpSigDwn.dll >> \systemroot\system32\config [-] --> FOUND [ZeroAccess][Junction] MpSoftEx.dll : C:\Program Files\Windows Defender\MpSoftEx.dll >> \systemroot\system32\config [-] --> FOUND [ZeroAccess][Junction] MpSvc.dll : C:\Program Files\Windows Defender\MpSvc.dll >> \systemroot\system32\config [-] --> FOUND [ZeroAccess][Junction] MSASCui.exe : C:\Program Files\Windows Defender\MSASCui.exe >> \systemroot\system32\config [-] --> FOUND [ZeroAccess][Junction] MsMpCom.dll : C:\Program Files\Windows Defender\MsMpCom.dll >> \systemroot\system32\config [-] --> FOUND [ZeroAccess][Junction] MsMpLics.dll : C:\Program Files\Windows Defender\MsMpLics.dll >> \systemroot\system32\config [-] --> FOUND [ZeroAccess][Junction] MsMpRes.dll : C:\Program Files\Windows Defender\MsMpRes.dll >> \systemroot\system32\config [-] --> FOUND ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ZeroAccess ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: Hitachi HDT721010SLA360 ATA Device +++++ --- User --- [MBR] cf68788bec0301e74a5cde91827a2c18 [bSP] 0954b4e64961a5d2bd991e7fe7172b12 : Acer MBR Code Partition table: 0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 15000 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 30722048 | Size: 938867 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: Hitachi HDT721010SLA360 ATA Device +++++ Error reading User MBR! User = LL1 ... OK! Error reading LL2 MBR! +++++ PhysicalDrive2: Hitachi HDT721010SLA360 ATA Device +++++ Error reading User MBR! User = LL1 ... OK! Error reading LL2 MBR! +++++ PhysicalDrive3: Hitachi HDT721010SLA360 ATA Device +++++ Error reading User MBR! User = LL1 ... OK! Error reading LL2 MBR! +++++ PhysicalDrive4: Hitachi HDT721010SLA360 ATA Device +++++ Error reading User MBR! User = LL1 ... OK! Error reading LL2 MBR! Finished : << RKreport[0]_S_08092013_130747.txt >> Link to post Share on other sites More sharing options...
Maniac Posted August 10, 2013 ID:713194 Share Posted August 10, 2013 One or more of the identified infections is related to a nasty rootkit component which is difficult to remove. Rootkits and backdoor Trojans are very dangerous because they use advanced techniques (backdoors) as a means of accessing a computer system that bypasses security mechanisms and steal sensitive information which they send back to the hacker. Many rootkits can hook into the Windows 32-bit kernel, and patch several APIs to hide new registry keys and files they install. Remote attackers use backdoor Trojans and rootkits as part of an exploit to gain unauthorized access to a computer and take control of it without your knowledge. If your computer was used for online banking, has credit card information or other sensitive data on it, you should immediately disconnect from the Internet until your system is cleaned. All passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums from a CLEAN COMPUTER. You should consider them to be compromised. You should change each password by using a different computer and not the infected one. If not, an attacker may get the new passwords and transaction information. If using a router, you need to reset it with a strong logon/password so the malware cannot gain control before connecting again. Banking and credit card institutions should be notified of the possible security breach. Because your computer was compromised please read How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud? Although the rootkit has been identified and may be removed, your PC has likely been compromised and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume that because this malware has been removed the computer is now secure. In some instances an infection may have caused so much damage to your system that it cannot be completely cleaned or repaired. The malware may leave so many remnants behind that security tools cannot find them. Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, delete the partition, reformat and reinstall the Operating System. Please read:When should I re-format? How should I reinstall?Help: I Got Hacked. Now What Do I Do?Where to draw the line? When to recommend a format and reinstall?Should you decide not to follow this advice, we will do our best to help clean the computer of any infections but we cannot guarantee it to be trustworthy or that the removal will be successful. If you wish to proceed, disinfection will require more time and more advanced tools. Please let us know how you would like to proceed. Link to post Share on other sites More sharing options...
dixiechs88 Posted August 12, 2013 Author ID:713986 Share Posted August 12, 2013 sorry for the late reply, this is my work computer! if i back up all my files and programs to re format, is there a chance they will be infected? what would you personally reccomend? if i were to change all passwords from a clean computer, and not use this one for that kind of activity again, would that be ok? Link to post Share on other sites More sharing options...
Maniac Posted August 12, 2013 ID:713992 Share Posted August 12, 2013 if i back up all my files and programs to re format, is there a chance they will be infected? Depends on what you want to backup. You shouldn't backup any executable files (like .exe). would that be ok? No, it wouldn't. My opinion is that you shouldn't use it until is clean. Link to post Share on other sites More sharing options...
dixiechs88 Posted August 12, 2013 Author ID:713994 Share Posted August 12, 2013 i guess i am asking if you would try to clean it first, rather than wiping it first? Link to post Share on other sites More sharing options...
Maniac Posted August 12, 2013 ID:713996 Share Posted August 12, 2013 It is okay. Please download Farbar Recovery Scan Tool and save it to your desktop. Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bitDouble-click to run it. When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply. Link to post Share on other sites More sharing options...
dixiechs88 Posted August 12, 2013 Author ID:714004 Share Posted August 12, 2013 Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-08-2013 02Ran by Amy (administrator) on 12-08-2013 09:31:59Running from C:\Users\Amy\DesktopWindows Vista Home Premium Service Pack 2 (X64) OS Language: English(US)Internet Explorer Version 9Boot Mode: Normal==================== Processes (Whitelisted) =================(AMD) C:\Windows\system32\atiesrxx.exe(Microsoft Corporation) C:\Windows\system32\SLsvc.exe(AMD) C:\Windows\system32\atieclxx.exe(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe(CANON INC.) C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT6.EXE(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe(Microsoft Corporation) C:\Windows\ehome\ehtray.exe(Akamai Technologies, Inc.) C:\Users\Amy\AppData\Local\Akamai\netsession_win.exe(WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe(Western Digital) C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe(IOI) C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe(CyberLink) C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe(InstallShield Software Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe(Akamai Technologies, Inc.) C:\Users\Amy\AppData\Local\Akamai\netsession_win.exe(Agere Systems) C:\Windows\system32\agr64svc.exe(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe(Cisco WebEx LLC) C:\Windows\SysWOW64\atashost.exe(Alcatel-Lucent) C:\Program Files (x86)\ATT\8.2.1.6\ma\bin\MAHostService.exe(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE(Joyent, Inc) C:\Program Files (x86)\ATT\8.2.1.6\ma\bin\node.exe( ) C:\Windows\system32\dlcccoms.exe(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe(McAfee, Inc.) C:\Windows\system32\mfevtps.exe(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\pcCMService.exe(Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe() C:\Program Files (x86)\Common Files\Protexis\License Service\PSIService.exe(Microsoft Corporation) C:\Windows\system32\locator.exe(TODO: <Company name>) C:\Windows\SysWOW64\SAiAdmin.exe(TODO: <Company name>) C:\Program Files (x86)\SAi\SAi Production Suite\Program\SAiDownloaderVistaUI.exe(TODO: <Company name>) C:\Windows\SysWOW64\SAiDownloaderVista.exe(SA International) C:\Windows\SysWOW64\SAiLicSvr.exe(SafeNet, Inc.) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe(WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe(Memeo) C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe(McAfee, Inc.) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe(Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe() C:\Users\Amy\Desktop\RogueKiller.exe(Microsoft Corporation) C:\Windows\splwow64.exe(McAfee, Inc.) c:\PROGRA~2\mcafee\SITEAD~1\saui.exe(Microsoft Corporation) C:\Windows\system32\sdclt.exe(McAfee, Inc.) C:\Program Files\McAfee.com\Agent\mcagent.exe(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE==================== Registry (Whitelisted) ==================HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7574048 2009-03-30] (Realtek Semiconductor)HKLM\...\Run: [skytel] - C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-03-30] (Realtek Semiconductor Corp.)HKLM\...\Run: [DLCCCATS] - C:\Windows\system32\spool\DRIVERS\x64\3\DLCCtime.dll [28672 2006-02-24] ()HKLM\...\Run: [EKAIO2StatusMonitor] - C:\Windows\system32\spool\DRIVERS\x64\3\EKAiO2MUI.exe [3240448 2012-03-16] (Eastman Kodak Company)HKLM\...\Run: [MFNetworkScanUtility] - C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT6.EXE [508312 2009-12-14] (CANON INC.)HKCU\...\Run: [spybotSD TeaTimer] - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)HKCU\...\Run: [iSUSPM Startup] - C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [221184 2005-02-16] (InstallShield Software Corporation)HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\Amy\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)HKCU\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe -update activex [814472 2013-06-11] (Adobe Systems Incorporated)HKLM-x32\...\Run: [startCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-08-29] (Advanced Micro Devices, Inc.)HKLM-x32\...\Run: [Gateway Photo Frame] - C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe [123904 2009-05-05] (IOI)HKLM-x32\...\Run: [LchDrvKey] - LchDrvKey.exe [x]HKLM-x32\...\Run: [LedKey] - CNYHKey.exe [x]HKLM-x32\...\Run: [CLMLServer] - C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe [103720 2008-12-24] (CyberLink)HKLM-x32\...\Run: [iSUSScheduler] - C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-02-16] (InstallShield Software Corporation)HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2010-03-17] (Apple Inc.)HKLM-x32\...\Run: [mcui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [1532992 2013-03-13] (McAfee, Inc.)HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.)HKLM-x32\...\Run: [Conime] - C:\Windows\SysWOW64\conime.exe [69120 2009-04-11] (Microsoft Corporation)HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)HKU\Default\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [2438656 2009-04-11] (Microsoft Corporation)HKU\Default\...\RunOnce: [scrSav] - C:\Windows\Screensavers\Gateway\run_Gateway.exe [155648 2009-04-03] ()HKU\Default User\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [2438656 2009-04-11] (Microsoft Corporation)HKU\Default User\...\RunOnce: [scrSav] - C:\Windows\Screensavers\Gateway\run_Gateway.exe [155648 2009-04-03] ()Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnkShortcutTarget: WDDMStatus.lnk -> C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDSmartWare.lnkShortcutTarget: WDSmartWare.lnk -> C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital)SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)SSODL-x32: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWOW64\webcheck.dll (Microsoft Corporation)==================== Internet (Whitelisted) ====================HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://att.netHKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4300&r=1v3607099306p0325vqk5k46j15206HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4300&r=1v3607099306p0325vqk5k46j15206URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)URLSearchHook: YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No FileStartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exeSearchScopes: HKLM - DefaultScope value is missing.SearchScopes: HKCU - DefaultScope {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://search.yahoo.com/search?p={searchTerms}&fr=chr-rogSearchScopes: HKCU - {86EA8B23-520D-4E3F-BCD4-D4AEB586AF18} URL = http://www.flickr.com/search/?q={searchTerms}SearchScopes: HKCU - {AB2D7FD7-7580-410E-B623-82F3A63D8002} URL = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avgb-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://search.yahoo.com/search?p={searchTerms}&fr=chr-rogSearchScopes: HKCU - {E5156248-9F66-4F64-8B27-5592AB3114A2} URL = http://delicious.com/search?p={searchTerms}BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120625090711.dll (McAfee, Inc.)BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No FileBHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)BHO-x32: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120625090711.dll (McAfee, Inc.)BHO-x32: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)BHO-x32: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\YTSingleInstance.dll (Yahoo! Inc)Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)Toolbar: HKLM-x32 - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No FileToolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://kodak.webex.com/client/T27L10NSP25/support/ieatgpc1.cabHandler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - No FileHandler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\syswow64\urlmon.dll (Microsoft Corporation)Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)Handler-x32: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~1\mcafee\msc\MCSNIE~1.DLL (McAfee, Inc.)Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dll (McAfee, Inc.)Winsock: Catalog5 01 %SystemRoot%\System32\mswsock.dll [223232] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"Winsock: Catalog5-x64 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"Tcpip\Parameters: [DhcpNameServer] 192.168.1.254FireFox:========FF ProfilePath: C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\1eo4ssn2.defaultFF SelectedSearchEngine: YahooFF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()FF Plugin-x32: @ei.ConservativeTalkNow_4n.com/Plugin - C:\Program Files (x86)\ConservativeTalkNow_4nEI\Installr\1.bin\NP4nEISB.dll (ConservativeTalkNow)FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()FF Plugin-x32: @mcafee.com/MVT - C:\Program Files (x86)\McAfee\Supportability\MVT\npmvtplugin.dll (McAfee, Inc.)FF Plugin-x32: @mcafee.com/SAFFPlugin - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)FF Plugin-x32: @Motive.com/NpMotive,version=1.0 - C:\Program Files (x86)\ATT\8.2.1.6\ma\bin\npMotive.dll (Alcatel-Lucent)FF Plugin-x32: @Motive.com/npMotiveRequest,version=1.0 - C:\Program Files (x86)\Common Files\Motive\npMotiveRequest.dll (Alcatel-Lucent)FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin HKCU: @yahoo.com/BrowserPlus,version=2.9.8 - C:\Users\Amy\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)FF Extension: No Name - C:\Users\Amy\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}FF Extension: Microsoft .NET Framework Assistant - C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\1eo4ssn2.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}FF Extension: Yahoo! Toolbar - C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\1eo4ssn2.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}FF Extension: mcciwbch - C:\Program Files (x86)\Mozilla Firefox\extensions\mcciwbch@motive.com.xpiFF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] C:\Program Files (x86)\McAfee\SiteAdvisorFF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisorFF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] C:\Program Files (x86)\Common Files\McAfee\SystemCoreFF Extension: No Name - C:\Program Files (x86)\Common Files\McAfee\SystemCoreChrome:=======CHR HKLM-x32\...\Chrome\Extension: [edmgmpmklgfbohogafcfobonnkogchec] - C:\Program Files (x86)\Common Files\Motive\extensions\MotiveRequest.crxCHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx==================== Services (Whitelisted) =================R2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-01] (Akamai Technologies, Inc.)R2 ATT MAHostService; C:\Program Files (x86)\ATT\8.2.1.6\ma\bin\MAHostService.exe [319488 2013-03-26] (Alcatel-Lucent)R2 dlcc_device; C:\Windows\system32\dlcccoms.exe [566768 2007-02-14] ( )R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [120592 2013-05-22] (McAfee, Inc.)R2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)R2 mcmscsvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)R2 McNaiAnn; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)R2 McNASvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [383608 2012-11-16] (McAfee, Inc.)R2 McProxy; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [241456 2013-02-19] (McAfee, Inc.)R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218760 2013-02-19] (McAfee, Inc.)R2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-02-19] (McAfee, Inc.)R2 pcCMService64; C:\Program Files\Common Files\Motive\pcCMService.exe [460288 2012-11-01] (Alcatel-Lucent)R2 ProtexisLicensing; C:\Program Files (x86)\Common Files\Protexis\License Service\PSIService.exe [174656 2006-11-02] ()R2 SAiAdmin; C:\Windows\SysWOW64\SAiAdmin.exe [65536 2007-08-27] (TODO: <Company name>)R2 SAiDownloader; C:\Program Files (x86)\SAi\SAi Production Suite\Program\SAiDownloaderVistaUI.exe [417792 2007-09-11] (TODO: <Company name>)R2 SAiDownloaderVista; C:\Windows\SysWOW64\SAiDownloaderVista.exe [77824 2007-09-11] (TODO: <Company name>)R2 SAiLicSvr; C:\Windows\SysWOW64\SAiLicSvr.exe [86016 2007-12-19] (SA International)R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)R2 SentinelKeysServer; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [328992 2008-07-11] (SafeNet, Inc.)R2 yksvc; C:\Windows\System32\ykx64mpcoinst.dll [382464 2009-01-08] (Marvell)==================== Drivers (Whitelisted) ====================R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-02-19] (McAfee, Inc.)R3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [13088 2011-03-02] ()S2 Haspnt; C:\Windows\SysWow64\drivers\Haspnt.sys [47616 2009-09-17] (Aladdin Knowledge Systems)S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179280 2013-02-19] (McAfee, Inc.)R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [309840 2013-02-19] (McAfee, Inc.)R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [515968 2013-02-19] (McAfee, Inc.)R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [771536 2013-02-19] (McAfee, Inc.)S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106552 2013-02-19] (McAfee, Inc.)R1 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [340216 2013-02-19] (McAfee, Inc.)S3 MREMP50; C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [21248 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))S3 MREMP50; C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [21248 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))S3 MREMP50a64; C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [43008 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))S3 MRESP50; C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [20096 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))S3 MRESP50; C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [20096 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))S3 MRESP50a64; C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [40960 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))S2 Par1284; C:\Program Files (x86)\FlexiSIGN 7.5v5\Program\Par1284.sys [53344 2004-07-13] (Warp Nine Engineering)S2 Par1284; C:\Program Files (x86)\FlexiSIGN 7.5v5\Program\Par1284.sys [53344 2004-07-13] (Warp Nine Engineering)R3 RTL85n64; C:\Windows\System32\DRIVERS\RTL85n64.sys [444960 2008-05-09] (Realtek)R3 SNTUSB64; C:\Windows\System32\DRIVERS\SNTUSB64.SYS [58664 2008-07-11] (SafeNet, Inc.)S3 SydexFDD; C:\Windows\SysWOW64\Drivers\sydexfdd.sys [13359 2009-08-06] (Windows ® 2000 DDK provider)S3 SydexFDD; C:\Windows\SysWOW64\Drivers\sydexfdd.sys [13359 2009-08-06] (Windows ® 2000 DDK provider)S1 Beep; No ImagePathS3 catchme; \??\C:\ComboFix\catchme.sys [x]S2 Haspnt; \??\C:\Windows\system32\drivers\Haspnt.sys [x]S3 IpInIp; system32\DRIVERS\ipinip.sys [x]U3 mfeavfk01; No ImagePathS3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [x]S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [x]S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]S2 wntpport; No ImagePath==================== NetSvcs (Whitelisted) ======================================= One Month Created Files and Folders ========2013-08-09 16:22 - 2013-08-09 16:22 - 00329216 _____ C:\Users\Amy\Desktop\johnnyduckhunt.fs2013-08-09 14:08 - 2013-08-09 14:26 - 00664064 _____ C:\Users\Amy\Desktop\bms.fs2013-08-09 13:07 - 2013-08-09 13:07 - 00004954 _____ C:\Users\Amy\Desktop\RKreport[0]_S_08092013_130747.txt2013-08-09 13:05 - 2013-08-09 13:07 - 00000000 ____D C:\Users\Amy\Desktop\RK_Quarantine2013-08-09 13:05 - 2013-08-09 13:05 - 00920576 _____ C:\Users\Amy\Desktop\RogueKiller.exe2013-08-09 12:57 - 2013-08-12 09:08 - 00000348 _____ C:\Windows\Tasks\AmiUpdXp.job2013-08-09 12:57 - 2013-08-09 12:57 - 00003364 _____ C:\Windows\System32\Tasks\AmiUpdXp2013-08-09 12:57 - 2013-08-09 12:57 - 00000000 ____D C:\Users\Amy\AppData\Local\SwvUpdater2013-08-09 12:35 - 2013-08-09 12:35 - 00002509 _____ C:\AdwCleaner[s1].txt2013-08-09 12:34 - 2013-08-09 12:34 - 00017910 _____ C:\Users\Amy\Desktop\Wildcat11.dst2013-08-09 12:32 - 2013-08-09 12:32 - 00004700 _____ C:\Users\Amy\Desktop\JRT.txt2013-08-09 12:25 - 2013-08-09 12:25 - 01066136 _____ C:\Users\Amy\Desktop\Setup.exe2013-08-09 12:23 - 2013-08-09 12:23 - 00666633 _____ C:\Users\Amy\Desktop\AdwCleaner.exe2013-08-09 12:22 - 2013-08-09 12:22 - 00000000 ____D C:\Windows\ERUNT2013-08-09 12:21 - 2013-08-09 12:21 - 00958036 _____ (Oleg N. Scherbakov) C:\Users\Amy\Desktop\JRT.exe2013-08-09 11:25 - 2013-08-09 11:25 - 00211924 _____ C:\Users\Amy\Desktop\Football 1.EPS2013-08-09 09:26 - 2013-08-09 09:26 - 00010138 _____ C:\Users\Amy\Desktop\attach.txt2013-08-09 09:26 - 2013-08-09 09:21 - 00024109 _____ C:\Users\Amy\Desktop\dds.txt2013-08-09 09:23 - 2013-08-09 09:25 - 00000000 ____D C:\Users\Amy\Desktop\New Folder2013-08-09 09:15 - 2013-08-09 09:15 - 00000927 _____ C:\Users\Amy\Desktop\mbam.txt2013-08-09 09:06 - 2013-08-09 09:06 - 00688992 ____R (Swearware) C:\Users\Amy\Desktop\dds.scr2013-08-07 09:33 - 2013-08-07 09:33 - 00000000 ____D C:\Users\Amy\AppData\Local\Windows Live2013-08-06 10:37 - 2013-08-06 10:37 - 00000000 ____D C:\Windows\SysWOW64\syncdb2013-08-06 09:59 - 2013-08-06 09:59 - 00001924 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk2013-08-06 09:56 - 2013-08-06 09:56 - 00000000 ____D C:\Users\Amy\AppData\Roaming\1O1L1I1PtF1F1C1N2013-08-06 09:55 - 2013-08-06 09:54 - 01037120 _____ (Solid State Networks) C:\Users\Amy\Downloads\AdobeReaderSetup.exe2013-08-06 09:09 - 2013-08-06 09:09 - 00274504 _____ C:\Windows\Minidump\Mini080613-01.dmp2013-08-02 10:02 - 2013-08-02 10:02 - 00000000 ____D C:\Users\Amy\Documents\Add-in Express2013-07-31 11:55 - 2013-08-09 09:20 - 00000000 ____D C:\Users\Amy\Desktop\amy2013-07-30 11:01 - 2013-07-30 11:05 - 00000000 ____D C:\Windows\system32\MRT2013-07-30 03:02 - 2013-07-30 03:02 - 00000000 ____D C:\74bf217706d79f526b8726bf6b2013-07-22 12:37 - 2013-07-22 12:37 - 02818886 _____ C:\Users\Amy\Downloads\tyshayouth rev.eps==================== One Month Modified Files and Folders =======2013-08-12 09:30 - 2013-08-12 09:30 - 01575246 _____ (Farbar) C:\Users\Amy\Desktop\FRST64.exe2013-08-12 09:30 - 2006-11-02 10:22 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A02013-08-12 09:30 - 2006-11-02 10:22 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A02013-08-12 09:27 - 2012-01-05 15:53 - 00000000 ____D C:\Users\Amy\AppData\Roaming\Clip Art Collection2013-08-12 09:12 - 2012-04-20 09:56 - 00000000 ____D C:\ProgramData\Kodak2013-08-12 09:09 - 2012-04-09 08:50 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job2013-08-12 09:08 - 2013-08-09 12:57 - 00000348 _____ C:\Windows\Tasks\AmiUpdXp.job2013-08-12 08:47 - 2010-02-03 09:22 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2013-08-11 13:47 - 2010-02-03 09:22 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2013-08-09 16:28 - 2009-09-21 14:11 - 00021878 _____ C:\Windows\winltr.ini2013-08-09 16:22 - 2013-08-09 16:22 - 00329216 _____ C:\Users\Amy\Desktop\johnnyduckhunt.fs2013-08-09 16:02 - 2009-09-21 14:10 - 00000000 ____D C:\Fantastic Fonts for Embroidery2013-08-09 16:02 - 2006-11-02 07:46 - 00709582 _____ C:\Windows\system32\PerfStringBackup.INI2013-08-09 15:42 - 2010-02-12 12:14 - 00002655 _____ C:\Users\Amy\Desktop\CorelDRAW 12.lnk2013-08-09 14:26 - 2013-08-09 14:08 - 00664064 _____ C:\Users\Amy\Desktop\bms.fs2013-08-09 13:07 - 2013-08-09 13:07 - 00004954 _____ C:\Users\Amy\Desktop\RKreport[0]_S_08092013_130747.txt2013-08-09 13:07 - 2013-08-09 13:05 - 00000000 ____D C:\Users\Amy\Desktop\RK_Quarantine2013-08-09 13:05 - 2013-08-09 13:05 - 00920576 _____ C:\Users\Amy\Desktop\RogueKiller.exe2013-08-09 12:57 - 2013-08-09 12:57 - 00003364 _____ C:\Windows\System32\Tasks\AmiUpdXp2013-08-09 12:57 - 2013-08-09 12:57 - 00000000 ____D C:\Users\Amy\AppData\Local\SwvUpdater2013-08-09 12:43 - 2009-07-06 10:42 - 01987637 _____ C:\Windows\WindowsUpdate.log2013-08-09 12:38 - 2006-11-02 10:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT2013-08-09 12:37 - 2008-01-20 22:26 - 00451008 _____ C:\Windows\PFRO.log2013-08-09 12:35 - 2013-08-09 12:35 - 00002509 _____ C:\AdwCleaner[s1].txt2013-08-09 12:35 - 2006-11-02 10:42 - 00032580 _____ C:\Windows\Tasks\SCHEDLGU.TXT2013-08-09 12:34 - 2013-08-09 12:34 - 00017910 _____ C:\Users\Amy\Desktop\Wildcat11.dst2013-08-09 12:32 - 2013-08-09 12:32 - 00004700 _____ C:\Users\Amy\Desktop\JRT.txt2013-08-09 12:25 - 2013-08-09 12:25 - 01066136 _____ C:\Users\Amy\Desktop\Setup.exe2013-08-09 12:23 - 2013-08-09 12:23 - 00666633 _____ C:\Users\Amy\Desktop\AdwCleaner.exe2013-08-09 12:22 - 2013-08-09 12:22 - 00000000 ____D C:\Windows\ERUNT2013-08-09 12:21 - 2013-08-09 12:21 - 00958036 _____ (Oleg N. Scherbakov) C:\Users\Amy\Desktop\JRT.exe2013-08-09 12:08 - 2009-09-25 15:25 - 00000000 ____D C:\Users\Amy\Documents\Flexi art2013-08-09 11:25 - 2013-08-09 11:25 - 00211924 _____ C:\Users\Amy\Desktop\Football 1.EPS2013-08-09 09:26 - 2013-08-09 09:26 - 00010138 _____ C:\Users\Amy\Desktop\attach.txt2013-08-09 09:25 - 2013-08-09 09:23 - 00000000 ____D C:\Users\Amy\Desktop\New Folder2013-08-09 09:21 - 2013-08-09 09:26 - 00024109 _____ C:\Users\Amy\Desktop\dds.txt2013-08-09 09:20 - 2013-07-31 11:55 - 00000000 ____D C:\Users\Amy\Desktop\amy2013-08-09 09:15 - 2013-08-09 09:15 - 00000927 _____ C:\Users\Amy\Desktop\mbam.txt2013-08-09 09:06 - 2013-08-09 09:06 - 00688992 ____R (Swearware) C:\Users\Amy\Desktop\dds.scr2013-08-08 09:06 - 2012-07-11 08:42 - 00000950 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2013-08-08 09:06 - 2012-07-11 08:42 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware2013-08-08 09:01 - 2011-07-28 11:15 - 00000000 ____D C:\Users\Amy\AppData\Local\Meebo2013-08-08 08:52 - 2009-12-11 09:34 - 00000000 ____D C:\Windows\Minidump2013-08-08 08:52 - 2009-12-11 09:33 - 781185219 _____ C:\Windows\MEMORY.DMP2013-08-07 15:38 - 2006-11-02 10:27 - 00172142 _____ C:\Windows\setupact.log2013-08-07 15:07 - 2012-03-22 12:44 - 00000000 ____D C:\Users\Amy\AppData\Roaming\Audacity2013-08-07 15:07 - 2011-11-09 19:23 - 00000000 ____D C:\Users\Amy\AppData\Local\Akamai2013-08-07 15:07 - 2011-09-26 10:39 - 00000000 ____D C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Shop to Win 122013-08-07 15:07 - 2011-06-15 09:56 - 00000000 ____D C:\Users\Amy\AppData\Roaming\Skype2013-08-07 15:07 - 2009-09-21 09:25 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy2013-08-07 15:07 - 2009-09-16 12:00 - 00000000 ____D C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Power2Go2013-08-07 15:07 - 2009-04-10 00:45 - 00000000 ____D C:\Program Files (x86)\Windows Live SkyDrive2013-08-07 15:07 - 2009-04-10 00:45 - 00000000 ____D C:\Program Files (x86)\Windows Live2013-08-07 15:07 - 2006-11-02 08:34 - 00000000 ____D C:\Windows\system32\spool2013-08-07 15:07 - 2006-11-02 08:34 - 00000000 ____D C:\Windows\system32\Msdtc2013-08-07 15:07 - 2006-11-02 08:33 - 00000000 ____D C:\Windows\rescache2013-08-07 15:07 - 2006-11-02 08:33 - 00000000 ____D C:\Windows\registration2013-08-07 15:07 - 2006-11-02 07:33 - 77594624 _____ C:\Windows\system32\config\software_previous2013-08-07 15:07 - 2006-11-02 07:33 - 37748736 _____ C:\Windows\system32\config\system_previous2013-08-07 15:06 - 2012-04-20 10:01 - 00000000 ____D C:\Windows\SysWOW64\kodak2013-08-07 15:05 - 2009-07-06 11:03 - 00000000 ____D C:\ProgramData\CyberLink2013-08-07 15:03 - 2011-09-26 10:40 - 00000000 ____D C:\Program Files (x86)\GIMP-2.02013-08-07 15:02 - 2009-07-06 11:02 - 00000000 ____D C:\Program Files (x86)\Cyberlink2013-08-07 14:53 - 2006-11-02 07:33 - 54525952 _____ C:\Windows\system32\config\components_previous2013-08-07 14:53 - 2006-11-02 07:33 - 00057344 _____ C:\Windows\system32\config\sam_previous2013-08-07 12:34 - 2009-09-16 12:03 - 00376680 _____ C:\Users\Amy\AppData\Local\GDIPFONTCACHEV1.DAT2013-08-07 12:19 - 2012-07-10 16:11 - 00000000 ____D C:\Windows\18F97AF04F884494AFE25A5702E142CC.TMP2013-08-07 12:11 - 2013-05-15 11:18 - 00376680 _____ C:\Windows\system32\GDIPFONTCACHEV1.DAT2013-08-07 12:09 - 2009-09-16 12:00 - 00000000 ____D C:\Users\Amy2013-08-07 11:49 - 2006-11-02 07:33 - 00786432 _____ C:\Windows\system32\config\default_previous2013-08-07 11:49 - 2006-11-02 07:33 - 00020480 _____ C:\Windows\system32\config\security_previous2013-08-07 10:38 - 2009-04-10 00:23 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information2013-08-07 10:33 - 2012-04-20 10:03 - 00000000 ____D C:\Users\Amy\AppData\Local\Eastman_Kodak_Company2013-08-07 10:32 - 2012-04-20 09:58 - 00000000 ____D C:\Program Files (x86)\Kodak2013-08-07 09:35 - 2006-11-02 08:33 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared2013-08-07 09:34 - 2009-04-10 00:47 - 00063470 _____ C:\Windows\DirectX.log2013-08-07 09:33 - 2013-08-07 09:33 - 00000000 ____D C:\Users\Amy\AppData\Local\Windows Live2013-08-07 09:01 - 2006-11-02 10:21 - 01069544 _____ C:\Windows\system32\FNTCACHE.DAT2013-08-06 10:43 - 2009-04-10 00:49 - 00000000 ____D C:\ProgramData\Adobe2013-08-06 10:43 - 2009-04-10 00:49 - 00000000 ____D C:\Program Files (x86)\Adobe2013-08-06 10:37 - 2013-08-06 10:37 - 00000000 ____D C:\Windows\SysWOW64\syncdb2013-08-06 10:14 - 2009-09-28 10:00 - 00000000 ____D C:\Program Files (x86)\Corel2013-08-06 10:03 - 2011-06-15 09:56 - 00000000 ____D C:\ProgramData\Skype2013-08-06 10:02 - 2009-09-21 13:35 - 00000000 ____D C:\Users\Amy\AppData\Local\Adobe2013-08-06 09:59 - 2013-08-06 09:59 - 00001924 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk2013-08-06 09:56 - 2013-08-06 09:56 - 00000000 ____D C:\Users\Amy\AppData\Roaming\1O1L1I1PtF1F1C1N2013-08-06 09:54 - 2013-08-06 09:55 - 01037120 _____ (Solid State Networks) C:\Users\Amy\Downloads\AdobeReaderSetup.exe2013-08-06 09:09 - 2013-08-06 09:09 - 00274504 _____ C:\Windows\Minidump\Mini080613-01.dmp2013-08-02 10:02 - 2013-08-02 10:02 - 00000000 ____D C:\Users\Amy\Documents\Add-in Express2013-08-02 10:02 - 2010-05-25 10:16 - 00000000 ____D C:\ProgramData\WinZip2013-07-31 11:29 - 2009-09-17 15:33 - 00000000 ____D C:\Program Files (x86)\Yahoo!2013-07-30 11:05 - 2013-07-30 11:01 - 00000000 ____D C:\Windows\system32\MRT2013-07-30 03:02 - 2013-07-30 03:02 - 00000000 ____D C:\74bf217706d79f526b8726bf6b2013-07-26 10:34 - 2009-09-16 12:00 - 00000000 ____D C:\Program Files (x86)\Google2013-07-24 11:02 - 2009-09-17 13:46 - 00000000 ____D C:\Users\Amy\AppData\Local\Google2013-07-22 12:37 - 2013-07-22 12:37 - 02818886 _____ C:\Users\Amy\Downloads\tyshayouth rev.eps2013-07-17 11:05 - 2009-09-28 10:04 - 00002984 ___SH C:\Windows\SysWOW64\KGyGaAvL.sys2013-07-17 11:05 - 2009-09-28 10:04 - 00000088 __RSH C:\Windows\SysWOW64\8901C0D7E9.sys2013-07-15 13:42 - 2010-02-03 09:22 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA2013-07-15 13:42 - 2010-02-03 09:22 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore==================== Bamital & volsnap Check =================C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\SysWOW64\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legitC:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows DefenderLastRegBack: 2013-08-12 01:28==================== End Of Log ============================Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-08-2013 02Ran by Amy at 2013-08-12 09:35:00Running from C:\Users\Amy\DesktopBoot Mode: Normal============================================================================== Installed Programs =======================Update for Microsoft Office 2007 (KB2508958) (x32)Acrobat.com (x32 Version: 0.0.0)Acrobat.com (x32 Version: 1.1.377)Adobe AIR (x32 Version: 2.5.1.17730)Adobe Community Help (x32 Version: 3.2.1)Adobe Community Help (x32 Version: 3.2.1.650)Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224)Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224)Adobe Reader Free Download Packages (HKCU)Adobe Reader XI (11.0.03) (x32 Version: 11.0.03)aioscnnr (x32 Version: 7.3.4.0)Akamai NetSession Interface (HKCU)Akamai NetSession Interface Service (x32)Apple Application Support (x32 Version: 1.2.1)Apple Software Update (x32 Version: 2.1.1.116)ATI Catalyst Install Manager (Version: 3.0.704.0)ATT Management Agent (x32 Version: 8.2.1.6)Bing Bar (x32 Version: 7.0.822.0)C4USelfUpdater (x32 Version: 1.00.0000)Canon MF Toolbox 4.9.1.1.mf12 (x32 Version: 4.9.1.1.mf12)Canon MF4500w Series (Version: 3.9.0.0)Catalyst Control Center - Branding (x32 Version: 1.00.0000)Catalyst Control Center Core Implementation (x32 Version: 2008.1210.1623.29379)Catalyst Control Center Graphics Full Existing (x32 Version: 2008.1210.1623.29379)Catalyst Control Center Graphics Full New (x32 Version: 2008.1210.1623.29379)Catalyst Control Center Graphics Light (x32 Version: 2008.1210.1623.29379)Catalyst Control Center Graphics Previews Vista (x32 Version: 2008.1210.1623.29379)Catalyst Control Center InstallProxy (x32 Version: 2008.1210.1623.29379)Catalyst Control Center Localization Danish (x32 Version: 2008.1210.1623.29379)Catalyst Control Center Localization Dutch (x32 Version: 2008.1210.1623.29379)Catalyst Control Center Localization Finnish (x32 Version: 2008.1210.1623.29379)Catalyst Control Center Localization French (x32 Version: 2008.1210.1623.29379)Catalyst Control Center Localization German (x32 Version: 2008.1210.1623.29379)Catalyst Control Center Localization Italian (x32 Version: 2008.1210.1623.29379)Catalyst Control Center Localization Japanese (x32 Version: 2008.1210.1623.29379)Catalyst Control Center Localization Norwegian (x32 Version: 2008.1210.1623.29379)Catalyst Control Center Localization Spanish (x32 Version: 2008.1210.1623.29379)Catalyst Control Center Localization Swedish (x32 Version: 2008.1210.1623.29379)CCC Help Danish (x32 Version: 2008.1210.1622.29379)CCC Help Dutch (x32 Version: 2008.1210.1622.29379)CCC Help English (x32 Version: 2008.1210.1622.29379)CCC Help Finnish (x32 Version: 2008.1210.1622.29379)CCC Help French (x32 Version: 2008.1210.1622.29379)CCC Help German (x32 Version: 2008.1210.1622.29379)CCC Help Italian (x32 Version: 2008.1210.1622.29379)CCC Help Japanese (x32 Version: 2008.1210.1622.29379)CCC Help Norwegian (x32 Version: 2008.1210.1622.29379)CCC Help Spanish (x32 Version: 2008.1210.1622.29379)CCC Help Swedish (x32 Version: 2008.1210.1622.29379)ccc-core-static (x32 Version: 2008.1210.1623.29379)ccc-utility64 (Version: 2008.1210.1623.29379)center (x32 Version: 6.2.5.0)Clip Art Collection (x32 Version: 1.0.0.0)Compatibility Pack for the 2007 Office system (x32 Version: 12.0.6612.1000)CorelDRAW Graphics Suite 12 (x32 Version: 12.0.0.458)CyberLink Power2Go (x32 Version: 6.0.2705)Embroidery Fonts Plus (x32 Version: 2.0.0000)essentials (x32 Version: 6.0.14.0)EZ Fonts (x32 Version: 1.0.0)EZgram Home Edition (x32)Fantastic Fonts for Embroidery (x32)File Type Assistant (x32)FlexiSIGN 7.5v5 (x32)Gateway Games (x32 Version: 1.0.0.52)Gateway Photo Frame 4.2.3.6 (x32 Version: 4.2.3.6)Gateway Recovery Management (x32 Version: 4.00.3008)Gateway ScreenSaver (x32 Version: 1.0.0.413)GIMP 2.6.11 (x32 Version: 2.6.11)Google Toolbar for Internet Explorer (x32 Version: 1.0.0)Google Toolbar for Internet Explorer (x32 Version: 7.5.4209.2358)Google Update Helper (x32 Version: 1.3.21.153)HASP Device Drivers (x32)Java Auto Updater (x32 Version: 2.0.7.1)Java 6 Update 31 (x32 Version: 6.0.310)Java 6 Update 5 (x32 Version: 1.6.0.50)Junk Mail filter update (x32 Version: 14.0.8089.726)KB0817 Keyboard Driver (x32 Version: 1.30.0000)Kodak AIO Printer (Version: 7.4.0.0)KODAK AiO Software (x32 Version: 7.4.5.40)Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)Marvell Miniport Driver (x32 Version: 10.67.3.3)McAfee SecurityCenter (x32 Version: 11.6.511)McAfee Virtual Technician (x32 Version: 7.1.0.2483)Microsoft .NET Framework 3.5 SP1Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)Microsoft Application Error Reporting (Version: 12.0.6015.5000)Microsoft Choice Guard (x32 Version: 2.0.48.0)Microsoft Money Essentials (x32 Version: 16)Microsoft Money Shared Libraries (x32 Version: 16.0.0.705)Microsoft Office 2007 Service Pack 3 (SP3) (x32)Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000)Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000)Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000)Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000)Microsoft Office PowerPoint Viewer 2007 (English) (x32 Version: 12.0.6612.1000)Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000)Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014)Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000)Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000)Microsoft Office Suite Activation Assistant (x32 Version: 2.9)Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000)Microsoft Silverlight (x32 Version: 5.1.20513.0)Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.50727.42)Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)Microsoft Works (x32 Version: 9.7.0621)Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053)Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053)Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053)Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000)Mozilla Firefox 22.0 (x86 en-US) (x32 Version: 22.0)Mozilla Maintenance Service (x32 Version: 22.0)MSVCRT (x32 Version: 14.0.1468.721)MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)NVIDIA Driversocr (x32 Version: 6.2.3.50)PL-2303 USB-to-Serial (x32 Version: 1.00.000)PreReq (x32 Version: 6.2.3.0)QuickTime (x32 Version: 7.66.71.0)re Systems PCI-SV92PP Soft ModemRealtek High Definition Audio Driver (x32 Version: 6.0.1.5821)SAi Production Suite (x32 Version: 1.00.0000)Scrapbook Factory (x32 Version: 2.00.0004)Sentinel Protection Installer 7.5.0 (x32 Version: 7.5.0)Shared C Run-time for x64 (Version: 10.0.0)Skins (x32 Version: 2008.1210.1623.29379)Smart Sizer Platinum (HKCU Version: 3.2.6.4)Smart Sizer Platinum (x32 Version: 3.2.6.4)Software Version Updater (x32 Version: 1.1.3.8)Spybot - Search & Destroy (x32 Version: 1.6.2)SpyHunter (Version: 4.9.11.3987)Update for 2007 Microsoft Office System (KB967642) (x32)Update for Microsoft .NET Framework 3.5 SP1 (KB2836940) (x32 Version: 1)Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (x32 Version: 1)Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)Update for Microsoft Office 2007 Help for Common Features (KB963673) (x32)Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (x32)Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (x32)Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32)Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)Update for Microsoft Office Excel 2007 Help (KB963678) (x32)Update for Microsoft Office OneNote 2007 Help (KB963670) (x32)Update for Microsoft Office Powerpoint 2007 Help (KB963669) (x32)Update for Microsoft Office Script Editor Help (KB963671) (x32)Update for Microsoft Office Word 2007 Help (KB963665) (x32)Update Manager (x32 Version: 4.60)Visual C++ 8.0 Runtime Setup Package (x64) (x32 Version: 9.0.0.623)WD SmartWare (Version: 1.1.1.6)WebEx (x32)Wilcom TrueSizer (x32 Version: 12.0.0004)Windows Driver Package - YUAN TV DRIVER (cxpl_mhd) Media (03/21/2009 6.0.64.0057) (Version: 03/21/2009 6.0.64.0057)Windows Live Call (x32 Version: 14.0.8064.0206)Windows Live Communications Platform (x32 Version: 14.0.8064.206)Windows Live Essentials (x32 Version: 14.0.8089.0726)Windows Live Essentials (x32 Version: 14.0.8089.726)Windows Live Mail (x32 Version: 14.0.8089.0726)Windows Live Messenger (x32 Version: 14.0.8089.0726)Windows Live Photo Gallery (x32 Version: 14.0.8081.709)Windows Live Sign-in Assistant (x32 Version: 5.000.818.6)Windows Live Sync (x32 Version: 14.0.8089.726)Windows Live Upload Tool (x32 Version: 14.0.8014.1029)Windows Live Writer (x32 Version: 14.0.8089.0726)Yahoo! BrowserPlus 2.9.8 (HKCU)Yahoo! Software Update (x32)Yahoo! Toolbar (x32)==================== Restore Points =========================31-05-2013 17:39:40 Scheduled Checkpoint04-06-2013 08:59:26 Scheduled Checkpoint05-06-2013 22:09:54 Scheduled Checkpoint07-06-2013 17:45:30 Scheduled Checkpoint10-06-2013 17:26:04 Scheduled Checkpoint12-06-2013 20:45:29 Scheduled Checkpoint13-06-2013 08:01:23 Windows Update14-06-2013 17:41:27 Scheduled Checkpoint17-06-2013 20:28:29 Scheduled Checkpoint19-06-2013 20:21:57 Scheduled Checkpoint20-06-2013 21:57:17 Scheduled Checkpoint21-06-2013 21:43:38 Scheduled Checkpoint22-06-2013 08:01:26 Windows Update24-06-2013 14:15:02 Windows Update25-06-2013 08:00:29 Windows Update26-06-2013 22:02:08 Scheduled Checkpoint03-07-2013 16:44:04 Scheduled Checkpoint08-07-2013 16:10:48 Scheduled Checkpoint09-07-2013 20:22:48 Scheduled Checkpoint10-07-2013 13:43:14 Scheduled Checkpoint11-07-2013 13:51:28 Scheduled Checkpoint12-07-2013 08:01:33 Windows Update15-07-2013 19:49:18 Scheduled Checkpoint16-07-2013 13:42:55 Scheduled Checkpoint17-07-2013 22:01:56 Scheduled Checkpoint18-07-2013 21:18:58 Scheduled Checkpoint19-07-2013 19:39:39 Scheduled Checkpoint22-07-2013 21:30:24 Scheduled Checkpoint24-07-2013 20:52:39 Scheduled Checkpoint25-07-2013 17:17:26 Scheduled Checkpoint29-07-2013 20:15:21 Scheduled Checkpoint30-07-2013 08:00:54 Windows Update30-07-2013 15:47:45 Windows Update31-07-2013 16:29:54 Removed SpyHunter01-08-2013 20:37:41 Scheduled Checkpoint02-08-2013 15:00:29 Removed WinZip 17.505-08-2013 20:53:58 Scheduled Checkpoint06-08-2013 14:18:24 Windows Backup06-08-2013 15:02:02 Removed Skype™ 5.1006-08-2013 15:06:10 Removed Skype Toolbars06-08-2013 15:11:27 Removed CorelDRAW Graphics Suite X306-08-2013 15:19:46 Removed Adobe Photoshop Elements 9.07-08-2013 14:28:50 Windows Update07-08-2013 15:34:24 Configured Power2Go07-08-2013 17:17:15 Removed SpyHunter08-08-2013 13:56:11 Removed SpyHunter09-08-2013 22:19:19 Scheduled Checkpoint11-08-2013 05:00:03 Scheduled Checkpoint12-08-2013 00:00:06 Windows Backup==================== Hosts content: ==========================2006-11-02 07:34 - 2012-07-12 12:48 - 00000027 ____N C:\Windows\system32\Drivers\etc\hosts127.0.0.1 localhost==================== Scheduled Tasks (whitelisted) =============Task: {0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} - System32\Tasks\Microsoft\Windows\MobilePC\TMMTask: {192DDA2D-5815-47B8-983F-65744FEEC03A} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPagesTask: {254095AE-FB97-48EA-94A5-D8BF2AB79714} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)Task: {39771AF2-351D-45E1-8B56-9A6BCF6D9586} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2008-07-30] (Apple Inc.)Task: {4A8468AF-E05E-4FCE-9073-87AF93DD1791} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-02-03] (Google Inc.)Task: {77DFEF52-C0ED-4B0E-AA70-6FAA3D9A6D8B} - System32\Tasks\Acer\Burn Notification => C:\Program Files\Gateway\Gateway Recovery Management\NotificationCenter\Notification.exe [2009-04-20] (Acer)Task: {7C638E5B-ECE5-4424-A7E5-2C913CA682E9} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UITask: {829383F5-9360-41DD-B194-52F5D2F310BE} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\system32\rundll32.exe [2006-11-02] (Microsoft Corporation)Task: {8540A123-EA65-4272-9A21-F9E2CE6449F2} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\schtasks.exe [2008-01-20] (Microsoft Corporation)Task: {873FDFBB-D3EF-492D-8AC0-9A5A7F3B3582} - System32\Tasks\Microsoft\Windows\WindowsBackup\CheckFull => C:\Windows\System32\sdclt.exe [2010-12-14] (Microsoft Corporation)Task: {8F5110A8-B304-42E7-8C4E-7E32B5B99B8E} - System32\Tasks\ProgramUpdateCheck => C:\Program Files (x86)\File Type Assistant\TSAssist.exe [2012-02-28] (Trusted Software ApS)Task: {A11D9B14-135D-413F-A40F-C2DA520E449D} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Amy => C:\Program Files\Windows Calendar\WinCal.exe [2008-01-20] (Microsoft Corporation)Task: {A9683382-0125-42BE-A29E-E39819CD3AF7} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\OptinNotification => C:\Windows\System32\wsqmcons.exe [2008-01-20] (Microsoft Corporation)Task: {B2471C96-6082-4AFB-A4D3-24B8AE499EF1} - System32\Tasks\{403568FF-F792-4EF3-BE96-61C384524891} => C:\Program Files (x86)\Skype\\Phone\Skype.exe No FileTask: {BB87A277-8333-4F80-89BE-CE6813F18410} - System32\Tasks\AmiUpdXp => C:\Users\Amy\AppData\Local\SwvUpdater\Updater.exe [2013-08-09] (Amonetize ltd.)Task: {C77E7BE4-FEAE-4AA4-A6A9-FD67AE703E03} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-11] (Adobe Systems Incorporated)Task: {D11B4B08-A2F5-4573-9B06-1B586821335C} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe [2012-06-02] (Enigma Software Group USA, LLC.)Task: {DFB08081-4C2B-457F-BA47-B236CD2CF97A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-02-03] (Google Inc.)Task: {E5014A45-9172-4A85-BEB2-4F4BDD6BF13E} - System32\Tasks\MHotkey => C:\Windows\MHotKey.exe [2008-05-30] ()Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()Task: {EE2517D5-479F-41D8-AAB0-6499BB6E775F} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\System32\sdclt.exe [2010-12-14] (Microsoft Corporation)Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\Windows\Tasks\AmiUpdXp.job => C:\Users\Amy\AppData\Local\SwvUpdater\Updater.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe==================== Faulty Device Manager Devices =============Name: Microsoft Tun Miniport Adapter #2Description: Microsoft Tun Miniport AdapterClass Guid: {4d36e972-e325-11ce-bfc1-08002be10318}Manufacturer: MicrosoftService: tunmpProblem: : This device cannot start. (Code10)Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.Name: Microsoft PS/2 MouseDescription: Microsoft PS/2 MouseClass Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}Manufacturer: MicrosoftService: i8042prtProblem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.Devices stay in this state if they have been prepared for removal.After you remove the device, this error disappears.Remove the device, and this error should be resolved.==================== Event log errors: =========================Application errors:==================Error: (08/12/2013 01:01:43 AM) (Source: Windows Search Service) (User: )Description: The entry <C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\MCAFEE\MCAFEE SECURITYCENTER.LNK> in the hash map cannot be updated.Context: Application, SystemIndex CatalogDetails:A device attached to the system is not functioning. (0x8007001f)Error: (08/12/2013 01:01:43 AM) (Source: Windows Search Service) (User: )Description: The entry <C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\MCAFEE\MCAFEE SECURITYCENTER.LNK> in the hash map cannot be updated.Context: Application, SystemIndex CatalogDetails:A device attached to the system is not functioning. (0x8007001f)Error: (08/09/2013 04:32:21 PM) (Source: Application Hang) (User: )Description: The program App.exe version 8.0.0.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.Process ID: 13bcStart Time: 01ce952ce5d42cd6Termination Time: 31Error: (08/09/2013 00:38:44 PM) (Source: SideBySide) (User: )Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.Please use sxstrace.exe for detailed diagnosis.Error: (08/09/2013 00:38:44 PM) (Source: SideBySide) (User: )Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.Please use sxstrace.exe for detailed diagnosis.Error: (08/09/2013 00:38:43 PM) (Source: SideBySide) (User: )Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.Please use sxstrace.exe for detailed diagnosis.Error: (08/09/2013 00:38:43 PM) (Source: SideBySide) (User: )Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.Please use sxstrace.exe for detailed diagnosis.Error: (08/09/2013 00:38:43 PM) (Source: SideBySide) (User: )Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.Please use sxstrace.exe for detailed diagnosis.Error: (08/09/2013 00:38:43 PM) (Source: SideBySide) (User: )Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.Please use sxstrace.exe for detailed diagnosis.Error: (08/09/2013 00:38:43 PM) (Source: SideBySide) (User: )Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.Please use sxstrace.exe for detailed diagnosis.System errors:=============Error: (08/09/2013 04:05:45 PM) (Source: Print) (User: Top-Brass)Description: The document terri, owned by Amy, failed to print on printer HP LaserJet 5Si. Try to print the document again, or restart the print spooler.Data type: NT EMF 1.008. Size of the spool file in bytes: 81004. Number of bytes printed: 0. Total number of pages in the document: 1. Number of pages printed: 0. Client computer: \\TOP-BRASS. Win32 error code returned by the print processor: terri0. terri1Error: (08/09/2013 00:38:47 PM) (Source: Service Control Manager) (User: )Description: BeepError: (08/09/2013 00:38:41 PM) (Source: Service Control Manager) (User: )Description: Par1284%%1275Error: (08/09/2013 00:38:41 PM) (Source: Service Control Manager) (User: )Description: wntpport%%2Error: (08/09/2013 00:38:41 PM) (Source: Service Control Manager) (User: )Description: Haspnt%%1275Error: (08/09/2013 00:38:41 PM) (Source: Service Control Manager) (User: )Description: Windows Firewall5 (0x5)Error: (08/09/2013 00:38:33 PM) (Source: Application Popup) (User: )Description: \??\C:\Program Files (x86)\FlexiSIGN 7.5v5\Program\Par1284.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.Error: (08/09/2013 00:38:24 PM) (Source: Application Popup) (User: )Description: \??\C:\Windows\SysWow64\drivers\Haspnt.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.Error: (08/09/2013 00:35:36 PM) (Source: DCOM) (User: )Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}Microsoft Office Sessions:=========================CodeIntegrity Errors:===================================Date: 2013-08-09 12:38:33.229Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\FlexiSIGN 7.5v5\Program\Par1284.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.Date: 2013-08-09 12:38:32.870Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\FlexiSIGN 7.5v5\Program\Par1284.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.Date: 2013-08-08 12:04:33.029Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\drivers\SYDEXFDD.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.Date: 2013-08-08 12:04:32.764Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\drivers\SYDEXFDD.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.Date: 2013-08-08 09:38:08.417Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\FlexiSIGN 7.5v5\Program\Par1284.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.Date: 2013-08-08 09:38:08.105Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\FlexiSIGN 7.5v5\Program\Par1284.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.Date: 2013-08-08 08:53:05.001Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\FlexiSIGN 7.5v5\Program\Par1284.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.Date: 2013-08-08 08:53:04.657Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\FlexiSIGN 7.5v5\Program\Par1284.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.Date: 2013-08-07 12:38:56.996Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\drivers\SYDEXFDD.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.Date: 2013-08-07 12:38:56.721Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\drivers\SYDEXFDD.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.==================== Memory info ===========================Percentage of memory in use: 33%Total physical RAM: 7934.26 MBAvailable physical RAM: 5310.97 MBTotal Pagefile: 16057.04 MBAvailable Pagefile: 11715.3 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.84 MB==================== Drives ================================Drive c: (OS) (Fixed) (Total:916.86 GB) (Free:721.59 GB) NTFS (Disk=0 Partition=2) ==>[Drive with boot components (obtained from BCD)]Drive d: (040722_1136) (CDROM) (Total:0.57 GB) (Free:0 GB) CDFSDrive k: (WD SmartWare) (CDROM) (Total:0.63 GB) (Free:0 GB) UDFDrive l: (My Passport) (Fixed) (Total:232.23 GB) (Free:223.72 GB) NTFS (Disk=6 Partition=1)==================== MBR & Partition Table ==========================================================================Disk: 0 (Size: 932 GB) (Disk ID: 5052995B)Partition 1: (Not Active) - (Size=15 GB) - (Type=27)Partition 2: (Active) - (Size=917 GB) - (Type=07 NTFS)========================================================Disk: 6 (MBR Code: Windows XP) (Size: 232 GB) (Disk ID: 0006B2D9)Partition 1: (Not Active) - (Size=232 GB) - (Type=07 NTFS)==================== End Of Log ============================**side note..i will never understand how you make heads or tails of all that^^^ LOL Link to post Share on other sites More sharing options...
Maniac Posted August 12, 2013 ID:714174 Share Posted August 12, 2013 Open Notepad (Start => All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open Notepad and select Paste). Save it on the flashdrive as fixlist.txt DeleteJunctionsIndirectory: C:\Program Files\Windows Defender CMD: netsh winsock reset NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system Now please enter System Recovery Options then select Command Prompt Run FRST (or FRST64 if you have the 64bit version) and press the Fix button just once and wait. The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply. Reboot Normally. Link to post Share on other sites More sharing options...
dixiechs88 Posted August 13, 2013 Author ID:714487 Share Posted August 13, 2013 how do i get to System Recovery Options? Link to post Share on other sites More sharing options...
Maniac Posted August 13, 2013 ID:714490 Share Posted August 13, 2013 Enter System Recovery Options. To enter System Recovery Options from the Advanced Boot Options:Restart the computer.As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.Use the arrow keys to select the Repair your computer menu item.Select English as the keyboard language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account an click Next.To enter System Recovery Options by using Windows installation disc:Insert the installation disc.Restart your computer.If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.Click Repair your computer.Select English as the keyboard language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account and click Next. Link to post Share on other sites More sharing options...
dixiechs88 Posted August 13, 2013 Author ID:714619 Share Posted August 13, 2013 ok Borislav! i am SOO sorryi have tried to follow your instructions, but i am unclear on what Exactly to type once the command prompt is up. the way i read your instructions was to type FRST64but that did not workcan you please give me a step by step for computer dummies? Link to post Share on other sites More sharing options...
Maniac Posted August 13, 2013 ID:714625 Share Posted August 13, 2013 Do not follow the instructions in this video, but just look how enter System Recovery. Link to post Share on other sites More sharing options...
dixiechs88 Posted August 13, 2013 Author ID:714637 Share Posted August 13, 2013 Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-08-2013 01Ran by SYSTEM on 13-08-2013 16:00:59Running from E:\Windows Vista Home Premium Service Pack 1 (X64) OS Language: English(US)Internet Explorer Version 9Boot Mode: RecoveryThe current controlset is ControlSet001ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.==================== Registry (Whitelisted) ==================HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7574048 2009-03-30] (Realtek Semiconductor)HKLM\...\Run: [skytel] - C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-03-30] (Realtek Semiconductor Corp.)HKLM\...\Run: [DLCCCATS] - C:\Windows\system32\spool\DRIVERS\x64\3\DLCCtime.dll [28672 2006-02-24] ()HKLM\...\Run: [EKAIO2StatusMonitor] - C:\Windows\system32\spool\DRIVERS\x64\3\EKAiO2MUI.exe [3240448 2012-03-16] (Eastman Kodak Company)HKLM\...\Run: [MFNetworkScanUtility] - C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT6.EXE [508312 2009-12-14] (CANON INC.)HKLM-x32\...\Run: [startCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-08-29] (Advanced Micro Devices, Inc.)HKLM-x32\...\Run: [Gateway Photo Frame] - C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe [123904 2009-05-05] (IOI)HKLM-x32\...\Run: [LchDrvKey] - LchDrvKey.exe [x]HKLM-x32\...\Run: [LedKey] - CNYHKey.exe [x]HKLM-x32\...\Run: [CLMLServer] - C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe [103720 2008-12-24] (CyberLink)HKLM-x32\...\Run: [iSUSScheduler] - C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-02-16] (InstallShield Software Corporation)HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2010-03-17] (Apple Inc.)HKLM-x32\...\Run: [mcui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [1532992 2013-03-13] (McAfee, Inc.)HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.)HKLM-x32\...\Run: [Conime] - C:\Windows\SysWOW64\conime.exe [69120 2009-04-10] (Microsoft Corporation)HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)HKU\Amy\...\Run: [spybotSD TeaTimer] - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)HKU\Amy\...\Run: [iSUSPM Startup] - C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [221184 2005-02-16] (InstallShield Software Corporation)HKU\Amy\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)HKU\Amy\...\Run: [Akamai NetSession Interface] - C:\Users\Amy\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-04] (Akamai Technologies, Inc.)HKU\Default\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [2438656 2009-04-10] (Microsoft Corporation)HKU\Default\...\RunOnce: [scrSav] - C:\Windows\Screensavers\Gateway\run_Gateway.exe [155648 2009-04-03] ()HKU\Default User\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [2438656 2009-04-10] (Microsoft Corporation)HKU\Default User\...\RunOnce: [scrSav] - C:\Windows\Screensavers\Gateway\run_Gateway.exe [155648 2009-04-03] ()SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)==================== Services (Whitelisted) =================S2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-01] (Akamai Technologies, Inc.)S2 ATT MAHostService; C:\Program Files (x86)\ATT\8.2.1.6\ma\bin\MAHostService.exe [319488 2013-03-26] (Alcatel-Lucent)S2 dlcc_device; C:\Windows\system32\dlcccoms.exe [566768 2007-02-14] ( )S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)S2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [120592 2013-05-22] (McAfee, Inc.)S2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)S2 mcmscsvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)S2 McNaiAnn; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)S2 McNASvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [383608 2012-11-16] (McAfee, Inc.)S2 McProxy; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)S2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [241456 2013-02-19] (McAfee, Inc.)S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218760 2013-02-19] (McAfee, Inc.)S2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-02-19] (McAfee, Inc.)S2 pcCMService64; C:\Program Files\Common Files\Motive\pcCMService.exe [460288 2012-11-01] (Alcatel-Lucent)S2 ProtexisLicensing; C:\Program Files (x86)\Common Files\Protexis\License Service\PSIService.exe [174656 2006-11-02] ()S2 SAiAdmin; C:\Windows\SysWOW64\SAiAdmin.exe [65536 2007-08-27] (TODO: <Company name>)S2 SAiDownloader; C:\Program Files (x86)\SAi\SAi Production Suite\Program\SAiDownloaderVistaUI.exe [417792 2007-09-11] (TODO: <Company name>)S2 SAiDownloaderVista; C:\Windows\SysWOW64\SAiDownloaderVista.exe [77824 2007-09-11] (TODO: <Company name>)S2 SAiLicSvr; C:\Windows\SysWOW64\SAiLicSvr.exe [86016 2007-12-19] (SA International)S2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)S2 SentinelKeysServer; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [328992 2008-07-10] (SafeNet, Inc.)S2 yksvc; C:\Windows\System32\ykx64mpcoinst.dll [382464 2009-01-08] (Marvell)==================== Drivers (Whitelisted) ====================S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-02-19] (McAfee, Inc.)S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [13088 2011-03-02] ()S2 Haspnt; C:\Windows\SysWow64\drivers\Haspnt.sys [47616 2009-09-17] (Aladdin Knowledge Systems)S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179280 2013-02-19] (McAfee, Inc.)S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [309840 2013-02-19] (McAfee, Inc.)S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [515968 2013-02-19] (McAfee, Inc.)S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [771536 2013-02-19] (McAfee, Inc.)S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106552 2013-02-19] (McAfee, Inc.)S1 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [340216 2013-02-19] (McAfee, Inc.)S3 MREMP50; C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [21248 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))S3 MREMP50; C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [21248 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))S3 MREMP50a64; C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [43008 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))S3 MRESP50; C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [20096 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))S3 MRESP50; C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [20096 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))S3 MRESP50a64; C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [40960 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))S2 Par1284; C:\Program Files (x86)\FlexiSIGN 7.5v5\Program\Par1284.sys [53344 2004-07-13] (Warp Nine Engineering)S2 Par1284; C:\Program Files (x86)\FlexiSIGN 7.5v5\Program\Par1284.sys [53344 2004-07-13] (Warp Nine Engineering)S3 RTL85n64; C:\Windows\System32\DRIVERS\RTL85n64.sys [444960 2008-05-08] (Realtek)S3 SNTUSB64; C:\Windows\System32\DRIVERS\SNTUSB64.SYS [58664 2008-07-11] (SafeNet, Inc.)S3 SydexFDD; C:\Windows\SysWOW64\Drivers\sydexfdd.sys [13359 2009-08-06] (Windows ® 2000 DDK provider)S3 SydexFDD; C:\Windows\SysWOW64\Drivers\sydexfdd.sys [13359 2009-08-06] (Windows ® 2000 DDK provider)S1 Beep; No ImagePathS3 catchme; \??\C:\ComboFix\catchme.sys [x]S2 Haspnt; \??\C:\Windows\system32\drivers\Haspnt.sys [x]S3 IpInIp; system32\DRIVERS\ipinip.sys [x]S3 mfeavfk01; No ImagePathS3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [x]S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [x]S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]S2 wntpport; No ImagePath==================== NetSvcs (Whitelisted) ======================================= One Month Created Files and Folders ========2013-08-13 07:24 - 2013-08-13 07:24 - 00000643 _____ C:\Users\Amy\Desktop\a.txt2013-08-12 12:38 - 2013-08-12 12:38 - 00666624 _____ C:\Users\Amy\Desktop\pockets.fs2013-08-12 12:38 - 2013-08-12 12:38 - 00078336 _____ C:\Users\Amy\Desktop\nj pocket.fs2013-08-12 12:38 - 2013-08-12 12:38 - 00055296 _____ C:\Users\Amy\Desktop\rocketcrew.fs2013-08-12 12:37 - 2013-08-13 12:08 - 00142848 _____ C:\Users\Amy\Desktop\helm flames.fs2013-08-12 12:02 - 2013-08-12 12:03 - 08210262 _____ C:\Users\Amy\Desktop\3x4.zip2013-08-12 06:35 - 2013-08-12 06:35 - 00037849 _____ C:\Users\Amy\Desktop\FRST.txt2013-08-12 06:35 - 2013-08-12 06:35 - 00029126 _____ C:\Users\Amy\Desktop\Addition.txt2013-08-12 06:30 - 2013-08-12 06:30 - 01575246 _____ (Farbar) C:\Users\Amy\Desktop\FRST64.exe2013-08-09 13:22 - 2013-08-13 12:12 - 00330240 _____ C:\Users\Amy\Desktop\johnnyduckhunt.fs2013-08-09 11:08 - 2013-08-09 11:26 - 00664064 _____ C:\Users\Amy\Desktop\bms.fs2013-08-09 10:07 - 2013-08-09 10:07 - 00004954 _____ C:\Users\Amy\Desktop\RKreport[0]_S_08092013_130747.txt2013-08-09 10:05 - 2013-08-13 07:25 - 00000000 ____D C:\Users\Amy\Desktop\RK_Quarantine2013-08-09 10:05 - 2013-08-09 10:05 - 00920576 _____ C:\Users\Amy\Desktop\RogueKiller.exe2013-08-09 09:57 - 2013-08-13 12:23 - 00000348 _____ C:\Windows\Tasks\AmiUpdXp.job2013-08-09 09:57 - 2013-08-09 09:57 - 00003364 _____ C:\Windows\System32\Tasks\AmiUpdXp2013-08-09 09:57 - 2013-08-09 09:57 - 00000000 ____D C:\Users\Amy\AppData\Local\SwvUpdater2013-08-09 09:35 - 2013-08-09 09:35 - 00002509 _____ C:\AdwCleaner[s1].txt2013-08-09 09:34 - 2013-08-09 09:34 - 00017910 _____ C:\Users\Amy\Desktop\Wildcat11.dst2013-08-09 09:32 - 2013-08-09 09:32 - 00004700 _____ C:\Users\Amy\Desktop\JRT.txt2013-08-09 09:25 - 2013-08-09 09:25 - 01066136 _____ C:\Users\Amy\Desktop\Setup.exe2013-08-09 09:23 - 2013-08-09 09:23 - 00666633 _____ C:\Users\Amy\Desktop\AdwCleaner.exe2013-08-09 09:22 - 2013-08-09 09:22 - 00000000 ____D C:\Windows\ERUNT2013-08-09 09:21 - 2013-08-09 09:21 - 00958036 _____ (Oleg N. Scherbakov) C:\Users\Amy\Desktop\JRT.exe2013-08-09 08:25 - 2013-08-09 08:25 - 00211924 _____ C:\Users\Amy\Desktop\Football 1.EPS2013-08-09 06:26 - 2013-08-09 06:26 - 00010138 _____ C:\Users\Amy\Desktop\attach.txt2013-08-09 06:26 - 2013-08-09 06:21 - 00024109 _____ C:\Users\Amy\Desktop\dds.txt2013-08-09 06:23 - 2013-08-09 06:25 - 00000000 ____D C:\Users\Amy\Desktop\New Folder2013-08-09 06:15 - 2013-08-09 06:15 - 00000927 _____ C:\Users\Amy\Desktop\mbam.txt2013-08-09 06:06 - 2013-08-09 06:06 - 00688992 ____R (Swearware) C:\Users\Amy\Desktop\dds.scr2013-08-07 06:33 - 2013-08-07 06:33 - 00000000 ____D C:\Users\Amy\AppData\Local\Windows Live2013-08-06 07:37 - 2013-08-06 07:37 - 00000000 ____D C:\Windows\SysWOW64\syncdb2013-08-06 06:59 - 2013-08-06 06:59 - 00001924 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk2013-08-06 06:56 - 2013-08-06 06:56 - 00000000 ____D C:\Users\Amy\AppData\Roaming\1O1L1I1PtF1F1C1N2013-08-06 06:55 - 2013-08-06 06:54 - 01037120 _____ (Solid State Networks) C:\Users\Amy\Downloads\AdobeReaderSetup.exe2013-08-06 06:09 - 2013-08-06 06:09 - 00274504 _____ C:\Windows\Minidump\Mini080613-01.dmp2013-08-02 07:02 - 2013-08-02 07:02 - 00000000 ____D C:\Users\Amy\Documents\Add-in Express2013-07-31 08:55 - 2013-08-09 06:20 - 00000000 ____D C:\Users\Amy\Desktop\amy2013-07-30 08:01 - 2013-07-30 08:05 - 00000000 ____D C:\Windows\System32\MRT2013-07-30 00:02 - 2013-07-30 00:02 - 00000000 ____D C:\74bf217706d79f526b8726bf6b2013-07-22 09:37 - 2013-07-22 09:37 - 02818886 _____ C:\Users\Amy\Downloads\tyshayouth rev.eps==================== One Month Modified Files and Folders =======2013-08-13 12:57 - 2009-07-06 07:42 - 02016940 _____ C:\Windows\WindowsUpdate.log2013-08-13 12:57 - 2006-11-02 07:42 - 00032580 _____ C:\Windows\Tasks\SCHEDLGU.TXT2013-08-13 12:57 - 2006-11-02 07:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT2013-08-13 12:57 - 2006-11-02 07:22 - 00003216 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A02013-08-13 12:57 - 2006-11-02 07:22 - 00003216 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A02013-08-13 12:50 - 2006-11-02 04:46 - 00709582 _____ C:\Windows\System32\PerfStringBackup.INI2013-08-13 12:47 - 2010-02-03 06:22 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2013-08-13 12:23 - 2013-08-09 09:57 - 00000348 _____ C:\Windows\Tasks\AmiUpdXp.job2013-08-13 12:23 - 2012-04-20 06:56 - 00000000 ____D C:\ProgramData\Kodak2013-08-13 12:23 - 2010-02-03 06:22 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2013-08-13 12:12 - 2013-08-09 13:22 - 00330240 _____ C:\Users\Amy\Desktop\johnnyduckhunt.fs2013-08-13 12:09 - 2012-04-09 05:50 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job2013-08-13 12:08 - 2013-08-12 12:37 - 00142848 _____ C:\Users\Amy\Desktop\helm flames.fs2013-08-13 11:29 - 2012-01-05 12:53 - 00000000 ____D C:\Users\Amy\AppData\Roaming\Clip Art Collection2013-08-13 08:12 - 2013-08-13 08:12 - 00306158 _____ C:\Users\Amy\Desktop\alcorn.eps2013-08-13 07:25 - 2013-08-09 10:05 - 00000000 ____D C:\Users\Amy\Desktop\RK_Quarantine2013-08-13 07:24 - 2013-08-13 07:24 - 00000643 _____ C:\Users\Amy\Desktop\a.txt2013-08-12 12:38 - 2013-08-12 12:38 - 00666624 _____ C:\Users\Amy\Desktop\pockets.fs2013-08-12 12:38 - 2013-08-12 12:38 - 00078336 _____ C:\Users\Amy\Desktop\nj pocket.fs2013-08-12 12:38 - 2013-08-12 12:38 - 00055296 _____ C:\Users\Amy\Desktop\rocketcrew.fs2013-08-12 12:03 - 2013-08-12 12:02 - 08210262 _____ C:\Users\Amy\Desktop\3x4.zip2013-08-12 06:35 - 2013-08-12 06:35 - 00037849 _____ C:\Users\Amy\Desktop\FRST.txt2013-08-12 06:35 - 2013-08-12 06:35 - 00029126 _____ C:\Users\Amy\Desktop\Addition.txt2013-08-12 06:30 - 2013-08-12 06:30 - 01575246 _____ (Farbar) C:\Users\Amy\Desktop\FRST64.exe2013-08-09 13:28 - 2009-09-21 11:11 - 00021878 _____ C:\Windows\winltr.ini2013-08-09 13:02 - 2009-09-21 11:10 - 00000000 ____D C:\Fantastic Fonts for Embroidery2013-08-09 12:42 - 2010-02-12 09:14 - 00002655 _____ C:\Users\Amy\Desktop\CorelDRAW 12.lnk2013-08-09 11:26 - 2013-08-09 11:08 - 00664064 _____ C:\Users\Amy\Desktop\bms.fs2013-08-09 10:07 - 2013-08-09 10:07 - 00004954 _____ C:\Users\Amy\Desktop\RKreport[0]_S_08092013_130747.txt2013-08-09 10:05 - 2013-08-09 10:05 - 00920576 _____ C:\Users\Amy\Desktop\RogueKiller.exe2013-08-09 09:57 - 2013-08-09 09:57 - 00003364 _____ C:\Windows\System32\Tasks\AmiUpdXp2013-08-09 09:57 - 2013-08-09 09:57 - 00000000 ____D C:\Users\Amy\AppData\Local\SwvUpdater2013-08-09 09:37 - 2008-01-20 19:26 - 00451008 _____ C:\Windows\PFRO.log2013-08-09 09:35 - 2013-08-09 09:35 - 00002509 _____ C:\AdwCleaner[s1].txt2013-08-09 09:34 - 2013-08-09 09:34 - 00017910 _____ C:\Users\Amy\Desktop\Wildcat11.dst2013-08-09 09:32 - 2013-08-09 09:32 - 00004700 _____ C:\Users\Amy\Desktop\JRT.txt2013-08-09 09:25 - 2013-08-09 09:25 - 01066136 _____ C:\Users\Amy\Desktop\Setup.exe2013-08-09 09:23 - 2013-08-09 09:23 - 00666633 _____ C:\Users\Amy\Desktop\AdwCleaner.exe2013-08-09 09:22 - 2013-08-09 09:22 - 00000000 ____D C:\Windows\ERUNT2013-08-09 09:21 - 2013-08-09 09:21 - 00958036 _____ (Oleg N. Scherbakov) C:\Users\Amy\Desktop\JRT.exe2013-08-09 09:08 - 2009-09-25 12:25 - 00000000 ____D C:\Users\Amy\Documents\Flexi art2013-08-09 08:25 - 2013-08-09 08:25 - 00211924 _____ C:\Users\Amy\Desktop\Football 1.EPS2013-08-09 06:26 - 2013-08-09 06:26 - 00010138 _____ C:\Users\Amy\Desktop\attach.txt2013-08-09 06:25 - 2013-08-09 06:23 - 00000000 ____D C:\Users\Amy\Desktop\New Folder2013-08-09 06:21 - 2013-08-09 06:26 - 00024109 _____ C:\Users\Amy\Desktop\dds.txt2013-08-09 06:20 - 2013-07-31 08:55 - 00000000 ____D C:\Users\Amy\Desktop\amy2013-08-09 06:15 - 2013-08-09 06:15 - 00000927 _____ C:\Users\Amy\Desktop\mbam.txt2013-08-09 06:06 - 2013-08-09 06:06 - 00688992 ____R (Swearware) C:\Users\Amy\Desktop\dds.scr2013-08-08 06:06 - 2012-07-11 05:42 - 00000950 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2013-08-08 06:06 - 2012-07-11 05:42 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware2013-08-08 06:01 - 2011-07-28 08:15 - 00000000 ____D C:\Users\Amy\AppData\Local\Meebo2013-08-08 05:52 - 2009-12-11 06:34 - 00000000 ____D C:\Windows\Minidump2013-08-08 05:52 - 2009-12-11 06:33 - 781185219 _____ C:\Windows\MEMORY.DMP2013-08-07 12:38 - 2006-11-02 07:27 - 00172142 _____ C:\Windows\setupact.log2013-08-07 12:07 - 2012-03-22 09:44 - 00000000 ____D C:\Users\Amy\AppData\Roaming\Audacity2013-08-07 12:07 - 2011-11-09 16:23 - 00000000 ____D C:\Users\Amy\AppData\Local\Akamai2013-08-07 12:07 - 2011-06-15 06:56 - 00000000 ____D C:\Users\Amy\AppData\Roaming\Skype2013-08-07 12:07 - 2009-09-21 06:25 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy2013-08-07 12:07 - 2009-04-09 21:45 - 00000000 ____D C:\Program Files (x86)\Windows Live SkyDrive2013-08-07 12:07 - 2009-04-09 21:45 - 00000000 ____D C:\Program Files (x86)\Windows Live2013-08-07 12:07 - 2006-11-02 05:34 - 00000000 ____D C:\Windows\System32\spool2013-08-07 12:07 - 2006-11-02 05:34 - 00000000 ____D C:\Windows\System32\Msdtc2013-08-07 12:07 - 2006-11-02 05:33 - 00000000 ____D C:\Windows\rescache2013-08-07 12:07 - 2006-11-02 05:33 - 00000000 ____D C:\Windows\registration2013-08-07 12:07 - 2006-11-02 04:33 - 77594624 _____ C:\Windows\System32\config\software_previous2013-08-07 12:07 - 2006-11-02 04:33 - 37748736 _____ C:\Windows\System32\config\system_previous2013-08-07 12:06 - 2012-04-20 07:01 - 00000000 ____D C:\Windows\SysWOW64\kodak2013-08-07 12:05 - 2009-07-06 08:03 - 00000000 ____D C:\ProgramData\CyberLink2013-08-07 12:03 - 2011-09-26 07:40 - 00000000 ____D C:\Program Files (x86)\GIMP-2.02013-08-07 12:02 - 2009-07-06 08:02 - 00000000 ____D C:\Program Files (x86)\Cyberlink2013-08-07 11:53 - 2006-11-02 04:33 - 54525952 _____ C:\Windows\System32\config\components_previous2013-08-07 11:53 - 2006-11-02 04:33 - 00057344 _____ C:\Windows\System32\config\sam_previous2013-08-07 09:34 - 2009-09-16 09:03 - 00376680 _____ C:\Users\Amy\AppData\Local\GDIPFONTCACHEV1.DAT2013-08-07 09:19 - 2012-07-10 13:11 - 00000000 ____D C:\Windows\18F97AF04F884494AFE25A5702E142CC.TMP2013-08-07 09:11 - 2013-05-15 08:18 - 00376680 _____ C:\Windows\System32\GDIPFONTCACHEV1.DAT2013-08-07 09:09 - 2009-09-16 09:00 - 00000000 ____D C:\users\Amy2013-08-07 08:49 - 2006-11-02 04:33 - 00786432 _____ C:\Windows\System32\config\default_previous2013-08-07 08:49 - 2006-11-02 04:33 - 00020480 _____ C:\Windows\System32\config\security_previous2013-08-07 07:38 - 2009-04-09 21:23 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information2013-08-07 07:33 - 2012-04-20 07:03 - 00000000 ____D C:\Users\Amy\AppData\Local\Eastman_Kodak_Company2013-08-07 07:32 - 2012-04-20 06:58 - 00000000 ____D C:\Program Files (x86)\Kodak2013-08-07 06:35 - 2006-11-02 05:33 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared2013-08-07 06:34 - 2009-04-09 21:47 - 00063470 _____ C:\Windows\DirectX.log2013-08-07 06:33 - 2013-08-07 06:33 - 00000000 ____D C:\Users\Amy\AppData\Local\Windows Live2013-08-07 06:01 - 2006-11-02 07:21 - 01069544 _____ C:\Windows\System32\FNTCACHE.DAT2013-08-06 07:43 - 2009-04-09 21:49 - 00000000 ____D C:\ProgramData\Adobe2013-08-06 07:43 - 2009-04-09 21:49 - 00000000 ____D C:\Program Files (x86)\Adobe2013-08-06 07:37 - 2013-08-06 07:37 - 00000000 ____D C:\Windows\SysWOW64\syncdb2013-08-06 07:14 - 2009-09-28 07:00 - 00000000 ____D C:\Program Files (x86)\Corel2013-08-06 07:03 - 2011-06-15 06:56 - 00000000 ____D C:\ProgramData\Skype2013-08-06 07:02 - 2009-09-21 10:35 - 00000000 ____D C:\Users\Amy\AppData\Local\Adobe2013-08-06 06:59 - 2013-08-06 06:59 - 00001924 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk2013-08-06 06:56 - 2013-08-06 06:56 - 00000000 ____D C:\Users\Amy\AppData\Roaming\1O1L1I1PtF1F1C1N2013-08-06 06:54 - 2013-08-06 06:55 - 01037120 _____ (Solid State Networks) C:\Users\Amy\Downloads\AdobeReaderSetup.exe2013-08-06 06:09 - 2013-08-06 06:09 - 00274504 _____ C:\Windows\Minidump\Mini080613-01.dmp2013-08-02 07:02 - 2013-08-02 07:02 - 00000000 ____D C:\Users\Amy\Documents\Add-in Express2013-08-02 07:02 - 2010-05-25 07:16 - 00000000 ____D C:\ProgramData\WinZip2013-07-31 08:29 - 2009-09-17 12:33 - 00000000 ____D C:\Program Files (x86)\Yahoo!2013-07-30 08:05 - 2013-07-30 08:01 - 00000000 ____D C:\Windows\System32\MRT2013-07-30 00:02 - 2013-07-30 00:02 - 00000000 ____D C:\74bf217706d79f526b8726bf6b2013-07-26 07:34 - 2009-09-16 09:00 - 00000000 ____D C:\Program Files (x86)\Google2013-07-24 08:02 - 2009-09-17 10:46 - 00000000 ____D C:\Users\Amy\AppData\Local\Google2013-07-22 09:37 - 2013-07-22 09:37 - 02818886 _____ C:\Users\Amy\Downloads\tyshayouth rev.eps2013-07-17 08:05 - 2009-09-28 07:04 - 00002984 ___SH C:\Windows\SysWOW64\KGyGaAvL.sys2013-07-17 08:05 - 2009-09-28 07:04 - 00000088 __RSH C:\Windows\SysWOW64\8901C0D7E9.sys2013-07-15 10:42 - 2010-02-03 06:22 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA2013-07-15 10:42 - 2010-02-03 06:22 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore==================== Known DLLs (Whitelisted) ==================================== Bamital & volsnap Check =================C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\SysWOW64\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legitC:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender==================== EXE ASSOCIATION =====================HKLM\...\.exe: exefile => OKHKLM\...\exefile\DefaultIcon: %1 => OKHKLM\...\exefile\open\command: "%1" %* => OK==================== Restore Points =========================Restore point made on: 2013-06-04 00:59:50Restore point made on: 2013-06-05 14:10:15Restore point made on: 2013-06-07 09:46:01Restore point made on: 2013-06-10 09:26:15Restore point made on: 2013-06-12 12:46:01Restore point made on: 2013-06-13 00:01:59Restore point made on: 2013-06-14 09:41:54Restore point made on: 2013-06-17 12:28:57Restore point made on: 2013-06-19 12:22:24Restore point made on: 2013-06-20 13:57:50Restore point made on: 2013-06-21 13:44:08Restore point made on: 2013-06-22 00:02:03Restore point made on: 2013-06-24 06:16:47Restore point made on: 2013-06-25 00:00:55Restore point made on: 2013-06-26 14:02:43Restore point made on: 2013-07-03 08:44:22Restore point made on: 2013-07-08 08:11:13Restore point made on: 2013-07-09 12:23:10Restore point made on: 2013-07-10 05:43:41Restore point made on: 2013-07-11 05:51:38Restore point made on: 2013-07-12 00:01:57Restore point made on: 2013-07-15 11:49:44Restore point made on: 2013-07-16 05:43:26Restore point made on: 2013-07-17 14:02:26Restore point made on: 2013-07-18 13:19:26Restore point made on: 2013-07-19 11:40:08Restore point made on: 2013-07-22 13:30:54Restore point made on: 2013-07-24 12:53:11Restore point made on: 2013-07-25 09:17:55Restore point made on: 2013-07-29 12:15:54Restore point made on: 2013-07-30 00:01:10Restore point made on: 2013-07-30 07:50:53Restore point made on: 2013-07-31 08:30:21Restore point made on: 2013-08-01 12:38:26Restore point made on: 2013-08-02 07:00:48Restore point made on: 2013-08-05 12:54:32Restore point made on: 2013-08-06 06:21:48Restore point made on: 2013-08-06 07:02:15Restore point made on: 2013-08-06 07:07:23Restore point made on: 2013-08-06 07:12:24Restore point made on: 2013-08-06 07:19:55Restore point made on: 2013-08-07 06:31:27Restore point made on: 2013-08-07 07:34:53Restore point made on: 2013-08-07 09:19:16Restore point made on: 2013-08-08 05:59:21Restore point made on: 2013-08-09 14:19:40Restore point made on: 2013-08-10 21:00:27Restore point made on: 2013-08-11 16:00:11Restore point made on: 2013-08-12 21:00:27==================== Memory info ===========================Percentage of memory in use: 8%Total physical RAM: 7934.26 MBAvailable physical RAM: 7264.62 MBTotal Pagefile: 7693.14 MBAvailable Pagefile: 7250 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.89 MB==================== Drives ================================Drive c: (OS) (Fixed) (Total:916.86 GB) (Free:721.43 GB) NTFS (Disk=0 Partition=2) ==>[Drive with boot components (obtained from BCD)]Drive d: (040722_1136) (CDROM) (Total:0.57 GB) (Free:0 GB) CDFSDrive e: () (Removable) (Total:3.72 GB) (Free:3.68 GB) FAT32 (Disk=1 Partition=1)Drive f: (WD SmartWare) (CDROM) (Total:0.63 GB) (Free:0 GB) UDFDrive g: (My Passport) (Fixed) (Total:232.23 GB) (Free:223.72 GB) NTFS (Disk=2 Partition=1)Drive x: (PQSERVICE) (Fixed) (Total:14.65 GB) (Free:4.49 GB) NTFS (Disk=0 Partition=1)==================== MBR & Partition Table ==========================================================================Disk: 0 (Size: 932 GB) (Disk ID: 5052995B)Partition 1: (Not Active) - (Size=15 GB) - (Type=27)Partition 2: (Active) - (Size=917 GB) - (Type=07 NTFS)========================================================Disk: 1 (Size: 4 GB) (Disk ID: 00000000)Partition 1: (Not Active) - (Size=4 GB) - (Type=0B)========================================================Disk: 2 (MBR Code: Windows XP) (Size: 232 GB) (Disk ID: 0006B2D9)Partition 1: (Not Active) - (Size=232 GB) - (Type=07 NTFS)LastRegBack: 2013-08-13 12:32==================== End Of Log ============================ Link to post Share on other sites More sharing options...
Maniac Posted August 13, 2013 ID:714638 Share Posted August 13, 2013 Please follow the instructions to run my script. Link to post Share on other sites More sharing options...
dixiechs88 Posted August 14, 2013 Author ID:714959 Share Posted August 14, 2013 Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-08-2013 01Ran by SYSTEM at 2013-08-14 09:01:57 Run:5Running from E:\Boot Mode: Recovery==============================================Error: DeleteJunctionsIndirectory: C:\Program Files\Windows Defender => entry should be fixed outside recovery mode.========= netsh winsock reset =========The system cannot find the file specified.========= End of CMD: ============= End of Fixlog ==== Link to post Share on other sites More sharing options...
Maniac Posted August 14, 2013 ID:715019 Share Posted August 14, 2013 Try again, but this time in Normal mode. Link to post Share on other sites More sharing options...
dixiechs88 Posted August 14, 2013 Author ID:715085 Share Posted August 14, 2013 Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-08-2013 01Ran by Amy at 2013-08-14 14:08:18 Run:6Running from K:\Boot Mode: Normal=============================================="C:\Program Files\Windows Defender" => Deleting reparse point and unlocking started."C:\Program Files\Windows Defender\en-US" => Deleting reparse point and unlocking done."C:\Program Files\Windows Defender\MpAsDesc.dll" => Deleting reparse point and unlocking done."C:\Program Files\Windows Defender\MpClient.dll" => Deleting reparse point and unlocking done."C:\Program Files\Windows Defender\MpCmdRun.exe" => Deleting reparse point and unlocking done."C:\Program Files\Windows Defender\MpEvMsg.dll" => Deleting reparse point and unlocking done."C:\Program Files\Windows Defender\MpOAV.dll" => Deleting reparse point and unlocking done."C:\Program Files\Windows Defender\MpRtMon.dll" => Deleting reparse point and unlocking done."C:\Program Files\Windows Defender\MpRtPlug.dll" => Deleting reparse point and unlocking done."C:\Program Files\Windows Defender\MpSigDwn.dll" => Deleting reparse point and unlocking done."C:\Program Files\Windows Defender\MpSoftEx.dll" => Deleting reparse point and unlocking done."C:\Program Files\Windows Defender\MpSvc.dll" => Deleting reparse point and unlocking done."C:\Program Files\Windows Defender\MSASCui.exe" => Deleting reparse point and unlocking done."C:\Program Files\Windows Defender\MsMpCom.dll" => Deleting reparse point and unlocking done."C:\Program Files\Windows Defender\MsMpLics.dll" => Deleting reparse point and unlocking done."C:\Program Files\Windows Defender\MsMpRes.dll" => Deleting reparse point and unlocking done."C:\Program Files\Windows Defender" => Deleting reparse point and unlocking completed.========= netsh winsock reset =========Sucessfully reset the Winsock Catalog.You must restart the computer in order to complete the reset.========= End of CMD: ========= Link to post Share on other sites More sharing options...
Recommended Posts