Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

DDS logs for computer infected by ZeroAccess rootkit


  • This topic is locked This topic is locked
57 replies to this topic

#1 roberena

roberena

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Australia
  • Local time:12:33 AM

Posted 18 June 2013 - 07:56 PM

Hi everyone,

 

It seems that I have been infected by ZeroAccess rootkit

 

Operating System: Windows 7, 64 bit

 

Problems

-Mcafee firewall is turning off

-Can't turn on windows security center (Error message- The windows security center service can't be started)

-I have done virus scans with Mcafee, Malwarebytes and Microsoft security essentials which all picked up viruses (can't remember which ones)

-Microsoft security essentials says to restart the computer continuously

-Can't download anything from internet explorer (it says that everything contains a virus) but I cant download from Opera

 

Previous Topic: http://www.bleepingcomputer.com/forums/t/498314/affected-by-virus-mcafee-firewall-turns-off-cant-download-from-internet-explo/#entry3082295

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16611  BrowserJavaVersion: 1.6.0_37
Run by Renae at 8:42:49 on 2013-06-19
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3957.1768 [GMT 8:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_42d83e1760b1e973\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_42d83e1760b1e973\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SysWOW64\schtasks.exe
C:\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Users\Renae\AppData\Roaming\ubshsgch\jcugcbae.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Users\Renae\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\PROGRA~1\McAfee\MSC\McAPExe.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\McAfee\MAT\McPvTray.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\iTunes\iTunes.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\Last.fm\Last.fm Scrobbler.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Opera\opera.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com/
mWinlogon: Userinit = userinit.exe,
BHO: mixidj Helper Object: {4D6A9BBF-402C-4301-B1EF-28D04F71D761} - C:\Program Files (x86)\mixidj\mixidj\1.8.4.1\bh\mixidj.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Adobe Acrobat Create PDF Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Search-Results Toolbar: {B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD} - C:\Program Files (x86)\searchresultstb\searchresultsDx.dll
BHO: MP3 Rocket Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Adobe Acrobat Create PDF from Selection: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
BHO: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: MP3 Rocket Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
TB: Search-Results Toolbar: {B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD} - C:\Program Files (x86)\searchresultstb\searchresultsDx.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: MP3 Rocket Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
TB: MixiDJ Toolbar: {CA9B9C89-4662-4ADC-9C23-A452BECD5D19} - C:\Program Files (x86)\mixidj\mixidj\1.8.4.1\mixidjTlbr.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Ihtyruiw] C:\Users\Renae\AppData\Roaming\Ecuwuw\axqe.exe
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [mcpltui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
uExplorerRun: [Pando Networks] C:\Users\Renae\AppData\Roaming\ubshsgch\jcugcbae.exe
StartupFolder: C:\Users\Renae\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Renae\AppData\Roaming\Dropbox\bin\Dropbox.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:221
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
TCP: NameServer = 10.1.1.1
TCP: Interfaces\{C7084084-0DE0-4FA4-AF18-8FF8A5D9FB6E} : DHCPNameServer = 10.1.1.1
TCP: Interfaces\{C7084084-0DE0-4FA4-AF18-8FF8A5D9FB6E}\27F6265627473702E6564777F627B60223E243 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{C7084084-0DE0-4FA4-AF18-8FF8A5D9FB6E}\27F6265627473702E6564777F627B653 : DHCPNameServer = 192.168.2.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= c:\progra~3\browse~1\261339~1.144\{c16c1~1\browse~1.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mWinlogon: Userinit = userinit.exe,
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg64.dll
x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-BHO: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll
x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [Broadcom Wireless Manager UI]  CARD\WLTRAY.EXE
x64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
x64-Run: [SynTPEnh] H.EXE
x64-Run: [AdobeAAMUpdater-1.0]  FILES\ADOBE\OOBE\PDAPP\UWA\UPDATERSTARTUPUTILITY.EXE"
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\896\G2AWinLogon_x64.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Renae\AppData\Roaming\Mozilla\Firefox\Profiles\mhnrlle8.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com.au/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - plugin: c:\PROGRA~2\mcafee\msc\npMcSnFFPl.dll
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll
FF - plugin: C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Users\Renae\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\System32\C2MP\npdivx32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2012-11-9 772944]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2012-11-9 342416]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\System32\drivers\SmartDefragDriver.sys [2012-12-29 17720]
R1 HssDRV6;Hotspot Shield Routing Driver 6;C:\Windows\System32\drivers\hssdrv6.sys [2012-11-2 42248]
R1 MOBKFilter;MOBKFilter;C:\Windows\System32\drivers\MOBK.sys [2012-9-19 66040]
R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [2012-12-10 464256]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_42d83e1760b1e973\AESTSr64.exe [2012-9-18 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-9-28 239616]
R2 BrowserProtect;BrowserProtect;C:\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [2013-6-4 3085264]
R2 HomeNetSvc;McAfee Home Network;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-1-4 221296]
R2 hshld;Hotspot Shield Service;C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe [2012-11-2 527216]
R2 IMFservice;IMF Service;C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2012-12-29 821592]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-11-25 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-11-25 701512]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-10-17 201304]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-1-4 221296]
R2 mcpltsvc;McAfee Platform Services;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-1-4 221296]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-1-4 221296]
R2 McPvDrv;McPvDrv Driver;C:\Windows\System32\drivers\McPvDrv.sys [2013-6-8 74560]
R2 mfecore;McAfee Anti-Malware Core;C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [2013-1-4 1017016]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2013-1-4 218760]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2013-1-4 182752]
R2 MOBKbackup;McAfee Online Backup;C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe [2010-4-13 231224]
R2 rimspci;rimspci;C:\Windows\System32\drivers\rimspe64.sys [2012-9-18 60416]
R2 risdpcie;risdpcie;C:\Windows\System32\drivers\risdpe64.sys [2012-9-18 80896]
R2 rixdpcie;rixdpcie;C:\Windows\System32\drivers\rixdpe64.sys [2012-9-18 55808]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-9-18 2320920]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-5-14 96896]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2012-9-18 172704]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2012-9-18 56344]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-11-25 25928]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2012-11-9 309968]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2012-11-9 516608]
R3 mfencbdc;McAfee Inc. mfencbdc;C:\Windows\System32\drivers\mfencbdc.sys [2013-2-18 337120]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-6-11 187392]
R3 taphss6;Anchorfree HSS VPN Adapter;C:\Windows\System32\drivers\taphss6.sys [2012-11-2 40712]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-1-4 221296]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]
S3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2012-11-9 70112]
S3 FileMonitor;FileMonitor;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2012-12-29 21384]
S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\drivers\HipShieldK.sys [2013-4-2 197264]
S3 mfencrk;McAfee Inc. mfencrk;C:\Windows\System32\drivers\mfencrk.sys [2013-2-18 95856]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-1-20 130008]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-12-26 19456]
S3 RegFilter;RegFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys [2012-12-29 33224]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-12-26 57856]
S3 UrlFilter;UrlFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys [2012-12-29 21904]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-9-21 1255736]
.
=============== Created Last 30 ================
.
2013-06-19 00:17:31 76232 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{788EDD69-9E61-4DAC-A92C-019F215279EA}\offreg.dll
2013-06-18 08:19:27 9552976 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{788EDD69-9E61-4DAC-A92C-019F215279EA}\mpengine.dll
2013-06-16 12:52:12 9460464 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-06-16 12:23:53 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2013-06-16 12:23:47 -------- d-----w- C:\Program Files\Microsoft Security Client
2013-06-16 12:23:29 -------- d-----w- C:\7ed9d63675bd466ab9ac0a5eaa5db4
2013-06-13 14:24:42 701952 ----a-w- C:\Program Files\Internet Explorer\ieproxy.dll
2013-06-13 09:43:38 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-06-13 09:40:38 751104 ----a-w- C:\Windows\System32\win32spl.dll
2013-06-13 09:40:37 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll
2013-06-13 09:40:21 30720 ----a-w- C:\Windows\System32\cryptdlg.dll
2013-06-13 09:40:20 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll
2013-06-13 09:39:49 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2013-06-13 09:39:49 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2013-06-13 09:35:37 903168 ----a-w- C:\Windows\SysWow64\certutil.exe
2013-06-13 09:35:37 1192448 ----a-w- C:\Windows\System32\certutil.exe
2013-06-13 09:35:36 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2013-06-13 09:35:35 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-06-13 09:35:35 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-06-13 09:35:35 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-06-13 09:35:35 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-06-13 09:35:34 52224 ----a-w- C:\Windows\System32\certenc.dll
2013-06-13 09:35:34 43008 ----a-w- C:\Windows\SysWow64\certenc.dll
2013-06-13 09:35:34 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-06-13 09:34:56 1887232 ----a-w- C:\Windows\System32\d3d11.dll
2013-06-13 09:34:56 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll
2013-06-08 04:36:46 74560 ----a-w- C:\Windows\System32\drivers\McPvDrv.sys
2013-06-01 03:39:24 -------- d-----w- C:\Users\Renae\AppData\Roaming\Zuixu
2013-06-01 03:39:24 -------- d-----w- C:\Users\Renae\AppData\Roaming\Kode
2013-06-01 03:39:24 -------- d-----w- C:\Users\Renae\AppData\Roaming\Ecuwuw
2013-05-25 01:30:45 -------- d-----w- C:\Users\Renae\AppData\Roaming\Uruwot
2013-05-25 01:30:45 -------- d-----w- C:\Users\Renae\AppData\Roaming\Meidyh
2013-05-25 01:30:45 -------- d-----w- C:\Users\Renae\AppData\Roaming\Gasoun
2013-05-21 08:55:02 -------- d-----w- C:\Users\Renae\AppData\Roaming\Veam
2013-05-21 08:55:02 -------- d-----w- C:\Users\Renae\AppData\Roaming\Leumhu
2013-05-20 09:13:37 -------- d-----w- C:\Program Files\HitmanPro
2013-05-20 09:03:27 -------- d-----w- C:\ProgramData\HitmanPro
2013-05-20 08:18:27 -------- d-----w- C:\Program Files (x86)\Citrix
2013-05-20 08:17:35 -------- d-----w- C:\Users\Renae\AppData\Local\Citrix
2013-05-20 08:17:25 103832 ----a-w- C:\Users\Renae\GoToAssistDownloadHelper.exe
.
==================== Find3M  ====================
.
2013-06-16 06:10:07 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-06-16 06:10:06 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-06-13 09:38:19 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-06-13 09:38:18 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-17 01:25:57 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-05-17 01:25:27 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-05-17 01:25:26 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-05-17 01:25:26 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-05-17 00:59:03 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-05-17 00:58:10 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-05-17 00:58:08 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-05-17 00:58:08 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-05-14 12:23:25 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-05-14 08:40:13 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-05-02 15:29:56 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-05-01 04:15:46 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2013-04-10 06:01:54 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2013-04-10 06:01:53 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2013-04-10 03:30:50 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-04-04 06:50:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-04-03 05:37:38 70112 ----a-w- C:\Windows\System32\drivers\cfwids.sys
2013-04-03 05:34:58 342416 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys
2013-04-03 05:34:46 182752 ----a-w- C:\Windows\System32\mfevtps.exe
2013-04-03 05:33:06 772944 ----a-w- C:\Windows\System32\drivers\mfehidk.sys
2013-04-03 05:32:14 516608 ----a-w- C:\Windows\System32\drivers\mfefirek.sys
2013-04-03 05:31:36 309968 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys
2013-04-03 05:31:14 179664 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys
.
============= FINISH:  8:48:58.22 ===============
 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:33 PM

Posted 19 June 2013 - 04:20 AM

Hi there,
my name is Marius and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

Please download Gmer from here by clicking on the "Download EXE" Button.

  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )
  • Leave everything else as it is.
  • Close all other running programs as well as your Browser.
  • Click the Scan button & wait for it to finish.
  • Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop.
  • Please post the content of the ark.txt here.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 roberena

roberena
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Australia
  • Local time:12:33 AM

Posted 19 June 2013 - 05:36 AM

Hi Marius,

 

GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-06-19 18:32:44
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 TOSHIBA_MK6476GSX rev.GS002D 596.17GB
Running: b23e4joi.exe; Driver: C:\Users\Renae\AppData\Local\Temp\uxldrpow.sys

---- Processes - GMER 2.1 ----

Library  C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_32_68D43262AB91CB4A.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe [2872]      00000000688e0000
Library  C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_C9EDDF0B6984A451.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe [2872]  0000000067090000
Library  C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_32_68D43262AB91CB4A.dll (*** suspicious ***) @ C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [9060]                      00000000688e0000
Library  C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_C9EDDF0B6984A451.dll (*** suspicious ***) @ C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [9060]                  0000000067090000
Library  C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_32_68D43262AB91CB4A.dll (*** suspicious ***) @ C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [6008]                      00000000688e0000
Library  C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_C9EDDF0B6984A451.dll (*** suspicious ***) @ C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [6008]                  0000000067090000
Library  C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_32_68D43262AB91CB4A.dll (*** suspicious ***) @ C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [9832]                      00000000688e0000
Library  C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_C9EDDF0B6984A451.dll (*** suspicious ***) @ C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [9832]                  0000000067090000

---- EOF - GMER 2.1 ----

 

Thanks



#4 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:33 PM

Posted 19 June 2013 - 05:45 AM

Combofix


Combofix should only be run when adviced by a team member!


Link


Important - Save the file to your desktop!


  • Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
  • Run Combofix.exe


When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#5 roberena

roberena
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Australia
  • Local time:12:33 AM

Posted 19 June 2013 - 07:24 AM

Hi Marius,

 

ComboFix 13-06-18.02 - Renae 19-Jun-13  19:39:25.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3957.2050 [GMT 8:00]
Running from: c:\users\Renae\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Renae\AppData\Local\assembly\tmp
c:\users\Renae\AppData\Roaming\Ecuwuw
c:\users\Renae\AppData\Roaming\Ecuwuw\axqe.exe
c:\users\Renae\GoToAssistDownloadHelper.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-05-19 to 2013-06-19  )))))))))))))))))))))))))))))))
.
.
2013-06-19 11:55 . 2013-06-19 11:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-18 08:19 . 2013-06-12 03:08 9552976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{788EDD69-9E61-4DAC-A92C-019F215279EA}\mpengine.dll
2013-06-16 12:52 . 2013-05-12 15:37 9460464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-06-16 12:23 . 2013-06-16 12:23 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2013-06-16 12:23 . 2013-06-16 12:24 -------- d-----w- c:\program files\Microsoft Security Client
2013-06-16 12:23 . 2013-06-16 12:24 -------- d-----w- C:\7ed9d63675bd466ab9ac0a5eaa5db4
2013-06-13 14:24 . 2013-05-17 01:25 257536 ----a-w- c:\program files (x86)\Internet Explorer\ieproxy.dll
2013-06-13 09:43 . 2013-05-08 06:39 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-06-13 09:40 . 2013-04-26 05:51 751104 ----a-w- c:\windows\system32\win32spl.dll
2013-06-13 09:40 . 2013-04-26 04:55 492544 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-06-13 09:40 . 2013-05-10 05:49 30720 ----a-w- c:\windows\system32\cryptdlg.dll
2013-06-13 09:40 . 2013-05-10 03:20 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll
2013-06-13 09:39 . 2013-04-17 07:02 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2013-06-13 09:39 . 2013-04-17 06:24 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-06-13 09:35 . 2013-05-13 03:43 1192448 ----a-w- c:\windows\system32\certutil.exe
2013-06-13 09:35 . 2013-05-13 03:08 903168 ----a-w- c:\windows\SysWow64\certutil.exe
2013-06-13 09:35 . 2013-05-13 05:51 1464320 ----a-w- c:\windows\system32\crypt32.dll
2013-06-13 09:35 . 2013-05-13 05:51 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-06-13 09:35 . 2013-05-13 05:51 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-06-13 09:35 . 2013-05-13 04:45 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-06-13 09:35 . 2013-05-13 04:45 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-06-13 09:35 . 2013-05-13 05:50 52224 ----a-w- c:\windows\system32\certenc.dll
2013-06-13 09:35 . 2013-05-13 04:45 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-06-13 09:35 . 2013-05-13 03:08 43008 ----a-w- c:\windows\SysWow64\certenc.dll
2013-06-13 09:34 . 2013-04-25 23:30 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll
2013-06-13 09:34 . 2013-03-31 22:52 1887232 ----a-w- c:\windows\system32\d3d11.dll
2013-06-08 04:36 . 2013-04-22 07:46 74560 ----a-w- c:\windows\system32\drivers\McPvDrv.sys
2013-06-01 03:39 . 2013-06-08 04:22 -------- d-----w- c:\users\Renae\AppData\Roaming\Zuixu
2013-06-01 03:39 . 2013-06-01 03:39 -------- d-----w- c:\users\Renae\AppData\Roaming\Kode
2013-05-25 01:30 . 2013-05-31 11:08 -------- d-----w- c:\users\Renae\AppData\Roaming\Meidyh
2013-05-25 01:30 . 2013-05-31 10:37 -------- d-----w- c:\users\Renae\AppData\Roaming\Uruwot
2013-05-25 01:30 . 2013-05-25 01:30 -------- d-----w- c:\users\Renae\AppData\Roaming\Gasoun
2013-05-21 08:55 . 2013-05-24 12:03 -------- d-----w- c:\users\Renae\AppData\Roaming\Veam
2013-05-21 08:55 . 2013-05-21 08:55 -------- d-----w- c:\users\Renae\AppData\Roaming\Leumhu
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-13 14:25 . 2012-11-24 08:31 75825640 ----a-w- c:\windows\system32\MRT.exe
2013-06-13 09:38 . 2012-09-18 05:01 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-13 09:38 . 2012-09-18 05:01 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-09 06:38 . 2012-09-28 01:56 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-02 15:29 . 2012-09-18 04:44 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-05-01 04:17 . 2013-05-01 04:17 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-05-01 04:17 . 2013-05-01 04:17 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-05-01 04:17 . 2013-05-01 04:17 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-05-01 04:17 . 2013-05-01 04:17 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-05-01 04:17 . 2013-05-01 04:17 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-05-01 04:17 . 2013-05-01 04:17 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-05-01 04:17 . 2013-05-01 04:17 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-05-01 04:17 . 2013-05-01 04:17 81408 ----a-w- c:\windows\system32\icardie.dll
2013-05-01 04:17 . 2013-05-01 04:17 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-05-01 04:17 . 2013-05-01 04:17 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-05-01 04:17 . 2013-05-01 04:17 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-05-01 04:17 . 2013-05-01 04:17 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-05-01 04:17 . 2013-05-01 04:17 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-05-01 04:17 . 2013-05-01 04:17 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-05-01 04:17 . 2013-05-01 04:17 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-05-01 04:17 . 2013-05-01 04:17 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-05-01 04:17 . 2013-05-01 04:17 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-05-01 04:17 . 2013-05-01 04:17 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-05-01 04:17 . 2013-05-01 04:17 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-05-01 04:17 . 2013-05-01 04:17 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-05-01 04:17 . 2013-05-01 04:17 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-05-01 04:17 . 2013-05-01 04:17 441856 ----a-w- c:\windows\system32\html.iec
2013-05-01 04:17 . 2013-05-01 04:17 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-05-01 04:17 . 2013-05-01 04:17 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-05-01 04:17 . 2013-05-01 04:17 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-05-01 04:17 . 2013-05-01 04:17 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-05-01 04:17 . 2013-05-01 04:17 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-05-01 04:17 . 2013-05-01 04:17 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-05-01 04:17 . 2013-05-01 04:17 235008 ----a-w- c:\windows\system32\url.dll
2013-05-01 04:17 . 2013-05-01 04:17 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-05-01 04:17 . 2013-05-01 04:17 216064 ----a-w- c:\windows\system32\msls31.dll
2013-05-01 04:17 . 2013-05-01 04:17 197120 ----a-w- c:\windows\system32\msrating.dll
2013-05-01 04:17 . 2013-05-01 04:17 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-05-01 04:17 . 2013-05-01 04:17 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-05-01 04:17 . 2013-05-01 04:17 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-05-01 04:17 . 2013-05-01 04:17 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-05-01 04:17 . 2013-05-01 04:17 149504 ----a-w- c:\windows\system32\occache.dll
2013-05-01 04:17 . 2013-05-01 04:17 144896 ----a-w- c:\windows\system32\wextract.exe
2013-05-01 04:17 . 2013-05-01 04:17 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-05-01 04:17 . 2013-05-01 04:17 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-05-01 04:17 . 2013-05-01 04:17 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-05-01 04:17 . 2013-05-01 04:17 13824 ----a-w- c:\windows\system32\mshta.exe
2013-05-01 04:17 . 2013-05-01 04:17 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-05-01 04:17 . 2013-05-01 04:17 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-05-01 04:17 . 2013-05-01 04:17 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-05-01 04:17 . 2013-05-01 04:17 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-05-01 04:17 . 2013-05-01 04:17 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-05-01 04:17 . 2013-05-01 04:17 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-05-01 04:17 . 2013-05-01 04:17 102912 ----a-w- c:\windows\system32\inseng.dll
2013-05-01 04:15 . 2013-05-01 04:15 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-01 04:15 . 2013-05-01 04:15 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-01 04:15 . 2013-05-01 04:15 648192 ----a-w- c:\windows\system32\d3d10level9.dll
2013-05-01 04:15 . 2013-05-01 04:15 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2013-05-01 04:15 . 2013-05-01 04:15 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-05-01 04:15 . 2013-05-01 04:15 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-05-01 04:15 . 2013-05-01 04:15 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-05-01 04:15 . 2013-05-01 04:15 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-05-01 04:15 . 2013-05-01 04:15 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-05-01 04:15 . 2013-05-01 04:15 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-05-01 04:15 . 2013-05-01 04:15 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-05-01 04:15 . 2013-05-01 04:15 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-05-01 04:15 . 2013-05-01 04:15 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-05-01 04:15 . 2013-05-01 04:15 3928064 ----a-w- c:\windows\system32\d2d1.dll
2013-05-01 04:15 . 2013-05-01 04:15 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2013-05-01 04:15 . 2013-05-01 04:15 363008 ----a-w- c:\windows\system32\dxgi.dll
2013-05-01 04:15 . 2013-05-01 04:15 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-05-01 04:15 . 2013-05-01 04:15 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-05-01 04:15 . 2013-05-01 04:15 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2013-05-01 04:15 . 2013-05-01 04:15 333312 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-05-01 04:15 . 2013-05-01 04:15 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-05-01 04:15 . 2013-05-01 04:15 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-05-01 04:15 . 2013-05-01 04:15 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-05-01 04:15 . 2013-05-01 04:15 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-05-01 04:15 . 2013-05-01 04:15 296960 ----a-w- c:\windows\system32\d3d10core.dll
2013-05-01 04:15 . 2013-05-01 04:15 293376 ----a-w- c:\windows\SysWow64\dxgi.dll
2013-05-01 04:15 . 2013-05-01 04:15 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2013-05-01 04:15 . 2013-05-01 04:15 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2013-05-01 04:15 . 2013-05-01 04:15 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-05-01 04:15 . 2013-05-01 04:15 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-05-01 04:15 . 2013-05-01 04:15 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2013-05-01 04:15 . 2013-05-01 04:15 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2013-05-01 04:15 . 2013-05-01 04:15 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2013-05-01 04:15 . 2013-05-01 04:15 221184 ----a-w- c:\windows\system32\UIAnimation.dll
2013-05-01 04:15 . 2013-05-01 04:15 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll
2013-05-01 04:15 . 2013-05-01 04:15 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll
2013-05-01 04:15 . 2013-05-01 04:15 1988096 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2013-05-01 04:15 . 2013-05-01 04:15 194560 ----a-w- c:\windows\system32\d3d10_1.dll
2013-05-01 04:15 . 2013-05-01 04:15 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll
2013-05-01 04:15 . 2013-05-01 04:15 1682432 ----a-w- c:\windows\system32\XpsPrint.dll
2013-05-01 04:15 . 2013-05-01 04:15 1643520 ----a-w- c:\windows\system32\DWrite.dll
2013-05-01 04:15 . 2013-05-01 04:15 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2013-05-01 04:15 . 2013-05-01 04:15 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
2013-05-01 04:15 . 2013-05-01 04:15 1238528 ----a-w- c:\windows\system32\d3d10.dll
2013-05-01 04:15 . 2013-05-01 04:15 1175552 ----a-w- c:\windows\system32\FntCache.dll
2013-05-01 04:15 . 2013-05-01 04:15 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{4D6A9BBF-402C-4301-B1EF-28D04F71D761}]
2012-11-13 07:23 263136 ----a-w- c:\program files (x86)\mixidj\mixidj\1.8.4.1\bh\mixidj.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD}]
2011-07-09 20:16 89256 ----a-w- c:\program files (x86)\searchresultstb\searchresultsDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2013-02-02 13:05 1527944 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2012-11-01 17:45 233288 ----a-w- c:\program files (x86)\Hotspot Shield\HssIE\HssIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD}"= "c:\program files (x86)\searchresultstb\searchresultsDx.dll" [2011-07-09 89256]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2013-02-02 1527944]
"{CA9B9C89-4662-4ADC-9C23-A452BECD5D19}"= "c:\program files (x86)\mixidj\mixidj\1.8.4.1\mixidjTlbr.dll" [2012-11-13 337376]
.
[HKEY_CLASSES_ROOT\clsid\{b9c7ce32-da91-43c2-b7e9-0e9aafc675cd}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{ca9b9c89-4662-4adc-9c23-a452becd5d19}]
[HKEY_CLASSES_ROOT\mixidj.mixidjdskBnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
[HKEY_CLASSES_ROOT\mixidj.mixidjdskBnd]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12 130736 ----a-w- c:\users\Renae\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12 130736 ----a-w- c:\users\Renae\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12 130736 ----a-w- c:\users\Renae\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12 130736 ----a-w- c:\users\Renae\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-09-18 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-02-28 454600]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-09-28 642728]
"mcpltui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-02-28 454600]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2013-02-02 1718920]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-24 421888]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe" [2012-09-23 3477640]
.
c:\users\Renae\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Renae\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~3\browse~1\261339~1.144\{c16c1~1\browse~1.dll c:\progra~3\browse~1\261339~1.144\{c16c1~1\browserprotect.dll
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 FileMonitor;FileMonitor;c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys;c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [x]
R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys;c:\windows\SYSNATIVE\drivers\HipShieldK.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\DRIVERS\mfencrk.sys;c:\windows\SYSNATIVE\DRIVERS\mfencrk.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RegFilter;RegFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 UrlFilter;UrlFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 X6va011;X6va011;c:\windows\SysWOW64\Drivers\X6va011;c:\windows\SysWOW64\Drivers\X6va011 [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys;c:\windows\SYSNATIVE\Drivers\SmartDefragDriver.sys [x]
S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys;c:\windows\SYSNATIVE\DRIVERS\hssdrv6.sys [x]
S1 MOBKFilter;MOBKFilter;c:\windows\system32\DRIVERS\MOBK.sys;c:\windows\SYSNATIVE\DRIVERS\MOBK.sys [x]
S2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files (x86)\IObit\Advanced SystemCare 6\ASCService.exe;c:\program files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_42d83e1760b1e973\AESTSr64.exe;c:\windows\SYSNATIVE\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_42d83e1760b1e973\AESTSr64.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 BrowserProtect;BrowserProtect;c:\programdata\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe;c:\programdata\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [x]
S2 HomeNetSvc;McAfee Home Network;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 hshld;Hotspot Shield Service;c:\program files (x86)\Hotspot Shield\bin\openvpnas.exe;c:\program files (x86)\Hotspot Shield\bin\openvpnas.exe [x]
S2 IMFservice;IMF Service;c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe;c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [x]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 mcpltsvc;McAfee Platform Services;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 McPvDrv;McPvDrv Driver;c:\windows\system32\drivers\McPvDrv.sys;c:\windows\SYSNATIVE\drivers\McPvDrv.sys [x]
S2 mfecore;McAfee Anti-Malware Core;c:\program files\Common Files\McAfee\AMCore\mcshield.exe;c:\program files\Common Files\McAfee\AMCore\mcshield.exe [x]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x]
S2 MOBKbackup;McAfee Online Backup;c:\program files (x86)\McAfee Online Backup\MOBKbackup.exe;c:\program files (x86)\McAfee Online Backup\MOBKbackup.exe [x]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys;c:\windows\SYSNATIVE\DRIVERS\rimspe64.sys [x]
S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys;c:\windows\SYSNATIVE\DRIVERS\risdpe64.sys [x]
S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys;c:\windows\SYSNATIVE\DRIVERS\rixdpe64.sys [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys;c:\windows\SYSNATIVE\drivers\cfwids.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys;c:\windows\SYSNATIVE\drivers\mfefirek.sys [x]
S3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\DRIVERS\mfencbdc.sys;c:\windows\SYSNATIVE\DRIVERS\mfencbdc.sys [x]
S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - NISDRV
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-08 04:28 1165776 ----a-w- c:\program files (x86)\Google\Chrome\Application\27.0.1453.110\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-18 09:38]
.
2013-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-18 05:01]
.
2013-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-18 05:01]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12 164016 ----a-w- c:\users\Renae\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12 164016 ----a-w- c:\users\Renae\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12 164016 ----a-w- c:\users\Renae\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12 164016 ----a-w- c:\users\Renae\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]
@="{3c3f3c1a-9153-7c05-f938-622e7003894d}"
[HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]
2010-04-13 12:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]
@="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"
[HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]
2010-04-13 12:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]
@="{b4caf489-1eec-c617-49ad-8d7088598c06}"
[HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]
2010-04-13 12:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-12-14 487424]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 10.1.1.1
FF - ProfilePath - c:\users\Renae\AppData\Roaming\Mozilla\Firefox\Profiles\mhnrlle8.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com.au/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-Ihtyruiw - c:\users\Renae\AppData\Roaming\Ecuwuw\axqe.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM-Run-Broadcom Wireless Manager UI - CARD\WLTRAY.EXE
HKLM-Run-SynTPEnh - H.EXE
HKLM-Run-AdobeAAMUpdater-1.0 - FILES\ADOBE\OOBE\PDAPP\UWA\UPDATERSTARTUPUTILITY.EXE
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va011]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va011"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4045612348-2397635227-3809935073-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-4045612348-2397635227-3809935073-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\windows\SysWOW64\rundll32.exe
c:\users\Renae\AppData\Roaming\Dropbox\bin\Dropbox.exe
.
**************************************************************************
.
Completion time: 2013-06-19  20:20:13 - machine was rebooted
ComboFix-quarantined-files.txt  2013-06-19 12:20
.
Pre-Run: 385,412,616,192 bytes free
Post-Run: 385,516,306,432 bytes free
.
- - End Of File - - 19BF30967A137641DE2649AC3446D1B2
A36C5E4F47E84449FF07ED3517B43A31
 



#6 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:33 PM

Posted 19 June 2013 - 07:53 AM

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Download the attached CFScript.txt and save it to the location where Combofix is.


CFScriptB-4.gif


Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

 

 

 

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Post that log back here.

Attached Files


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#7 roberena

roberena
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Australia
  • Local time:12:33 AM

Posted 19 June 2013 - 09:40 AM

ComboFix 13-06-18.02 - Renae 19-Jun-13 21:12:49.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3957.2042 [GMT 8:00]
Running from: c:\users\Renae\Desktop\ComboFix.exe
Command switches used :: c:\users\Renae\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Ask.com
c:\program files (x86)\Ask.com\assets\oobe\b.png
c:\program files (x86)\Ask.com\assets\oobe\bl.png
c:\program files (x86)\Ask.com\assets\oobe\br.png
c:\program files (x86)\Ask.com\assets\oobe\l.png
c:\program files (x86)\Ask.com\assets\oobe\pointer.png
c:\program files (x86)\Ask.com\assets\oobe\r.png
c:\program files (x86)\Ask.com\assets\oobe\t.png
c:\program files (x86)\Ask.com\assets\oobe\tl.png
c:\program files (x86)\Ask.com\assets\oobe\tr.png
c:\program files (x86)\Ask.com\cb_aff6.ico
c:\program files (x86)\Ask.com\cobrand.ico
c:\program files (x86)\Ask.com\config.xml
c:\program files (x86)\Ask.com\favicon.ico
c:\program files (x86)\Ask.com\fv_7c96.ico
c:\program files (x86)\Ask.com\GenericAskToolbar.dll
c:\program files (x86)\Ask.com\mupcfg.xml
c:\program files (x86)\Ask.com\precache.exe
c:\program files (x86)\Ask.com\SaUpdate.exe
c:\program files (x86)\Ask.com\Updater\config.xml
c:\program files (x86)\Ask.com\Updater\Updater.exe
c:\program files (x86)\Ask.com\UpdateTask.exe
c:\program files (x86)\Hotspot Shield\HssIE
c:\program files (x86)\Hotspot Shield\HssIE\config.txt
c:\program files (x86)\Hotspot Shield\HssIE\config_srch.txt
c:\program files (x86)\Hotspot Shield\HssIE\HssIE.dll
c:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dll
c:\program files (x86)\mixidj
c:\program files (x86)\mixidj\mixidj\1.8.4.1\bh\mixidj.dll
c:\program files (x86)\mixidj\mixidj\1.8.4.1\escortShld.dll
c:\program files (x86)\mixidj\mixidj\1.8.4.1\GUninstaller.exe
c:\program files (x86)\mixidj\mixidj\1.8.4.1\mixidj.crx
c:\program files (x86)\mixidj\mixidj\1.8.4.1\mixidjApp.dll
c:\program files (x86)\mixidj\mixidj\1.8.4.1\mixidjEng.dll
c:\program files (x86)\mixidj\mixidj\1.8.4.1\mixidjsrv.exe
c:\program files (x86)\mixidj\mixidj\1.8.4.1\mixidjTlbr.dll
c:\program files (x86)\mixidj\mixidj\1.8.4.1\uninstall.exe
c:\program files (x86)\searchresultstb
c:\program files (x86)\searchresultstb\as_guid.dat
c:\program files (x86)\searchresultstb\chrome\content\lib\about.xml
c:\program files (x86)\searchresultstb\chrome\content\lib\dtxpanel.xul
c:\program files (x86)\searchresultstb\chrome\content\lib\dtxpaneltransparent.xul
c:\program files (x86)\searchresultstb\chrome\content\lib\dtxpanelwin.xul
c:\program files (x86)\searchresultstb\chrome\content\lib\dtxprefwin.xul
c:\program files (x86)\searchresultstb\chrome\content\lib\dtxtransparentwin.xul
c:\program files (x86)\searchresultstb\chrome\content\lib\dtxwin.xul
c:\program files (x86)\searchresultstb\chrome\content\lib\emailnotifierproviders.xml
c:\program files (x86)\searchresultstb\chrome\content\lib\external.js
c:\program files (x86)\searchresultstb\chrome\content\lib\neterror.xhtml
c:\program files (x86)\searchresultstb\chrome\content\lib\rsspreview.html
c:\program files (x86)\searchresultstb\chrome\content\lib\rsswin.xml
c:\program files (x86)\searchresultstb\chrome\content\lib\rsswin.xsl
c:\program files (x86)\searchresultstb\chrome\content\modules\datastore.jsm
c:\program files (x86)\searchresultstb\chrome\content\modules\nsDragAndDrop.js
c:\program files (x86)\searchresultstb\chrome\content\preferences.xml
c:\program files (x86)\searchresultstb\chrome\content\searchresultstb.js
c:\program files (x86)\searchresultstb\chrome\content\toolbar.htm
c:\program files (x86)\searchresultstb\chrome\content\toolbar.xul
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.MyStartFacebook\css\dialog.css
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\arrow-grey.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\arrows_grey-left.gif
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\arrows_grey-right.gif
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\back.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\btn-search-over.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\btn-search.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\delete.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\scrollb-disable.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\scrollb-down.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\scrollb.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\scrollt-disable.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\scrollt-down.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\scrollt.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-arrow-hover.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-arrow.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-off-l.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-off-r.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-on-l.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-on-r.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-over-l.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-over-r.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-red-left.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-red-mdl.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-red-right.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-white-left.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-white-mdl.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-white-right.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\throbber.gif
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\vid-bg.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\youtube.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.MyStartFacebook\index.html
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.MyStartFacebook\js\function.js
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.MyStartFacebook\js\jquery-1.4.2.min.js
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.MyStartFacebook\js\JSON.js
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\css\dialog.css
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\bg-facebook.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\blank.gif
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\btn-wide-close-over.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\btn-wide-close.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\default.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\transparent.gif
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\win-btm-left.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\win-btm-mdl.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\win-btm-right-resize.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\win-btm-right.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\main.html
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\scripts\defscript.js
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\scripts\jquery-1.4.2.min.js
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.MyStartFacebook\tb_icon.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.MyStartFacebook\widget.js
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.MyStartFacebook\widget.xml
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.MyStartFacebook\widget_version.txt
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.RadioBeta\radiobeta-buffering.gif
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.RadioBeta\radiobeta-connecting.gif
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.RadioBeta\radiobeta-playing.gif
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.RadioBeta\radiobeta-stopped.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.RadioBeta\radiobeta.ico
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.RadioBeta\tb_icon.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.RadioBeta\widget.js
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.RadioBeta\widget.xml
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.Shopzilla\alert_coupon.css
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.Shopzilla\arrow-next-off.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.Shopzilla\arrow-next.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.Shopzilla\arrow-previous-off.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.Shopzilla\arrow-previous.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.Shopzilla\bg-coupon-blue.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.Shopzilla\bg-save.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.Shopzilla\bg.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.Shopzilla\border-radius.htc
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.Shopzilla\btn-getcoupon.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.Shopzilla\btn-gotostore-green.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.Shopzilla\btn-gotostore.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.Shopzilla\btn-next-blue.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.Shopzilla\btn-previous-blue.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.Shopzilla\btn-wide-close-over.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.Shopzilla\btn-wide-close.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.Shopzilla\coupon-activated.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.Shopzilla\couponTooltip.js
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.Shopzilla\css\dialog.css
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.Shopzilla\css\IE7Styles.css
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.Shopzilla\css\style.css
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.Shopzilla\dialog.css
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.Shopzilla\ico-coupon.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.Shopzilla\ico-dollar.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.Shopzilla\images\arrow-grey.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.Shopzilla\images\arrows_grey-left.gif
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.Shopzilla\images\arrows_grey-right.gif
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.Shopzilla\images\bg_top.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.Shopzilla\images\btn-back.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.Shopzilla\images\btn-getcoupon.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.Shopzilla\images\btn-gotostore.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.Shopzilla\images\btn-search.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.Shopzilla\images\coupon-activated.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.Shopzilla\images\delete.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.Shopzilla\images\loader.gif
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.Shopzilla\images\noimage.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.Shopzilla\images\power-by.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.Shopzilla\images\scrollb-disable.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.Shopzilla\images\scrollb-down.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.Shopzilla\images\scrollb.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.Shopzilla\images\scrollt-disable.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.Shopzilla\images\scrollt-down.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.Shopzilla\images\scrollt.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.Shopzilla\images\sprite.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.Shopzilla\images\sprite_OLD.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.Shopzilla\images\tab-arrow-hover.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.Shopzilla\images\tab-arrow.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.Shopzilla\images\tab-off-l.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.Shopzilla\images\tab-off-l_BAK.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.Shopzilla\images\tab-off-r.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.Shopzilla\images\tab-off-r_BAK.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.Shopzilla\images\tab-on-l.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.Shopzilla\images\tab-on-r.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.Shopzilla\images\tab-over-l.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.Shopzilla\images\tab-over-r.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.Shopzilla\images\tab-white-left.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.Shopzilla\images\tab-white-mdl.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.Shopzilla\images\tab-white-right.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.Shopzilla\images\vid-bg.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.Shopzilla\index.html
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.Shopzilla\jquery.contextMenu.css
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.Shopzilla\jquery.contextMenu.js
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.Shopzilla\js\jquery-1.4.2.min.js
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.Shopzilla\js\jquery.event.wheel.js
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.Shopzilla\js\jquery.paginate.js
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.Shopzilla\js\jquery.scrollTo-min.js
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.Shopzilla\js\JSON.js
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.Shopzilla\js\listnav.js
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.Shopzilla\js\main.js
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.Shopzilla\not_available.gif
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.Shopzilla\page_white_copy.gif
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.Shopzilla\panel.html
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.Shopzilla\partner.xml
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.Shopzilla\placeholder-logo.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.Shopzilla\pmfeed.xml
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.Shopzilla\shopping-hot.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.Shopzilla\skin\css\dialog.css
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.Shopzilla\skin\images\bg.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.Shopzilla\skin\images\btn-disablealert-over.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.Shopzilla\skin\images\btn-disablealert.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.Shopzilla\skin\images\btn-enablealert-over.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.Shopzilla\skin\images\btn-enablealert.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.Shopzilla\skin\images\btn-help-over.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.Shopzilla\skin\images\btn-help.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.Shopzilla\skin\images\btn-showalert-over.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.Shopzilla\skin\images\btn-showalert.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.Shopzilla\skin\images\btn-wide-close-over.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.Shopzilla\skin\images\btn-wide-close.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.Shopzilla\skin\images\default.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.Shopzilla\skin\images\logo-shopzilla.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.Shopzilla\skin\images\tb_icon.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.Shopzilla\skin\images\transparent.gif
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.Shopzilla\skin\images\win-btm-left.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.Shopzilla\skin\images\win-btm-mdl.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.Shopzilla\skin\images\win-btm-right-resize.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.Shopzilla\skin\images\win-btm-right.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.Shopzilla\skin\main.html
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.Shopzilla\skin\scripts\defscript.js
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.Shopzilla\tb_icon.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.Shopzilla\throbber.gif
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.Shopzilla\widget.js
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.Shopzilla\widget.xml
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.Shopzilla\widget_version.txt
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.WebTV\country.json
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.WebTV\css\dialog.css
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.WebTV\css\videoplayer.css
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.WebTV\favorites.json
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.WebTV\images\arrow-grey.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.WebTV\images\arrows_grey-left.gif
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.WebTV\images\arrows_grey-right.gif
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.WebTV\images\back.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.WebTV\images\btn-search-over.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.WebTV\images\btn-search.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.WebTV\images\delete.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.WebTV\images\scrollb-disable.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.WebTV\images\scrollb-down.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.WebTV\images\scrollb.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.WebTV\images\scrollt-disable.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.WebTV\images\scrollt-down.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.WebTV\images\scrollt.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.WebTV\images\star-grey.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.WebTV\images\star.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.WebTV\images\tab-arrow-hover.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.WebTV\images\tab-arrow.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.WebTV\images\tab-off-l.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.WebTV\images\tab-off-r.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.WebTV\images\tab-on-l.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.WebTV\images\tab-on-r.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.WebTV\images\tab-over-l.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.WebTV\images\tab-over-r.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.WebTV\images\tab-red-left.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.WebTV\images\tab-red-mdl.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.WebTV\images\tab-red-right.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.WebTV\images\tab-white-left.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.WebTV\images\tab-white-mdl.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.WebTV\images\tab-white-right.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.WebTV\images\throbber.gif
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.WebTV\images\vid-bg.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.WebTV\index.html
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.WebTV\js\function.js
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.WebTV\js\jquery-1.4.2.min.js
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.WebTV\js\jquery.autocomplete.min.js
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.WebTV\js\jquery.event.wheel.js
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.WebTV\js\jquery.jlembed.js
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.WebTV\js\jquery.scrollTo-min.js
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.WebTV\js\jquery.url.js
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.WebTV\js\JSON.js
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.WebTV\js\main.js
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.WebTV\js\videoplayer.js
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.WebTV\net.vmn.www.WebTV.zip
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.WebTV\skin\css\dialog.css
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.WebTV\skin\images\bg.gif
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.WebTV\skin\images\btn-search.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.WebTV\skin\images\btn-wide-close-over.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.WebTV\skin\images\btn-wide-close.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.WebTV\skin\images\default.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.WebTV\skin\images\Thumbs.db
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.WebTV\skin\images\transparent.gif
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.WebTV\skin\images\win-btm-left.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.WebTV\skin\images\win-btm-mdl.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.WebTV\skin\images\win-btm-right-resize.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.WebTV\skin\images\win-btm-right.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.WebTV\skin\main.html
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.WebTV\skin\scripts\defscript.js
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.WebTV\tb_icon.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.WebTV\videoplayer.html
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.WebTV\widget.js
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.WebTV\widget.xml
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.WebTV\widget_version.txt
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.YouTube_v2\css\autocomplete.css
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.YouTube_v2\css\dialog.css
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.YouTube_v2\images\arrow-grey.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.YouTube_v2\images\arrows_grey-left.gif
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.YouTube_v2\images\arrows_grey-right.gif
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.YouTube_v2\images\bg.gif
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.YouTube_v2\images\btn-search-over.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.YouTube_v2\images\btn-search.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.YouTube_v2\images\powered-by-youtube.gif
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.YouTube_v2\images\tab-off-l.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.YouTube_v2\images\tab-off-r.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.YouTube_v2\images\tab-on-l.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.YouTube_v2\images\tab-on-r.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.YouTube_v2\images\tab-red-left.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.YouTube_v2\images\tab-red-mdl.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.YouTube_v2\images\tab-red-right.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.YouTube_v2\images\tab-white-left.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.YouTube_v2\images\tab-white-mdl.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.YouTube_v2\images\tab-white-right.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.YouTube_v2\images\throbber.gif
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.YouTube_v2\images\vid-bg.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.YouTube_v2\images\youtube.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.YouTube_v2\index.html
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.YouTube_v2\js\autocomplete.js
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.YouTube_v2\js\jquery-1.4.3.min.js
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.YouTube_v2\js\paginator.js
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.YouTube_v2\js\youtube.js
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\css\dialog.css
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\bg.gif
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\btn-search.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\btn-wide-close-over.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\btn-wide-close.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\default.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\tab-off-l.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\tab-off-r.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\tab-on-l.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\tab-on-r.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\transparent.gif
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\win-btm-left.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\win-btm-mdl.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\win-btm-right-resize.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\win-btm-right.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\main.html
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\scripts\defscript.js
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.YouTube_v2\tb_icon.png
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.YouTube_v2\widget.js
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.YouTube_v2\widget.xml
c:\program files (x86)\searchresultstb\chrome\content\widgets\net.vmn.www.YouTube_v2\widget_version.txt
c:\program files (x86)\searchresultstb\chrome\data\search\engines.xml
c:\program files (x86)\searchresultstb\chrome\data\search\search.xsl
c:\program files (x86)\searchresultstb\chrome\locale\lib\de.js
c:\program files (x86)\searchresultstb\chrome\locale\lib\en.js
c:\program files (x86)\searchresultstb\chrome\locale\lib\es.js
c:\program files (x86)\searchresultstb\chrome\locale\lib\fr.js
c:\program files (x86)\searchresultstb\chrome\locale\lib\it.js
c:\program files (x86)\searchresultstb\chrome\locale\toolbar\de.js
c:\program files (x86)\searchresultstb\chrome\locale\toolbar\en.js
c:\program files (x86)\searchresultstb\chrome\locale\toolbar\es.js
c:\program files (x86)\searchresultstb\chrome\locale\toolbar\fr.js
c:\program files (x86)\searchresultstb\chrome\locale\toolbar\it.js
c:\program files (x86)\searchresultstb\chrome\skin\bluelite.gif
c:\program files (x86)\searchresultstb\chrome\skin\bluesky.gif
c:\program files (x86)\searchresultstb\chrome\skin\btn-search-de.png
c:\program files (x86)\searchresultstb\chrome\skin\btn-search-en.png
c:\program files (x86)\searchresultstb\chrome\skin\btn-search-es.png
c:\program files (x86)\searchresultstb\chrome\skin\btn-search-fr.png
c:\program files (x86)\searchresultstb\chrome\skin\btn-search-it.png
c:\program files (x86)\searchresultstb\chrome\skin\btn-search-over-de.png
c:\program files (x86)\searchresultstb\chrome\skin\btn-search-over-en.png
c:\program files (x86)\searchresultstb\chrome\skin\btn-search-over-es.png
c:\program files (x86)\searchresultstb\chrome\skin\btn-search-over-fr.png
c:\program files (x86)\searchresultstb\chrome\skin\btn-search-over-it.png
c:\program files (x86)\searchresultstb\chrome\skin\btn-settings-over.png
c:\program files (x86)\searchresultstb\chrome\skin\btn-settings.png
c:\program files (x86)\searchresultstb\chrome\skin\btn-widgets-over.png
c:\program files (x86)\searchresultstb\chrome\skin\btn-widgets.png
c:\program files (x86)\searchresultstb\chrome\skin\games.png
c:\program files (x86)\searchresultstb\chrome\skin\grey.gif
c:\program files (x86)\searchresultstb\chrome\skin\images.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\add.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\aol.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\arrow-dn.gif
c:\program files (x86)\searchresultstb\chrome\skin\lib\arrow-right-disabled.gif
c:\program files (x86)\searchresultstb\chrome\skin\lib\arrow-right.gif
c:\program files (x86)\searchresultstb\chrome\skin\lib\arrow-up.gif
c:\program files (x86)\searchresultstb\chrome\skin\lib\bg-btn-end.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\bg-btn-mdl.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\bg-btn-mdl_ff.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\bg-btn-start.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\bg-btnover-end.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\bg-btnover-mdl.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\bg-btnover-mdl_ff.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\bg-btnover-start.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\blank.gif
c:\program files (x86)\searchresultstb\chrome\skin\lib\btnback-down-vista.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\btnback-vista.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\btnleft-down-vista.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\btnleft-vista.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\btnright-down-vista.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\btnright-vista.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\button-splitter-down-vista.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\button-splitter-vista.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\checkmark.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\chevron.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\collapse.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\comcast.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\dtx.css
c:\program files (x86)\searchresultstb\chrome\skin\lib\edit-back-hot.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\edit-back.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\expand.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\found.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\gmail.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\highlight.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\highlight_blue.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\highlight_cyan.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\highlight_lime.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\highlight_magenta.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\highlight_yellow.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\hotmail.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\imap.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\lastsearch-thumb-back.gif
c:\program files (x86)\searchresultstb\chrome\skin\lib\loadingMid.gif
c:\program files (x86)\searchresultstb\chrome\skin\lib\lock.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\mailcom.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\menu_bg-basic.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\menu_separator_bar.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\menuitem-splitter.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\menuitemback-down-vista.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\menuitemback-vista.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\menuitemleft-down-vista.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\menuitemleft-vista.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\menuitemright-down-vista.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\menuitemright-vista.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\modify.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\move.gif
c:\program files (x86)\searchresultstb\chrome\skin\lib\movetarget.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\panels\css\popupAbout.css
c:\program files (x86)\searchresultstb\chrome\skin\lib\panels\css\popupGames.css
c:\program files (x86)\searchresultstb\chrome\skin\lib\panels\css\popupWidgets.css
c:\program files (x86)\searchresultstb\chrome\skin\lib\panels\default\css\dialog.css
c:\program files (x86)\searchresultstb\chrome\skin\lib\panels\default\images\bg.gif
c:\program files (x86)\searchresultstb\chrome\skin\lib\panels\default\images\btn-wide-close-over.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\panels\default\images\btn-wide-close.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\panels\default\images\default.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\panels\default\images\transparent.gif
c:\program files (x86)\searchresultstb\chrome\skin\lib\panels\default\images\win-btm-left.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\panels\default\images\win-btm-mdl.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\panels\default\images\win-btm-right-resize.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\panels\default\images\win-btm-right.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\panels\default\main.html
c:\program files (x86)\searchresultstb\chrome\skin\lib\panels\default\scripts\defscript.js
c:\program files (x86)\searchresultstb\chrome\skin\lib\panels\footer.htm
c:\program files (x86)\searchresultstb\chrome\skin\lib\panels\gamecategory.xsl
c:\program files (x86)\searchresultstb\chrome\skin\lib\panels\gameData.js
c:\program files (x86)\searchresultstb\chrome\skin\lib\panels\gameList.xsl
c:\program files (x86)\searchresultstb\chrome\skin\lib\panels\gametype.xsl
c:\program files (x86)\searchresultstb\chrome\skin\lib\panels\images\arrow-sml-drop.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\panels\images\arrow-sml.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\panels\images\arrowr-bluew5.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\panels\images\bg-aboutbox.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\panels\images\bg-btnover.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\panels\images\bg-pnl520x390.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\panels\images\btn-addtoolbar-left-over.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\panels\images\btn-addtoolbar-left.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\panels\images\btn-addtoolbar-right.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\panels\images\btn-close-grey.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\panels\images\btn-close-greyover.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\panels\images\btn-drag.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\panels\images\btn-mdl-over.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\panels\images\btn-mdl.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\panels\images\btn-next-over.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\panels\images\btn-next.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\panels\images\btn-play-left-over.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\panels\images\btn-play-left.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\panels\images\btn-previous-over.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\panels\images\btn-previous.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\panels\images\btn-right-over.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\panels\images\btn-search-pnlbtm-over.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\panels\images\btn-search-pnlbtm.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\panels\images\btn-try-left-over.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\panels\images\btn-try-left.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\panels\images\gamethumb-on.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\panels\images\gamethumb2-over.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\panels\images\ico-calendar.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\panels\images\ico-download.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\panels\images\ico-joystick24.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\panels\images\ico-play.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\panels\images\ico-tags.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\panels\images\icon-Add.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\panels\images\icon-download.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\panels\images\icon-Info.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\panels\images\icon-play.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\panels\images\icon-shop.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\panels\images\menul-bgon.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\panels\images\menul-bgover.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\panels\images\panel-botm-noscroll.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\panels\images\scroll-bg-206.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\panels\images\scroll-bg.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\panels\images\scroll-topwin.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\panels\images\scrollb-disable.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\panels\images\scrollb-down.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\panels\images\scrollb-over.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\panels\images\scrollb.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\panels\images\scrollt-disable.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\panels\images\scrollt-down.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\panels\images\scrollt-over.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\panels\images\scrollt.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\panels\images\searchbox-pnlbtm.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\panels\images\star_x_grey.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\panels\images\star_x_orange.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\panels\images\TRUSTe_about.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\panels\images\view-detailed-on.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\panels\images\view-detailed-over.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\panels\images\view-thumb-on.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\panels\images\view-thumb-over.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\panels\images\widgets-square-16px.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\panels\images\widgets-square-24px.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\panels\popupGames.html
c:\program files (x86)\searchresultstb\chrome\skin\lib\panels\popupWidgets.html
c:\program files (x86)\searchresultstb\chrome\skin\lib\pop.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\radio.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\reload.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\remove.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\rename.gif
c:\program files (x86)\searchresultstb\chrome\skin\lib\resize-box.gif
c:\program files (x86)\searchresultstb\chrome\skin\lib\rss.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\rsschannelback.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\RSSLogo.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\rsstabdivider.gif
c:\program files (x86)\searchresultstb\chrome\skin\lib\scroll-left.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\scroll-right.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\search-go.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\search.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\text-ellipsis.xml
c:\program files (x86)\searchresultstb\chrome\skin\lib\throbber.gif
c:\program files (x86)\searchresultstb\chrome\skin\lib\toolbarsplitter.gif
c:\program files (x86)\searchresultstb\chrome\skin\lib\transparent_1px.gif
c:\program files (x86)\searchresultstb\chrome\skin\lib\uwa\border_02.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\uwa\border_03.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\uwa\border_04.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\uwa\border_06.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\uwa\border_07.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\uwa\border_08.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\uwa\border_09.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\uwa\border_10.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\uwa\border_11.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\uwa\border_12.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\uwa\border_13.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\uwa\border_14.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\uwa\border_15.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\uwa\border_16.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\uwa\border_18.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\uwa\border_19.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\uwa\border_20.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\uwa\border_21.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\uwa\btn-close-grey.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\uwa\btn-close-greyover.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\uwa\close-hot.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\uwa\close-normal.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\uwa\loadingMid.gif
c:\program files (x86)\searchresultstb\chrome\skin\lib\uwa\proxy.html
c:\program files (x86)\searchresultstb\chrome\skin\lib\uwa\template.html
c:\program files (x86)\searchresultstb\chrome\skin\lib\uwa\template.xml
c:\program files (x86)\searchresultstb\chrome\skin\lib\uwa\templateFF.html
c:\program files (x86)\searchresultstb\chrome\skin\lib\uwa\throbber.gif
c:\program files (x86)\searchresultstb\chrome\skin\lib\weatherbutton\icons\cond999.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\weatherbutton\icons\icons.xml
c:\program files (x86)\searchresultstb\chrome\skin\lib\weatherbutton\icons\na-s.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\weatherbutton\icons\na.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\weatherbutton\icons\weather.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\weatherbutton\panels\images\add.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\weatherbutton\panels\images\arrowr-bluew5.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\weatherbutton\panels\images\bg-pnl.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue-whitebg.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\weatherbutton\panels\images\box-check.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\weatherbutton\panels\images\box-uncheck.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\weatherbutton\panels\images\btn-close-grey.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\weatherbutton\panels\images\btn-close-greyover.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\weatherbutton\panels\images\btn-delete.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next-off.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous-off.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\weatherbutton\panels\images\ico-check.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid-s.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\weatherbutton\panels\images\options-weather.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\weatherbutton\panels\images\over-blue.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\weatherbutton\panels\images\over-orange.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug2.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\weatherbutton\panels\images\radio-checked.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\weatherbutton\panels\images\radio-unchecked.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\weatherbutton\panels\images\searchbox-pnlbtm.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\weatherbutton\panels\images\weather-contour.png
c:\program files (x86)\searchresultstb\chrome\skin\lib\weatherbutton\panels\popupWeather.css
c:\program files (x86)\searchresultstb\chrome\skin\lib\weatherbutton\panels\popupWeather.html
c:\program files (x86)\searchresultstb\chrome\skin\lib\yahoo.png
c:\program files (x86)\searchresultstb\chrome\skin\lichen.gif
c:\program files (x86)\searchresultstb\chrome\skin\logo-about.png
c:\program files (x86)\searchresultstb\chrome\skin\logo-over.png
c:\program files (x86)\searchresultstb\chrome\skin\logo.png
c:\program files (x86)\searchresultstb\chrome\skin\modify-save.png
c:\program files (x86)\searchresultstb\chrome\skin\modify.png
c:\program files (x86)\searchresultstb\chrome\skin\options\options-main.png
c:\program files (x86)\searchresultstb\chrome\skin\options\options-search.png
c:\program files (x86)\searchresultstb\chrome\skin\options\options-weather.png
c:\program files (x86)\searchresultstb\chrome\skin\options\options-widgets.png
c:\program files (x86)\searchresultstb\chrome\skin\orange.gif
c:\program files (x86)\searchresultstb\chrome\skin\searchresultstb.css
c:\program files (x86)\searchresultstb\chrome\skin\skin-bluelite.png
c:\program files (x86)\searchresultstb\chrome\skin\skin-bluesky.png
c:\program files (x86)\searchresultstb\chrome\skin\skin-grey.png
c:\program files (x86)\searchresultstb\chrome\skin\skin-lichen.png
c:\program files (x86)\searchresultstb\chrome\skin\skin-orange.png
c:\program files (x86)\searchresultstb\chrome\skin\skin-yellow.png
c:\program files (x86)\searchresultstb\chrome\skin\throbber.gif
c:\program files (x86)\searchresultstb\chrome\skin\toolbarsplitter.png
c:\program files (x86)\searchresultstb\chrome\skin\video.png
c:\program files (x86)\searchresultstb\chrome\skin\web.png
c:\program files (x86)\searchresultstb\chrome\skin\yellow.gif
c:\program files (x86)\searchresultstb\components\windowmediator.js
c:\program files (x86)\searchresultstb\dtUser.exe
c:\program files (x86)\searchresultstb\install.ico
c:\program files (x86)\searchresultstb\manifest.xml
c:\program files (x86)\searchresultstb\searchresultsDx.dll
c:\program files (x86)\searchresultstb\searchresultstb.dll
c:\program files (x86)\searchresultstb\uninstall.exe
c:\users\Renae\AppData\Roaming\Gasoun
c:\users\Renae\AppData\Roaming\Gasoun\iftea.aku
c:\users\Renae\AppData\Roaming\Kode
c:\users\Renae\AppData\Roaming\Kode\owal.yta
c:\users\Renae\AppData\Roaming\Leumhu
c:\users\Renae\AppData\Roaming\Leumhu\awwi.duk
c:\users\Renae\AppData\Roaming\Meidyh
c:\users\Renae\AppData\Roaming\Meidyh\pior.ebi
c:\users\Renae\AppData\Roaming\Uruwot
c:\users\Renae\AppData\Roaming\Veam
c:\users\Renae\AppData\Roaming\Veam\vuic.eno
c:\users\Renae\AppData\Roaming\Zuixu
c:\users\Renae\AppData\Roaming\Zuixu\baade.nyu
c:\users\Renae\AppData\Roaming\Zuixu\baade.tmp
c:\progra~3\browse~1\261339~1.144 . . . . Failed to delete
c:\progra~3\browse~1\261339~1.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\bl . . . . Failed to delete
c:\progra~3\browse~1\261339~1.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll . . . . Failed to delete
c:\progra~3\browse~1\261339~1.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe . . . . Failed to delete
c:\progra~3\browse~1\261339~1.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.settings . . . . Failed to delete
c:\progra~3\browse~1\261339~1.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\dm . . . . Failed to delete
c:\progra~3\browse~1\261339~1.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\bprotector.js . . . . Failed to delete
c:\progra~3\browse~1\261339~1.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\00 . . . . Failed to delete
c:\progra~3\browse~1\261339~1.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\01 . . . . Failed to delete
c:\progra~3\browse~1\261339~1.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\02 . . . . Failed to delete
c:\progra~3\browse~1\261339~1.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\03 . . . . Failed to delete
c:\progra~3\browse~1\261339~1.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\10 . . . . Failed to delete
c:\progra~3\browse~1\261339~1.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\11 . . . . Failed to delete
c:\progra~3\browse~1\261339~1.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\12 . . . . Failed to delete
c:\progra~3\browse~1\261339~1.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\13 . . . . Failed to delete
c:\progra~3\browse~1\261339~1.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\20 . . . . Failed to delete
c:\progra~3\browse~1\261339~1.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\21 . . . . Failed to delete
c:\progra~3\browse~1\261339~1.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\22 . . . . Failed to delete
c:\progra~3\browse~1\261339~1.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\23 . . . . Failed to delete
c:\progra~3\browse~1\261339~1.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe . . . . Failed to delete
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_X6VA011
-------\Service_X6va011
.
.
((((((((((((((((((((((((( Files Created from 2013-05-19 to 2013-06-19 )))))))))))))))))))))))))))))))
.
.
2013-06-19 13:27 . 2013-06-19 13:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-19 12:11 . 2013-06-19 12:11 964552 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FF0BBCD9-BF44-431C-AFCC-FA321D2046BB}\gapaengine.dll
2013-06-19 12:11 . 2013-06-12 03:08 9552976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{55CD88D5-170E-45D4-8F00-B5122EC58188}\mpengine.dll
2013-06-18 08:19 . 2013-06-12 03:08 9552976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-06-16 12:23 . 2013-06-16 12:23 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2013-06-16 12:23 . 2013-06-16 12:24 -------- d-----w- c:\program files\Microsoft Security Client
2013-06-16 12:23 . 2013-06-16 12:24 -------- d-----w- C:\7ed9d63675bd466ab9ac0a5eaa5db4
2013-06-13 14:24 . 2013-05-17 01:25 257536 ----a-w- c:\program files (x86)\Internet Explorer\ieproxy.dll
2013-06-13 09:43 . 2013-05-08 06:39 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-06-13 09:40 . 2013-04-26 05:51 751104 ----a-w- c:\windows\system32\win32spl.dll
2013-06-13 09:40 . 2013-04-26 04:55 492544 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-06-13 09:40 . 2013-05-10 05:49 30720 ----a-w- c:\windows\system32\cryptdlg.dll
2013-06-13 09:40 . 2013-05-10 03:20 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll
2013-06-13 09:39 . 2013-04-17 07:02 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2013-06-13 09:39 . 2013-04-17 06:24 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-06-13 09:35 . 2013-05-13 03:43 1192448 ----a-w- c:\windows\system32\certutil.exe
2013-06-13 09:35 . 2013-05-13 03:08 903168 ----a-w- c:\windows\SysWow64\certutil.exe
2013-06-13 09:35 . 2013-05-13 05:51 1464320 ----a-w- c:\windows\system32\crypt32.dll
2013-06-13 09:35 . 2013-05-13 05:51 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-06-13 09:35 . 2013-05-13 05:51 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-06-13 09:35 . 2013-05-13 04:45 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-06-13 09:35 . 2013-05-13 04:45 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-06-13 09:35 . 2013-05-13 05:50 52224 ----a-w- c:\windows\system32\certenc.dll
2013-06-13 09:35 . 2013-05-13 04:45 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-06-13 09:35 . 2013-05-13 03:08 43008 ----a-w- c:\windows\SysWow64\certenc.dll
2013-06-13 09:34 . 2013-04-25 23:30 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll
2013-06-13 09:34 . 2013-03-31 22:52 1887232 ----a-w- c:\windows\system32\d3d11.dll
2013-06-08 04:36 . 2013-04-22 07:46 74560 ----a-w- c:\windows\system32\drivers\McPvDrv.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-13 14:25 . 2012-11-24 08:31 75825640 ----a-w- c:\windows\system32\MRT.exe
2013-06-13 09:38 . 2012-09-18 05:01 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-13 09:38 . 2012-09-18 05:01 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-09 06:38 . 2012-09-28 01:56 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-02 15:29 . 2012-09-18 04:44 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-05-01 04:17 . 2013-05-01 04:17 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-05-01 04:17 . 2013-05-01 04:17 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-05-01 04:17 . 2013-05-01 04:17 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-05-01 04:17 . 2013-05-01 04:17 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-05-01 04:17 . 2013-05-01 04:17 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-05-01 04:17 . 2013-05-01 04:17 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-05-01 04:17 . 2013-05-01 04:17 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-05-01 04:17 . 2013-05-01 04:17 81408 ----a-w- c:\windows\system32\icardie.dll
2013-05-01 04:17 . 2013-05-01 04:17 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-05-01 04:17 . 2013-05-01 04:17 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-05-01 04:17 . 2013-05-01 04:17 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-05-01 04:17 . 2013-05-01 04:17 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-05-01 04:17 . 2013-05-01 04:17 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-05-01 04:17 . 2013-05-01 04:17 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-05-01 04:17 . 2013-05-01 04:17 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-05-01 04:17 . 2013-05-01 04:17 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-05-01 04:17 . 2013-05-01 04:17 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-05-01 04:17 . 2013-05-01 04:17 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-05-01 04:17 . 2013-05-01 04:17 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-05-01 04:17 . 2013-05-01 04:17 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-05-01 04:17 . 2013-05-01 04:17 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-05-01 04:17 . 2013-05-01 04:17 441856 ----a-w- c:\windows\system32\html.iec
2013-05-01 04:17 . 2013-05-01 04:17 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-05-01 04:17 . 2013-05-01 04:17 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-05-01 04:17 . 2013-05-01 04:17 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-05-01 04:17 . 2013-05-01 04:17 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-05-01 04:17 . 2013-05-01 04:17 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-05-01 04:17 . 2013-05-01 04:17 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-05-01 04:17 . 2013-05-01 04:17 235008 ----a-w- c:\windows\system32\url.dll
2013-05-01 04:17 . 2013-05-01 04:17 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-05-01 04:17 . 2013-05-01 04:17 216064 ----a-w- c:\windows\system32\msls31.dll
2013-05-01 04:17 . 2013-05-01 04:17 197120 ----a-w- c:\windows\system32\msrating.dll
2013-05-01 04:17 . 2013-05-01 04:17 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-05-01 04:17 . 2013-05-01 04:17 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-05-01 04:17 . 2013-05-01 04:17 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-05-01 04:17 . 2013-05-01 04:17 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-05-01 04:17 . 2013-05-01 04:17 149504 ----a-w- c:\windows\system32\occache.dll
2013-05-01 04:17 . 2013-05-01 04:17 144896 ----a-w- c:\windows\system32\wextract.exe
2013-05-01 04:17 . 2013-05-01 04:17 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-05-01 04:17 . 2013-05-01 04:17 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-05-01 04:17 . 2013-05-01 04:17 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-05-01 04:17 . 2013-05-01 04:17 13824 ----a-w- c:\windows\system32\mshta.exe
2013-05-01 04:17 . 2013-05-01 04:17 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-05-01 04:17 . 2013-05-01 04:17 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-05-01 04:17 . 2013-05-01 04:17 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-05-01 04:17 . 2013-05-01 04:17 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-05-01 04:17 . 2013-05-01 04:17 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-05-01 04:17 . 2013-05-01 04:17 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-05-01 04:17 . 2013-05-01 04:17 102912 ----a-w- c:\windows\system32\inseng.dll
2013-05-01 04:15 . 2013-05-01 04:15 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-01 04:15 . 2013-05-01 04:15 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-01 04:15 . 2013-05-01 04:15 648192 ----a-w- c:\windows\system32\d3d10level9.dll
2013-05-01 04:15 . 2013-05-01 04:15 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2013-05-01 04:15 . 2013-05-01 04:15 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-05-01 04:15 . 2013-05-01 04:15 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-05-01 04:15 . 2013-05-01 04:15 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-05-01 04:15 . 2013-05-01 04:15 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-05-01 04:15 . 2013-05-01 04:15 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-05-01 04:15 . 2013-05-01 04:15 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-05-01 04:15 . 2013-05-01 04:15 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-05-01 04:15 . 2013-05-01 04:15 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-05-01 04:15 . 2013-05-01 04:15 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-05-01 04:15 . 2013-05-01 04:15 3928064 ----a-w- c:\windows\system32\d2d1.dll
2013-05-01 04:15 . 2013-05-01 04:15 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2013-05-01 04:15 . 2013-05-01 04:15 363008 ----a-w- c:\windows\system32\dxgi.dll
2013-05-01 04:15 . 2013-05-01 04:15 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-05-01 04:15 . 2013-05-01 04:15 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-05-01 04:15 . 2013-05-01 04:15 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2013-05-01 04:15 . 2013-05-01 04:15 333312 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-05-01 04:15 . 2013-05-01 04:15 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-05-01 04:15 . 2013-05-01 04:15 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-05-01 04:15 . 2013-05-01 04:15 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-05-01 04:15 . 2013-05-01 04:15 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-05-01 04:15 . 2013-05-01 04:15 296960 ----a-w- c:\windows\system32\d3d10core.dll
2013-05-01 04:15 . 2013-05-01 04:15 293376 ----a-w- c:\windows\SysWow64\dxgi.dll
2013-05-01 04:15 . 2013-05-01 04:15 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2013-05-01 04:15 . 2013-05-01 04:15 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2013-05-01 04:15 . 2013-05-01 04:15 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-05-01 04:15 . 2013-05-01 04:15 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-05-01 04:15 . 2013-05-01 04:15 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2013-05-01 04:15 . 2013-05-01 04:15 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2013-05-01 04:15 . 2013-05-01 04:15 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2013-05-01 04:15 . 2013-05-01 04:15 221184 ----a-w- c:\windows\system32\UIAnimation.dll
2013-05-01 04:15 . 2013-05-01 04:15 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll
2013-05-01 04:15 . 2013-05-01 04:15 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll
2013-05-01 04:15 . 2013-05-01 04:15 1988096 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2013-05-01 04:15 . 2013-05-01 04:15 194560 ----a-w- c:\windows\system32\d3d10_1.dll
2013-05-01 04:15 . 2013-05-01 04:15 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll
2013-05-01 04:15 . 2013-05-01 04:15 1682432 ----a-w- c:\windows\system32\XpsPrint.dll
2013-05-01 04:15 . 2013-05-01 04:15 1643520 ----a-w- c:\windows\system32\DWrite.dll
2013-05-01 04:15 . 2013-05-01 04:15 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2013-05-01 04:15 . 2013-05-01 04:15 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
2013-05-01 04:15 . 2013-05-01 04:15 1238528 ----a-w- c:\windows\system32\d3d10.dll
2013-05-01 04:15 . 2013-05-01 04:15 1175552 ----a-w- c:\windows\system32\FntCache.dll
2013-05-01 04:15 . 2013-05-01 04:15 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12 130736 ----a-w- c:\users\Renae\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12 130736 ----a-w- c:\users\Renae\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12 130736 ----a-w- c:\users\Renae\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12 130736 ----a-w- c:\users\Renae\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-09-18 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-02-28 454600]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-09-28 642728]
"mcpltui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-02-28 454600]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-24 421888]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe" [2012-09-23 3477640]
.
c:\users\Renae\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Renae\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 FileMonitor;FileMonitor;c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys;c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [x]
R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys;c:\windows\SYSNATIVE\drivers\HipShieldK.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\DRIVERS\mfencrk.sys;c:\windows\SYSNATIVE\DRIVERS\mfencrk.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RegFilter;RegFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 UrlFilter;UrlFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys;c:\windows\SYSNATIVE\Drivers\SmartDefragDriver.sys [x]
S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys;c:\windows\SYSNATIVE\DRIVERS\hssdrv6.sys [x]
S1 MOBKFilter;MOBKFilter;c:\windows\system32\DRIVERS\MOBK.sys;c:\windows\SYSNATIVE\DRIVERS\MOBK.sys [x]
S2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files (x86)\IObit\Advanced SystemCare 6\ASCService.exe;c:\program files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_42d83e1760b1e973\AESTSr64.exe;c:\windows\SYSNATIVE\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_42d83e1760b1e973\AESTSr64.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 BrowserProtect;BrowserProtect;c:\programdata\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe;c:\programdata\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [x]
S2 HomeNetSvc;McAfee Home Network;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 hshld;Hotspot Shield Service;c:\program files (x86)\Hotspot Shield\bin\openvpnas.exe;c:\program files (x86)\Hotspot Shield\bin\openvpnas.exe [x]
S2 IMFservice;IMF Service;c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe;c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [x]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 mcpltsvc;McAfee Platform Services;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 McPvDrv;McPvDrv Driver;c:\windows\system32\drivers\McPvDrv.sys;c:\windows\SYSNATIVE\drivers\McPvDrv.sys [x]
S2 mfecore;McAfee Anti-Malware Core;c:\program files\Common Files\McAfee\AMCore\mcshield.exe;c:\program files\Common Files\McAfee\AMCore\mcshield.exe [x]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x]
S2 MOBKbackup;McAfee Online Backup;c:\program files (x86)\McAfee Online Backup\MOBKbackup.exe;c:\program files (x86)\McAfee Online Backup\MOBKbackup.exe [x]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys;c:\windows\SYSNATIVE\DRIVERS\rimspe64.sys [x]
S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys;c:\windows\SYSNATIVE\DRIVERS\risdpe64.sys [x]
S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys;c:\windows\SYSNATIVE\DRIVERS\rixdpe64.sys [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys;c:\windows\SYSNATIVE\drivers\cfwids.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys;c:\windows\SYSNATIVE\drivers\mfefirek.sys [x]
S3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\DRIVERS\mfencbdc.sys;c:\windows\SYSNATIVE\DRIVERS\mfencbdc.sys [x]
S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-08 04:28 1165776 ----a-w- c:\program files (x86)\Google\Chrome\Application\27.0.1453.110\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-18 09:38]
.
2013-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-18 05:01]
.
2013-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-18 05:01]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12 164016 ----a-w- c:\users\Renae\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12 164016 ----a-w- c:\users\Renae\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12 164016 ----a-w- c:\users\Renae\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12 164016 ----a-w- c:\users\Renae\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]
@="{3c3f3c1a-9153-7c05-f938-622e7003894d}"
[HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]
2010-04-13 12:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]
@="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"
[HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]
2010-04-13 12:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]
@="{b4caf489-1eec-c617-49ad-8d7088598c06}"
[HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]
2010-04-13 12:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-12-14 487424]
"Broadcom Wireless Manager UI"="CARD\WLTRAY.EXE" [BU]
"SynTPEnh"="H.EXE" [BU]
"AdobeAAMUpdater-1.0"="FILES\ADOBE\OOBE\PDAPP\UWA\UPDATERSTARTUPUTILITY.EXE" [BU]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 10.1.1.1
FF - ProfilePath - c:\users\Renae\AppData\Roaming\Mozilla\Firefox\Profiles\mhnrlle8.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com.au/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{4D6A9BBF-402C-4301-B1EF-28D04F71D761} - c:\program files (x86)\mixidj\mixidj\1.8.4.1\bh\mixidj.dll
BHO-{B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD} - c:\program files (x86)\searchresultstb\searchresultsDx.dll
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files (x86)\Ask.com\GenericAskToolbar.dll
BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - c:\program files (x86)\Hotspot Shield\HssIE\HssIE.dll
Toolbar-{CA9B9C89-4662-4ADC-9C23-A452BECD5D19} - c:\program files (x86)\mixidj\mixidj\1.8.4.1\mixidjTlbr.dll
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-mixidj - c:\program files (x86)\mixidj\mixidj\1.8.4.1\GUninstaller.exe
AddRemove-searchresultstb - c:\program files (x86)\searchresultstb\uninstall.exe
AddRemove-{79A765E1-C399-405B-85AF-466F52E918B0} - c:\program files (x86)\Ask.com\Updater\Updater.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4045612348-2397635227-3809935073-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-4045612348-2397635227-3809935073-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\windows\SysWOW64\rundll32.exe
c:\users\Renae\AppData\Roaming\Dropbox\bin\Dropbox.exe
.
**************************************************************************
.
Completion time: 2013-06-19 21:40:49 - machine was rebooted
ComboFix-quarantined-files.txt 2013-06-19 13:40
ComboFix2.txt 2013-06-19 12:20
.
Pre-Run: 385,381,179,392 bytes free
Post-Run: 384,880,316,416 bytes free
.
- - End Of File - - 4EDC24B69856D7662C4A8FD690CBD98B
A36C5E4F47E84449FF07ED3517B43A31

 

 

 

I tried to install Malwarebytes but an error occurred (i have attached a screen shot of the error)

 

Thanks

Attached Files



#8 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:33 PM

Posted 19 June 2013 - 11:39 PM

Scan with adwCleaner


Please download AdwCleaner to your desktop.


  • Run adwcleaner.exe.
  • Hit delete.
  • When the run is finished, it will open up a text file.
  • Please post its contents within your next reply.
  • You´ll find the log file at C:\AdwCleaner[S1].txt also.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#9 roberena

roberena
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Australia
  • Local time:12:33 AM

Posted 20 June 2013 - 02:04 AM

# AdwCleaner v2.303 - Logfile created 06/20/2013 at 14:57:23
# Updated 08/06/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Renae - RENAE
# Boot Mode : Normal
# Running from : C:\Users\Renae\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : BrowserProtect

***** [Files / Folders] *****

File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
File Deleted : C:\Users\Renae\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
File Deleted : C:\Users\Renae\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
File Deleted : C:\Users\Renae\AppData\Roaming\Mozilla\Firefox\Profiles\mhnrlle8.default\bprotector_extensions.sqlite
File Deleted : C:\Users\Renae\AppData\Roaming\Mozilla\Firefox\Profiles\mhnrlle8.default\bprotector_prefs.js
File Deleted : C:\Users\Renae\AppData\Roaming\Mozilla\Firefox\Profiles\mhnrlle8.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
File Deleted : C:\Users\Renae\AppData\Roaming\Mozilla\Firefox\Profiles\mhnrlle8.default\searchplugins\Babylon.xml
File Deleted : C:\Users\Renae\AppData\Roaming\Mozilla\Firefox\Profiles\mhnrlle8.default\searchplugins\BrowserProtect.xml
File Deleted : C:\Users\Renae\AppData\Roaming\Mozilla\Firefox\Profiles\mhnrlle8.default\searchplugins\mixidj.xml
Folder Deleted : C:\Program Files (x86)\1ClickDownload
Folder Deleted : C:\Program Files (x86)\Mozilla Firefox\Extensions\ffxtlbr@babylon.com
Folder Deleted : C:\Program Files (x86)\SweetIM
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\BrowserProtect
Folder Deleted : C:\Users\Renae\AppData\Local\APN
Folder Deleted : C:\Users\Renae\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Folder Deleted : C:\Users\Renae\AppData\Local\Zoom_Downloader
Folder Deleted : C:\Users\Renae\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Renae\AppData\LocalLow\mixidj
Folder Deleted : C:\Users\Renae\AppData\LocalLow\searchresultstb
Folder Deleted : C:\Users\Renae\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Renae\AppData\Roaming\Mozilla\Firefox\Profiles\mhnrlle8.default\extensions\toolbar@ask.com
Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registry] *****

Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\searchresultstb
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4D6A9BBF-402C-4301-B1EF-28D04F71D761}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CA9B9C89-4662-4ADC-9C23-A452BECD5D19}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4D6A9BBF-402C-4301-B1EF-28D04F71D761}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA9B9C89-4662-4ADC-9C23-A452BECD5D19}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\mixidj
Key Deleted : HKCU\Software\searchresultstb
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\5248adfb63dec45
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\Software\APN
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\mixidj.mixidjappCore
Key Deleted : HKLM\SOFTWARE\Classes\mixidj.mixidjappCore.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Key Deleted : HKLM\Software\mixidj
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\SOFTWARE\Wow6432Node\5248adfb63dec45
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4D6A9BBF-402C-4301-B1EF-28D04F71D761}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CA9B9C89-4662-4ADC-9C23-A452BECD5D19}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\kpepfkjapeclaafmhoelccknpfedainn
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4D6A9BBF-402C-4301-B1EF-28D04F71D761}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2F603A45-D956-496B-81B5-50D782424976}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B85C4CB2-B352-4BD8-818C-BCE353599107}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\mixidj
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\searchresultstb
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2F603A45-D956-496B-81B5-50D782424976}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B85C4CB2-B352-4BD8-818C-BCE353599107}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{CA9B9C89-4662-4ADC-9C23-A452BECD5D19}]

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16611

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.2 (en-US)

File : C:\Users\Renae\AppData\Roaming\Mozilla\Firefox\Profiles\mhnrlle8.default\prefs.js

C:\Users\Renae\AppData\Roaming\Mozilla\Firefox\Profiles\mhnrlle8.default\user.js ... Deleted !

Deleted : user_pref("avg.install.userHPSettings", "hxxp://mixidj.delta-search.com/?affID=121124&babsrc=HP_ss&m[...]
Deleted : user_pref("browser.newtab.url", "hxxp://mixidj.delta-search.com/?affID=121124&babsrc=NT_ss&mntrId=92[...]
Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Deleted : user_pref("sweetim.toolbar.urls.homepage", "hxxp://home.sweetim.com/?crg=3.1010000.10011&barid={134F[...]

-\\ Google Chrome v27.0.1453.110

File : C:\Users\Renae\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.2204] : homepage = "hxxp://mixidj.delta-search.com/?affID=121124&babsrc=HP_ss&mntrId=92D600FF51DC0E71",
Deleted [l.2499] : urls_to_restore_on_startup = [ "hxxp://mixidj.delta-search.com/?affID=121124&babsrc=HP_ss&mnt[...]

-\\ Opera v12.15.1748.0

File : C:\Users\Renae\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [12361 octets] - [20/06/2013 14:57:23]

########## EOF - C:\AdwCleaner[S1].txt - [12422 octets] ##########



#10 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:33 PM

Posted 20 June 2013 - 02:08 AM

Try again to run MBAM.

If the error still occurs, do the following:

 

 

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)

  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#11 roberena

roberena
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Australia
  • Local time:12:33 AM

Posted 20 June 2013 - 02:19 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-06-2013
Ran by Renae (administrator) on 20-06-2013 15:13:10
Running from C:\Users\Renae\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_42d83e1760b1e973\STacSV64.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
() C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
(Dell Inc.) C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_42d83e1760b1e973\AESTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
(AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Windows\system32\mfevtps.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(McAfee, Inc.) C:\PROGRA~1\McAfee\MSC\McAPExe.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Dropbox, Inc.) C:\Users\Renae\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Opera Software) C:\Program Files (x86)\Opera\opera.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunes.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
(Last.fm) C:\Program Files (x86)\Last.fm\Last.fm Scrobbler.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(McAfee, Inc.) C:\Program Files\McAfee\MAT\McPvTray.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [487424 2009-12-14] (IDT, Inc.)
HKLM\...\Run: [Broadcom Wireless Manager UI] CARD\WLTRAY.EXE [x]
HKLM\...\Run: [SynTPEnh] H.EXE [x]
HKLM\...\Run: [AdobeAAMUpdater-1.0] FILES\ADOBE\OOBE\PDAPP\UWA\UPDATERSTARTUPUTILITY.EXE" [x]
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1281512 2013-01-27] (Microsoft Corporation)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\896\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
HKCU\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2012-09-18] (Google Inc.)
HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-09-09] (Apple Inc.)
HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [454600 2013-02-28] (McAfee, Inc.)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [642728 2012-09-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [mcpltui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [454600 2013-02-28] (McAfee, Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe" [3477640 2012-09-23] (Adobe Systems Inc.)
Startup: C:\Users\Renae\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Renae\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Adobe Acrobat Create PDF Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Adobe Acrobat Create PDF from Selection - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\PROGRA~1\mcafee\msc\MCSNIE~1.DLL (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\PROGRA~2\mcafee\msc\mcsniepl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 10.1.1.1

FireFox:
========
FF ProfilePath: C:\Users\Renae\AppData\Roaming\Mozilla\Firefox\Profiles\mhnrlle8.default
FF Homepage: https://www.google.com.au/
FF Keyword.URL: hxxp://search.yahoo.com/search?fr=mcafee&p=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @java.com/DTPlugin,version=10.6.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.6.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Windows\system32\C2MP\npdivx32.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_37 - C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @mcafee.com/MVT - C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll (McAfee, Inc.)
FF Plugin-x32: @mcafee.com/SAFFPlugin - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Extension: MixiDJ Toolbar - C:\Users\Renae\AppData\Roaming\Mozilla\Firefox\Profiles\mhnrlle8.default\Extensions\ffxtlbr@mixidj.com

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR DefaultSearchURL: (McAfee) - http://search.yahoo.com/search?fr=mcafee&p={searchTerms}
CHR DefaultSuggestURL: (McAfee) - "suggest_url": ""
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\pdf.dll ()
CHR Plugin: (registryAccess) - C:\Users\Renae\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaojdbdbhbbkpenbmlejjngphokgnp\7.17.3.0_1\background/registryAccess.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Renae\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.61.113.2_0\McChPlg.dll (McAfee, Inc.)
CHR Plugin: (Free Download Manager Click Catcher Plug-In for Netscape, Opera, Mozilla) - C:\Program Files (x86)\Google\Chrome\Application\plugins\npfdm.dll (FreeDownloadManager.org)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (AdobeAAMDetect) - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Java™ Platform SE 6 U37) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
CHR Plugin: (McAfee Virtual Technician) - C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll (McAfee, Inc.)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Nexon Game Controller) - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
CHR Plugin: (Unity Player) - C:\Users\Renae\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.370.6) - C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (DivX Web Player) - C:\Windows\system32\C2MP\npdivx32.dll No File
CHR Plugin: (McAfee SecurityCenter) - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
CHR Extension: (Ask Toolbar) - C:\Users\Renae\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaojdbdbhbbkpenbmlejjngphokgnp\7.17.3.41939_0
CHR Extension: (Adobe Acrobat - Create PDF) - C:\Users\Renae\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\11.0.0.379_1
CHR Extension: (SiteAdvisor) - C:\Users\Renae\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.6.2.1341
CHR Extension: (Torrent Handler) - C:\Users\Renae\AppData\Local\Google\Chrome\User Data\Default\Extensions\hphibigbodkkohoglgfkddblldpfohjl\1.1_1

==================== Services (Whitelisted) =================

R2 AdvancedSystemCareService6; C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [464256 2012-10-31] (IObit)
R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_42d83e1760b1e973\AESTSr64.exe [89600 2009-03-03] (Andrea Electronics Corporation)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [221296 2013-03-05] (McAfee, Inc.)
R2 hshld; C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe [527216 2012-11-02] (AnchorFree Inc.)
S3 HssTrayService; C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE [78072 2012-11-02] ()
R2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [821592 2012-01-09] (IObit)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [221296 2013-03-05] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [221296 2013-03-05] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [388680 2013-03-01] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [221296 2013-03-05] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [221296 2013-03-05] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1017016 2013-02-28] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218760 2013-04-03] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-04-03] (McAfee, Inc.)
R2 MOBKbackup; C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe [231224 2010-04-13] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [221296 2013-03-05] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_42d83e1760b1e973\STacSV64.exe [244736 2009-12-14] (IDT, Inc.)
R2 wltrysvc; C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE [33280 2009-07-17] ()

==================== Drivers (Whitelisted) ====================

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-04-03] (McAfee, Inc.)
S3 FileMonitor; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [21384 2012-01-05] (IObit)
S3 FileMonitor; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [21384 2012-01-05] (IObit)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197264 2012-05-28] (McAfee, Inc.)
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [42248 2012-11-02] (AnchorFree Inc.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R2 McPvDrv; C:\Windows\System32\drivers\McPvDrv.sys [74560 2013-04-22] (McAfee, Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179664 2013-04-03] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [309968 2013-04-03] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [516608 2013-04-03] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [772944 2013-04-03] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [337120 2013-02-18] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [95856 2013-02-18] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [342416 2013-04-03] (McAfee, Inc.)
R1 MOBKFilter; C:\Windows\System32\DRIVERS\MOBK.sys [66040 2010-04-13] (Mozy, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
S3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [33224 2012-07-05] (IObit.com)
S3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [33224 2012-07-05] (IObit.com)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [17720 2010-11-26] ()
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [40712 2012-11-02] (Anchorfree Inc.)
S3 UrlFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [21904 2012-07-05] (IObit.com)
S3 UrlFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [21904 2012-07-05] (IObit.com)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-20 15:12 - 2013-06-20 15:12 - 00000000 ____D C:\FRST
2013-06-20 15:11 - 2013-06-20 15:12 - 01929572 ____A (Farbar) C:\Users\Renae\Desktop\FRST64.exe
2013-06-20 14:57 - 2013-06-20 14:59 - 00012468 ____A C:\AdwCleaner[S1].txt
2013-06-20 14:56 - 2013-06-20 14:56 - 00648201 ____A C:\Users\Renae\Desktop\adwcleaner.exe
2013-06-19 22:25 - 2013-06-19 22:30 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\Renae\Desktop\mbam-setup-1.75.0.1300.exe
2013-06-19 22:23 - 2013-06-19 22:23 - 00095930 ____A C:\Users\Renae\Desktop\ComboFix2.txt
2013-06-19 21:40 - 2013-06-19 21:40 - 00095930 ____A C:\ComboFix.txt
2013-06-19 20:23 - 2013-06-19 20:23 - 00039328 ____A C:\Users\Renae\Desktop\ComboFix.txt
2013-06-19 19:36 - 2011-06-26 14:45 - 00256000 ____A C:\Windows\PEV.exe
2013-06-19 19:36 - 2010-11-08 01:20 - 00208896 ____A C:\Windows\MBR.exe
2013-06-19 19:36 - 2009-04-20 12:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-06-19 19:36 - 2000-08-31 08:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-06-19 19:36 - 2000-08-31 08:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-06-19 19:36 - 2000-08-31 08:00 - 00098816 ____A C:\Windows\sed.exe
2013-06-19 19:36 - 2000-08-31 08:00 - 00080412 ____A C:\Windows\grep.exe
2013-06-19 19:36 - 2000-08-31 08:00 - 00068096 ____A C:\Windows\zip.exe
2013-06-19 19:33 - 2013-06-19 21:41 - 00000000 ____D C:\Qoobox
2013-06-19 19:33 - 2013-06-19 21:27 - 00000000 ____D C:\Windows\erdnt
2013-06-19 18:58 - 2013-06-19 19:04 - 05081021 ____R (Swearware) C:\Users\Renae\Desktop\ComboFix.exe
2013-06-19 18:32 - 2013-06-19 18:32 - 00002201 ____A C:\Users\Renae\Desktop\ark.txt
2013-06-19 15:58 - 2013-06-19 15:58 - 00000000 ____D C:\Users\Renae\Downloads\Winners and Losers
2013-06-19 15:54 - 2013-06-19 15:54 - 00000000 ____D C:\Users\Renae\Downloads\SILVER LININGS DVDRIP EDAW2013
2013-06-19 08:50 - 2013-06-19 08:50 - 00030150 ____A C:\Users\Renae\Desktop\DDS 2.txt
2013-06-19 08:49 - 2013-06-19 08:49 - 00018432 ____A C:\Users\Renae\Desktop\attach.txt
2013-06-19 08:49 - 2013-06-19 08:48 - 00030150 ____A C:\Users\Renae\Desktop\dds.txt
2013-06-19 08:41 - 2013-06-19 08:41 - 00688992 ____R (Swearware) C:\Users\Renae\Desktop\dds.com
2013-06-17 12:42 - 2013-06-20 15:00 - 00000616 ____A C:\Windows\setupact.log
2013-06-17 12:42 - 2013-06-19 21:29 - 00008496 ____A C:\Windows\PFRO.log
2013-06-17 12:42 - 2013-06-17 12:42 - 00000000 ____A C:\Windows\setuperr.log
2013-06-17 12:41 - 2013-06-17 12:41 - 00000000 ____A C:\asc_rdflag
2013-06-16 20:31 - 2013-06-16 20:31 - 00000000 ____D C:\Users\Renae\Downloads\The.Host.2013.HDRip.XviD-S4A
2013-06-16 20:24 - 2013-06-16 20:24 - 00001945 ____A C:\Windows\epplauncher.mif
2013-06-16 20:23 - 2013-06-16 20:24 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-06-16 20:23 - 2013-06-16 20:24 - 00000000 ____D C:\7ed9d63675bd466ab9ac0a5eaa5db4
2013-06-16 20:23 - 2013-06-16 20:23 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-06-16 14:10 - 2013-06-16 14:10 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-16 14:10 - 2013-06-16 14:10 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-16 14:10 - 2013-06-16 14:10 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-16 14:10 - 2013-06-16 14:10 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-16 14:10 - 2013-06-16 14:10 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-16 14:10 - 2013-06-16 14:10 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-16 14:10 - 2013-06-16 14:10 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-16 14:10 - 2013-06-16 14:10 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-16 14:10 - 2013-06-16 14:10 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-16 14:10 - 2013-06-16 14:10 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-16 14:10 - 2013-06-16 14:10 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-16 14:10 - 2013-06-16 14:10 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-13 22:24 - 2013-05-17 09:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-13 22:24 - 2013-05-17 09:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-13 22:24 - 2013-05-17 09:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-13 22:24 - 2013-05-17 09:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-13 22:24 - 2013-05-17 09:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-13 22:24 - 2013-05-17 09:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-13 22:24 - 2013-05-17 09:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-13 22:24 - 2013-05-17 09:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-13 22:24 - 2013-05-17 08:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-13 22:24 - 2013-05-17 08:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-13 22:24 - 2013-05-17 08:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-13 22:24 - 2013-05-17 08:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-13 22:24 - 2013-05-17 08:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-13 22:24 - 2013-05-17 08:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-13 22:24 - 2013-05-17 08:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-13 22:24 - 2013-05-17 08:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-13 22:24 - 2013-05-17 08:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-13 22:24 - 2013-05-14 20:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-13 22:24 - 2013-05-14 16:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-13 17:43 - 2013-05-08 14:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-13 17:40 - 2013-05-10 13:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-13 17:40 - 2013-05-10 11:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-13 17:40 - 2013-04-26 13:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-13 17:40 - 2013-04-26 12:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-13 17:39 - 2013-04-17 15:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-13 17:39 - 2013-04-17 14:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-13 17:35 - 2013-05-13 13:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-13 17:35 - 2013-05-13 13:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-13 17:35 - 2013-05-13 13:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-13 17:35 - 2013-05-13 13:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-13 17:35 - 2013-05-13 12:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-13 17:35 - 2013-05-13 12:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-13 17:35 - 2013-05-13 12:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-13 17:35 - 2013-05-13 11:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-13 17:35 - 2013-05-13 11:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-13 17:35 - 2013-05-13 11:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-13 17:34 - 2013-04-26 07:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-13 17:34 - 2013-04-01 06:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-06-08 12:36 - 2013-04-22 15:46 - 00074560 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\McPvDrv.sys
2013-06-02 19:18 - 2013-06-02 19:18 - 00000047 ____A C:\Users\Renae\Desktop\nailpolish.txt
2013-05-26 11:21 - 2013-05-26 11:21 - 00000265 ____A C:\Users\Renae\Desktop\help.txt

==================== One Month Modified Files and Folders =======

2013-06-20 15:12 - 2013-06-20 15:12 - 00000000 ____D C:\FRST
2013-06-20 15:12 - 2013-06-20 15:11 - 01929572 ____A (Farbar) C:\Users\Renae\Desktop\FRST64.exe
2013-06-20 15:09 - 2009-07-14 12:45 - 00014416 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-20 15:09 - 2009-07-14 12:45 - 00014416 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-20 15:04 - 2012-09-19 12:18 - 00000000 __RSD C:\Users\Renae\Documents\McAfee Vaults
2013-06-20 15:02 - 2013-03-31 17:49 - 00000000 ____D C:\Users\Renae\AppData\Roaming\Dropbox
2013-06-20 15:01 - 2013-03-31 17:53 - 00000000 ___RD C:\Users\Renae\Dropbox
2013-06-20 15:00 - 2013-06-17 12:42 - 00000616 ____A C:\Windows\setupact.log
2013-06-20 15:00 - 2009-07-14 13:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-20 14:59 - 2013-06-20 14:57 - 00012468 ____A C:\AdwCleaner[S1].txt
2013-06-20 14:59 - 2012-09-19 02:28 - 01784231 ____A C:\Windows\WindowsUpdate.log
2013-06-20 14:56 - 2013-06-20 14:56 - 00648201 ____A C:\Users\Renae\Desktop\adwcleaner.exe
2013-06-19 22:37 - 2012-09-18 13:01 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-19 22:30 - 2013-06-19 22:25 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\Renae\Desktop\mbam-setup-1.75.0.1300.exe
2013-06-19 22:28 - 2012-09-18 13:01 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-19 22:23 - 2013-06-19 22:23 - 00095930 ____A C:\Users\Renae\Desktop\ComboFix2.txt
2013-06-19 22:08 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\rescache
2013-06-19 21:41 - 2013-06-19 19:33 - 00000000 ____D C:\Qoobox
2013-06-19 21:40 - 2013-06-19 21:40 - 00095930 ____A C:\ComboFix.txt
2013-06-19 21:30 - 2009-07-14 10:34 - 00000215 ____A C:\Windows\system.ini
2013-06-19 21:29 - 2013-06-17 12:42 - 00008496 ____A C:\Windows\PFRO.log
2013-06-19 21:28 - 2009-07-14 10:34 - 72511488 ____A C:\Windows\System32\config\SOFTWARE.bak
2013-06-19 21:28 - 2009-07-14 10:34 - 24379392 ____A C:\Windows\System32\config\SYSTEM.bak
2013-06-19 21:28 - 2009-07-14 10:34 - 00651264 ____A C:\Windows\System32\config\DEFAULT.bak
2013-06-19 21:28 - 2009-07-14 10:34 - 00057344 ____A C:\Windows\System32\config\SAM.bak
2013-06-19 21:28 - 2009-07-14 10:34 - 00024576 ____A C:\Windows\System32\config\SECURITY.bak
2013-06-19 21:27 - 2013-06-19 19:33 - 00000000 ____D C:\Windows\erdnt
2013-06-19 21:26 - 2012-09-26 17:41 - 00000000 ____D C:\Program Files (x86)\Hotspot Shield
2013-06-19 20:23 - 2013-06-19 20:23 - 00039328 ____A C:\Users\Renae\Desktop\ComboFix.txt
2013-06-19 20:21 - 2009-07-14 11:20 - 00000000 __RHD C:\users\Default
2013-06-19 19:53 - 2012-09-18 11:35 - 00000000 ____D C:\users\Renae
2013-06-19 19:04 - 2013-06-19 18:58 - 05081021 ____R (Swearware) C:\Users\Renae\Desktop\ComboFix.exe
2013-06-19 18:33 - 2012-09-18 13:01 - 00000000 ____D C:\Users\Renae\AppData\Local\Google
2013-06-19 18:32 - 2013-06-19 18:32 - 00002201 ____A C:\Users\Renae\Desktop\ark.txt
2013-06-19 17:49 - 2012-09-19 12:30 - 00000000 ____D C:\Users\Renae\AppData\Roaming\BitTorrent
2013-06-19 15:58 - 2013-06-19 15:58 - 00000000 ____D C:\Users\Renae\Downloads\Winners and Losers
2013-06-19 15:54 - 2013-06-19 15:54 - 00000000 ____D C:\Users\Renae\Downloads\SILVER LININGS DVDRIP EDAW2013
2013-06-19 15:48 - 2013-01-13 15:55 - 00000000 ____D C:\Users\Renae\AppData\Local\Last.fm
2013-06-19 12:02 - 2013-02-15 20:45 - 00000000 ____D C:\Users\Renae\AppData\Roaming\Skype
2013-06-19 11:34 - 2012-09-30 21:35 - 00000000 ____D C:\Users\Renae\Incomplete
2013-06-19 11:26 - 2012-09-19 12:30 - 00000000 ____D C:\Users\Renae\AppData\Roaming\MP3Rocket
2013-06-19 08:50 - 2013-06-19 08:50 - 00030150 ____A C:\Users\Renae\Desktop\DDS 2.txt
2013-06-19 08:49 - 2013-06-19 08:49 - 00018432 ____A C:\Users\Renae\Desktop\attach.txt
2013-06-19 08:48 - 2013-06-19 08:49 - 00030150 ____A C:\Users\Renae\Desktop\dds.txt
2013-06-19 08:41 - 2013-06-19 08:41 - 00688992 ____R (Swearware) C:\Users\Renae\Desktop\dds.com
2013-06-19 08:15 - 2012-09-19 12:17 - 00000000 ____D C:\Program Files (x86)\McAfee
2013-06-18 16:17 - 2012-09-18 13:46 - 00000000 ____D C:\Program Files (x86)\Opera
2013-06-17 13:05 - 2009-07-14 13:08 - 00032638 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-06-17 12:42 - 2013-06-17 12:42 - 00000000 ____A C:\Windows\setuperr.log
2013-06-17 12:41 - 2013-06-17 12:41 - 00000000 ____A C:\asc_rdflag
2013-06-16 20:31 - 2013-06-16 20:31 - 00000000 ____D C:\Users\Renae\Downloads\The.Host.2013.HDRip.XviD-S4A
2013-06-16 20:24 - 2013-06-16 20:24 - 00001945 ____A C:\Windows\epplauncher.mif
2013-06-16 20:24 - 2013-06-16 20:23 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-06-16 20:24 - 2013-06-16 20:23 - 00000000 ____D C:\7ed9d63675bd466ab9ac0a5eaa5db4
2013-06-16 20:23 - 2013-06-16 20:23 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-06-16 14:10 - 2013-06-16 14:10 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-16 14:10 - 2013-06-16 14:10 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-16 14:10 - 2013-06-16 14:10 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-16 14:10 - 2013-06-16 14:10 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-16 14:10 - 2013-06-16 14:10 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-16 14:10 - 2013-06-16 14:10 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-16 14:10 - 2013-06-16 14:10 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-16 14:10 - 2013-06-16 14:10 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-16 14:10 - 2013-06-16 14:10 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-16 14:10 - 2013-06-16 14:10 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-16 14:10 - 2013-06-16 14:10 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-16 14:10 - 2013-06-16 14:10 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-16 14:05 - 2012-12-04 20:29 - 00773050 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2013-06-16 14:05 - 2009-07-14 13:13 - 00773050 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-14 19:57 - 2012-09-18 14:19 - 00000000 ____D C:\Users\Renae\AppData\Local\Windows Live
2013-06-14 06:20 - 2012-09-19 12:17 - 00000000 ____D C:\Program Files\McAfee
2013-06-13 22:25 - 2012-11-24 16:31 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-13 17:38 - 2012-09-18 13:01 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-13 17:38 - 2012-09-18 13:01 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-08 12:35 - 2012-09-19 12:17 - 00000000 ____D C:\Program Files\Common Files\McAfee
2013-06-08 12:30 - 2012-09-18 13:02 - 00002183 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-06-06 09:57 - 2012-09-21 20:45 - 00000000 ____D C:\Users\Renae\AppData\Roaming\vlc
2013-06-04 09:56 - 2013-03-31 17:53 - 00000979 ____A C:\Users\Renae\Desktop\Dropbox.lnk
2013-06-02 19:18 - 2013-06-02 19:18 - 00000047 ____A C:\Users\Renae\Desktop\nailpolish.txt
2013-05-26 11:32 - 2012-11-20 13:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-05-26 11:21 - 2013-05-26 11:21 - 00000265 ____A C:\Users\Renae\Desktop\help.txt
2013-05-26 10:40 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\System32\NDF
2013-05-25 20:44 - 2012-09-18 13:02 - 00000000 ____D C:\Users\Renae\AppData\Roaming\Macromedia
2013-05-24 20:04 - 2013-05-20 17:33 - 00000538 ____A C:\Windows\System32\.crusader

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-06-19 21:58

==================== End Of Log ============================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-06-2013
Ran by Renae at 2013-06-20 15:16:14 Run:
Running from C:\Users\Renae\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

Adobe Acrobat XI Pro (Version: 11.0.00)
Adobe AIR (Version: 3.7.0.1530)
Adobe Download Assistant (Version: 1.2.5)
Adobe Flash Player 11 ActiveX (Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (Version: 11.7.700.224)
Adobe Reader X (10.1.7) (Version: 10.1.7)
Advanced Audio FX Engine (Version: 1.12.05)
Advanced SystemCare 6 (Version: 6.0)
AMD Accelerated Video Transcoding (Version: 12.5.100.20928)
AMD APP SDK Runtime (Version: 10.0.1016.4)
AMD Catalyst Install Manager (Version: 8.0.891.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Media Foundation Decoders (Version: 1.0.70928.1539)
Apple Application Support (Version: 2.3)
Apple Mobile Device Support (Version: 6.0.0.59)
Apple Software Update (Version: 2.1.3.127)
ATI AVIVO64 Codecs (Version: 10.12.0.41118)
Audition (Version: 1.00.0000)
AuditionSEA (Version: Client)
BitTorrent (Version: 7.7.0)
Bonjour (Version: 3.0.0.10)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center (Version: 2012.0928.1532.26058)
Catalyst Control Center Graphics Previews Common (Version: 2012.0928.1532.26058)
Catalyst Control Center InstallProxy (Version: 2012.0928.1532.26058)
Catalyst Control Center Localization All (Version: 2012.0928.1532.26058)
CCC Help Chinese Standard (Version: 2012.0928.1531.26058)
CCC Help Chinese Traditional (Version: 2012.0928.1531.26058)
CCC Help Czech (Version: 2012.0928.1531.26058)
CCC Help Danish (Version: 2012.0928.1531.26058)
CCC Help Dutch (Version: 2012.0928.1531.26058)
CCC Help English (Version: 2012.0928.1531.26058)
CCC Help Finnish (Version: 2012.0928.1531.26058)
CCC Help French (Version: 2012.0928.1531.26058)
CCC Help German (Version: 2012.0928.1531.26058)
CCC Help Greek (Version: 2012.0928.1531.26058)
CCC Help Hungarian (Version: 2012.0928.1531.26058)
CCC Help Italian (Version: 2012.0928.1531.26058)
CCC Help Japanese (Version: 2012.0928.1531.26058)
CCC Help Korean (Version: 2012.0928.1531.26058)
CCC Help Norwegian (Version: 2012.0928.1531.26058)
CCC Help Polish (Version: 2012.0928.1531.26058)
CCC Help Portuguese (Version: 2012.0928.1531.26058)
CCC Help Russian (Version: 2012.0928.1531.26058)
CCC Help Spanish (Version: 2012.0928.1531.26058)
CCC Help Swedish (Version: 2012.0928.1531.26058)
CCC Help Thai (Version: 2012.0928.1531.26058)
CCC Help Turkish (Version: 2012.0928.1531.26058)
ccc-utility64 (Version: 2012.0928.1532.26058)
Cisco EAP-FAST Module (Version: 2.2.14)
Cisco LEAP Module (Version: 1.0.19)
Cisco PEAP Module (Version: 1.1.6)
CPUID HWMonitor 1.21
D3DX10 (Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition
Dell Touchpad (Version: 14.0.2.0)
Dell Webcam Central (Version: 1.40.05)
Dell Wireless WLAN Card Utility (Version: 5.30.21.0)
D-i-v-X AVI Codec Pack Pro 2.4.0
Documents To Go Desktop for iOS (Version: 4.0001.010)
Dropbox (Version: 2.0.22)
Google Chrome (Version: 27.0.1453.110)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.5.4209.2358)
Google Update Helper (Version: 1.3.21.145)
GoToAssist Corporate (Version: 10.4.0.896)
HitmanPro 3.7 (Version: 3.7.5.199)
Hotspot Shield 2.76 (Version: 2.76)
IDT Audio (Version: 1.0.6263.0)
Intel® Management Engine Components (Version: 6.0.0.1179)
IObit Malware Fighter (Version: 1.0)
iTunes (Version: 10.7.0.21)
Java 7 Update 6 (64-bit) (Version: 7.0.60)
Java Auto Updater (Version: 2.0.7.2)
Java™ 6 Update 37 (Version: 6.0.370)
Java™ SE Runtime Environment 6 Update 1 (Version: 1.6.0.10)
Junk Mail filter update (Version: 16.4.3505.0912)
Last.fm Scrobbler 2.1.33
Live! Cam Avatar Creator (Version: 4.6.3009.1)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
MapleStory
McAfee Online Backup (Version: 1.16.4.0)
McAfee Total Protection (Version: 12.1.338)
McAfee Virtual Technician (Version: 7.1.0.2483)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Home and Student 2010 (Version: 14.0.6029.1000)
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 32-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Security Client (Version: 4.2.0223.1)
Microsoft Security Essentials (Version: 4.2.223.1)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40303)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40308)
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)
Movie Maker (Version: 16.4.3505.0912)
Mozilla Firefox 16.0.2 (x86 en-US) (Version: 16.0.2)
Mozilla Maintenance Service (Version: 16.0.2)
MP3 Rocket
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSVCRT110 (Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1109.0912)
Nexon Game Manager
Opera 12.15 (Version: 12.15.1748)
Origin (Version: 9.0.15.65)
Pando Media Booster (Version: 2.6.0.8)
Photo Gallery (Version: 16.4.3505.0912)
Quickset64 (Version: 9.6.21)
QuickTime (Version: 7.73.80.64)
RICOH Media Driver ver.2.07.01.04 (Version: 2.07.01.04)
Safari (Version: 5.34.57.2)
Shared C Run-time for x64 (Version: 10.0.0)
Skype™ 6.3 (Version: 6.3.107)
Smart Defrag 2 (Version: 2.6)
Spotify (Version: 0.8.4.124.ga3559d86)
System Requirements Lab CYRI (Version: 5.0.6.0)
The Sims™ 3 (Version: 1.48.5)
The Sims™ 3 Ambitions (Version: 4.0.87)
The Sims™ 3 Generations (Version: 8.0.152)
The Sims™ 3 Late Night (Version: 6.0.81)
The Sims™ 3 Pets (Version: 10.0.96)
The Sims™ 3 Seasons (Version: 16.0.136)
Unity Web Player (Version: )
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (Version: 1)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 64-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2598242) 64-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 64-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 64-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 64-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 64-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 64-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 64-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 64-Bit Edition
VLC media player 2.0.3 (Version: 2.0.3)
VLC Streamer 2.68
Windows Live Communications Platform (Version: 16.4.3505.0912)
Windows Live Essentials (Version: 16.4.3505.0912)
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0)
Windows Live Installer (Version: 16.4.3505.0912)
Windows Live Mail (Version: 16.4.3505.0912)
Windows Live Messenger (Version: 16.4.3505.0912)
Windows Live MIME IFilter (Version: 16.4.3505.0912)
Windows Live Photo Common (Version: 16.4.3505.0912)
Windows Live PIMT Platform (Version: 16.4.3505.0912)
Windows Live SOXE (Version: 16.4.3505.0912)
Windows Live SOXE Definitions (Version: 16.4.3505.0912)
Windows Live UX Platform (Version: 16.4.3505.0912)
Windows Live UX Platform Language Pack (Version: 16.4.3505.0912)
Windows Live Writer (Version: 16.4.3505.0912)
Windows Live Writer Resources (Version: 16.4.3505.0912)
WinRAR 4.20 (64-bit) (Version: 4.20.0)
Wise Game Booster 1.09
Write-N-Cite (Version: 4.2.850)

==================== Restore Points =========================

17-05-2013 03:44:11 Windows Update
24-05-2013 12:55:04 Scheduled Checkpoint
13-06-2013 14:23:12 Windows Update
16-06-2013 06:06:13 Windows Modules Installer
16-06-2013 06:07:43 Windows Modules Installer
16-06-2013 06:08:54 Windows Modules Installer
18-06-2013 08:17:37 Windows Update

==================== Scheduled Tasks (whitelisted) =============

Task: {007416B9-0C55-4AD2-A969-AC197A443714} - System32\Tasks\ASC6_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare 6\Monitor.exe [2012-10-29] (IObit)
Task: {00C63F05-C995-4C51-B233-4A4D9F5D61CC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-13] (Adobe Systems Incorporated)
Task: {00CFE88A-B1C3-4A8C-BEE8-7EB66B74049B} - System32\Tasks\SmartDefragUpdate => C:\Program Files (x86)\IObit\Smart Defrag 2\AutoUpdate.exe [2012-09-06] (IObit)
Task: {0BA07FD6-91FD-47B8-8CC0-E6AB2286748E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-09-18] (Google Inc.)
Task: {1B9BCE88-FD88-4EF1-9024-0A33C2C0D634} - System32\Tasks\SmartDefrag_Startup => C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe [2012-09-06] (IObit)
Task: {21410A6F-BC4C-450A-A502-35622D15BAE9} - System32\Tasks\Renae-PC\Renae - Start WLAN Tray Applet => C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE [2009-07-17] (Dell Inc.)
Task: {26469EA8-01AA-4FD7-BB6B-FFF8C5DAF091} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\MpCmdRun.exe [2013-01-27] (Microsoft Corporation)
Task: {2688A2CC-72F9-4136-93FC-FFEA102A01DA} - System32\Tasks\{FA0410AB-3E96-4E2F-89A4-BC684A66B012} => C:\Downloads\game\AuditionSEA_Setup6152.exe [2012-11-15] (AuditionSEA )
Task: {7DB32627-A813-4F63-884D-729A3441E7ED} - System32\Tasks\{542CC778-D59C-4154-9C21-941F07295D4F} => C:\Downloads\game\AuditionSEA_Setup6152.exe [2012-11-15] (AuditionSEA )
Task: {A5006056-D81E-47CE-A044-D0CF739D9CDD} - System32\Tasks\{A9785232-0E85-479D-A29E-D79A5FCC9D90} => C:\Downloads\game\AuditionSEA_Setup6152.exe [2012-11-15] (AuditionSEA )
Task: {C867E6FF-1437-4D94-B2CC-788BAE394EB3} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe No File
Task: {D31DDA81-51C1-4F8F-B607-728FA06E3A94} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2012-09-20] (Microsoft Corporation)
Task: {E12F2AB5-EA1F-4356-B997-0F56A8E0EC76} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-09-18] (Google Inc.)
Task: {F4021E1B-B7C7-4F65-98A9-24E9DFB1787D} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/20/2013 03:03:10 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {869960bb-1f53-41b7-bf2d-48635b64ecfd}

Error: (06/20/2013 02:48:29 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {6f864f54-034c-4c19-8c34-5887b6c56506}

Error: (06/19/2013 10:06:26 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (06/19/2013 10:06:26 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (06/19/2013 09:32:17 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {ffb9b84b-827c-4603-adf8-404be5a0e81b}

Error: (06/19/2013 08:02:48 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {92d0f8f3-dcb3-4d6c-b799-89c3335aa698}

Error: (06/19/2013 02:31:45 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {8cb3ed92-e914-475d-bc1d-69d1fe9fcb48}

Error: (06/19/2013 09:23:59 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5226

Error: (06/19/2013 09:23:59 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5226

Error: (06/19/2013 09:23:59 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (06/20/2013 03:00:36 PM) (Source: Microsoft-Windows-TaskScheduler) (User: NT AUTHORITY)
Description: Task Scheduler service failed to load tasks at service startup. Additional Data: Error Value: 2147549183.

Error: (06/20/2013 02:46:02 PM) (Source: Microsoft-Windows-TaskScheduler) (User: NT AUTHORITY)
Description: Task Scheduler service failed to load tasks at service startup. Additional Data: Error Value: 2147549183.

Error: (06/19/2013 09:29:25 PM) (Source: Microsoft-Windows-TaskScheduler) (User: NT AUTHORITY)
Description: Task Scheduler service failed to load tasks at service startup. Additional Data: Error Value: 2147549183.

Error: (06/19/2013 09:27:52 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (06/19/2013 09:27:40 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (06/19/2013 09:23:50 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (06/19/2013 09:23:50 PM) (Source: Application Popup) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (06/19/2013 09:23:50 PM) (Source: Application Popup) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (06/19/2013 09:20:06 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (06/19/2013 09:03:29 PM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the BrowserProtect service, but this action failed with the following error:
%%1056


Microsoft Office Sessions:
=========================
Error: (06/20/2013 03:03:10 PM) (Source: VSS)(User: )
Description: 0x80070005, Access is denied.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {869960bb-1f53-41b7-bf2d-48635b64ecfd}

Error: (06/20/2013 02:48:29 PM) (Source: VSS)(User: )
Description: 0x80070005, Access is denied.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {6f864f54-034c-4c19-8c34-5887b6c56506}

Error: (06/19/2013 10:06:26 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"c:\program files (x86)\Last.fm\ext_skypenotify.dll

Error: (06/19/2013 10:06:26 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"c:\program files (x86)\Last.fm\ext_messengernotify.dll

Error: (06/19/2013 09:32:17 PM) (Source: VSS)(User: )
Description: 0x80070005, Access is denied.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {ffb9b84b-827c-4603-adf8-404be5a0e81b}

Error: (06/19/2013 08:02:48 PM) (Source: VSS)(User: )
Description: 0x80070005, Access is denied.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {92d0f8f3-dcb3-4d6c-b799-89c3335aa698}

Error: (06/19/2013 02:31:45 PM) (Source: VSS)(User: )
Description: 0x80070005, Access is denied.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {8cb3ed92-e914-475d-bc1d-69d1fe9fcb48}

Error: (06/19/2013 09:23:59 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5226

Error: (06/19/2013 09:23:59 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5226

Error: (06/19/2013 09:23:59 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second


CodeIntegrity Errors:
===================================
Date: 2013-06-19 21:23:50.454
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-06-19 21:23:50.264
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-06-19 21:23:50.059
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-06-19 21:23:49.854
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-06-19 19:53:44.498
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-06-19 19:53:44.326
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-05-20 16:49:57.712
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-05-20 16:49:57.712
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-05-20 16:49:57.697
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-05-19 17:34:01.545
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 53%
Total physical RAM: 3956.52 MB
Available physical RAM: 1831.03 MB
Total Pagefile: 7911.23 MB
Available Pagefile: 5295.38 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:596.07 GB) (Free:357.72 GB) NTFS (Disk=0 Partition=2)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596 GB) (Disk ID: D7923C22)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=596 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#12 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:33 PM

Posted 20 June 2013 - 02:28 AM

Fix with FRST

  • Open notepad (Start =>All Programs => Accessories => Notepad).
  • Please copy the entire contents of the code box below.
    (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste).
  • Save it to the same direction as frst.exe (or frst64.exe) as fixlist.txt.

    FF Extension: MixiDJ Toolbar - C:\Users\Renae\AppData\Roaming\Mozilla\Firefox\Profiles\mhnrlle8.default\Extensions\ffxtlbr@mixidj.com
    CHR Plugin: (registryAccess) - C:\Users\Renae\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaojdbdbhbbkpenbmlejjngphokgnp\7.17.3.0_1\background/registryAccess.dll No File
    
    C:\Users\Renae\AppData\Roaming\Mozilla\Firefox\Profiles\mhnrlle8.default\Extensions\ffxtlbr@mixidj.com
    
    Unlock: c:\program files (x86)\Malwarebytes' Anti-Malware
     
    
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run frst.exe (on 64bit, run frst64.exe) and press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply.

Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#13 roberena

roberena
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Australia
  • Local time:12:33 AM

Posted 20 June 2013 - 02:32 AM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 20-06-2013
Ran by Renae at 2013-06-20 15:31:15 Run:1
Running from C:\Users\Renae\Desktop
Boot Mode: Normal
==============================================

C:\Users\Renae\AppData\Roaming\Mozilla\Firefox\Profiles\mhnrlle8.default\Extensions\ffxtlbr@mixidj.com => Moved successfully.
C:\Users\Renae\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaojdbdbhbbkpenbmlejjngphokgnp\7.17.3.0_1\background/registryAccess.dll not found.
C:\Users\Renae\AppData\Roaming\Mozilla\Firefox\Profiles\mhnrlle8.default\Extensions\ffxtlbr@mixidj.com => File/Directory not found.
permissions for "c:\program files (x86)\Malwarebytes' Anti-Malware" were reset successfully

==== End of Fixlog ====



#14 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:33 PM

Posted 20 June 2013 - 02:34 AM

Is MBAM coming up now?


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#15 roberena

roberena
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Australia
  • Local time:12:33 AM

Posted 20 June 2013 - 02:35 AM

No it's not






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users