Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cannot Install Microsoft Security Essentials


  • Please log in to reply
25 replies to this topic

#1 shoutie1980

shoutie1980

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:44 AM

Posted 18 May 2013 - 11:39 AM

Fault within Windows 7 64 Bit Pavillion DV7 machine.

 

Microsoft Security Essential would not start or un-install, I have run RKILL, Malware Anti and Super Malware and these have brought up many issues that i have processed using the relevant software.

 

I can now not re-install MSE and have other faults on the machine also.

 

Can anyone help form the logs provided.

Attached Files



BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 8,386 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:44 AM

Posted 18 May 2013 - 11:58 PM

:welcome:

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

 

 


No request for help throughout private messaging will be attended.


If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 shoutie1980

shoutie1980
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:44 AM

Posted 20 May 2013 - 02:24 PM

Hi,

 

Please find copied below the FRST.txt file and attached the addition file.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-05-2013
Ran by User (administrator) on 20-05-2013 20:20:44
Running from C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GQJ9ZZXD
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(Hewlett-Packard Company) C:\Windows\system32\Hpservice.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
() C:\ProgramData\Browser Manager\2.6.1249.132\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
(Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
() C:\ProgramData\Browser Manager\2.6.1249.132\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe
(Eastman Kodak Company) C:\PROGRAM FILES (X86)\KODAK\AIO\STATUSMONITOR\EKStatusMonitor.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Dropbox, Inc.) C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Farbar) C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GQJ9ZZXD\FRST64.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray                                                                                                                                                                                 [1933584 2011-02-05] (Intel® Corporation)
HKLM\...\Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp                                                                                                                                                                                                [10355200 2011-01-24] (Intel Corporation)
HKLM\...\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [112512 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-03-11] (IDT, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox]  ATTENTION! ====> ZeroAccess
HKCU\...\Run: [Akamai NetSession Interface] "C:\Users\User\AppData\Local\Akamai\netsession_win.exe"                                                                                                                                                                                                                   [4440896 2012-08-10] (Akamai Technologies, Inc.)
HKCU\...\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [1475584 2010-11-21] (Microsoft Corporation)
HKCU\...\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5622512 2013-05-15] (SUPERAntiSpyware.com)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [336384 2011-05-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [75048 2011-01-25] (cyberlink)
HKLM-x32\...\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup [312376 2012-02-09] (Power Software Ltd)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-01-28] (Apple Inc.)
HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [EKStatusMonitor] C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe [2844608 2012-10-15] (Eastman Kodak Company)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-02-20] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [926896 2012-09-23] (Adobe Systems Incorporated)
HKLM-x32\...\Run: []  [x]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe" [3477640 2012-09-23] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Conime] %windir%\system32\conime.exe [x]
HKU\Jenny\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-10-25] (Apple Inc.)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPNOT/2
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPNOT/2
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPNOT/2
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPNOT/2
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM - {82A4461A-12CF-4609-AA32-4EB03B8D826D} URL = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/710-111095-2958-3/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 - {82A4461A-12CF-4609-AA32-4EB03B8D826D} URL = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/710-111095-2958-3/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
HKCU SearchScopes: DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL =
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: TrueSuite Website Log On - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: TrueSuite Website Log On - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe Acrobat Create PDF Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - No Name - {98889811-442D-49dd-99D7-DC866BE87DBC} -  No File
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
PDF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
PDF: HKLM-x32 {3FC80F5C-946D-430E-A650-6457CA9AD031} http://192.168.0.1/WebCamX.cab
PDF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab
Winsock: Catalog5 10 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [36352] (Microsoft Corporation)
Winsock: Catalog5-x64 10 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [143088 2013-05-07] (SUPERAntiSpyware.com)
S4 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [18656 2011-02-02] ()
R2 Browser Manager; C:\ProgramData\Browser Manager\2.6.1249.132\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe [2787280 2013-03-22] ()
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [241648 2011-01-25] (CyberLink)
S2 KMService; C:\Windows\SysWow64\srvany.exe [8192 2012-10-01] ()
S4 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-02-05] ()
S4 Remote Solver for Flow Simulation 2012; C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe [109624 2011-08-17] (Mentor Graphics Corporation)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2072896 2011-10-20] (TuneUp Software)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] ()
S2 HP Health Check Service; "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe" [x]
S2 MsMpSvc; "c:\Program Files\Microsoft Security Client\MsMpEng.exe" [x]
S3 NisSrv; "c:\Program Files\Microsoft Security Client\NisSrv.exe" [x]

==================== Drivers (Whitelisted) ====================

R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [11856 2011-10-20] (TuneUp Software)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S1 dfiaimcf; \??\C:\Windows\system32\drivers\dfiaimcf.sys [x]
S3 intaud_WaveExtensible; system32\drivers\intelaud.sys [x]
S3 iwdbus; system32\DRIVERS\iwdbus.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-05-20 20:20 - 2013-05-20 20:20 - 00000000 ____D C:\FRST
2013-05-18 18:27 - 2013-05-18 18:27 - 00001808 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2013-05-18 18:27 - 2013-05-18 18:27 - 00000000 ____D C:\Users\User\AppData\Roaming\SUPERAntiSpyware.com
2013-05-18 18:27 - 2013-05-18 18:27 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2013-05-18 18:27 - 2013-05-18 18:27 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-05-18 17:54 - 2013-05-18 17:54 - 00000000 ____D C:\ProgramData\ErrorEND64
2013-05-18 11:26 - 2013-05-18 11:35 - 00023065 ____A C:\Users\User\Desktop\dds.txt
2013-05-18 11:26 - 2013-05-18 11:26 - 00015405 ____A C:\Users\User\Desktop\attach.txt
2013-05-18 11:24 - 2013-05-18 11:24 - 00688992 ____R (Swearware) C:\Users\User\Desktop\dds.com
2013-05-18 11:15 - 2013-05-18 11:15 - 13475464 ____A (Microsoft Corporation) C:\Users\User\Desktop\mseinstall.exe
2013-05-18 07:50 - 2013-05-18 08:49 - 00000346 ____A C:\Windows\Tasks\FixIt_F66956F4-B17B-4115-BBB0-D431EB5C3051.job
2013-05-18 07:50 - 2013-05-18 07:50 - 00017058 ____A C:\FixitRegBackup.reg
2013-05-18 07:49 - 2013-05-18 07:49 - 00806400 ____A C:\Users\Guest\Downloads\MicrosoftFixit50692.msi
2013-05-18 07:39 - 2013-05-18 07:39 - 13475464 ____A (Microsoft Corporation) C:\Users\Guest\Downloads\mseinstall.exe
2013-05-17 21:43 - 2013-05-17 21:43 - 25737400 ____A (SUPERAntiSpyware.com) C:\Users\Guest\Downloads\SUPERAntiSpyware.exe
2013-05-17 21:43 - 2013-05-17 21:43 - 01761408 ____A (Bleeping Computer, LLC) C:\Users\Guest\Downloads\rkill.exe
2013-05-17 21:32 - 2013-05-18 18:26 - 00002620 ____A C:\Users\User\Desktop\Rkill.txt
2013-05-17 19:53 - 2013-05-17 19:56 - 00002256 ____A C:\Windows\logboot_17.05.2013.tureg.log
2013-05-17 19:22 - 2013-05-17 19:22 - 00000000 ____D C:\b1578cdc4e0aa24c2196
2013-05-16 18:39 - 2013-05-05 22:36 - 17818624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-16 18:39 - 2013-05-05 22:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-05-16 18:39 - 2013-05-05 20:25 - 12324864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-05-16 18:39 - 2013-05-05 20:12 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-05-16 18:38 - 2013-04-05 02:19 - 10926080 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-05-16 18:38 - 2013-04-05 02:08 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-05-16 18:38 - 2013-04-05 02:01 - 01346560 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-05-16 18:38 - 2013-04-05 02:00 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-05-16 18:38 - 2013-04-05 01:59 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-05-16 18:38 - 2013-04-05 01:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-05-16 18:38 - 2013-04-05 01:57 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-05-16 18:38 - 2013-04-05 01:56 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-05-16 18:38 - 2013-04-05 01:55 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-05-16 18:38 - 2013-04-05 01:55 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-05-16 18:38 - 2013-04-05 01:54 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-05-16 18:38 - 2013-04-05 01:54 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-05-16 18:38 - 2013-04-05 01:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-05-16 18:38 - 2013-04-05 01:46 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-05-16 18:38 - 2013-04-04 23:11 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-05-16 18:38 - 2013-04-04 23:09 - 09738752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-05-16 18:38 - 2013-04-04 23:02 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-05-16 18:38 - 2013-04-04 23:02 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-05-16 18:38 - 2013-04-04 23:02 - 01104384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-05-16 18:38 - 2013-04-04 23:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-05-16 18:38 - 2013-04-04 22:59 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-05-16 18:38 - 2013-04-04 22:58 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-05-16 18:38 - 2013-04-04 22:58 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-05-16 18:38 - 2013-04-04 22:57 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-05-16 18:38 - 2013-04-04 22:56 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-05-16 18:38 - 2013-04-04 22:55 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-05-16 18:38 - 2013-04-04 22:54 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-05-16 18:38 - 2013-04-04 22:50 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-05-16 17:53 - 2013-04-10 07:01 - 00983400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-05-16 17:53 - 2013-04-10 07:01 - 00265064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2013-05-16 17:53 - 2013-04-10 04:30 - 03153920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-05-16 17:53 - 2013-03-19 06:53 - 00230400 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll
2013-05-16 17:53 - 2013-03-19 06:53 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll
2013-05-16 17:53 - 2013-02-27 07:02 - 00111448 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe
2013-05-16 17:53 - 2013-02-27 06:52 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-05-16 17:53 - 2013-02-27 06:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2013-05-16 17:53 - 2013-02-27 06:48 - 01930752 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-05-16 17:53 - 2013-02-27 06:47 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll
2013-05-16 17:53 - 2013-02-27 05:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-05-16 17:53 - 2013-02-27 05:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-05-16 17:53 - 2013-02-27 05:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-05-16 17:53 - 2011-02-03 12:25 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
2013-05-14 20:31 - 2013-05-14 20:31 - 00000000 ____D C:\Users\Anthony\Mr Cropper
2013-05-09 10:21 - 2013-05-09 22:50 - 00000000 ____A C:\LowLevel.txt
2013-05-08 16:59 - 2013-05-15 12:08 - 00000000 ____D C:\RemoteData
2013-05-08 16:51 - 2013-05-08 16:51 - 00001686 ____A C:\Users\Public\Desktop\Remote Console.lnk
2013-05-08 16:38 - 2013-05-09 22:51 - 00000000 ____D C:\Program Files (x86)\remoteAP
2013-05-08 16:38 - 2010-07-14 16:01 - 00421888 ____A () C:\Windows\SysWOW64\RTClientSDK71.dll
2013-05-08 16:38 - 2010-05-20 21:32 - 00541696 ____A C:\Windows\SysWOW64\IPCDCore.dll
2013-05-08 16:38 - 2010-05-20 21:32 - 00519680 ____A (NVD) C:\Windows\SysWOW64\NVDME50.dll
2013-05-08 16:38 - 2010-05-20 21:32 - 00398336 ____A (NVD) C:\Windows\SysWOW64\NVDHE50.dll
2013-05-08 16:38 - 2010-05-20 21:32 - 00233472 ____A (AvermediaInfo) C:\Windows\SysWOW64\IPCXD10.dll
2013-05-08 16:38 - 2010-05-20 21:32 - 00091136 ____A (NVD) C:\Windows\SysWOW64\AvsCodec51.dll
2013-05-08 16:38 - 2010-05-20 21:32 - 00059904 ____A (avermediainfo) C:\Windows\SysWOW64\IPCMD10.dll
2013-05-08 16:38 - 2010-05-20 21:32 - 00045568 ____A (avermediainfo) C:\Windows\SysWOW64\IPCHD10.dll
2013-05-08 16:38 - 2009-12-16 09:30 - 00831591 ____A (AVerMediaInfo) C:\Windows\SysWOW64\AvsAudioCodec.dll
2013-05-08 16:38 - 2009-05-15 11:42 - 00131072 ____A () C:\Windows\SysWOW64\NetworkAPI.dll
2013-05-08 16:38 - 2008-09-09 13:20 - 00352256 ____A (Intel Corporation) C:\Windows\SysWOW64\ijl15.dll
2013-05-08 16:38 - 2008-09-09 13:20 - 00188416 ____A () C:\Windows\SysWOW64\decode.dll
2013-05-08 16:38 - 2008-09-09 13:20 - 00081920 ____A (Avermedia) C:\Windows\SysWOW64\IPCJD20.dll
2013-05-08 16:38 - 2008-09-09 13:20 - 00061440 ____A (NVD) C:\Windows\SysWOW64\Xrypassd.dll
2013-05-08 16:38 - 2008-09-09 13:20 - 00057344 ____A (NVD) C:\Windows\SysWOW64\postprocess.dll
2013-05-08 16:38 - 2008-09-09 13:20 - 00049152 ____A (NVD) C:\Windows\SysWOW64\G723Codec.dll
2013-05-08 16:38 - 2008-09-09 13:20 - 00049152 ____A (AVerMedia) C:\Windows\SysWOW64\AudioDec.dll
2013-05-08 16:38 - 2008-09-09 13:20 - 00001147 ____A C:\Windows\SysWOW64\IPCamera.ini
2013-04-25 22:49 - 2013-04-25 22:49 - 00000000 ____D C:\Users\User\AppData\Roaming\com.adobe.formscentral.FormsCentralForAcrobat
2013-04-25 19:06 - 2013-04-12 15:45 - 01656680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2013-04-23 18:49 - 2013-04-23 19:05 - 00000000 ____D C:\Users\User\Downloads\Adobe Acrobat XI Pro 11.0.0 Multilanguage (Cracked dll ) [ChingLiu]
2013-04-21 21:09 - 2012-12-18 15:28 - 29789400 ____A (Adobe Systems Incorporated) C:\Users\Anthony\Acrobat.dll
2013-04-21 21:09 - 2010-10-25 15:13 - 00950712 ____A (Adobe Systems, Incorporated) C:\Users\Anthony\amtlib.dll
2013-04-21 07:58 - 2013-04-04 05:35 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-04-21 07:58 - 2013-04-04 05:30 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-04-21 07:58 - 2013-04-04 05:29 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-04-21 07:57 - 2013-04-21 07:58 - 00003915 ____A C:\Windows\SysWOW64\jupdate-1.7.0_21-b11.log

==================== One Month Modified Files and Folders =======

2013-05-20 20:20 - 2013-05-20 20:20 - 00000000 ____D C:\FRST
2013-05-20 20:10 - 2009-07-14 05:45 - 00032064 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-05-20 20:10 - 2009-07-14 05:45 - 00032064 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-05-20 20:07 - 2009-07-14 06:13 - 00782922 ____A C:\Windows\System32\PerfStringBackup.INI
2013-05-20 20:05 - 2012-04-04 18:51 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-05-20 18:11 - 2012-08-03 18:59 - 00000000 ____D C:\Users\User\IFM Course
2013-05-20 18:09 - 2013-04-03 19:35 - 00000000 ___RD C:\Users\User\Dropbox
2013-05-20 18:09 - 2013-04-03 19:34 - 00000000 ____D C:\Users\User\AppData\Roaming\Dropbox
2013-05-20 18:09 - 2012-09-18 20:37 - 00006537 ____A C:\Windows\setupact.log
2013-05-20 18:09 - 2012-09-18 20:36 - 00044892 ____A C:\Windows\PFRO.log
2013-05-20 18:09 - 2012-05-05 11:52 - 00000000 ____D C:\ProgramData\Kodak
2013-05-20 18:09 - 2009-07-14 06:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-05-20 18:08 - 2012-03-16 22:11 - 01087435 ____A C:\Windows\WindowsUpdate.log
2013-05-19 16:06 - 2012-04-11 16:20 - 00154680 ____A C:\Users\Jenny\AppData\Local\GDIPFONTCACHEV1.DAT
2013-05-18 18:40 - 2013-03-11 19:31 - 00000000 ____D C:\Program Files (x86)\Google
2013-05-18 18:34 - 2012-04-26 13:36 - 00000000 ____D C:\Users\User\AppData\Local\Google
2013-05-18 18:27 - 2013-05-18 18:27 - 00001808 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2013-05-18 18:27 - 2013-05-18 18:27 - 00000000 ____D C:\Users\User\AppData\Roaming\SUPERAntiSpyware.com
2013-05-18 18:27 - 2013-05-18 18:27 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2013-05-18 18:27 - 2013-05-18 18:27 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-05-18 18:26 - 2013-05-17 21:32 - 00002620 ____A C:\Users\User\Desktop\Rkill.txt
2013-05-18 18:26 - 2012-03-24 19:53 - 00002150 ____A C:\Windows\epplauncher.mif
2013-05-18 18:26 - 2012-03-24 19:53 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-05-18 17:54 - 2013-05-18 17:54 - 00000000 ____D C:\ProgramData\ErrorEND64
2013-05-18 12:04 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-05-18 11:35 - 2013-05-18 11:26 - 00023065 ____A C:\Users\User\Desktop\dds.txt
2013-05-18 11:26 - 2013-05-18 11:26 - 00015405 ____A C:\Users\User\Desktop\attach.txt
2013-05-18 11:24 - 2013-05-18 11:24 - 00688992 ____R (Swearware) C:\Users\User\Desktop\dds.com
2013-05-18 11:15 - 2013-05-18 11:15 - 13475464 ____A (Microsoft Corporation) C:\Users\User\Desktop\mseinstall.exe
2013-05-18 11:03 - 2012-08-03 18:42 - 00000000 ____D C:\Users\User\Downloads\Software Archive
2013-05-18 08:49 - 2013-05-18 07:50 - 00000346 ____A C:\Windows\Tasks\FixIt_F66956F4-B17B-4115-BBB0-D431EB5C3051.job
2013-05-18 07:50 - 2013-05-18 07:50 - 00017058 ____A C:\FixitRegBackup.reg
2013-05-18 07:49 - 2013-05-18 07:49 - 00806400 ____A C:\Users\Guest\Downloads\MicrosoftFixit50692.msi
2013-05-18 07:39 - 2013-05-18 07:39 - 13475464 ____A (Microsoft Corporation) C:\Users\Guest\Downloads\mseinstall.exe
2013-05-17 21:43 - 2013-05-17 21:43 - 25737400 ____A (SUPERAntiSpyware.com) C:\Users\Guest\Downloads\SUPERAntiSpyware.exe
2013-05-17 21:43 - 2013-05-17 21:43 - 01761408 ____A (Bleeping Computer, LLC) C:\Users\Guest\Downloads\rkill.exe
2013-05-17 21:32 - 2012-06-22 10:16 - 00154680 ____A C:\Users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
2013-05-17 19:56 - 2013-05-17 19:53 - 00002256 ____A C:\Windows\logboot_17.05.2013.tureg.log
2013-05-17 19:32 - 2009-07-14 05:45 - 05079328 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-17 19:28 - 2012-03-30 20:07 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-05-17 19:22 - 2013-05-17 19:22 - 00000000 ____D C:\b1578cdc4e0aa24c2196
2013-05-17 19:22 - 2012-03-31 10:47 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-05-16 17:41 - 2012-08-12 09:55 - 00000000 ____D C:\users\Anthony
2013-05-15 12:08 - 2013-05-08 16:59 - 00000000 ____D C:\RemoteData
2013-05-14 21:25 - 2012-04-04 18:51 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-05-14 21:25 - 2012-04-04 18:51 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-05-14 20:31 - 2013-05-14 20:31 - 00000000 ____D C:\Users\Anthony\Mr Cropper
2013-05-14 20:19 - 2012-03-25 10:53 - 00000000 ____D C:\Users\User\AppData\Local\CrashDumps
2013-05-13 18:50 - 2012-09-06 10:42 - 00000000 ____D C:\ProgramData\Browser Manager
2013-05-13 18:40 - 2009-07-14 06:08 - 00032548 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-05-09 22:51 - 2013-05-08 16:38 - 00000000 ____D C:\Program Files (x86)\remoteAP
2013-05-09 22:50 - 2013-05-09 10:21 - 00000000 ____A C:\LowLevel.txt
2013-05-08 21:38 - 2012-03-28 07:20 - 00059904 __ASH C:\Users\User\Thumbs.db
2013-05-08 16:58 - 2012-04-29 16:15 - 00000000 ____D C:\CMS
2013-05-08 16:58 - 2012-03-25 09:14 - 00000000 ____D C:\Users\User\AppData\Roaming\uTorrent
2013-05-08 16:51 - 2013-05-08 16:51 - 00001686 ____A C:\Users\Public\Desktop\Remote Console.lnk
2013-05-08 16:51 - 2011-08-24 19:56 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-05-08 16:38 - 2012-03-16 16:09 - 00000000 ____D C:\Users\User\AppData\Local\VirtualStore
2013-05-05 22:36 - 2013-05-16 18:39 - 17818624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-05 22:16 - 2013-05-16 18:39 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-05-05 20:25 - 2013-05-16 18:39 - 12324864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-05-05 20:12 - 2013-05-16 18:39 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-05-05 15:57 - 2013-01-07 20:27 - 00000000 ____D C:\Users\User\Desktop\IFM Training Course
2013-05-02 16:29 - 2010-11-21 04:27 - 00278800 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2013-04-28 21:15 - 2013-02-10 19:17 - 00000000 ____D C:\Users\User\Downloads\The Sudden Passion - Southern Fashion
2013-04-25 22:49 - 2013-04-25 22:49 - 00000000 ____D C:\Users\User\AppData\Roaming\com.adobe.formscentral.FormsCentralForAcrobat
2013-04-23 19:37 - 2012-03-16 16:12 - 00154680 ____A C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT
2013-04-23 19:29 - 2012-04-26 19:28 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2013-04-23 19:29 - 2012-04-11 19:02 - 00000000 ____D C:\Users\User\AppData\Local\Adobe
2013-04-23 19:26 - 2011-08-24 19:55 - 00000000 ____D C:\ProgramData\Adobe
2013-04-23 19:26 - 2011-08-24 19:54 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-04-23 19:05 - 2013-04-23 18:49 - 00000000 ____D C:\Users\User\Downloads\Adobe Acrobat XI Pro 11.0.0 Multilanguage (Cracked dll ) [ChingLiu]
2013-04-21 07:58 - 2013-04-21 07:57 - 00003915 ____A C:\Windows\SysWOW64\jupdate-1.7.0_21-b11.log
2013-04-21 07:58 - 2012-03-30 20:06 - 00000000 ____D C:\Program Files (x86)\Java

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-788034042-3246923910-717595201-1000\$f73b223a2b7f2e3baebcef283e0fdb2b

ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$f73b223a2b7f2e3baebcef283e0fdb2b

Other Malware:
===========
C:\Users\User\AppData\Roaming\AltShell.ini

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

Last Boot: 2013-05-14 07:54

==================== End Of Log ============================

 

Attached Files



#4 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 8,386 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:44 AM

Posted 20 May 2013 - 02:41 PM

The computer is infected with zero Access.

Download the enclosed file. Attached File  fixlist.txt   324bytes   18 downloads

Save it next to FRST.

Run FRST as you did before, except that this time around click on the fix button and wait. It should take a while.

When finished, it will make a log (FRST.txt) on the flash drive. Please copy and paste the content of this file to your reply.

No request for help throughout private messaging will be attended.


If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#5 shoutie1980

shoutie1980
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:44 AM

Posted 21 May 2013 - 03:08 PM

Hi Again,

 

Thank you for your help by the way!!!!!!

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-05-2013 02
Ran by User at 2013-05-21 21:06:22 Run:2
Running from C:\Users\User\Desktop
Boot Mode: Normal
==============================================

HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32\\Default => Value was restored successfully.
C:\$Recycle.Bin\S-1-5-21-788034042-3246923910-717595201-1000\$f73b223a2b7f2e3baebcef283e0fdb2b => File/Directory not found.
C:\$Recycle.Bin\S-1-5-18\$f73b223a2b7f2e3baebcef283e0fdb2b => File/Directory not found.
C:\Users\User\AppData\Roaming\AltShell.ini => File/Directory not found.

=========  Dir /b /a:l "C:\Program Files" /s =========

C:\Program Files\Microsoft Security Client\Backup
C:\Program Files\Microsoft Security Client\Drivers
C:\Program Files\Microsoft Security Client\en-us
C:\Program Files\Windows Defender\en-US
C:\Program Files\Windows Defender\MpAsDesc.dll
C:\Program Files\Windows Defender\MpClient.dll
C:\Program Files\Windows Defender\MpCmdRun.exe
C:\Program Files\Windows Defender\MpCommu.dll
C:\Program Files\Windows Defender\MpEvMsg.dll
C:\Program Files\Windows Defender\MpOAV.dll
C:\Program Files\Windows Defender\MpRTP.dll
C:\Program Files\Windows Defender\MpSvc.dll
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Windows Defender\MsMpCom.dll
C:\Program Files\Windows Defender\MsMpLics.dll
C:\Program Files\Windows Defender\MsMpRes.dll

========= End of CMD: =========

==== End of Fixlog ====

 

This it the contents of the FIXLOG.txt file that was created using FRST and the fixlist.txt file, i hope i followed the instructions correclty.

 

Kind Regards,

 

Anthony



#6 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 8,386 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:44 AM

Posted 21 May 2013 - 03:17 PM

The fix was ran twice. That will erase the report. Here is a fix to remove the Junction Points.

 

Download the enclosed file. Attached File  fixlist.txt   185bytes   21 downloads

Save it next to FRST, overwriting the existing one..

Run FRST as you did before, except that this time around click on the fix button and wait. It should take a while.

When finished, it will make a log (FRST.txt) next to FRST. Please copy and paste the content of this file to your reply.


Edited by JSntgRvr, 21 May 2013 - 03:23 PM.

No request for help throughout private messaging will be attended.


If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#7 shoutie1980

shoutie1980
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:44 AM

Posted 22 May 2013 - 02:02 AM

Hi,

 

It has not created a FRST.txt file but has created a fixlog.txt file. Contents are posted below.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-05-2013 02
Ran by User at 2013-05-22 08:00:19 Run:3
Running from C:\Users\User\Desktop
Boot Mode: Normal
==============================================

C:\Program Files\Windows Defender => Deleting junctions completed successfully.
C:\Program Files\Microsoft Security Client => Deleting junctions completed successfully.

=========  Dir /b /a:l "C:\Program Files" /s =========

File Not Found

========= End of CMD: =========

==== End of Fixlog ====

 

Thank you!



#8 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 8,386 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:44 AM

Posted 22 May 2013 - 11:10 AM

Attempt to un-Install MSE throughout the Control Panel, Then run the Fix it in this link:

 

http://support.microsoft.com/kb/2483120

 

Restart. Download and install MSE.

 

Let me know the outcome.


No request for help throughout private messaging will be attended.


If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#9 shoutie1980

shoutie1980
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:44 AM

Posted 22 May 2013 - 12:52 PM

Hi,

 

I can not run the Fix It, the following appears

 

Service 'Microsoft Antimalware Service' (MsMpSvc) could not be stopped. Verify that you have sufficent privilages to stop system services.

 

Thank you for your help so far, any ideas?

 

Anthony



#10 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 8,386 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:44 AM

Posted 22 May 2013 - 03:41 PM


Download the enclosed file. Attached File  fixlist.txt   126bytes   18 downloads

Save it next to FRST, overwriting the existing one..

Run FRST as you did before, except that this time around click on the fix button and wait. It should take a while.

The tool will make a log next to FRST (Fixlog.txt) please post it to your reply.

Edited by JSntgRvr, 22 May 2013 - 03:41 PM.

No request for help throughout private messaging will be attended.


If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#11 shoutie1980

shoutie1980
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:44 AM

Posted 28 May 2013 - 10:17 AM

Hi,

 

I have been away for a few days and the issues now seem to be back where we started, please could you run me thorugh it all again?

 

I am unable to downlaod files as security issues says everyuthing is a virus.

 

Your help is very much appreciated.

 

Anthony



#12 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 8,386 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:44 AM

Posted 28 May 2013 - 10:33 AM

We need to have a new profile of the system.

 

Please download the latest version of  Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

No request for help throughout private messaging will be attended.


If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#13 shoutie1980

shoutie1980
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:44 AM

Posted 28 May 2013 - 11:09 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-05-2013
Ran by User (administrator) on 28-05-2013 17:06:03
Running from C:\Users\User\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(Hewlett-Packard Company) C:\Windows\system32\Hpservice.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Check Point Software Technologies) C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Check Point Software Technologies) C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SSUPDATE64.EXE
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Dropbox, Inc.) C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Eastman Kodak Company) C:\PROGRAM FILES (X86)\KODAK\AIO\STATUSMONITOR\EKStatusMonitor.exe
() C:\ProgramData\Browser Manager\2.6.1249.132\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
(Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
() C:\ProgramData\Browser Manager\2.6.1249.132\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(AMD) C:\Windows\system32\atieclxx.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Check Point Software Technologies) C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(Power Software Ltd) C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_202_ActiveX.exe
(Farbar) C:\Users\User\Desktop\FRST64.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray                                                                                                                                                                                 [1933584 2011-02-05] (Intel® Corporation)
HKLM\...\Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp                                                                                                                                                                                                [10355200 2011-01-24] (Intel Corporation)
HKLM\...\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [112512 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-03-11] (IDT, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden" [1127592 2012-11-22] (Check Point Software Technologies)
HKCU\...\Run: [Akamai NetSession Interface] "C:\Users\User\AppData\Local\Akamai\netsession_win.exe"                                                                                                                                                                                                                   [4440896 2012-08-10] (Akamai Technologies, Inc.)
HKCU\...\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [1475584 2010-11-21] (Microsoft Corporation)
HKCU\...\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5622512 2013-05-15] (SUPERAntiSpyware.com)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [336384 2011-05-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [75048 2011-01-25] (cyberlink)
HKLM-x32\...\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup [312376 2012-02-09] (Power Software Ltd)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-01-28] (Apple Inc.)
HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [EKStatusMonitor] C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe [2844608 2012-10-15] (Eastman Kodak Company)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-02-20] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [926896 2012-09-23] (Adobe Systems Incorporated)
HKLM-x32\...\Run: []  [x]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe" [3477640 2012-09-23] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Conime] %windir%\system32\conime.exe [x]
HKU\Jenny\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-10-25] (Apple Inc.)
Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (No File)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPNOT/2
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPNOT/2
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPNOT/2
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM - {82A4461A-12CF-4609-AA32-4EB03B8D826D} URL = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/710-111095-2958-3/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 - {82A4461A-12CF-4609-AA32-4EB03B8D826D} URL = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/710-111095-2958-3/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
HKCU SearchScopes: DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL =
SearchScopes: HKCU - {FFF0D2EF-D55D-47F8-96E0-F63A316AEFBD} URL = http://search.zonealarm.com/search?src=sp&tbid=base2013&Lan=en&q={searchTerms}&gu=6498ca824d8041408c6cdc44b368d20b&tu=11JL0008H2B000s&sku=&tstsId=&ver=&&r=645
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: TrueSuite Website Log On - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP)
BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: TrueSuite Website Log On - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP)
BHO-x32: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll No File
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe Acrobat Create PDF Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
Toolbar: HKLM-x32 - No Name - {98889811-442D-49dd-99D7-DC866BE87DBC} -  No File
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll No File
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
PDF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
PDF: HKLM-x32 {3FC80F5C-946D-430E-A650-6457CA9AD031} http://192.168.0.1/WebCamX.cab
PDF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab
Winsock: Catalog5 01 %SystemRoot%\System32\mswsock.dll [232448] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 10 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [36352] (Microsoft Corporation)
Winsock: Catalog5-x64 01 %SystemRoot%\System32\mswsock.dll [326144] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 10 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [143088 2013-05-07] (SUPERAntiSpyware.com)
S4 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [18656 2011-02-02] ()
R2 Browser Manager; C:\ProgramData\Browser Manager\2.6.1249.132\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe [2787280 2013-03-22] ()
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [241648 2011-01-25] (CyberLink)
S2 KMService; C:\Windows\SysWow64\srvany.exe [8192 2012-10-01] ()
S4 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-02-05] ()
S4 Remote Solver for Flow Simulation 2012; C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe [109624 2011-08-17] (Mentor Graphics Corporation)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2072896 2011-10-20] (TuneUp Software)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] ()
S2 HP Health Check Service; "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe" [x]
S2 MsMpSvc; "c:\Program Files\Microsoft Security Client\MsMpEng.exe" [x]
S3 NisSrv; "c:\Program Files\Microsoft Security Client\NisSrv.exe" [x]

==================== Drivers (Whitelisted) ====================

R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [11856 2011-10-20] (TuneUp Software)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S1 dfiaimcf; \??\C:\Windows\system32\drivers\dfiaimcf.sys [x]
S3 intaud_WaveExtensible; system32\drivers\intelaud.sys [x]
S3 iwdbus; system32\DRIVERS\iwdbus.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-05-28 17:05 - 2013-05-28 17:05 - 01915616 ____A (Farbar) C:\Users\User\Desktop\FRST64.exe
2013-05-28 17:01 - 2013-05-28 17:01 - 00000000 ____D C:\Users\Guest\Documents\ForceField Shared Files
2013-05-28 17:01 - 2013-05-28 17:01 - 00000000 ____D C:\Users\Guest\AppData\Roaming\CheckPoint
2013-05-28 16:59 - 2013-05-28 16:59 - 00020865 ____A C:\ComboFix.txt
2013-05-28 16:35 - 2013-05-28 16:35 - 09818384 ____A (SurfRight B.V.) C:\Users\User\Downloads\HitmanPro_x64.exe
2013-05-28 16:34 - 2013-05-28 16:34 - 00000000 ____D C:\Users\User\AppData\Roaming\CheckPoint
2013-05-28 16:34 - 2013-05-28 16:34 - 00000000 ____D C:\Program Files\CheckPoint
2013-05-28 16:34 - 2013-05-28 16:34 - 00000000 ____A C:\END
2013-05-28 16:33 - 2013-05-28 16:43 - 00000000 ____D C:\ProgramData\CheckPoint
2013-05-28 16:33 - 2013-05-28 16:43 - 00000000 ____D C:\Program Files (x86)\CheckPoint
2013-05-28 16:33 - 2013-05-28 16:33 - 00000000 ____D C:\Users\User\AppData\Local\TopArcadeHits
2013-05-28 16:32 - 2013-05-28 16:32 - 00584600 ____A C:\Users\User\Desktop\cbsidlm-tr1_13-HitmanPro_3_64bit-ORG-75110395.exe
2013-05-28 16:21 - 2013-05-28 16:21 - 00816128 ____A C:\Users\User\Desktop\RogueKiller.exe
2013-05-28 16:14 - 2013-05-28 16:14 - 00000000 ____D C:\Program Files (x86)\Norton Utilities 2013
2013-05-28 16:12 - 2013-05-28 16:12 - 00000000 ____D C:\Users\User\Downloads\Norton Utilities 2013 16.0.0.126 Final + Crack (100% Working)
2013-05-28 16:10 - 2013-05-28 16:36 - 00000000 ____D C:\Users\Guest\AppData\Roaming\uTorrent
2013-05-28 15:16 - 2013-05-28 15:16 - 00187464 ____A (Webroot) C:\Users\User\Desktop\antizeroaccess.exe
2013-05-28 15:10 - 2013-05-28 15:10 - 02218636 ____A C:\Users\User\Desktop\tdsskiller.zip
2013-05-28 15:10 - 2013-02-11 18:51 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\User\Desktop\TDSSKiller.exe
2013-05-28 14:48 - 2013-05-28 14:49 - 05073758 ____R (Swearware) C:\Users\User\Desktop\ComboFix.exe
2013-05-28 14:28 - 2013-05-28 14:29 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-05-28 14:28 - 2013-04-04 14:50 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-05-28 14:14 - 2013-05-28 14:46 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-05-28 14:14 - 2013-05-28 14:14 - 00001808 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2013-05-28 14:14 - 2013-05-28 14:14 - 00000000 ____D C:\Users\User\AppData\Roaming\SUPERAntiSpyware.com
2013-05-28 14:14 - 2013-05-28 14:14 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2013-05-28 14:10 - 2013-05-28 14:10 - 00007668 ____A C:\Users\Guest\Desktop\Rkill.txt
2013-05-28 14:09 - 2013-05-28 14:09 - 10285040 ____A (Malwarebytes Corporation                                    ) C:\Users\Guest\Downloads\mbam-setup-1.75.0.1300.exe
2013-05-28 14:07 - 2013-05-28 14:07 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Babylon
2013-05-28 14:03 - 2013-05-28 14:47 - 00000000 ____D C:\ProgramData\PC1Data
2013-05-28 14:03 - 2013-05-28 14:03 - 00000864 ____A C:\Users\Guest\Desktop\MyPC Backup.lnk
2013-05-28 14:03 - 2013-05-28 14:02 - 05369552 ____A (PC Cleaners) C:\ProgramData\pclunst.exe
2013-05-28 13:57 - 2013-05-28 13:57 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2013-05-28 13:53 - 2013-05-28 14:11 - 00000000 ____A C:\ProgramData\kjhy64.txt
2013-05-28 13:53 - 2013-05-28 13:53 - 00002644 ____A C:\ProgramData\3wbof.js
2013-05-28 13:53 - 2013-05-28 13:53 - 00000151 ____A C:\ProgramData\3wbof.reg
2013-05-28 09:15 - 2013-05-28 09:22 - 00000000 ____D C:\Users\User\Downloads\Ludovico Einaudi
2013-05-20 20:20 - 2013-05-22 08:00 - 00000000 ____D C:\FRST
2013-05-18 17:54 - 2013-05-18 17:54 - 00000000 ____D C:\ProgramData\ErrorEND64
2013-05-18 07:50 - 2013-05-18 07:50 - 00017058 ____A C:\FixitRegBackup.reg
2013-05-18 07:49 - 2013-05-18 07:49 - 00806400 ____A C:\Users\Guest\Downloads\MicrosoftFixit50692.msi
2013-05-18 07:39 - 2013-05-18 07:39 - 13475464 ____A (Microsoft Corporation) C:\Users\Guest\Downloads\mseinstall.exe
2013-05-17 21:43 - 2013-05-17 21:43 - 25737400 ____A (SUPERAntiSpyware.com) C:\Users\Guest\Downloads\SUPERAntiSpyware.exe
2013-05-17 21:43 - 2013-05-17 21:43 - 01761408 ____A (Bleeping Computer, LLC) C:\Users\Guest\Downloads\rkill.exe
2013-05-17 19:22 - 2013-05-17 19:22 - 00000000 ____D C:\b1578cdc4e0aa24c2196
2013-05-16 18:39 - 2013-05-05 22:36 - 17818624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-16 18:39 - 2013-05-05 22:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-05-16 18:39 - 2013-05-05 20:25 - 12324864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-05-16 18:39 - 2013-05-05 20:12 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-05-16 18:38 - 2013-04-05 02:19 - 10926080 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-05-16 18:38 - 2013-04-05 02:08 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-05-16 18:38 - 2013-04-05 02:01 - 01346560 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-05-16 18:38 - 2013-04-05 02:00 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-05-16 18:38 - 2013-04-05 01:59 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-05-16 18:38 - 2013-04-05 01:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-05-16 18:38 - 2013-04-05 01:57 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-05-16 18:38 - 2013-04-05 01:56 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-05-16 18:38 - 2013-04-05 01:55 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-05-16 18:38 - 2013-04-05 01:55 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-05-16 18:38 - 2013-04-05 01:54 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-05-16 18:38 - 2013-04-05 01:54 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-05-16 18:38 - 2013-04-05 01:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-05-16 18:38 - 2013-04-05 01:46 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-05-16 18:38 - 2013-04-04 23:11 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-05-16 18:38 - 2013-04-04 23:09 - 09738752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-05-16 18:38 - 2013-04-04 23:02 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-05-16 18:38 - 2013-04-04 23:02 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-05-16 18:38 - 2013-04-04 23:02 - 01104384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-05-16 18:38 - 2013-04-04 23:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-05-16 18:38 - 2013-04-04 22:59 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-05-16 18:38 - 2013-04-04 22:58 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-05-16 18:38 - 2013-04-04 22:58 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-05-16 18:38 - 2013-04-04 22:57 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-05-16 18:38 - 2013-04-04 22:56 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-05-16 18:38 - 2013-04-04 22:55 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-05-16 18:38 - 2013-04-04 22:54 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-05-16 18:38 - 2013-04-04 22:50 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-05-16 17:53 - 2013-04-10 07:01 - 00983400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-05-16 17:53 - 2013-04-10 07:01 - 00265064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2013-05-16 17:53 - 2013-04-10 04:30 - 03153920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-05-16 17:53 - 2013-03-19 06:53 - 00230400 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll
2013-05-16 17:53 - 2013-03-19 06:53 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll
2013-05-16 17:53 - 2013-02-27 07:02 - 00111448 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe
2013-05-16 17:53 - 2013-02-27 06:52 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-05-16 17:53 - 2013-02-27 06:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2013-05-16 17:53 - 2013-02-27 06:48 - 01930752 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-05-16 17:53 - 2013-02-27 06:47 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll
2013-05-16 17:53 - 2013-02-27 05:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-05-16 17:53 - 2013-02-27 05:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-05-16 17:53 - 2013-02-27 05:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-05-16 17:53 - 2011-02-03 12:25 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
2013-05-14 20:31 - 2013-05-14 20:31 - 00000000 ____D C:\Users\Anthony\Mr Cropper
2013-05-09 10:21 - 2013-05-09 22:50 - 00000000 ____A C:\LowLevel.txt
2013-05-08 16:59 - 2013-05-15 12:08 - 00000000 ____D C:\RemoteData
2013-05-08 16:51 - 2013-05-08 16:51 - 00001686 ____A C:\Users\Public\Desktop\Remote Console.lnk
2013-05-08 16:38 - 2013-05-09 22:51 - 00000000 ____D C:\Program Files (x86)\remoteAP
2013-05-08 16:38 - 2010-07-14 16:01 - 00421888 ____A () C:\Windows\SysWOW64\RTClientSDK71.dll
2013-05-08 16:38 - 2010-05-20 21:32 - 00541696 ____A C:\Windows\SysWOW64\IPCDCore.dll
2013-05-08 16:38 - 2010-05-20 21:32 - 00519680 ____A (NVD) C:\Windows\SysWOW64\NVDME50.dll
2013-05-08 16:38 - 2010-05-20 21:32 - 00398336 ____A (NVD) C:\Windows\SysWOW64\NVDHE50.dll
2013-05-08 16:38 - 2010-05-20 21:32 - 00233472 ____A (AvermediaInfo) C:\Windows\SysWOW64\IPCXD10.dll
2013-05-08 16:38 - 2010-05-20 21:32 - 00091136 ____A (NVD) C:\Windows\SysWOW64\AvsCodec51.dll
2013-05-08 16:38 - 2010-05-20 21:32 - 00059904 ____A (avermediainfo) C:\Windows\SysWOW64\IPCMD10.dll
2013-05-08 16:38 - 2010-05-20 21:32 - 00045568 ____A (avermediainfo) C:\Windows\SysWOW64\IPCHD10.dll
2013-05-08 16:38 - 2009-12-16 09:30 - 00831591 ____A (AVerMediaInfo) C:\Windows\SysWOW64\AvsAudioCodec.dll
2013-05-08 16:38 - 2009-05-15 11:42 - 00131072 ____A () C:\Windows\SysWOW64\NetworkAPI.dll
2013-05-08 16:38 - 2008-09-09 13:20 - 00352256 ____A (Intel Corporation) C:\Windows\SysWOW64\ijl15.dll
2013-05-08 16:38 - 2008-09-09 13:20 - 00188416 ____A () C:\Windows\SysWOW64\decode.dll
2013-05-08 16:38 - 2008-09-09 13:20 - 00081920 ____A (Avermedia) C:\Windows\SysWOW64\IPCJD20.dll
2013-05-08 16:38 - 2008-09-09 13:20 - 00061440 ____A (NVD) C:\Windows\SysWOW64\Xrypassd.dll
2013-05-08 16:38 - 2008-09-09 13:20 - 00057344 ____A (NVD) C:\Windows\SysWOW64\postprocess.dll
2013-05-08 16:38 - 2008-09-09 13:20 - 00049152 ____A (NVD) C:\Windows\SysWOW64\G723Codec.dll
2013-05-08 16:38 - 2008-09-09 13:20 - 00049152 ____A (AVerMedia) C:\Windows\SysWOW64\AudioDec.dll
2013-05-08 16:38 - 2008-09-09 13:20 - 00001147 ____A C:\Windows\SysWOW64\IPCamera.ini

==================== One Month Modified Files and Folders =======

2013-05-28 17:05 - 2013-05-28 17:05 - 01915616 ____A (Farbar) C:\Users\User\Desktop\FRST64.exe
2013-05-28 17:01 - 2013-05-28 17:01 - 00000000 ____D C:\Users\Guest\Documents\ForceField Shared Files
2013-05-28 17:01 - 2013-05-28 17:01 - 00000000 ____D C:\Users\Guest\AppData\Roaming\CheckPoint
2013-05-28 17:01 - 2009-07-14 06:13 - 00782748 ____A C:\Windows\System32\PerfStringBackup.INI
2013-05-28 17:00 - 2012-03-16 22:11 - 01291067 ____A C:\Windows\WindowsUpdate.log
2013-05-28 17:00 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\System32\NDF
2013-05-28 16:59 - 2013-05-28 16:59 - 00020865 ____A C:\ComboFix.txt
2013-05-28 16:59 - 2013-04-08 09:21 - 00000000 ____D C:\Qoobox
2013-05-28 16:57 - 2009-07-14 03:34 - 00000215 ____A C:\Windows\system.ini
2013-05-28 16:44 - 2009-07-14 05:45 - 00032064 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-05-28 16:44 - 2009-07-14 05:45 - 00032064 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-05-28 16:43 - 2013-05-28 16:33 - 00000000 ____D C:\ProgramData\CheckPoint
2013-05-28 16:43 - 2013-05-28 16:33 - 00000000 ____D C:\Program Files (x86)\CheckPoint
2013-05-28 16:42 - 2013-04-03 19:35 - 00000000 ___RD C:\Users\User\Dropbox
2013-05-28 16:42 - 2013-04-03 19:34 - 00000000 ____D C:\Users\User\AppData\Roaming\Dropbox
2013-05-28 16:38 - 2012-08-12 09:55 - 00000000 ____D C:\users\Anthony
2013-05-28 16:37 - 2012-09-18 20:37 - 00006873 ____A C:\Windows\setupact.log
2013-05-28 16:37 - 2012-05-05 11:52 - 00000000 ____D C:\ProgramData\Kodak
2013-05-28 16:37 - 2009-07-14 06:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-05-28 16:36 - 2013-05-28 16:10 - 00000000 ____D C:\Users\Guest\AppData\Roaming\uTorrent
2013-05-28 16:35 - 2013-05-28 16:35 - 09818384 ____A (SurfRight B.V.) C:\Users\User\Downloads\HitmanPro_x64.exe
2013-05-28 16:35 - 2013-04-08 09:57 - 00000000 ____D C:\ProgramData\HitmanPro
2013-05-28 16:35 - 2012-03-25 10:53 - 00000000 ____D C:\Users\User\AppData\Local\CrashDumps
2013-05-28 16:34 - 2013-05-28 16:34 - 00000000 ____D C:\Users\User\AppData\Roaming\CheckPoint
2013-05-28 16:34 - 2013-05-28 16:34 - 00000000 ____D C:\Program Files\CheckPoint
2013-05-28 16:34 - 2013-05-28 16:34 - 00000000 ____A C:\END
2013-05-28 16:34 - 2012-09-06 10:41 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-05-28 16:34 - 2012-03-28 07:20 - 00059392 __ASH C:\Users\User\Thumbs.db
2013-05-28 16:34 - 2012-03-25 09:14 - 00000000 ____D C:\Users\User\AppData\Roaming\uTorrent
2013-05-28 16:33 - 2013-05-28 16:33 - 00000000 ____D C:\Users\User\AppData\Local\TopArcadeHits
2013-05-28 16:33 - 2012-03-25 09:15 - 00000000 ____D C:\Users\User\AppData\Roaming\Mozilla
2013-05-28 16:33 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\Resources
2013-05-28 16:32 - 2013-05-28 16:32 - 00584600 ____A C:\Users\User\Desktop\cbsidlm-tr1_13-HitmanPro_3_64bit-ORG-75110395.exe
2013-05-28 16:25 - 2012-04-04 18:51 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-05-28 16:21 - 2013-05-28 16:21 - 00816128 ____A C:\Users\User\Desktop\RogueKiller.exe
2013-05-28 16:14 - 2013-05-28 16:14 - 00000000 ____D C:\Program Files (x86)\Norton Utilities 2013
2013-05-28 16:12 - 2013-05-28 16:12 - 00000000 ____D C:\Users\User\Downloads\Norton Utilities 2013 16.0.0.126 Final + Crack (100% Working)
2013-05-28 16:09 - 2012-03-25 09:15 - 00000000 ____D C:\Program Files (x86)\uTorrent
2013-05-28 15:16 - 2013-05-28 15:16 - 00187464 ____A (Webroot) C:\Users\User\Desktop\antizeroaccess.exe
2013-05-28 15:10 - 2013-05-28 15:10 - 02218636 ____A C:\Users\User\Desktop\tdsskiller.zip
2013-05-28 14:58 - 2013-04-08 09:21 - 00000000 ____D C:\Windows\ERDNT
2013-05-28 14:58 - 2012-09-18 20:36 - 00047352 ____A C:\Windows\PFRO.log
2013-05-28 14:49 - 2013-05-28 14:48 - 05073758 ____R (Swearware) C:\Users\User\Desktop\ComboFix.exe
2013-05-28 14:49 - 2009-07-14 06:08 - 00032548 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-05-28 14:47 - 2013-05-28 14:03 - 00000000 ____D C:\ProgramData\PC1Data
2013-05-28 14:46 - 2013-05-28 14:14 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-05-28 14:36 - 2012-03-24 19:53 - 00002150 ____A C:\Windows\epplauncher.mif
2013-05-28 14:29 - 2013-05-28 14:28 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-05-28 14:14 - 2013-05-28 14:14 - 00001808 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2013-05-28 14:14 - 2013-05-28 14:14 - 00000000 ____D C:\Users\User\AppData\Roaming\SUPERAntiSpyware.com
2013-05-28 14:14 - 2013-05-28 14:14 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2013-05-28 14:11 - 2013-05-28 13:53 - 00000000 ____A C:\ProgramData\kjhy64.txt
2013-05-28 14:10 - 2013-05-28 14:10 - 00007668 ____A C:\Users\Guest\Desktop\Rkill.txt
2013-05-28 14:09 - 2013-05-28 14:09 - 10285040 ____A (Malwarebytes Corporation                                    ) C:\Users\Guest\Downloads\mbam-setup-1.75.0.1300.exe
2013-05-28 14:07 - 2013-05-28 14:07 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Babylon
2013-05-28 14:03 - 2013-05-28 14:03 - 00000864 ____A C:\Users\Guest\Desktop\MyPC Backup.lnk
2013-05-28 14:02 - 2013-05-28 14:03 - 05369552 ____A (PC Cleaners) C:\ProgramData\pclunst.exe
2013-05-28 13:57 - 2013-05-28 13:57 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2013-05-28 13:53 - 2013-05-28 13:53 - 00002644 ____A C:\ProgramData\3wbof.js
2013-05-28 13:53 - 2013-05-28 13:53 - 00000151 ____A C:\ProgramData\3wbof.reg
2013-05-28 09:22 - 2013-05-28 09:15 - 00000000 ____D C:\Users\User\Downloads\Ludovico Einaudi
2013-05-27 10:29 - 2012-06-22 10:15 - 00000000 ____D C:\Users\Guest\AppData\Local\Eastman Kodak Company
2013-05-24 16:03 - 2013-01-07 20:27 - 00000000 ____D C:\Users\User\Desktop\IFM Training Course
2013-05-24 13:40 - 2012-08-03 20:13 - 00000000 ____D C:\Users\User\AQUATIC CONTROL
2013-05-23 18:55 - 2012-08-03 18:59 - 00000000 ____D C:\Users\User\IFM Course
2013-05-22 18:57 - 2012-07-03 20:13 - 00000000 ____D C:\Users\User\AppData\Roaming\SolidWorks
2013-05-22 08:00 - 2013-05-20 20:20 - 00000000 ____D C:\FRST
2013-05-19 16:06 - 2012-04-11 16:20 - 00154680 ____A C:\Users\Jenny\AppData\Local\GDIPFONTCACHEV1.DAT
2013-05-18 18:40 - 2013-03-11 19:31 - 00000000 ____D C:\Program Files (x86)\Google
2013-05-18 18:34 - 2012-04-26 13:36 - 00000000 ____D C:\Users\User\AppData\Local\Google
2013-05-18 17:54 - 2013-05-18 17:54 - 00000000 ____D C:\ProgramData\ErrorEND64
2013-05-18 12:04 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-05-18 11:03 - 2012-08-03 18:42 - 00000000 ____D C:\Users\User\Downloads\Software Archive
2013-05-18 07:50 - 2013-05-18 07:50 - 00017058 ____A C:\FixitRegBackup.reg
2013-05-18 07:49 - 2013-05-18 07:49 - 00806400 ____A C:\Users\Guest\Downloads\MicrosoftFixit50692.msi
2013-05-18 07:39 - 2013-05-18 07:39 - 13475464 ____A (Microsoft Corporation) C:\Users\Guest\Downloads\mseinstall.exe
2013-05-17 21:43 - 2013-05-17 21:43 - 25737400 ____A (SUPERAntiSpyware.com) C:\Users\Guest\Downloads\SUPERAntiSpyware.exe
2013-05-17 21:43 - 2013-05-17 21:43 - 01761408 ____A (Bleeping Computer, LLC) C:\Users\Guest\Downloads\rkill.exe
2013-05-17 21:32 - 2012-06-22 10:16 - 00154680 ____A C:\Users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
2013-05-17 19:32 - 2009-07-14 05:45 - 05079328 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-17 19:28 - 2012-03-30 20:07 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-05-17 19:22 - 2013-05-17 19:22 - 00000000 ____D C:\b1578cdc4e0aa24c2196
2013-05-17 19:22 - 2012-03-31 10:47 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-05-15 12:08 - 2013-05-08 16:59 - 00000000 ____D C:\RemoteData
2013-05-14 21:25 - 2012-04-04 18:51 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-05-14 21:25 - 2012-04-04 18:51 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-05-14 20:31 - 2013-05-14 20:31 - 00000000 ____D C:\Users\Anthony\Mr Cropper
2013-05-13 18:50 - 2012-09-06 10:42 - 00000000 ____D C:\ProgramData\Browser Manager
2013-05-09 22:51 - 2013-05-08 16:38 - 00000000 ____D C:\Program Files (x86)\remoteAP
2013-05-09 22:50 - 2013-05-09 10:21 - 00000000 ____A C:\LowLevel.txt
2013-05-08 16:58 - 2012-04-29 16:15 - 00000000 ____D C:\CMS
2013-05-08 16:51 - 2013-05-08 16:51 - 00001686 ____A C:\Users\Public\Desktop\Remote Console.lnk
2013-05-08 16:51 - 2011-08-24 19:56 - 00000000 ____D C:\Program Files (x86)\InstallShield Installation Information
2013-05-08 16:38 - 2012-03-16 16:09 - 00000000 ____D C:\Users\User\AppData\Local\VirtualStore
2013-05-05 22:36 - 2013-05-16 18:39 - 17818624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-05 22:16 - 2013-05-16 18:39 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-05-05 20:25 - 2013-05-16 18:39 - 12324864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-05-05 20:12 - 2013-05-16 18:39 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-05-02 16:29 - 2010-11-21 04:27 - 00278800 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2013-04-28 21:15 - 2013-02-10 19:17 - 00000000 ____D C:\Users\User\Downloads\The Sudden Passion - Southern Fashion

Other Malware:
===========
C:\ProgramData\pclunst.exe
C:\ProgramData\3wbof.reg

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender

Last Boot: 2013-05-24 14:01

==================== End Of Log ============================

 

Attached Files



#14 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 8,386 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:44 AM

Posted 28 May 2013 - 03:52 PM

Download the enclosed file. Attached File  fixlist.txt   387bytes   11 downloads

Save it next to FRST, overwriting the existing one..

Run FRST in Normal Mode, as you did before, except that this time around click on the fix button and wait. It should take a while.

The tool will make a log next to FRST (Fixlog.txt) please post it to your reply.

No request for help throughout private messaging will be attended.


If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#15 shoutie1980

shoutie1980
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:44 AM

Posted 30 May 2013 - 03:44 AM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-05-2013
Ran by User at 2013-05-30 09:42:39 Run:5
Running from C:\Users\User\Desktop
Boot Mode: Normal
==============================================

"C:\Program Files\Windows Defender" => Deleting junctions and unlocking files completed successfully.
Winsock: Catalog5 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll
Winsock: Catalog5 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll

==== End of Fixlog ====






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users