Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Microsoft Security Essentials corrupted in Win XP


  • This topic is locked This topic is locked
30 replies to this topic

#1 smind44

smind44

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:35 PM

Posted 02 June 2013 - 02:59 PM

Hi.  I posted about this problem in the "Am I Infected" subforum and as told to post a DDS log here.  I'll just copy my post from there:

 

Last night I found my computer was infected with a rogue security program called "Internet Security 2013".  It was announcing false positives, hogging resources with a fake svchost process, and redirecting google searches.  After running TDSSKiller and Combofix, it looks like I've removed any trace of the rogue program-- at least, there's nothing hogging the cpu or memory, and I'm not being redirected to obvious fake security-related sites.

 

So here's my problem:  when I was running ComboFix, it asked be to de-activate Microsoft Security Essentials.  When I tried to open the MSE control panel, I got some generic error window (sorry, I didn't write down what it said).  So i decided to uninstall MSE throgh the "add/remove programs" panel.  After running ComboFix, I was able to download the legit MSE installer  from the microsoft website.  I thought I'd be able to reinstall MSE easily, but whe I run the install wizard I get an error message saying the installation can not be completed.

 

It gives this error code:  0x80070643

 

I did some searching, and apparently this error happens when you have other anti-virus software installed that conflicts with MSE.  I don't have any other AV software, and I thought I uninstalled my old MSE correctly (it no longer shows up in my add/remove programs window).  I used this microsoft fixit thing to uninstall Microsoft Security Client, but when I try to instal MSE again I get the same error.

 

A related problem:  when I look in "C:\Program Files\Microsoft Security Client"  I see the following subfolders: "Antimalware", "Backpup", "Drivers", and "en-us", but if I try to open any of them I get the error:

 

C:\Program Files\Microsoft Security Client\Drivers is not accessible.

The file can not be accessed by the system.

 

So I'm really stumped here.  I can't instal my antivirus program because I can't remove my old one. Have I corrupted my install of Security Essentials, or is there possibly still Malware on my system? 

 

Thanks.

 

So in summary:  Can't install MSE, can't remove the previous install of it, computer seems to be running normally otherwise. 

 

Here is the log from DDS:

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.21.2
Run by Ben at 15:46:45 on 2013-06-02
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2046.1177 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe
C:\Documents and Settings\Ben\Application Data\Spotify\Data\SpotifyWebHelper.exe
C:\Documents and Settings\Ben\Local Settings\Apps\F.lux\flux.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Ben\Application Data\Dropbox\bin\Dropbox.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\svchost.exe -k netsvcs
.
============== Pseudo HJT Report ===============
.
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>
uRun: [Spotify Web Helper] "c:\documents and settings\ben\application data\spotify\data\SpotifyWebHelper.exe"
uRun: [F.lux] "c:\documents and settings\ben\local settings\apps\f.lux\flux.exe" /noshow
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\ben\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [Nvtmru] "c:\program files\nvidia corporation\nvidia update core\nvtmru.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\ben\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\ben\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\ben\application data\dropbox\bin\Dropbox.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1368202830937
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1368202875562
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: Interfaces\{65429C12-B0A7-4789-B937-C279260E7CB7} : DHCPNameServer = 192.168.0.1
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\ben\application data\mozilla\firefox\profiles\70rwjnzk.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
FF - plugin: c:\documents and settings\ben\local settings\application data\google\update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: c:\documents and settings\ben\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\amazon\mp3 downloader\npAmazonMP3DownloaderPlugin101710.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: c:\program files\sumatrapdf\npPdfViewer.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_202.dll
FF - ExtSQL: 2013-05-07 11:44; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\documents and settings\ben\application data\mozilla\firefox\profiles\70rwjnzk.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
.
============= SERVICES / DRIVERS ===============
.
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2011-9-3 3032360]
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [2012-3-9 547744]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2011-9-3 15144]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 cmudaxp;ASUS Xonar DG Audio Interface;c:\windows\system32\drivers\cmudaxp.sys --> c:\windows\system32\drivers\cmudaxp.sys [?]
.
=============== Created Last 30 ================
.
2013-05-25 04:42:05    --------    d-----w-    c:\documents and settings\ben\application data\StarseedPilgrim
2013-05-24 01:41:33    --------    d-----w-    c:\documents and settings\ben\local settings\application data\NVIDIA
2013-05-24 01:30:14    892704    ----a-w-    c:\windows\system32\nvhdagenco3220103.dll
2013-05-24 01:30:09    893728    ----a-w-    c:\windows\system32\nvdispgenco3232018.dll
2013-05-24 01:30:09    1024288    ----a-w-    c:\windows\system32\nvdispco3232018.dll
2013-05-21 02:20:22    --------    d-----w-    c:\program files\CodeTwo
2013-05-17 03:36:26    --------    d-----w-    c:\documents and settings\ben\application data\FEZ
2013-05-17 03:34:39    --------    d-----w-    C:\GOG Games
2013-05-15 01:56:29    94112    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2013-05-11 22:53:43    --------    d-----w-    c:\windows\pss
2013-05-11 22:40:22    --------    d-----w-    c:\program files\CCleaner
2013-05-10 18:40:07    --------    d-----w-    c:\documents and settings\ben\application data\Malwarebytes
2013-05-10 18:39:57    --------    d-----w-    c:\documents and settings\all users\application data\Malwarebytes
2013-05-10 16:43:32    --------    d-----w-    c:\documents and settings\ben\application data\ElevatedDiagnostics
2013-05-10 16:43:17    --------    d-----w-    c:\documents and settings\ben\local settings\application data\Takechin
2013-05-10 15:09:10    1458    ----a-w-    C:\FixitRegBackup.reg
2013-05-10 14:56:58    --------    d-----w-    C:\MATS
2013-05-10 04:08:35    --------    d-sha-r-    C:\cmdcons
2013-05-10 04:04:27    98816    ----a-w-    c:\windows\sed.exe
2013-05-10 04:04:27    256000    ----a-w-    c:\windows\PEV.exe
2013-05-10 04:04:27    208896    ----a-w-    c:\windows\MBR.exe
2013-05-10 00:41:20    --------    d-----w-    C:\TDSSKiller_Quarantine
2013-05-09 23:15:16    --------    d-----w-    C:\WTablet
2013-05-09 23:13:18    --------    d-----w-    c:\windows\system32\wbem\repository\FS
2013-05-09 23:13:18    --------    d-----w-    c:\windows\system32\wbem\Repository
.
==================== Find3M  ====================
.
2013-05-24 01:30:54    1091720    ----a-w-    c:\windows\system32\nvdrsdb0.bin
2013-05-24 01:30:54    1    ----a-w-    c:\windows\system32\nvdrssel.bin
2013-05-24 01:30:50    1091720    ----a-w-    c:\windows\system32\nvdrsdb1.bin
2013-05-15 03:41:45    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-15 03:41:45    692104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-05-12 21:37:35    7659520    ----a-w-    c:\windows\system32\nvcuda.dll
2013-05-12 21:37:35    6320128    ----a-w-    c:\windows\system32\nvopencl.dll
2013-05-12 21:37:35    4013568    ----a-w-    c:\windows\system32\nv4_disp.dll
2013-05-12 21:37:35    2759456    ----a-w-    c:\windows\system32\nvcuvid.dll
2013-05-12 21:37:35    2547712    ----a-w-    c:\windows\system32\nvapi.dll
2013-05-12 21:37:35    20197376    ----a-w-    c:\windows\system32\nvoglnt.dll
2013-05-12 21:37:35    2002720    ----a-w-    c:\windows\system32\nvcuvenc.dll
2013-05-12 21:37:35    17551360    ----a-w-    c:\windows\system32\nvcompiler.dll
2013-05-12 21:37:35    10967200    ----a-w-    c:\windows\system32\drivers\nv4_mini.sys
2013-05-12 20:16:47    54272    ----a-w-    c:\windows\system32\nvwddi.dll
2013-05-12 20:16:47    156960    ----a-w-    c:\windows\system32\nvsvc32.exe
2013-05-12 20:16:46    223008    ----a-w-    c:\windows\system32\nvmctray.dll
2013-05-12 20:16:46    15677728    ----a-w-    c:\windows\system32\nvcpl.dll
2013-05-12 20:16:46    144160    ----a-w-    c:\windows\system32\nvcolor.exe
2013-05-02 15:28:50    238872    ------w-    c:\windows\system32\MpSigStub.exe
2013-04-16 22:17:15    920064    ----a-w-    c:\windows\system32\wininet.dll
2013-04-16 22:17:14    43520    ------w-    c:\windows\system32\licmgr10.dll
2013-04-16 22:17:14    1469440    ------w-    c:\windows\system32\inetcpl.cpl
2013-04-12 23:28:55    385024    ------w-    c:\windows\system32\html.iec
2013-04-10 01:31:19    1876352    ----a-w-    c:\windows\system32\win32k.sys
2013-03-08 08:36:22    293376    ----a-w-    c:\windows\system32\winsrv.dll
2013-03-08 03:18:22    861088    ----a-w-    c:\windows\system32\npdeployJava1.dll
2013-03-08 03:18:21    782240    ----a-w-    c:\windows\system32\deployJava1.dll
2013-03-07 01:32:25    2149888    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-03-07 00:50:30    2028544    ----a-w-    c:\windows\system32\ntkrnlpa.exe
.
============= FINISH: 15:47:18.01 ===============
 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:35 PM

Posted 02 June 2013 - 04:12 PM



Hello smind44

These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 smind44

smind44
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:35 PM

Posted 02 June 2013 - 06:28 PM

Thanks for the quick reply!  Here are the contents of the AdwCleaner log:

# AdwCleaner v2.301 - Logfile created 06/02/2013 at 19:05:16
# Updated 16/05/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Ben - PETTENGI-W0RTJY
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Ben\Desktop\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Program Files\Common Files\spigot

***** [Registry] *****

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v21.0 (en-US)

File : C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\70rwjnzk.default\prefs.js

[OK] File is clean.

File : C:\Documents and Settings\Benjamin\Application Data\Mozilla\Firefox\Profiles\8gtkeamx.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v27.0.1453.94

File : C:\Documents and Settings\Ben\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

-\\ Opera v12.2.1578.0

File : C:\Documents and Settings\Ben\Application Data\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [1333 octets] - [02/06/2013 19:05:16]

########## EOF - C:\AdwCleaner[S1].txt - [1393 octets] ##########

and JRT.txt:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Microsoft Windows XP x86
Ran by Ben on Sun 06/02/2013 at 19:14:14.56
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Documents and Settings\Ben\Application Data\mozilla\firefox\profiles\70rwjnzk.default\minidumps [3 files]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 06/02/2013 at 19:16:05.71
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Both programs ran fine, but I still get the same error when trying to install MSE.



#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:35 PM

Posted 02 June 2013 - 09:01 PM


Hello smind44

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 smind44

smind44
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:35 PM

Posted 05 June 2013 - 11:02 AM

I download an ran combofix, but it says that Microsoft Security Essentials is still running.  When I tried running combofix on my own a few weeks ago, I couldn't open MSE to disable it, so I unintalled it through Add/Remove Programs instead.  MSE doesn't appear in the start menu, system tray, or the add/remove programs window.  There's a folder called "Microsoft Security Client" in the Program Files directory, but like I said there's nothing inside but a few more folders I can't open.  Should I attempt to run ComboFix anyway?



#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:35 PM

Posted 05 June 2013 - 11:30 AM

yes go ahead and run it


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 smind44

smind44
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:35 PM

Posted 05 June 2013 - 12:51 PM

OK, I ran Combofix.  Here's the log file:

 

ComboFix 13-06-05.01 - Ben 06/05/2013  13:02:02.3.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2046.1392 [GMT -4:00]
Running from: c:\documents and settings\Ben\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
(((((((((((((((((((((((((   Files Created from 2013-05-05 to 2013-06-05  )))))))))))))))))))))))))))))))
.
.
2013-06-02 23:23 . 2013-06-02 23:24    --------    d-----w-    C:\1430347b477e23e205f386e0a2
2013-06-02 23:21 . 2013-06-02 23:22    --------    d-----w-    C:\46f11212fc7ff5cf4209b245215159
2013-06-02 23:14 . 2013-06-02 23:14    --------    d-----w-    c:\windows\ERUNT
2013-06-02 23:13 . 2013-06-02 23:13    --------    d-----w-    C:\JRT
2013-05-25 04:42 . 2013-05-25 04:42    --------    d-----w-    c:\documents and settings\Ben\Application Data\StarseedPilgrim
2013-05-24 01:41 . 2013-05-24 01:41    --------    d-----w-    c:\documents and settings\Ben\Local Settings\Application Data\NVIDIA
2013-05-24 01:32 . 2013-05-24 01:32    --------    d-----w-    c:\program files\AGEIA Technologies
2013-05-24 01:30 . 2013-01-29 08:35    892704    ----a-w-    c:\windows\system32\nvhdagenco3220103.dll
2013-05-24 01:30 . 2013-05-12 21:37    893728    ----a-w-    c:\windows\system32\nvdispgenco3232018.dll
2013-05-24 01:30 . 2013-05-12 21:37    1024288    ----a-w-    c:\windows\system32\nvdispco3232018.dll
2013-05-21 02:20 . 2013-05-21 02:20    --------    d-----w-    c:\program files\CodeTwo
2013-05-17 03:36 . 2013-05-17 03:38    --------    d-----w-    c:\documents and settings\Ben\Application Data\FEZ
2013-05-17 03:34 . 2013-05-17 03:34    --------    d-----w-    C:\GOG Games
2013-05-15 01:56 . 2013-05-15 01:56    --------    d-----w-    c:\program files\Common Files\Java
2013-05-15 01:56 . 2013-04-04 09:35    94112    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2013-05-11 22:40 . 2013-05-11 22:40    --------    d-----w-    c:\documents and settings\Benjamin
2013-05-11 22:40 . 2013-05-11 22:40    --------    d-----w-    c:\program files\CCleaner
2013-05-10 18:40 . 2013-05-10 18:40    --------    d-----w-    c:\documents and settings\Ben\Application Data\Malwarebytes
2013-05-10 18:39 . 2013-05-10 18:39    --------    d-----w-    c:\documents and settings\All Users\Application Data\Malwarebytes
2013-05-10 16:43 . 2013-05-10 16:53    --------    d-----w-    c:\documents and settings\Ben\Application Data\ElevatedDiagnostics
2013-05-10 16:43 . 2013-05-10 16:43    --------    d-----w-    c:\documents and settings\LocalService\Local Settings\Application Data\Takechin
2013-05-10 16:43 . 2013-05-10 16:43    --------    d-----w-    c:\documents and settings\Ben\Local Settings\Application Data\Takechin
2013-05-10 15:09 . 2013-05-10 22:03    1458    ----a-w-    C:\FixitRegBackup.reg
2013-05-10 14:56 . 2013-05-10 14:56    --------    d-----w-    C:\MATS
2013-05-10 00:41 . 2013-05-10 00:41    --------    d-----w-    C:\TDSSKiller_Quarantine
2013-05-09 23:15 . 2013-05-09 23:15    --------    d-----w-    C:\WTablet
2013-05-09 23:13 . 2013-05-10 13:09    --------    d-----w-    c:\windows\system32\wbem\Repository
2013-05-09 21:58 . 2013-05-09 21:58    --------    d-sh--w-    c:\documents and settings\LocalService\IETldCache
2013-05-09 21:48 . 2013-05-09 21:48    --------    d-----w-    c:\documents and settings\NetworkService\Local Settings\Application Data\Sun
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-15 03:41 . 2012-04-12 11:37    692104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-05-15 03:41 . 2012-01-27 14:36    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-12 21:37 . 2012-12-03 23:51    6320128    ----a-w-    c:\windows\system32\nvopencl.dll
2013-05-12 21:37 . 2011-09-02 18:48    10967200    ----a-w-    c:\windows\system32\drivers\nv4_mini.sys
2013-05-12 21:37 . 2011-09-02 18:48    4013568    ----a-w-    c:\windows\system32\nv4_disp.dll
2013-05-12 21:37 . 2010-07-30 00:47    7659520    ----a-w-    c:\windows\system32\nvcuda.dll
2013-05-12 21:37 . 2010-07-30 00:47    2759456    ----a-w-    c:\windows\system32\nvcuvid.dll
2013-05-12 21:37 . 2010-07-30 00:47    2002720    ----a-w-    c:\windows\system32\nvcuvenc.dll
2013-05-12 21:37 . 2010-07-30 00:47    17551360    ----a-w-    c:\windows\system32\nvcompiler.dll
2013-05-12 21:37 . 2007-12-05 05:41    2547712    ----a-w-    c:\windows\system32\nvapi.dll
2013-05-12 21:37 . 2007-12-05 05:41    20197376    ----a-w-    c:\windows\system32\nvoglnt.dll
2013-05-12 20:16 . 2007-12-05 05:41    54272    ----a-w-    c:\windows\system32\nvwddi.dll
2013-05-12 20:16 . 2007-12-05 05:41    156960    ----a-w-    c:\windows\system32\nvsvc32.exe
2013-05-12 20:16 . 2007-12-05 05:41    223008    ----a-w-    c:\windows\system32\nvmctray.dll
2013-05-12 20:16 . 2007-12-05 05:41    15677728    ----a-w-    c:\windows\system32\nvcpl.dll
2013-05-12 20:16 . 2007-12-05 05:41    144160    ----a-w-    c:\windows\system32\nvcolor.exe
2013-05-02 15:28 . 2011-09-02 19:16    238872    ------w-    c:\windows\system32\MpSigStub.exe
2013-04-16 22:17 . 2003-07-16 16:45    920064    ----a-w-    c:\windows\system32\wininet.dll
2013-04-16 22:17 . 2003-07-16 16:26    43520    ------w-    c:\windows\system32\licmgr10.dll
2013-04-16 22:17 . 2003-07-16 16:24    1469440    ------w-    c:\windows\system32\inetcpl.cpl
2013-04-12 23:28 . 2011-09-02 18:48    385024    ------w-    c:\windows\system32\html.iec
2013-04-10 01:31 . 2003-07-16 16:45    1876352    ----a-w-    c:\windows\system32\win32k.sys
2013-03-08 08:36 . 2003-07-16 16:45    293376    ----a-w-    c:\windows\system32\winsrv.dll
2013-03-08 03:18 . 2012-12-04 00:11    861088    ----a-w-    c:\windows\system32\npdeployJava1.dll
2013-03-08 03:18 . 2011-09-02 20:04    782240    ----a-w-    c:\windows\system32\deployJava1.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12    130736    ----a-w-    c:\documents and settings\Ben\Application Data\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12    130736    ----a-w-    c:\documents and settings\Ben\Application Data\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12    130736    ----a-w-    c:\documents and settings\Ben\Application Data\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12    130736    ----a-w-    c:\documents and settings\Ben\Application Data\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="c:\documents and settings\Ben\Application Data\Spotify\Data\SpotifyWebHelper.exe" [2013-05-12 1105408]
"F.lux"="c:\documents and settings\Ben\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-01-09 16859648]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2013-05-12 15677728]
"NvMediaCenter"="NvMCTray.dll" [2013-05-12 223008]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2013-05-12 2562848]
"Nvtmru"="c:\program files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-05-16 1012000]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\Ben\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Dropbox.lnk - c:\documents and settings\Ben\Application Data\Dropbox\bin\Dropbox.exe [2013-5-24 27776968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MBAMService"=2 (0x2)
"MBAMScheduler"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\The Understory\\Understory.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Unity\\Editor\\Unity.exe"=
"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=
"c:\\Games\\You Have to Win the Game\\TheGame.exe"=
"c:\\Program Files\\FlashDevelop\\FlashDevelop.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\Ben\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Documents and Settings\\Ben\\Application Data\\Spotify\\spotify.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
.
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [9/3/2011 4:40 PM 3032360]
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [3/9/2012 7:52 PM 547744]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [9/3/2011 4:40 PM 15144]
S3 cmudaxp;ASUS Xonar DG Audio Interface;c:\windows\system32\drivers\cmudaxp.sys --> c:\windows\system32\drivers\cmudaxp.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 03:41]
.
2013-01-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2013-06-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-602162358-1757981266-839522115-1003Core.job
- c:\documents and settings\Ben\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-09-04 21:36]
.
2013-06-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-602162358-1757981266-839522115-1003UA.job
- c:\documents and settings\Ben\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-09-04 21:36]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\Ben\Application Data\Mozilla\Firefox\Profiles\70rwjnzk.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
FF - ExtSQL: 2013-05-07 11:44; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\documents and settings\Ben\Application Data\Mozilla\Firefox\Profiles\70rwjnzk.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-06-05 13:11
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•A~*]
"AB141C35E9F4BF344B9FC010BB17F68A"="02:\\Software\\Adobe\\FeatureSubscriptions\\DVAAdobeDocMeta\\{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}\\Registered"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1556)
c:\windows\system32\WININET.dll
c:\documents and settings\Ben\Application Data\Dropbox\bin\DropboxExt.19.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2013-06-05  13:13:07
ComboFix-quarantined-files.txt  2013-06-05 17:12
ComboFix2.txt  2013-05-10 16:03
ComboFix3.txt  2013-05-10 04:27
.
Pre-Run: 162,809,442,304 bytes free
Post-Run: 162,906,882,048 bytes free
.
- - End Of File - - 92C7ADE7977150096A3EA2FF617F9BEB
 

 

 

It doesn't seem like things are running any differently.  I still can't install MSE or open the folders inside c:\program files\Microsoft Security Client

 

Is there anything else  I can try?



#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:35 PM

Posted 05 June 2013 - 05:06 PM


Hello smind44



Please download Farbar Recovery Scan Tool and save it to your desktop.


Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 smind44

smind44
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:35 PM

Posted 05 June 2013 - 06:18 PM

Okay, I ran FRST.  Here's the result:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-06-2013 01
Ran by Ben (administrator) on 05-06-2013 19:16:55
Running from C:\Documents and Settings\Ben\Desktop
Microsoft Windows XP Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Wacom Technology, Corp.) C:\WINDOWS\system32\Pen_Tablet.exe
(Wacom Technology, Corp.) C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
(Wacom Technology, Corp.) C:\WINDOWS\system32\Pen_Tablet.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDCPL] RTHDCPL.EXE [x]
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2012-10-25] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [152392 2013-02-20] (Apple Inc.)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-01-28] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [15677728 2013-05-12] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login [x]
HKLM\...\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet [2562848 2013-05-12] ()
HKLM\...\Run: [Nvtmru] "C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [1012000 2013-05-16] (NVIDIA Corporation)
Winlogon\Notify\WgaLogon: WgaLogon.dll (Microsoft Corporation)
HKCU\...\Run: [Spotify Web Helper] "C:\Documents and Settings\Ben\Application Data\Spotify\Data\SpotifyWebHelper.exe" [1105408 2013-05-11] (Spotify Ltd)
HKCU\...\Run: [F.lux] "C:\Documents and Settings\Ben\Local Settings\Apps\F.lux\flux.exe" /noshow [966656 2009-08-29] ()
Startup: C:\Documents and Settings\Ben\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Documents and Settings\Ben\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Documents and Settings\Ben\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKCU - {EA142C4A-F300-437E-A67C-0CF072928226} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
PDF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
PDF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
PDF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\70rwjnzk.default
FF Homepage: https://www.google.com/
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @mozilla.zeniko.ch/SumatraPDF_Browser_Plugin - C:\Program Files\SumatraPDF\npPdfViewer.dll (Simon Bünzli)
FF Extension: ChatZilla - C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\70rwjnzk.default\Extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
FF Extension: firebug - C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\70rwjnzk.default\Extensions\firebug@software.joehewitt.com.xpi
FF Extension: No Name - C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\70rwjnzk.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Documents and Settings\Ben\Local Settings\Application Data\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Documents and Settings\Ben\Local Settings\Application Data\Google\Chrome\Application\26.0.1410.64\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\Ben\Local Settings\Application Data\Google\Chrome\Application\26.0.1410.64\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\Ben\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll ()
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.300.12) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 6 U30) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Winamp Application Detector) - C:\Program Files\Mozilla Firefox\plugins\npwachk.dll (Nullsoft, Inc.)
CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Google Update) - C:\Documents and Settings\Ben\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Unity Player) - C:\Documents and Settings\Ben\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (YouTube) - C:\Documents and Settings\Ben\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1
CHR Extension: (Google Search) - C:\Documents and Settings\Ben\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1
CHR Extension: (Gmail) - C:\Documents and Settings\Ben\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1

========================== Services (Whitelisted) =================

R2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf" [x]

==================== Drivers (Whitelisted) ====================

R3 A3AB; C:\Windows\System32\DRIVERS\A3AB.sys [547744 2007-05-23] (D-Link Corporation)
S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [144384 2008-04-13] (Windows ® Server 2003 DDK provider)
S3 NABTSFEC; C:\Windows\System32\DRIVERS\NABTSFEC.sys [85248 2008-04-14] (Microsoft Corporation)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R3 NVENETFD; C:\Windows\System32\DRIVERS\NVENETFD.sys [54400 2007-07-30] (NVIDIA Corporation)
R3 NVHDA; C:\Windows\System32\drivers\nvhda32.sys [128672 2013-02-25] (NVIDIA Corporation)
R3 nvnetbus; C:\Windows\System32\DRIVERS\nvnetbus.sys [22016 2007-07-30] (NVIDIA Corporation)
S3 SLIP; C:\Windows\System32\DRIVERS\SLIP.sys [11136 2008-04-14] (Microsoft Corporation)
S3 streamip; C:\Windows\System32\DRIVERS\StreamIP.sys [15232 2008-04-14] (Microsoft Corporation)
S3 WSTCODEC; C:\Windows\System32\DRIVERS\WSTCODEC.SYS [19200 2008-04-14] (Microsoft Corporation)
S4 Abiosdsk; No ImagePath
S4 abp480n5; No ImagePath
S4 adpu160m; No ImagePath
S4 Aha154x; No ImagePath
S4 aic78u2; No ImagePath
S4 aic78xx; No ImagePath
S4 AliIde; No ImagePath
S4 amsint; No ImagePath
S4 asc; No ImagePath
S4 asc3350p; No ImagePath
S4 asc3550; No ImagePath
S4 Atdisk; No ImagePath
R3 catchme; \??\C:\DOCUME~1\Ben\LOCALS~1\Temp\catchme.sys [x]
S4 cd20xrnt; No ImagePath
S1 Changer; No ImagePath
S4 CmdIde; No ImagePath
S3 cmudaxp; system32\drivers\cmudaxp.sys [x]
S4 Cpqarray; No ImagePath
U4 dac2w2k; No ImagePath
S4 dac960nt; No ImagePath
S4 dpti2o; No ImagePath
S4 hpn; No ImagePath
S1 i2omgmt; No ImagePath
S4 i2omp; No ImagePath
S4 ini910u; No ImagePath
S4 IntelIde; No ImagePath
S1 lbrtfdc; No ImagePath
S4 mraid35x; No ImagePath
S1 PCIDump; No ImagePath
S3 PDCOMP; No ImagePath
S3 PDFRAME; No ImagePath
S3 PDRELI; No ImagePath
S3 PDRFRAME; No ImagePath
S4 perc2; No ImagePath
S4 perc2hib; No ImagePath
S4 ql1080; No ImagePath
S4 Ql10wnt; No ImagePath
S4 ql12160; No ImagePath
S4 ql1240; No ImagePath
S4 ql1280; No ImagePath
S4 Simbad; No ImagePath
S4 Sparrow; No ImagePath
S4 symc810; No ImagePath
S4 symc8xx; No ImagePath
S4 sym_hi; No ImagePath
S4 sym_u3; No ImagePath
S4 TosIde; No ImagePath
S3 UIUSys; system32\drivers\UIUSys.sys [x]
S4 ultra; No ImagePath
S4 ViaIde; No ImagePath
S3 WDICA; No ImagePath
U3 mbr; \??\C:\ComboFix\mbr.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-05 19:16 - 2013-06-05 19:16 - 01357013 ____A (Farbar) C:\Documents and Settings\Ben\Desktop\FRST.exe
2013-06-05 19:16 - 2013-06-05 19:16 - 00000000 ____D C:\FRST
2013-06-05 13:47 - 2013-06-05 13:47 - 00000000 ____D C:\75a728f90bef2a708a2529df8f43
2013-06-05 13:13 - 2013-06-05 13:13 - 00014138 ____A C:\ComboFix.txt
2013-06-05 11:51 - 2013-06-05 11:51 - 05077996 ____R (Swearware) C:\Documents and Settings\Ben\Desktop\ComboFix.exe
2013-06-02 19:23 - 2013-06-02 19:24 - 00000000 ____D C:\1430347b477e23e205f386e0a2
2013-06-02 19:21 - 2013-06-02 19:22 - 00000000 ____D C:\46f11212fc7ff5cf4209b245215159
2013-06-02 19:16 - 2013-06-02 19:16 - 00001052 ____A C:\Documents and Settings\Ben\Desktop\JRT.txt
2013-06-02 19:14 - 2013-06-02 19:14 - 00000000 ____D C:\Windows\ERUNT
2013-06-02 19:13 - 2013-06-02 19:13 - 00545954 ____A (Oleg N. Scherbakov) C:\Documents and Settings\Ben\Desktop\JRT.exe
2013-06-02 19:13 - 2013-06-02 19:13 - 00000000 ____D C:\JRT
2013-06-02 19:12 - 2013-06-02 19:12 - 00001462 ____A C:\Documents and Settings\Ben\Desktop\AdwCleaner[S1].txt
2013-06-02 19:05 - 2013-06-02 19:06 - 00001462 ____A C:\AdwCleaner[S1].txt
2013-06-02 19:04 - 2013-06-02 19:04 - 00632031 ____A C:\Documents and Settings\Ben\Desktop\AdwCleaner.exe
2013-06-02 15:47 - 2013-06-02 15:48 - 00022471 ____A C:\Documents and Settings\Ben\Desktop\attach.txt
2013-06-02 15:47 - 2013-06-02 15:48 - 00011245 ____A C:\Documents and Settings\Ben\Desktop\dds.txt
2013-06-02 15:45 - 2013-06-02 15:45 - 00688992 ____R (Swearware) C:\Documents and Settings\Ben\Desktop\dds.com
2013-05-25 00:42 - 2013-05-25 00:42 - 00000000 ____D C:\Documents and Settings\Ben\Application Data\StarseedPilgrim
2013-05-24 16:06 - 2013-05-24 16:06 - 01269804 ____A C:\Documents and Settings\Ben\Desktop\tuning fok lighthouse.wav
2013-05-23 21:41 - 2013-05-23 21:41 - 00000000 ____D C:\Documents and Settings\Ben\Local Settings\Application Data\NVIDIA
2013-05-23 21:39 - 2013-06-05 19:15 - 00002322 ____A C:\Windows\System32\nvAppTimestamps
2013-05-23 21:32 - 2013-05-23 21:32 - 00000000 ____D C:\Program Files\AGEIA Technologies
2013-05-23 21:30 - 2013-05-12 17:37 - 01024288 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispco3232018.dll
2013-05-23 21:30 - 2013-05-12 17:37 - 00893728 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispgenco3232018.dll
2013-05-23 21:30 - 2013-01-29 04:35 - 00892704 ____A (NVIDIA Corporation) C:\Windows\System32\nvhdagenco3220103.dll
2013-05-22 11:59 - 2013-05-24 18:54 - 00000000 ____D C:\Documents and Settings\Ben\Desktop\FEZ save backup 99 percent
2013-05-20 22:20 - 2013-05-20 22:20 - 00000000 ____D C:\Program Files\CodeTwo
2013-05-19 17:59 - 2013-05-19 17:59 - 00209856 ____A C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2013-05-16 23:40 - 2013-05-19 15:49 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-05-16 23:36 - 2013-05-16 23:38 - 00000000 ____D C:\Documents and Settings\Ben\Application Data\FEZ
2013-05-16 23:34 - 2013-05-16 23:34 - 00000000 ____D C:\GOG Games
2013-05-15 08:26 - 2013-05-15 08:27 - 00012647 ____A C:\Windows\KB2829530-IE8.log
2013-05-15 08:23 - 2013-05-15 08:23 - 00007882 ____A C:\Windows\KB2820197.log
2013-05-15 08:23 - 2013-05-15 08:23 - 00006819 ____A C:\Windows\KB2847204-IE8.log
2013-05-15 08:23 - 2013-05-15 08:23 - 00000000 __HDC C:\Windows\$NtUninstallKB2820197$
2013-05-15 08:20 - 2013-05-15 08:20 - 00000000 __HDC C:\Windows\$NtUninstallKB2829361$
2013-05-14 22:06 - 2013-05-15 08:20 - 00012514 ____A C:\Windows\KB2829361.log
2013-05-14 21:56 - 2013-05-14 21:56 - 00003874 ____A C:\Windows\System32\jupdate-1.7.0_21-b11.log
2013-05-14 21:56 - 2013-05-14 21:56 - 00000000 ____D C:\Program Files\Common Files\Java
2013-05-14 21:56 - 2013-04-04 05:35 - 00094112 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll
2013-05-14 21:56 - 2013-04-04 05:30 - 00174496 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-05-14 21:56 - 2013-04-04 05:29 - 00174496 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2013-05-11 18:53 - 2013-05-11 18:54 - 00000000 ____D C:\Windows\pss
2013-05-11 18:47 - 2013-05-11 18:47 - 00001690 ____A C:\Documents and Settings\Ben\My Documents\cc_20130511_184722.reg
2013-05-11 18:42 - 2013-05-11 18:42 - 00000000 ____D C:\Documents and Settings\Benjamin\Local Settings\Application Data\Mozilla
2013-05-11 18:42 - 2013-05-11 18:42 - 00000000 ____D C:\Documents and Settings\Benjamin\Application Data\Mozilla
2013-05-11 18:42 - 2013-05-11 18:42 - 00000000 ____D C:\Documents and Settings\Benjamin\Application Data\Apple Computer
2013-05-11 18:40 - 2013-05-11 18:44 - 00000178 __ASH C:\Documents and Settings\Benjamin\ntuser.ini
2013-05-11 18:40 - 2013-05-11 18:44 - 00000000 ____D C:\Documents and Settings\Benjamin\Application Data\WTablet
2013-05-11 18:40 - 2013-05-11 18:40 - 00104344 ____A C:\Documents and Settings\Benjamin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2013-05-11 18:40 - 2013-05-11 18:40 - 00000682 ____A C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
2013-05-11 18:40 - 2013-05-11 18:40 - 00000062 __ASH C:\Documents and Settings\Benjamin\Local Settings\desktop.ini
2013-05-11 18:40 - 2013-05-11 18:40 - 00000000 __SHD C:\Documents and Settings\Benjamin\IETldCache
2013-05-11 18:40 - 2013-05-11 18:40 - 00000000 ____D C:\Program Files\CCleaner
2013-05-11 18:40 - 2011-09-24 12:34 - 00000000 ____D C:\Documents and Settings\Benjamin\Application Data\Macromedia
2013-05-11 18:40 - 2011-08-29 07:19 - 00000062 __ASH C:\Documents and Settings\Benjamin\Application Data\desktop.ini
2013-05-10 14:40 - 2013-05-10 14:40 - 00000000 ____D C:\Documents and Settings\Ben\Application Data\Malwarebytes
2013-05-10 14:39 - 2013-05-10 14:39 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2013-05-10 12:56 - 2013-05-10 12:56 - 00000882 ____A C:\Windows\KB893803v2.log
2013-05-10 12:52 - 2013-05-10 12:52 - 00001880 ____A C:\Windows\bitssetup.log
2013-05-10 12:43 - 2013-05-10 12:43 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Application Data\Takechin
2013-05-10 12:43 - 2013-05-10 12:43 - 00000000 ____D C:\Documents and Settings\Ben\Local Settings\Application Data\Takechin
2013-05-10 11:09 - 2013-05-10 18:03 - 00001458 ____A C:\FixitRegBackup.reg
2013-05-10 10:56 - 2013-05-10 10:56 - 00000000 ____D C:\MATS
2013-05-10 10:55 - 2013-05-11 18:54 - 00065536 ____A C:\Windows\System32\config\WindowsPowerShell.evt
2013-05-10 10:55 - 2013-05-10 12:38 - 00000000 __HDC C:\Windows\$NtUninstallKB926139-v2$
2013-05-10 10:55 - 2013-05-10 10:55 - 00037266 ____A C:\Windows\KB926139-v2.log
2013-05-10 10:55 - 2013-05-10 10:55 - 00000000 ____D C:\Windows\System32\windowspowershell
2013-05-10 10:28 - 2013-05-10 12:39 - 00000000 ____D C:\Documents and Settings\Ben\Desktop\mbar
2013-05-10 08:50 - 2013-05-10 08:51 - 101204590 ____A C:\Documents and Settings\Ben\My Documents\backpureg_may10_2013.reg
2013-05-10 00:08 - 2013-05-10 12:43 - 00000000 RASHD C:\cmdcons
2013-05-10 00:08 - 2011-09-02 14:48 - 00000211 ____A C:\Boot.bak
2013-05-10 00:08 - 2004-08-03 23:00 - 00260272 _RASH C:\cmldr
2013-05-10 00:04 - 2011-06-26 02:45 - 00256000 ____A C:\Windows\PEV.exe
2013-05-10 00:04 - 2010-11-07 13:20 - 00208896 ____A C:\Windows\MBR.exe
2013-05-10 00:04 - 2009-04-20 00:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-05-10 00:04 - 2000-08-30 20:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-05-10 00:04 - 2000-08-30 20:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-05-10 00:04 - 2000-08-30 20:00 - 00212480 ____A (SteelWerX) C:\Windows\SWXCACLS.exe
2013-05-10 00:04 - 2000-08-30 20:00 - 00098816 ____A C:\Windows\sed.exe
2013-05-10 00:04 - 2000-08-30 20:00 - 00080412 ____A C:\Windows\grep.exe
2013-05-10 00:04 - 2000-08-30 20:00 - 00068096 ____A C:\Windows\zip.exe
2013-05-09 23:59 - 2013-06-05 13:13 - 00000000 ____D C:\Qoobox
2013-05-09 23:58 - 2013-05-10 00:26 - 00000000 ____D C:\Windows\erdnt
2013-05-09 20:41 - 2013-05-09 20:41 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-05-09 19:34 - 2013-05-10 12:43 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Adobe
2013-05-09 19:15 - 2013-05-09 19:15 - 00000000 ____D C:\WTablet
2013-05-09 17:58 - 2013-05-09 17:58 - 00000000 __SHD C:\Documents and Settings\LocalService\IETldCache
2013-05-09 17:58 - 2013-05-09 17:58 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Macromedia
2013-05-09 17:48 - 2013-05-09 17:48 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\Application Data\Sun
2013-05-09 17:47 - 2013-05-09 17:47 - 00000000 ____D C:\Documents and Settings\NetworkService\Application Data\Sun
2013-05-09 17:41 - 2013-05-09 17:41 - 00000000 ____D C:\Documents and Settings\NetworkService\Application Data\Macromedia
2013-05-09 17:41 - 2013-05-09 17:41 - 00000000 ____D C:\Documents and Settings\NetworkService\Application Data\Adobe

==================== One Month Modified Files and Folders ========

2013-06-05 19:17 - 2011-09-02 14:51 - 01857287 ____A C:\Windows\WindowsUpdate.log
2013-06-05 19:16 - 2013-06-05 19:16 - 01357013 ____A (Farbar) C:\Documents and Settings\Ben\Desktop\FRST.exe
2013-06-05 19:16 - 2013-06-05 19:16 - 00000000 ____D C:\FRST
2013-06-05 19:16 - 2011-09-04 17:36 - 00000970 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-602162358-1757981266-839522115-1003UA.job
2013-06-05 19:15 - 2013-05-23 21:39 - 00002322 ____A C:\Windows\System32\nvAppTimestamps
2013-06-05 18:41 - 2012-04-12 07:38 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-05 18:19 - 2011-09-17 18:18 - 00000000 ____D C:\Program Files\DOSBox-0.74
2013-06-05 17:50 - 2011-09-09 22:55 - 00000000 ____D C:\Games
2013-06-05 13:47 - 2013-06-05 13:47 - 00000000 ____D C:\75a728f90bef2a708a2529df8f43
2013-06-05 13:47 - 2011-09-02 14:53 - 00001965 ____A C:\Windows\epplauncher.mif
2013-06-05 13:47 - 2003-07-16 12:46 - 00002206 ____A C:\Windows\System32\wpa.dbl
2013-06-05 13:13 - 2013-06-05 13:13 - 00014138 ____A C:\ComboFix.txt
2013-06-05 13:13 - 2013-05-09 23:59 - 00000000 ____D C:\Qoobox
2013-06-05 13:13 - 2011-09-02 11:27 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-05 13:11 - 2003-07-16 12:41 - 00000227 ____A C:\Windows\system.ini
2013-06-05 12:59 - 2011-09-02 11:30 - 00032588 ____A C:\Windows\SchedLgU.Txt
2013-06-05 12:13 - 2011-09-03 16:30 - 00000000 ____D C:\Windows\Microsoft.NET
2013-06-05 11:51 - 2013-06-05 11:51 - 05077996 ____R (Swearware) C:\Documents and Settings\Ben\Desktop\ComboFix.exe
2013-06-02 19:24 - 2013-06-02 19:23 - 00000000 ____D C:\1430347b477e23e205f386e0a2
2013-06-02 19:22 - 2013-06-02 19:21 - 00000000 ____D C:\46f11212fc7ff5cf4209b245215159
2013-06-02 19:16 - 2013-06-02 19:16 - 00001052 ____A C:\Documents and Settings\Ben\Desktop\JRT.txt
2013-06-02 19:16 - 2013-04-01 21:33 - 00000000 ___RD C:\Documents and Settings\Ben\My Documents\Dropbox
2013-06-02 19:16 - 2013-04-01 21:30 - 00000000 ____D C:\Documents and Settings\Ben\Application Data\Dropbox
2013-06-02 19:15 - 2013-04-01 21:33 - 00000996 ____A C:\Documents and Settings\Ben\Desktop\Dropbox.lnk
2013-06-02 19:14 - 2013-06-02 19:14 - 00000000 ____D C:\Windows\ERUNT
2013-06-02 19:13 - 2013-06-02 19:13 - 00545954 ____A (Oleg N. Scherbakov) C:\Documents and Settings\Ben\Desktop\JRT.exe
2013-06-02 19:13 - 2013-06-02 19:13 - 00000000 ____D C:\JRT
2013-06-02 19:12 - 2013-06-02 19:12 - 00001462 ____A C:\Documents and Settings\Ben\Desktop\AdwCleaner[S1].txt
2013-06-02 19:11 - 2011-09-03 16:41 - 00000000 ____D C:\Documents and Settings\Ben\Application Data\WTablet
2013-06-02 19:11 - 2011-09-02 11:30 - 00000062 __ASH C:\Documents and Settings\Ben\Local Settings\desktop.ini
2013-06-02 19:08 - 2012-12-22 19:48 - 00000000 ____D C:\Documents and Settings\UpdatusUser\Application Data\WTablet
2013-06-02 19:08 - 2012-12-03 19:53 - 00000062 __ASH C:\Documents and Settings\UpdatusUser\Local Settings\desktop.ini
2013-06-02 19:08 - 2011-09-02 11:30 - 00000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini
2013-06-02 19:08 - 2011-09-02 11:30 - 00000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini
2013-06-02 19:08 - 2011-08-29 07:20 - 00000159 ____A C:\Windows\wiadebug.log
2013-06-02 19:08 - 2011-08-29 07:20 - 00000048 ____A C:\Windows\wiaservc.log
2013-06-02 19:06 - 2013-06-02 19:05 - 00001462 ____A C:\AdwCleaner[S1].txt
2013-06-02 19:06 - 2012-05-11 10:41 - 02473546 ____A C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-602162358-1757981266-839522115-1003-0.dat
2013-06-02 19:06 - 2012-05-11 10:41 - 00501786 ____A C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2013-06-02 19:06 - 2011-09-02 11:30 - 00000178 ___SH C:\Documents and Settings\Ben\ntuser.ini
2013-06-02 19:04 - 2013-06-02 19:04 - 00632031 ____A C:\Documents and Settings\Ben\Desktop\AdwCleaner.exe
2013-06-02 15:48 - 2013-06-02 15:47 - 00022471 ____A C:\Documents and Settings\Ben\Desktop\attach.txt
2013-06-02 15:48 - 2013-06-02 15:47 - 00011245 ____A C:\Documents and Settings\Ben\Desktop\dds.txt
2013-06-02 15:45 - 2013-06-02 15:45 - 00688992 ____R (Swearware) C:\Documents and Settings\Ben\Desktop\dds.com
2013-06-01 11:16 - 2011-09-04 17:36 - 00000918 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-602162358-1757981266-839522115-1003Core.job
2013-05-27 11:51 - 2012-04-02 22:11 - 00000000 ____D C:\Documents and Settings\Ben\Application Data\vlc
2013-05-25 21:02 - 2011-09-03 16:31 - 00000000 ____D C:\Documents and Settings\Ben\Local Settings\Application Data\Paint.NET
2013-05-25 00:42 - 2013-05-25 00:42 - 00000000 ____D C:\Documents and Settings\Ben\Application Data\StarseedPilgrim
2013-05-24 18:54 - 2013-05-22 11:59 - 00000000 ____D C:\Documents and Settings\Ben\Desktop\FEZ save backup 99 percent
2013-05-24 16:06 - 2013-05-24 16:06 - 01269804 ____A C:\Documents and Settings\Ben\Desktop\tuning fok lighthouse.wav
2013-05-24 16:06 - 2011-09-04 17:45 - 00000000 ____D C:\Documents and Settings\Ben\Application Data\Audacity
2013-05-23 21:41 - 2013-05-23 21:41 - 00000000 ____D C:\Documents and Settings\Ben\Local Settings\Application Data\NVIDIA
2013-05-23 21:39 - 2011-09-02 15:50 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
2013-05-23 21:33 - 2011-09-02 15:49 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-05-23 21:32 - 2013-05-23 21:32 - 00000000 ____D C:\Program Files\AGEIA Technologies
2013-05-23 21:32 - 2012-10-12 17:16 - 00259077 ____A C:\Windows\setupapi.log
2013-05-23 21:31 - 2012-12-03 19:53 - 00000178 ___SH C:\Documents and Settings\UpdatusUser\ntuser.ini
2013-05-23 21:30 - 2012-09-05 12:34 - 01091720 ____A C:\Windows\System32\nvdrsdb1.bin
2013-05-23 21:30 - 2012-09-05 12:34 - 01091720 ____A C:\Windows\System32\nvdrsdb0.bin
2013-05-23 21:30 - 2012-09-05 12:34 - 00000001 ____A C:\Windows\System32\nvdrssel.bin
2013-05-23 10:17 - 2011-09-04 17:37 - 00002268 ____A C:\Documents and Settings\Ben\Desktop\Google Chrome.lnk
2013-05-20 22:20 - 2013-05-20 22:20 - 00000000 ____D C:\Program Files\CodeTwo
2013-05-20 08:00 - 2011-09-02 15:15 - 00001984 ____A C:\Windows\System32\d3d9caps.dat
2013-05-19 18:00 - 2012-04-24 22:57 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-05-19 17:59 - 2013-05-19 17:59 - 00209856 ____A C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2013-05-19 17:59 - 2013-03-31 16:47 - 00000000 ____D C:\Documents and Settings\Ben\Application Data\Spotify
2013-05-19 15:51 - 2013-03-31 16:47 - 00000000 ____D C:\Documents and Settings\Ben\Local Settings\Application Data\Spotify
2013-05-19 15:49 - 2013-05-16 23:40 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-05-19 15:49 - 2012-08-11 20:32 - 00000000 ____D C:\Documents and Settings\Ben\Local Settings\Application Data\GOG.com
2013-05-16 23:38 - 2013-05-16 23:36 - 00000000 ____D C:\Documents and Settings\Ben\Application Data\FEZ
2013-05-16 23:36 - 2011-09-02 11:26 - 00000000 ____D C:\Windows\System32\DirectX
2013-05-16 23:34 - 2013-05-16 23:34 - 00000000 ____D C:\GOG Games
2013-05-16 23:28 - 2012-04-16 20:36 - 00000000 ____D C:\Program Files\GOG.com
2013-05-16 12:54 - 2011-09-04 15:41 - 00000090 ____A C:\Documents and Settings\Ben\mm.cfg
2013-05-15 08:43 - 2011-08-29 07:19 - 00393568 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-15 08:27 - 2013-05-15 08:26 - 00012647 ____A C:\Windows\KB2829530-IE8.log
2013-05-15 08:27 - 2011-09-02 15:05 - 00177842 ____A C:\Windows\updspapi.log
2013-05-15 08:27 - 2011-08-29 07:19 - 01413156 ____A C:\Windows\iis6.log
2013-05-15 08:27 - 2011-08-29 07:19 - 01272085 ____A C:\Windows\FaxSetup.log
2013-05-15 08:27 - 2011-08-29 07:19 - 00629688 ____A C:\Windows\ocgen.log
2013-05-15 08:27 - 2011-08-29 07:19 - 00589062 ____A C:\Windows\tsoc.log
2013-05-15 08:27 - 2011-08-29 07:19 - 00435453 ____A C:\Windows\comsetup.log
2013-05-15 08:27 - 2011-08-29 07:19 - 00395076 ____A C:\Windows\msmqinst.log
2013-05-15 08:27 - 2011-08-29 07:19 - 00263240 ____A C:\Windows\ntdtcsetup.log
2013-05-15 08:27 - 2011-08-29 07:19 - 00223900 ____A C:\Windows\netfxocm.log
2013-05-15 08:27 - 2011-08-29 07:19 - 00089941 ____A C:\Windows\MedCtrOC.log
2013-05-15 08:27 - 2011-08-29 07:19 - 00070980 ____A C:\Windows\ocmsn.log
2013-05-15 08:27 - 2011-08-29 07:19 - 00065113 ____A C:\Windows\tabletoc.log
2013-05-15 08:27 - 2011-08-29 07:19 - 00064179 ____A C:\Windows\msgsocm.log
2013-05-15 08:27 - 2011-08-29 07:19 - 00001374 ____A C:\Windows\imsins.log
2013-05-15 08:24 - 2011-08-29 07:19 - 00592050 ____A C:\Windows\System32\PerfStringBackup.INI
2013-05-15 08:23 - 2013-05-15 08:23 - 00007882 ____A C:\Windows\KB2820197.log
2013-05-15 08:23 - 2013-05-15 08:23 - 00006819 ____A C:\Windows\KB2847204-IE8.log
2013-05-15 08:23 - 2013-05-15 08:23 - 00000000 __HDC C:\Windows\$NtUninstallKB2820197$
2013-05-15 08:23 - 2011-09-03 23:38 - 00000000 ___HD C:\Windows\$hf_mig$
2013-05-15 08:23 - 2011-08-29 07:19 - 00001374 ____A C:\Windows\imsins.BAK
2013-05-15 08:21 - 2011-09-04 07:16 - 72607752 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-05-15 08:20 - 2013-05-15 08:20 - 00000000 __HDC C:\Windows\$NtUninstallKB2829361$
2013-05-15 08:20 - 2013-05-14 22:06 - 00012514 ____A C:\Windows\KB2829361.log
2013-05-14 23:41 - 2012-04-12 07:37 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-05-14 23:41 - 2012-01-27 10:36 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-05-14 21:56 - 2013-05-14 21:56 - 00003874 ____A C:\Windows\System32\jupdate-1.7.0_21-b11.log
2013-05-14 21:56 - 2013-05-14 21:56 - 00000000 ____D C:\Program Files\Common Files\Java
2013-05-14 21:56 - 2011-09-02 16:03 - 00000000 ____D C:\Program Files\Java
2013-05-12 17:37 - 2013-05-23 21:30 - 01024288 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispco3232018.dll
2013-05-12 17:37 - 2013-05-23 21:30 - 00893728 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispgenco3232018.dll
2013-05-12 17:37 - 2012-12-03 19:51 - 06320128 ____A (NVIDIA Corporation) C:\Windows\System32\nvopencl.dll
2013-05-12 17:37 - 2012-02-09 23:40 - 00017363 ____A C:\Windows\System32\nvinfo.pb
2013-05-12 17:37 - 2011-09-02 15:49 - 02288168 ____A C:\Windows\System32\nvdata.data
2013-05-12 17:37 - 2011-09-02 14:48 - 10967200 ___AC (NVIDIA Corporation) C:\Windows\System32\dllcache\nv4_mini.sys
2013-05-12 17:37 - 2011-09-02 14:48 - 10967200 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nv4_mini.sys
2013-05-12 17:37 - 2011-09-02 14:48 - 04013568 ____A (NVIDIA Corporation) C:\Windows\System32\nv4_disp.dll
2013-05-12 17:37 - 2010-07-29 20:47 - 17551360 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
2013-05-12 17:37 - 2010-07-29 20:47 - 07659520 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2013-05-12 17:37 - 2010-07-29 20:47 - 02759456 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2013-05-12 17:37 - 2010-07-29 20:47 - 02002720 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
2013-05-12 17:37 - 2007-12-05 01:41 - 20197376 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglnt.dll
2013-05-12 17:37 - 2007-12-05 01:41 - 02547712 ____A (NVIDIA Corporation) C:\Windows\System32\nvapi.dll
2013-05-12 16:16 - 2007-12-05 01:41 - 15677728 ____A (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll
2013-05-12 16:16 - 2007-12-05 01:41 - 00223008 ____A (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll
2013-05-12 16:16 - 2007-12-05 01:41 - 00156960 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvc32.exe
2013-05-12 16:16 - 2007-12-05 01:41 - 00144160 ____A (NVIDIA Corporation) C:\Windows\System32\nvcolor.exe
2013-05-12 16:16 - 2007-12-05 01:41 - 00054272 ____A (NVIDIA Corporation) C:\Windows\System32\nvwddi.dll
2013-05-11 20:59 - 2012-01-28 00:00 - 00000316 ____A C:\Documents and Settings\Ben\Desktop\Ogmo Editor.appref-ms
2013-05-11 20:59 - 2012-01-28 00:00 - 00000000 ____D C:\Documents and Settings\Ben\Local Settings\Application Data\Deployment
2013-05-11 20:49 - 2011-09-02 14:51 - 00104344 ____A C:\Documents and Settings\Ben\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2013-05-11 20:46 - 2011-08-29 07:18 - 00000327 _RASH C:\boot.ini
2013-05-11 20:46 - 2003-07-16 12:45 - 00000524 ____A C:\Windows\win.ini
2013-05-11 18:54 - 2013-05-11 18:53 - 00000000 ____D C:\Windows\pss
2013-05-11 18:54 - 2013-05-10 10:55 - 00065536 ____A C:\Windows\System32\config\WindowsPowerShell.evt
2013-05-11 18:47 - 2013-05-11 18:47 - 00001690 ____A C:\Documents and Settings\Ben\My Documents\cc_20130511_184722.reg
2013-05-11 18:44 - 2013-05-11 18:40 - 00000178 __ASH C:\Documents and Settings\Benjamin\ntuser.ini
2013-05-11 18:44 - 2013-05-11 18:40 - 00000000 ____D C:\Documents and Settings\Benjamin\Application Data\WTablet
2013-05-11 18:42 - 2013-05-11 18:42 - 00000000 ____D C:\Documents and Settings\Benjamin\Local Settings\Application Data\Mozilla
2013-05-11 18:42 - 2013-05-11 18:42 - 00000000 ____D C:\Documents and Settings\Benjamin\Application Data\Mozilla
2013-05-11 18:42 - 2013-05-11 18:42 - 00000000 ____D C:\Documents and Settings\Benjamin\Application Data\Apple Computer
2013-05-11 18:41 - 2011-09-02 14:48 - 00020627 ____A C:\Windows\wmsetup.log
2013-05-11 18:40 - 2013-05-11 18:40 - 00104344 ____A C:\Documents and Settings\Benjamin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2013-05-11 18:40 - 2013-05-11 18:40 - 00000682 ____A C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
2013-05-11 18:40 - 2013-05-11 18:40 - 00000062 __ASH C:\Documents and Settings\Benjamin\Local Settings\desktop.ini
2013-05-11 18:40 - 2013-05-11 18:40 - 00000000 __SHD C:\Documents and Settings\Benjamin\IETldCache
2013-05-11 18:40 - 2013-05-11 18:40 - 00000000 ____D C:\Program Files\CCleaner
2013-05-10 18:29 - 2011-09-02 15:14 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-05-10 18:03 - 2013-05-10 11:09 - 00001458 ____A C:\FixitRegBackup.reg
2013-05-10 14:40 - 2013-05-10 14:40 - 00000000 ____D C:\Documents and Settings\Ben\Application Data\Malwarebytes
2013-05-10 14:39 - 2013-05-10 14:39 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2013-05-10 12:56 - 2013-05-10 12:56 - 00000882 ____A C:\Windows\KB893803v2.log
2013-05-10 12:52 - 2013-05-10 12:52 - 00001880 ____A C:\Windows\bitssetup.log
2013-05-10 12:43 - 2013-05-10 12:43 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Application Data\Takechin
2013-05-10 12:43 - 2013-05-10 12:43 - 00000000 ____D C:\Documents and Settings\Ben\Local Settings\Application Data\Takechin
2013-05-10 12:43 - 2013-05-10 00:08 - 00000000 RASHD C:\cmdcons
2013-05-10 12:43 - 2013-05-09 19:34 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Adobe
2013-05-10 12:39 - 2013-05-10 10:28 - 00000000 ____D C:\Documents and Settings\Ben\Desktop\mbar
2013-05-10 12:38 - 2013-05-10 10:55 - 00000000 __HDC C:\Windows\$NtUninstallKB926139-v2$
2013-05-10 11:40 - 2011-09-04 07:01 - 00000000 __SHD C:\Windows\CSC
2013-05-10 11:13 - 2011-08-29 07:16 - 00000000 ____D C:\Windows\security
2013-05-10 11:04 - 2011-09-02 14:51 - 00109866 ____A C:\Windows\spupdsvc.log
2013-05-10 10:56 - 2013-05-10 10:56 - 00000000 ____D C:\MATS
2013-05-10 10:55 - 2013-05-10 10:55 - 00037266 ____A C:\Windows\KB926139-v2.log
2013-05-10 10:55 - 2013-05-10 10:55 - 00000000 ____D C:\Windows\System32\windowspowershell
2013-05-10 08:51 - 2013-05-10 08:50 - 101204590 ____A C:\Documents and Settings\Ben\My Documents\backpureg_may10_2013.reg
2013-05-10 00:26 - 2013-05-09 23:58 - 00000000 ____D C:\Windows\erdnt
2013-05-09 20:41 - 2013-05-09 20:41 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-05-09 19:15 - 2013-05-09 19:15 - 00000000 ____D C:\WTablet
2013-05-09 19:13 - 2011-09-02 11:25 - 00000000 ____D C:\Windows\Registration
2013-05-09 17:58 - 2013-05-09 17:58 - 00000000 __SHD C:\Documents and Settings\LocalService\IETldCache
2013-05-09 17:58 - 2013-05-09 17:58 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Macromedia
2013-05-09 17:48 - 2013-05-09 17:48 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\Application Data\Sun
2013-05-09 17:47 - 2013-05-09 17:47 - 00000000 ____D C:\Documents and Settings\NetworkService\Application Data\Sun
2013-05-09 17:41 - 2013-05-09 17:41 - 00000000 ____D C:\Documents and Settings\NetworkService\Application Data\Macromedia
2013-05-09 17:41 - 2013-05-09 17:41 - 00000000 ____D C:\Documents and Settings\NetworkService\Application Data\Adobe
2013-05-07 00:27 - 2011-06-27 10:43 - 06015488 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\mshtml.dll
2013-05-07 00:27 - 2003-07-16 12:30 - 06015488 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Microsoft Security Client\Antimalware => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Microsoft Security Client

==================== End Of Log ============================

 

Attached Files



#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:35 PM

Posted 05 June 2013 - 09:11 PM


Hello smind44



I need you to download this script I have made for you --> Attached File  fixlist.txt   185bytes   5 downloads

It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

Run FRST again but this time press the Fix button just once and wait.


When finished, it will make a log (fixlog.txt) next to FRST. Please copy and paste the content of this file to your reply.


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 smind44

smind44
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:35 PM

Posted 06 June 2013 - 03:46 PM

I had FRST run the script.  Here's the log it created:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 05-06-2013 01
Ran by Ben at 2013-06-06 16:41:03 Run:1
Running from C:\Documents and Settings\Ben\Desktop
Boot Mode: Normal

==============================================

"C:\Program Files\Windows Defender" => Not Found
"C:\Program Files\Microsoft Security Client" => Deleting reparse point and unlocking started.
"C:\Program Files\Microsoft Security Client\Antimalware" => Deleting reparse point and unlocking completed.
"C:\Program Files\Microsoft Security Client\Backup" => Deleting reparse point and unlocking completed.
"C:\Program Files\Microsoft Security Client\Drivers" => Deleting reparse point and unlocking completed.
"C:\Program Files\Microsoft Security Client\en-us" => Deleting reparse point and unlocking completed.
"C:\Program Files\Microsoft Security Client" => Deleting reparse point and unlocking completed.

=========  Dir /b /a:l "C:\Program Files" /s =========

File Not Found

========= End of CMD: =========


==== End of Fixlog ====

 

 

I checked and the Microsoft Security Client folders are no longer locked :) 

 

Should I try installing MSE now, or do I need to remove those files first?



#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:35 PM

Posted 06 June 2013 - 11:13 PM

Hello


Delete this folder - C:\Program Files\Microsoft Security Client


and try to reinstall MSE
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 smind44

smind44
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:35 PM

Posted 07 June 2013 - 08:44 AM

I deleted that folder without any problem.

 

When I tried to install MSE, I got the same error message ("installation could not be completed")  with this error code: 0x80070645



#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:35 PM

Posted 08 June 2013 - 04:25 PM


Hello smind44

I would like you to download an updated version of combofix.

update combofix
  • Delete the version of combofix you have now on your desktop and download a new one from here**Note: It is important that it is saved directly to your desktop**

    1. Close any open browsers.
    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    Double click on combofix.exe & follow the prompts.
    When finished, it will produce a report for you.

    Note:Do not mouseclick combofix's window while it's running. That may cause it to stall

    Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 smind44

smind44
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:35 PM

Posted 08 June 2013 - 05:23 PM

I ran the new version of ComboFix you linked.  It still reported MSE as active, but I let Combofix continue anyway.  Here's the log:

 

ComboFix 13-06-08.02 - Ben 06/08/2013  18:06:16.4.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2046.1298 [GMT -4:00]
Running from: c:\documents and settings\Ben\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
(((((((((((((((((((((((((   Files Created from 2013-05-08 to 2013-06-08  )))))))))))))))))))))))))))))))
.
.
2013-06-05 23:16 . 2013-06-06 20:41    --------    d-----w-    C:\FRST
2013-06-02 23:14 . 2013-06-02 23:14    --------    d-----w-    c:\windows\ERUNT
2013-06-02 23:13 . 2013-06-02 23:13    --------    d-----w-    C:\JRT
2013-05-25 04:42 . 2013-05-25 04:42    --------    d-----w-    c:\documents and settings\Ben\Application Data\StarseedPilgrim
2013-05-24 01:41 . 2013-05-24 01:41    --------    d-----w-    c:\documents and settings\Ben\Local Settings\Application Data\NVIDIA
2013-05-24 01:32 . 2013-05-24 01:32    --------    d-----w-    c:\program files\AGEIA Technologies
2013-05-24 01:30 . 2013-01-29 08:35    892704    ----a-w-    c:\windows\system32\nvhdagenco3220103.dll
2013-05-24 01:30 . 2013-05-12 21:37    893728    ----a-w-    c:\windows\system32\nvdispgenco3232018.dll
2013-05-24 01:30 . 2013-05-12 21:37    1024288    ----a-w-    c:\windows\system32\nvdispco3232018.dll
2013-05-21 02:20 . 2013-05-21 02:20    --------    d-----w-    c:\program files\CodeTwo
2013-05-17 03:36 . 2013-05-17 03:38    --------    d-----w-    c:\documents and settings\Ben\Application Data\FEZ
2013-05-17 03:34 . 2013-05-17 03:34    --------    d-----w-    C:\GOG Games
2013-05-15 01:56 . 2013-05-15 01:56    --------    d-----w-    c:\program files\Common Files\Java
2013-05-15 01:56 . 2013-04-04 09:35    94112    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2013-05-11 22:40 . 2013-05-11 22:40    --------    d-----w-    c:\documents and settings\Benjamin
2013-05-11 22:40 . 2013-05-11 22:40    --------    d-----w-    c:\program files\CCleaner
2013-05-10 18:40 . 2013-05-10 18:40    --------    d-----w-    c:\documents and settings\Ben\Application Data\Malwarebytes
2013-05-10 18:39 . 2013-05-10 18:39    --------    d-----w-    c:\documents and settings\All Users\Application Data\Malwarebytes
2013-05-10 16:43 . 2013-05-10 16:53    --------    d-----w-    c:\documents and settings\Ben\Application Data\ElevatedDiagnostics
2013-05-10 16:43 . 2013-05-10 16:43    --------    d-----w-    c:\documents and settings\LocalService\Local Settings\Application Data\Takechin
2013-05-10 16:43 . 2013-05-10 16:43    --------    d-----w-    c:\documents and settings\Ben\Local Settings\Application Data\Takechin
2013-05-10 15:09 . 2013-05-10 22:03    1458    ----a-w-    C:\FixitRegBackup.reg
2013-05-10 14:56 . 2013-05-10 14:56    --------    d-----w-    C:\MATS
2013-05-10 00:41 . 2013-05-10 00:41    --------    d-----w-    C:\TDSSKiller_Quarantine
2013-05-09 23:15 . 2013-05-09 23:15    --------    d-----w-    C:\WTablet
2013-05-09 23:13 . 2013-05-10 13:09    --------    d-----w-    c:\windows\system32\wbem\Repository
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-15 03:41 . 2012-04-12 11:37    692104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-05-15 03:41 . 2012-01-27 14:36    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-12 21:37 . 2012-12-03 23:51    6320128    ----a-w-    c:\windows\system32\nvopencl.dll
2013-05-12 21:37 . 2011-09-02 18:48    10967200    ----a-w-    c:\windows\system32\drivers\nv4_mini.sys
2013-05-12 21:37 . 2011-09-02 18:48    4013568    ----a-w-    c:\windows\system32\nv4_disp.dll
2013-05-12 21:37 . 2010-07-30 00:47    7659520    ----a-w-    c:\windows\system32\nvcuda.dll
2013-05-12 21:37 . 2010-07-30 00:47    2759456    ----a-w-    c:\windows\system32\nvcuvid.dll
2013-05-12 21:37 . 2010-07-30 00:47    2002720    ----a-w-    c:\windows\system32\nvcuvenc.dll
2013-05-12 21:37 . 2010-07-30 00:47    17551360    ----a-w-    c:\windows\system32\nvcompiler.dll
2013-05-12 21:37 . 2007-12-05 05:41    2547712    ----a-w-    c:\windows\system32\nvapi.dll
2013-05-12 21:37 . 2007-12-05 05:41    20197376    ----a-w-    c:\windows\system32\nvoglnt.dll
2013-05-12 20:16 . 2007-12-05 05:41    54272    ----a-w-    c:\windows\system32\nvwddi.dll
2013-05-12 20:16 . 2007-12-05 05:41    156960    ----a-w-    c:\windows\system32\nvsvc32.exe
2013-05-12 20:16 . 2007-12-05 05:41    223008    ----a-w-    c:\windows\system32\nvmctray.dll
2013-05-12 20:16 . 2007-12-05 05:41    15677728    ----a-w-    c:\windows\system32\nvcpl.dll
2013-05-12 20:16 . 2007-12-05 05:41    144160    ----a-w-    c:\windows\system32\nvcolor.exe
2013-05-02 15:28 . 2011-09-02 19:16    238872    ------w-    c:\windows\system32\MpSigStub.exe
2013-04-16 22:17 . 2003-07-16 16:45    920064    ----a-w-    c:\windows\system32\wininet.dll
2013-04-16 22:17 . 2003-07-16 16:26    43520    ------w-    c:\windows\system32\licmgr10.dll
2013-04-16 22:17 . 2003-07-16 16:24    1469440    ------w-    c:\windows\system32\inetcpl.cpl
2013-04-12 23:28 . 2011-09-02 18:48    385024    ------w-    c:\windows\system32\html.iec
2013-04-10 01:31 . 2003-07-16 16:45    1876352    ----a-w-    c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12    130736    ----a-w-    c:\documents and settings\Ben\Application Data\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12    130736    ----a-w-    c:\documents and settings\Ben\Application Data\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12    130736    ----a-w-    c:\documents and settings\Ben\Application Data\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12    130736    ----a-w-    c:\documents and settings\Ben\Application Data\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="c:\documents and settings\Ben\Application Data\Spotify\Data\SpotifyWebHelper.exe" [2013-05-12 1105408]
"F.lux"="c:\documents and settings\Ben\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-01-09 16859648]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2013-05-12 15677728]
"NvMediaCenter"="NvMCTray.dll" [2013-05-12 223008]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2013-05-12 2562848]
"Nvtmru"="c:\program files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-05-16 1012000]
.
c:\documents and settings\Ben\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Dropbox.lnk - c:\documents and settings\Ben\Application Data\Dropbox\bin\Dropbox.exe [2013-5-24 27776968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MBAMService"=2 (0x2)
"MBAMScheduler"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\The Understory\\Understory.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Unity\\Editor\\Unity.exe"=
"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=
"c:\\Games\\You Have to Win the Game\\TheGame.exe"=
"c:\\Program Files\\FlashDevelop\\FlashDevelop.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\Ben\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Documents and Settings\\Ben\\Application Data\\Spotify\\spotify.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\Shadow Warrior Original\\bin\\DOSBox.exe"=
.
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [9/3/2011 4:40 PM 3032360]
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [3/9/2012 7:52 PM 547744]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [9/3/2011 4:40 PM 15144]
S3 cmudaxp;ASUS Xonar DG Audio Interface;c:\windows\system32\drivers\cmudaxp.sys --> c:\windows\system32\drivers\cmudaxp.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 03:41]
.
2013-01-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2013-06-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-602162358-1757981266-839522115-1003Core.job
- c:\documents and settings\Ben\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-09-04 21:36]
.
2013-06-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-602162358-1757981266-839522115-1003UA.job
- c:\documents and settings\Ben\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-09-04 21:36]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\Ben\Application Data\Mozilla\Firefox\Profiles\70rwjnzk.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
FF - ExtSQL: 2013-05-07 11:44; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\documents and settings\Ben\Application Data\Mozilla\Firefox\Profiles\70rwjnzk.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
.
- - - - ORPHANS REMOVED - - - -
.
HKU-Default-Run-DWQueuedReporting - c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-06-08 18:16
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•A~*]
"AB141C35E9F4BF344B9FC010BB17F68A"="02:\\Software\\Adobe\\FeatureSubscriptions\\DVAAdobeDocMeta\\{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}\\Registered"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1560)
c:\windows\system32\WININET.dll
c:\documents and settings\Ben\Application Data\Dropbox\bin\DropboxExt.19.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2013-06-08  18:18:09
ComboFix-quarantined-files.txt  2013-06-08 22:17
ComboFix2.txt  2013-06-05 17:13
ComboFix3.txt  2013-05-10 16:03
ComboFix4.txt  2013-05-10 04:27
.
Pre-Run: 162,063,437,824 bytes free
Post-Run: 162,059,292,672 bytes free
.
- - End Of File - - 3F4A6F0EAF22EFE7910439C2EE098971
8F558EB6672622401DA993E1E865C861
 

 

 

I restarted the computer and tried installing MSE again, and got the same error.  Is there any useful information in the Combofix log?


Edited by smind44, 08 June 2013 - 05:35 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users