Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

internet security infection; cannot install MSE or ZA


  • Please log in to reply
135 replies to this topic

#1 CheeseyFace

CheeseyFace

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:40 AM

Posted 02 June 2013 - 04:59 PM

I have this same exact problem and it happened about 5/14/13.

My system is XP Pro sp3.

Has there been any resolution here?

 

I also used MalWareBytes which found one or two bad files like 1416.exe.

I installed WRSA which did nothing useful but hang up my system,

locking FF and explorer which required a process kill,  and cause BSOD with WRKRN.SYS

I found more with the file search tool Where'sMyStuff at Smoothduck.com :

142.exe, 142F.exe, 142C.exe., 1412.exe

This can search by type and date and I found several files that way.

Very useful since it found files AV products did not.

Still did not fix problem.

MB anti-rootkit found and deleted the following:

 

Registry Keys Detected: 3
HKLM\SOFTWARE\CLASSES\INTERFACE\{1B97A696-5576-43AC-A73B-E1D2C78F21E8} (Adware.Agent) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\TypeLib\{3BF3DED5-0FC8-4207-AC09-AA7B5AF4E408} (Adware.Agent) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{75BF416E-4326-45B5-8A2D-AE32D05B930B} (Adware.Agent) -> Delete on reboot.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 6
c:\RECYCLER\S-1-5-18\$2993e587efb8f741a1386f615586c17a\U (Trojan.Siredef.C) -> Delete on reboot.
c:\RECYCLER\S-1-5-21-2025429265-1897051121-725345543-1003\$2993e587efb8f741a1386f615586c17a\U (Trojan.Siredef.C) -> Delete on reboot.
c:\RECYCLER\S-1-5-18\$2993e587efb8f741a1386f615586c17a\L (Trojan.Siredef.C) -> Delete on reboot.
c:\RECYCLER\S-1-5-21-2025429265-1897051121-725345543-1003\$2993e587efb8f741a1386f615586c17a\L (Trojan.Siredef.C) -> Delete on reboot.
c:\RECYCLER\S-1-5-18\$2993e587efb8f741a1386f615586c17a (Trojan.Siredef.C) -> Delete on reboot.
c:\RECYCLER\S-1-5-21-2025429265-1897051121-725345543-1003\$2993e587efb8f741a1386f615586c17a (Trojan.Siredef.C) -> Delete on reboot.

Files Detected: 6
c:\RECYCLER\S-1-5-18\$2993e587efb8f741a1386f615586c17a\@ (Trojan.Siredef.C) -> Delete on reboot.
c:\RECYCLER\S-1-5-21-2025429265-1897051121-725345543-1003\$2993e587efb8f741a1386f615586c17a\@ (Trojan.Siredef.C) -> Delete on reboot.
c:\RECYCLER\S-1-5-18\$2993e587efb8f741a1386f615586c17a\L\00000004.@ (Trojan.Siredef.C) -> Delete on reboot.
c:\RECYCLER\S-1-5-18\$2993e587efb8f741a1386f615586c17a\L\201d3dde (Trojan.Siredef.C) -> Delete on reboot.
c:\RECYCLER\S-1-5-18\$2993e587efb8f741a1386f615586c17a\L\6715e287 (Trojan.Siredef.C) -> Delete on reboot.
c:\RECYCLER\S-1-5-18\$2993e587efb8f741a1386f615586c17a\L\76603ac3 (Trojan.Siredef.C) -> Delete on reboot.

 

 

Cannot install MSE and cannot remove Microsoft Security Client folder in Program Files due to "not empty".

There are 3 folders in there: drivers, backup and en-us. These cannot be removed and get error "this folder not empty";

cannot view, get error:"the file cannot be accessed by the system."

Copied these 3 folders to a FAT32 USB stick and could view folders, which were empty. Used disk props to discover

that these 3 folders occupy ~ 100k of storage.

Found out these were junction folders; used junction tool from sys internals to view contents/delete but no go.

Thought re-install problem for MSE may be due to residual folders described here.

Also cannot install ZA, 2006 version 6.5.700.0.

 

Any help would be much appreciated as I have suspended all  work on this box and it is my main one.

 

#################################################################################

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86 NETWORK
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.17.2
Run by Administrator at 14:49:24 on 2013-06-02
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3491.2426 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ================
.
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Smoothduck\WheresMyStuff\Wms.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: {8DED283A-12D8-4E96-B973-94F0FB28A539} - <orphaned>
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0357.1\npwinext.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [RemoteControl10] "c:\program files\cyberlink\powerdvd10\PDVD10Serv.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [ToolboxFX] "c:\program files\hp\toolboxfx\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [MSN Toolbar] "c:\program files\msn toolbar\platform\4.0.0357.1\mswinext.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [RUSB3MON] "c:\program files\renesas electronics\usb 3.0 host controller driver\application\rusb3mon.exe"
mRun: [DNS7reminder] "c:\program files\nuance\naturallyspeaking11\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\nuance\naturallyspeaking11\Ereg.ini
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 10.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 10.0\acrobat\Acrotray.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [TimeServer] "c:\documents and settings\michael\application data\hewlett-packard company\WIN1416.exe"
mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "c:\documents and settings\all users\application data\malwarebytes\malwarebytes' anti-malware\cleanup.dll",ProcessCleanupScript
mRunOnce: [A0] cmd /c "c:\documents and settings\michael\my documents\malwarebytes\mbar-1.06.0.1003\mbar\mbar.exe" /r /s
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoViewOnDrive = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: DisableLocalMachineRun = dword:0
mPolicies-Explorer: DisableLocalMachineRunOnce = dword:0
mPolicies-Explorer: DisableCurrentUserRun = dword:0
mPolicies-Explorer: DisableCurrentUserRunOnce = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:0
mPolicies-Explorer: NoFile = dword:0
mPolicies-Explorer: HideClock = dword:0
mPolicies-Explorer: NoDevMgrUpdate = dword:0
mPolicies-Explorer: NoDFSTab = dword:0
mPolicies-Explorer: NoWindowsUpdate = dword:0
mPolicies-Explorer: NoEncryptOnMove = dword:0
mPolicies-Explorer: NoRunasInstallPrompt = dword:0
mPolicies-Explorer: NoResolveTrack = dword:0
mPolicies-Explorer: NoStartMenuSubFolders = dword:0
mPolicies-System: NoDispAppearancePage = dword:0
mPolicies-System: NoDispSettingsPage = dword:0
mPolicies-Explorer: NoViewOnDrive = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: DisableLocalMachineRun = dword:0
mPolicies-Explorer: DisableLocalMachineRunOnce = dword:0
mPolicies-Explorer: DisableCurrentUserRun = dword:0
mPolicies-Explorer: DisableCurrentUserRunOnce = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:0
mPolicies-Explorer: NoFile = dword:0
mPolicies-Explorer: HideClock = dword:0
mPolicies-Explorer: NoDevMgrUpdate = dword:0
mPolicies-Explorer: NoDFSTab = dword:0
mPolicies-Explorer: NoWindowsUpdate = dword:0
mPolicies-Explorer: NoEncryptOnMove = dword:0
mPolicies-Explorer: NoRunasInstallPrompt = dword:0
mPolicies-Explorer: NoResolveTrack = dword:0
mPolicies-Explorer: NoStartMenuSubFolders = dword:0
mPolicies-System: NoDispAppearancePage = dword:0
mPolicies-System: NoDispSettingsPage = dword:0
IE: &ieSpell Options - c:\program files\iespell\ieSpell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\iespell\ieSpell.dll/SPELLCHECK.HTM
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1357580734281
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1357799535921
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{CB8ECAEE-E821-45C1-8451-84C4F7B1CEFA} : DHCPNameServer = 192.168.0.1
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: g7ps - {9EACF0FB-4FC7-436E-989B-3197142AD979} - c:\program files\common files\g7ps\shared files\g7psdll\G7PS.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath -
.
============= SERVICES / DRIVERS ===============
.
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2013-6-1 35144]
R3 MEI;Intel® Management Engine Interface ;c:\windows\system32\drivers\HECI.sys [2013-1-5 55104]
R3 rusb3hub;Renesas Electronics USB 3.0 Hub Driver (Version 3.0);c:\windows\system32\drivers\rusb3hub.sys [2013-1-17 79616]
R3 rusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver (Version 3.0);c:\windows\system32\drivers\rusb3xhc.sys [2013-1-17 171264]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 DragonSvc;Dragon Service;c:\program files\common files\nuance\dgnsvc.exe [2013-1-23 296808]
S2 HP LaserJet Service;HP LaserJet Service;c:\program files\hp\hplaserjetservice\HPLaserJetService.exe [2010-10-25 145920]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\intel\icls client\HeciServer.exe [2012-4-20 462048]
S2 Intel® ME Service;Intel® ME Service;c:\program files\intel\intel® management engine components\fwservice\IntelMeFWService.exe [2013-1-5 128896]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IPROSetMonitor.exe [2012-9-6 112968]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files\intel\intel® management engine components\dal\Jhi_service.exe [2013-1-5 165760]
S2 MotoHelper;MotoHelper Service;c:\program files\motorola\motohelper\MotoHelperService.exe [2011-12-6 214896]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-1-8 161536]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\intel\intel® management engine components\uns\UNS.exe [2013-1-5 364416]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2013-1-5 1691480]
S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [2013-4-27 6016]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2013-4-27 80824]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2013-1-7 270080]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2013-4-27 20480]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2013-4-27 8320]
S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [2013-4-27 23424]
S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sys --> c:\windows\system32\drivers\motusbdevice.sys [?]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2013-4-27 181432]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2013-4-4 392824]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-14 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 CltMngSvc;Search Protect by Conduit Updater;c:\program files\searchprotect\bin\cltmngsvc.exe --> c:\program files\searchprotect\bin\CltMngSvc.exe [?]
.
=============== Created Last 30 ================
.
2013-06-02 02:50:44 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes' Anti-Malware (portable)
2013-06-02 02:50:18 35144 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2013-06-01 22:35:17 -------- d-----w- c:\documents and settings\administrator\application data\ieSpell
2013-06-01 21:58:11 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Temp
2013-06-01 19:22:05 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Adobe
2013-05-31 03:14:35 17392 ----a-w- C:\FixitRegBackup.reg
2013-05-30 19:33:36 -------- d-----w- c:\windows\Downloaded Installations
2013-05-27 19:03:54 -------- d-----w- C:\Support Tools
2013-05-20 22:41:57 -------- d-----w- c:\program files\ConvertHelper
2013-05-19 01:09:19 -------- d-----w- c:\windows\system32\MpEngineStore
2013-05-18 21:51:21 -------- d-sh--w- c:\documents and settings\administrator\PrivacIE
2013-05-18 21:26:38 -------- d-----w- c:\documents and settings\administrator\application data\Malwarebytes
2013-05-18 19:10:23 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys
2013-05-18 05:50:45 -------- d-----w- c:\program files\FileASSASSIN
2013-05-18 05:35:24 -------- d--h--w- c:\windows\PIF
2013-05-16 23:59:31 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2013-05-16 23:59:29 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-05-16 23:59:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
.
==================== Find3M  ====================
.
2013-05-02 15:28:50 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-04-16 22:17:15 920064 ----a-w- c:\windows\system32\wininet.dll
2013-04-16 22:17:14 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-04-16 22:17:14 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-04-12 23:28:55 385024 ----a-w- c:\windows\system32\html.iec
2013-04-11 19:58:10 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-04-11 19:58:08 143872 ----a-w- c:\windows\system32\javacpl.cpl
2013-04-11 19:58:07 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-04-11 19:58:07 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-04-10 01:31:19 1876352 ----a-w- c:\windows\system32\win32k.sys
2013-03-22 05:32:07 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-22 05:32:06 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-08 08:36:22 293376 ----a-w- c:\windows\system32\winsrv.dll
2013-03-07 01:32:25 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-07 00:50:30 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
=================== ROOTKIT  ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD1002FAEX-00Z3A0 rev.05.01D05 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-f
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
1 ntkrnlpa!IofCallDriver[0x804EF200] -> \Device\Harddisk0\DR0[0x8AD0EAB8]
3 CLASSPNP[0xB98F8FD7] -> ntkrnlpa!IofCallDriver[0x804EF200] -> \Device\0000006f[0x8AD129E8]
5 ACPI[0xB977F620] -> ntkrnlpa!IofCallDriver[0x804EF200] -> \Device\Ide\IdeDeviceP0T0L0-3[0x8ADC8D98]
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a;  }
user != kernel MBR !!!
.
============= FINISH: 14:49:55.48 ===============
 

Attached Files


Edited by CheeseyFace, 02 June 2013 - 05:09 PM.


BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,693 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:40 AM

Posted 02 June 2013 - 07:13 PM

:welcome:

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 CheeseyFace

CheeseyFace
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:40 AM

Posted 02 June 2013 - 07:57 PM

Attached File  Addition.txt   23.58KB   2 downloadsThx, MSG.

Here is log copy:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-06-2013 03
Ran by Administrator (administrator) on 02-06-2013 17:53:29
Running from C:\Documents and Settings\Michael\My Documents\BleepingComputerVirusMalware
Microsoft Windows XP Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Safe Mode (with Networking)

==================== Processes (Whitelisted) ===================

(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\WINDOWS\system32\cmd.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Smoothduck Inc.) C:\Program Files\Smoothduck\WheresMyStuff\Wms.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDCPL] RTHDCPL.EXE [x]
HKLM\...\Run: [RemoteControl10] "C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe" [87336 2010-02-03] (CyberLink Corp.)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-10-11] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [421888 2012-10-25] (Apple Inc.)
HKLM\...\Run: [ToolboxFX] "C:\Program Files\HP\ToolboxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on [58936 2010-10-25] (Hewlett-Packard Company)
HKLM\...\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM\...\Run: [MSN Toolbar] "C:\Program Files\MSN Toolbar\Platform\4.0.0357.1\mswinext.exe" [240992 2009-11-16] (Microsoft Corp.)
HKLM\...\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume [288080 2009-07-17] (Microsoft Corporation)
HKLM\...\Run: [RUSB3MON] "C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe" [115048 2011-09-20] (Renesas Electronics Corporation)
HKLM\...\Run: [DNS7reminder] "C:\Program Files\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\Nuance\NaturallySpeaking11\Ereg.ini [344 2013-05-25] ()
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [39136 2012-12-18] (Adobe Systems Incorporated)
HKLM\...\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [825560 2012-12-18] (Adobe Systems Inc.)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Run: [TimeServer] "C:\Documents and Settings\Michael\Application Data\Hewlett-Packard Company\WIN1416.exe" [x]
HKLM\...\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k [x]
HKLM\...\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto [169984 2008-04-14] (Microsoft Corporation)
HKLM\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [1127496 2013-04-04] (Malwarebytes Corporation)
HKLM\...\RunOnce: [A0] cmd /c "C:\Documents and Settings\Michael\My Documents\MalwareBytes\mbar-1.06.0.1003\mbar\mbar.exe" /r /s [768584 2013-06-01] (Malwarebytes Corporation)
HKU\Michael\...\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe [ 2012-03-09] (SlySoft, Inc.)
HKU\Michael\...\Run: [ISUSPM] C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe -scheduler [ 2010-10-24] (Acresso Corporation)
HKU\Michael\...\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun [ 2013-01-08] (Skype Technologies S.A.)
HKU\Michael\...\Policies\system: [DisableCMD] 0
HKU\Michael\...\Policies\system: [NoDispAppearancePage] 0
HKU\Michael\...\Policies\system: [NoDispBackgroundPage] 0
HKU\Michael\...\Policies\system: [NoDispSettingsPage] 0
Startup: C:\Documents and Settings\Michael\Start Menu\Programs\Startup\Launch Utility Application.lnk
ShortcutTarget: Launch Utility Application.lnk -> C:\Documents and Settings\Administrator\Application Data\Verizon\UA_ar\UtilityApplication.exe (No File)
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
HKLM SearchScopes: DefaultScope {2C8E0536-6C7A-48D4-A4F2-17070D3AC5D0} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
HKCU SearchScopes: DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: No Name - {8DED283A-12D8-4E96-B973-94F0FB28A539} -  No File
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
Handler: g7ps - {9EACF0FB-4FC7-436E-989B-3197142AD979} - C:\Program Files\Common Files\G7PS\Shared Files\G7PSDLL\G7PS.dll (G7 Productivity Systems, Inc.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5 03 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [147456] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

========================== Services (Whitelisted) =================

S2 Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [116040 2008-09-10] (Apple Inc.)
S2 DragonSvc; C:\Program Files\Common Files\Nuance\dgnsvc.exe [296808 2010-07-23] (Nuance Communications, Inc.)
S2 HP LaserJet Service; C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe [145920 2010-10-25] (HP)
S2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [462048 2012-04-20] (Intel® Corporation)
S2 Intel® ME Service; C:\Program Files\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-17] (Intel Corporation)
S2 Intel® PROSet Monitoring Service; C:\WINDOWS\system32\IProsetMonitor.exe [112968 2012-09-06] (Intel Corporation)
S2 jhi_service; C:\Program Files\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
S2 MotoHelper; C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe [214896 2011-12-06] ()
S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe [3201024 2008-07-29] (Microsoft Corporation)
S4 CltMngSvc; C:\Program Files\SearchProtect\bin\CltMngSvc.exe [x]
S2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [x]

==================== Drivers (Whitelisted) ====================

S3 Ambfilt; C:\Windows\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [121208 2012-03-09] (SlySoft, Inc.)
S1 BANTExt; C:\Windows\System32\Drivers\BANTExt.sys [3840 2011-08-09] ()
S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R3 e1cexpress; C:\Windows\System32\DRIVERS\e1c5132.sys [218448 2012-08-10] (Intel Corporation)
S1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [31088 2010-12-16] (Elaborate Bytes AG)
R3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [144384 2008-04-14] (Windows ® Server 2003 DDK provider)
R3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [35144 2013-06-01] ()
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [55104 2012-07-02] (Intel Corporation)
S3 Monfilt; C:\Windows\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
S3 NABTSFEC; C:\Windows\System32\DRIVERS\NABTSFEC.sys [85248 2008-04-14] (Microsoft Corporation)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R3 rusb3hub; C:\Windows\System32\DRIVERS\rusb3hub.sys [79616 2012-03-15] (Renesas Electronics Corporation)
R3 rusb3xhc; C:\Windows\System32\DRIVERS\rusb3xhc.sys [171264 2012-03-15] (Renesas Electronics Corporation)
S3 SLIP; C:\Windows\System32\DRIVERS\SLIP.sys [11136 2008-04-14] (Microsoft Corporation)
S3 streamip; C:\Windows\System32\DRIVERS\StreamIP.sys [15232 2008-04-14] (Microsoft Corporation)
S3 vsdatant; C:\WINDOWS\system32\vsdatant.sys [392824 2006-08-23] (Zone Labs, LLC)
S3 WSTCODEC; C:\Windows\System32\DRIVERS\WSTCODEC.SYS [19200 2008-04-14] (Microsoft Corporation)
S4 Abiosdsk; No ImagePath
S4 abp480n5; No ImagePath
S4 adpu160m; No ImagePath
S4 Aha154x; No ImagePath
S4 aic78u2; No ImagePath
S4 aic78xx; No ImagePath
S4 AliIde; No ImagePath
S4 amsint; No ImagePath
S4 asc; No ImagePath
S4 asc3350p; No ImagePath
S4 asc3550; No ImagePath
S4 Atdisk; No ImagePath
S4 cd20xrnt; No ImagePath
S1 Changer; No ImagePath
S4 CmdIde; No ImagePath
S4 Cpqarray; No ImagePath
U4 dac2w2k; No ImagePath
S4 dac960nt; No ImagePath
S4 dpti2o; No ImagePath
S4 hpn; No ImagePath
S1 i2omgmt; No ImagePath
S4 i2omp; No ImagePath
S4 ini910u; No ImagePath
S4 IntelIde; No ImagePath
S1 lbrtfdc; No ImagePath
S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [x]
S4 mraid35x; No ImagePath
S1 PCIDump; No ImagePath
S3 PDCOMP; No ImagePath
S3 PDFRAME; No ImagePath
S3 PDRELI; No ImagePath
S3 PDRFRAME; No ImagePath
S4 perc2; No ImagePath
S4 perc2hib; No ImagePath
S4 ql1080; No ImagePath
S4 Ql10wnt; No ImagePath
S4 ql12160; No ImagePath
S4 ql1240; No ImagePath
S4 ql1280; No ImagePath
S4 Simbad; No ImagePath
S4 Sparrow; No ImagePath
S0 sptd; System32\Drivers\sptd.sys [x]
S4 symc810; No ImagePath
S4 symc8xx; No ImagePath
S4 sym_hi; No ImagePath
S4 sym_u3; No ImagePath
S4 TosIde; No ImagePath
S4 ultra; No ImagePath
S4 ViaIde; No ImagePath
S3 WDICA; No ImagePath
U1 WS2IFSL;
U3 mbr; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mbr.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-06-02 17:53 - 2013-06-02 17:53 - 00000000 ____D C:\FRST
2013-06-02 14:50 - 2013-06-02 14:50 - 00022047 ____A C:\Documents and Settings\Administrator\Desktop\attach.txt
2013-06-02 14:50 - 2013-06-02 14:49 - 00014763 ____A C:\Documents and Settings\Administrator\Desktop\dds.txt
2013-06-02 14:44 - 2013-06-02 17:52 - 00000000 ____D C:\Documents and Settings\Michael\My Documents\BleepingComputerVirusMalware
2013-06-01 19:50 - 2013-06-01 23:50 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2013-06-01 19:50 - 2013-06-01 19:50 - 00035144 ____A C:\Windows\System32\Drivers\mbamchameleon.sys
2013-06-01 15:54 - 2013-06-01 19:52 - 00000000 ____D C:\Documents and Settings\Michael\My Documents\Virus Problem 05142013 Cannot install ZA MSE
2013-06-01 15:35 - 2013-06-01 15:35 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\ieSpell
2013-06-01 12:30 - 2013-06-01 12:30 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Macromedia
2013-06-01 12:22 - 2013-06-01 14:58 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Adobe
2013-06-01 12:22 - 2013-06-01 12:22 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe
2013-06-01 05:41 - 2013-06-01 05:40 - 00090112 ____A C:\Windows\Minidump\Mini060113-01.dmp
2013-05-31 23:24 - 2013-06-01 19:52 - 00000000 ____D C:\Documents and Settings\Michael\My Documents\Stories
2013-05-30 20:14 - 2013-05-30 20:14 - 00017392 ____A C:\FixitRegBackup.reg
2013-05-30 16:14 - 2013-05-30 16:14 - 00000276 ____A C:\Documents and Settings\Michael\My Documents\Insurance Dept CA BMW Gravel Damage Allstate.txt
2013-05-30 12:33 - 2013-05-30 12:33 - 00000000 ____D C:\Windows\Downloaded Installations
2013-05-30 12:26 - 2013-05-30 12:26 - 00000000 ____D C:\Documents and Settings\Michael\My Documents\pppp
2013-05-27 12:03 - 2013-05-27 12:08 - 00000000 ____D C:\Support Tools
2013-05-25 15:54 - 2013-05-25 16:18 - 00000876 ____A C:\Documents and Settings\Michael\My Documents\wrsa websecure bugs and problems.txt
2013-05-25 15:42 - 2013-05-25 15:42 - 00000321 ____A C:\Documents and Settings\Michael\My Documents\websecure bugs and problems.txt
2013-05-25 01:07 - 2013-05-25 01:07 - 00090112 ____A C:\Windows\Minidump\Mini052513-01.dmp
2013-05-23 23:26 - 2013-05-23 23:26 - 00001526 ____A C:\Documents and Settings\Michael\Desktop\Paint.lnk
2013-05-23 23:21 - 2013-05-23 23:21 - 00001880 ____A C:\Windows\bitssetup.log
2013-05-21 13:19 - 2013-05-21 13:19 - 00000176 ____A C:\Documents and Settings\Michael\Desktop\PPO VSP Dental Numbers.txt
2013-05-20 15:41 - 2013-05-20 16:24 - 00000000 ____D C:\Program Files\ConvertHelper
2013-05-20 15:41 - 2013-05-20 15:41 - 03782822 ____A (DownloadHelper                                              ) C:\Documents and Settings\Michael\My Documents\ConvertHelperSetup.exe
2013-05-20 15:00 - 2013-05-20 18:54 - 00000000 ____D C:\Documents and Settings\Michael\dwhelper
2013-05-20 14:09 - 2013-05-20 14:09 - 00183780 ____A C:\Documents and Settings\Michael\wrsa.log
2013-05-20 13:08 - 2013-05-20 13:08 - 00070936 ____A C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2013-05-18 18:09 - 2013-05-18 18:12 - 00000000 ____D C:\Windows\System32\MpEngineStore
2013-05-18 16:08 - 2013-05-18 16:08 - 00000000 __SHD C:\Windows\CSC
2013-05-18 14:51 - 2013-05-18 14:51 - 00000000 __SHD C:\Documents and Settings\Administrator\PrivacIE
2013-05-18 14:26 - 2013-05-18 14:26 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2013-05-18 14:24 - 2013-06-01 11:21 - 00000062 __ASH C:\Documents and Settings\Administrator\Local Settings\desktop.ini
2013-05-18 14:24 - 2013-06-01 11:20 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2013-05-18 14:24 - 2013-05-18 14:24 - 00000000 __SHD C:\Documents and Settings\Administrator\IETldCache
2013-05-18 14:24 - 2013-01-05 09:59 - 00000062 __ASH C:\Documents and Settings\Administrator\Application Data\desktop.ini
2013-05-18 12:51 - 2013-05-18 12:51 - 00133280 ____A C:\Windows\KB2829530-IE8.log
2013-05-18 12:51 - 2013-05-18 12:51 - 00132618 ____A C:\Windows\KB2847204-IE8.log
2013-05-18 12:51 - 2013-05-18 12:51 - 00132550 ____A C:\Windows\KB2820197.log
2013-05-18 12:51 - 2013-05-18 12:51 - 00000000 __HDC C:\Windows\$NtUninstallKB2829361$
2013-05-18 12:51 - 2013-05-18 12:51 - 00000000 __HDC C:\Windows\$NtUninstallKB2820197$
2013-05-18 12:48 - 2013-06-01 11:20 - 00000000 __HDC C:\Windows\$NtUninstallKB2813345$
2013-05-18 12:48 - 2013-05-18 12:48 - 00000000 __HDC C:\Windows\$NtUninstallKB2820917$
2013-05-18 12:48 - 2013-05-18 12:48 - 00000000 __HDC C:\Windows\$NtUninstallKB2813170$
2013-05-18 12:47 - 2013-05-18 12:47 - 00008012 ____A C:\Windows\KB2807986.log
2013-05-18 12:47 - 2013-05-18 12:47 - 00000000 __HDC C:\Windows\$NtUninstallKB2807986$
2013-05-18 12:47 - 2013-05-18 12:47 - 00000000 __HDC C:\Windows\$NtUninstallKB2802968$
2013-05-18 12:47 - 2013-05-18 12:47 - 00000000 __HDC C:\Windows\$NtUninstallKB2780091$
2013-05-18 12:10 - 2013-05-18 12:51 - 00135836 ____A C:\Windows\KB2829361.log
2013-05-18 12:10 - 2013-05-18 12:48 - 00132264 ____A C:\Windows\KB2813345.log
2013-05-18 12:10 - 2013-05-18 12:48 - 00131135 ____A C:\Windows\KB2820917.log
2013-05-18 12:10 - 2013-05-18 12:47 - 00012257 ____A C:\Windows\KB2802968.log
2013-05-18 12:10 - 2013-05-18 12:47 - 00011907 ____A C:\Windows\KB2780091.log
2013-05-18 12:10 - 2013-02-11 17:32 - 00012928 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\usb8023x.sys
2013-05-18 10:07 - 2013-05-18 10:07 - 03288974 ____A C:\Documents and Settings\Michael\Desktop\Microsoft .NET Framework 4 Extended Setup_20130516_232108750-MSI_netfx_Extended_x86.msi.txt
2013-05-18 10:07 - 2013-05-18 10:07 - 00167947 ____A C:\Documents and Settings\Michael\Desktop\Error codes “0x80070643” or “0x643” occur when you install the .NET Framework updates.htm
2013-05-18 10:07 - 2013-05-18 10:07 - 00000000 ____D C:\Documents and Settings\Michael\Desktop\Error codes “0x80070643” or “0x643” occur when you install the .NET Framework updates_files
2013-05-17 22:50 - 2013-05-17 22:50 - 00000741 ____A C:\Documents and Settings\All Users\Desktop\FileASSASSIN.lnk
2013-05-17 22:50 - 2013-05-17 22:50 - 00000000 ____D C:\Program Files\FileASSASSIN
2013-05-17 22:41 - 2013-06-01 19:49 - 00000000 ____D C:\Documents and Settings\Michael\My Documents\MalwareBytes
2013-05-17 22:35 - 2013-05-17 22:35 - 00000000 ___HD C:\Windows\PIF
2013-05-17 22:34 - 2013-05-17 22:34 - 00000000 ____D C:\Documents and Settings\Michael\Local Settings\Application Data\PCHealth
2013-05-16 19:47 - 2013-05-16 16:22 - 20214408 ____A (Microsoft Corporation) C:\Documents and Settings\Michael\Desktop\Windows-KB890830-V4.20.exe
2013-05-16 16:59 - 2013-05-18 14:26 - 00000795 ____A C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2013-05-16 16:59 - 2013-05-18 14:26 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-05-16 16:59 - 2013-05-16 16:59 - 00000000 ____D C:\Documents and Settings\Michael\Application Data\Malwarebytes
2013-05-16 16:59 - 2013-05-16 16:59 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2013-05-16 16:59 - 2013-04-04 14:50 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-05-15 23:52 - 2013-05-15 23:52 - 00000000 __SHD C:\Documents and Settings\LocalService\IETldCache
2013-05-15 23:52 - 2013-05-15 23:52 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Macromedia
2013-05-15 23:52 - 2013-05-15 23:52 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Adobe
2013-05-09 11:02 - 2013-05-09 11:02 - 00000000 ____D C:\Documents and Settings\Michael\My Documents\RecordedThoughts
2013-05-09 10:22 - 2013-05-09 10:57 - 00000000 ____D C:\Documents and Settings\Michael\My Documents\Geico_Accident_050113
2013-05-08 22:30 - 2013-05-12 16:10 - 00000000 ____D C:\Documents and Settings\Michael\My Documents\Wheat Grass and Chelation
2013-05-04 17:31 - 2013-05-10 23:45 - 00000000 ____D C:\Documents and Settings\Michael\My Documents\AIDS

==================== One Month Modified Files and Folders ========

2013-06-02 17:53 - 2013-06-02 17:53 - 00000000 ____D C:\FRST
2013-06-02 17:52 - 2013-06-02 14:44 - 00000000 ____D C:\Documents and Settings\Michael\My Documents\BleepingComputerVirusMalware
2013-06-02 14:50 - 2013-06-02 14:50 - 00022047 ____A C:\Documents and Settings\Administrator\Desktop\attach.txt
2013-06-02 14:49 - 2013-06-02 14:50 - 00014763 ____A C:\Documents and Settings\Administrator\Desktop\dds.txt
2013-06-02 14:29 - 2013-01-24 19:30 - 520671232 ____A C:\1815291333.wdx
2013-06-01 23:50 - 2013-06-01 19:50 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2013-06-01 23:00 - 2013-01-05 18:08 - 02113946 ____A C:\Windows\WindowsUpdate.log
2013-06-01 19:52 - 2013-06-01 15:54 - 00000000 ____D C:\Documents and Settings\Michael\My Documents\Virus Problem 05142013 Cannot install ZA MSE
2013-06-01 19:52 - 2013-05-31 23:24 - 00000000 ____D C:\Documents and Settings\Michael\My Documents\Stories
2013-06-01 19:52 - 2013-01-19 05:18 - 00005546 ____A C:\Documents and Settings\Michael\My Documents\Email_yahoo_comcast.txt
2013-06-01 19:50 - 2013-06-01 19:50 - 00035144 ____A C:\Windows\System32\Drivers\mbamchameleon.sys
2013-06-01 19:49 - 2013-05-17 22:41 - 00000000 ____D C:\Documents and Settings\Michael\My Documents\MalwareBytes
2013-06-01 15:35 - 2013-06-01 15:35 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\ieSpell
2013-06-01 15:27 - 2013-01-07 10:59 - 00001324 ____A C:\Windows\System32\d3d9caps.dat
2013-06-01 14:58 - 2013-06-01 12:22 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Adobe
2013-06-01 12:30 - 2013-06-01 12:30 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Macromedia
2013-06-01 12:22 - 2013-06-01 12:22 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe
2013-06-01 11:25 - 2013-01-05 09:59 - 00607426 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-01 11:21 - 2013-05-18 14:24 - 00000062 __ASH C:\Documents and Settings\Administrator\Local Settings\desktop.ini
2013-06-01 11:21 - 2013-01-05 18:11 - 00000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini
2013-06-01 11:21 - 2013-01-05 18:10 - 00000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini
2013-06-01 11:21 - 2008-04-14 05:00 - 00013646 ____A C:\Windows\System32\wpa.dbl
2013-06-01 11:20 - 2013-05-18 14:24 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2013-06-01 11:20 - 2013-05-18 12:48 - 00000000 __HDC C:\Windows\$NtUninstallKB2813345$
2013-06-01 05:41 - 2013-04-01 15:46 - 00000000 ____D C:\Windows\Minidump
2013-06-01 05:40 - 2013-06-01 05:41 - 00090112 ____A C:\Windows\Minidump\Mini060113-01.dmp
2013-06-01 02:12 - 2013-01-09 19:46 - 00000384 ___AH C:\Windows\Tasks\Microsoft Antimalware Scheduled Scan.job
2013-05-31 23:16 - 2013-01-24 16:45 - 00000000 ____D C:\logfiles
2013-05-31 15:15 - 2013-01-05 18:56 - 00000818 ____A C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2013-05-31 13:00 - 2013-04-27 13:00 - 00000354 ____A C:\Windows\Tasks\MotoHelper Routing.job
2013-05-31 09:30 - 2013-04-12 23:39 - 00000290 ____A C:\Windows\Tasks\SetAndSyncTime.job
2013-05-30 22:23 - 2013-01-09 19:36 - 00001954 ____A C:\Windows\epplauncher.mif
2013-05-30 20:44 - 2013-01-19 05:04 - 00000000 ____D C:\Windows\pss
2013-05-30 20:44 - 2013-01-05 09:57 - 00000211 ___SH C:\boot.ini
2013-05-30 20:44 - 2008-04-14 05:00 - 00000395 ____A C:\Windows\win.ini
2013-05-30 20:44 - 2008-04-14 05:00 - 00000227 ____A C:\Windows\system.ini
2013-05-30 20:21 - 2013-01-31 14:54 - 00000000 ____D C:\Documents and Settings\Michael\My Documents\MS DLs
2013-05-30 20:14 - 2013-05-30 20:14 - 00017392 ____A C:\FixitRegBackup.reg
2013-05-30 16:16 - 2013-04-01 12:41 - 00000000 ____D C:\Documents and Settings\Michael\My Documents\BMW2010  and Uncle Loan doc
2013-05-30 16:14 - 2013-05-30 16:14 - 00000276 ____A C:\Documents and Settings\Michael\My Documents\Insurance Dept CA BMW Gravel Damage Allstate.txt
2013-05-30 12:40 - 2013-02-19 21:24 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-05-30 12:33 - 2013-05-30 12:33 - 00000000 ____D C:\Windows\Downloaded Installations
2013-05-30 12:26 - 2013-05-30 12:26 - 00000000 ____D C:\Documents and Settings\Michael\My Documents\pppp
2013-05-30 11:03 - 2013-01-05 09:53 - 00000000 ____D C:\Windows\security
2013-05-30 10:48 - 2013-02-05 21:25 - 00000236 ____A C:\Windows\Tasks\KL.job
2013-05-29 22:30 - 2013-01-19 05:19 - 00000000 ____D C:\Documents and Settings\Michael\My Documents\Blood Tests
2013-05-27 13:00 - 2013-04-27 13:00 - 00000370 ____A C:\Windows\Tasks\MotoHelper Update.job
2013-05-27 13:00 - 2013-04-27 13:00 - 00000358 ____A C:\Windows\Tasks\MotoHelper MUM.job
2013-05-27 12:08 - 2013-05-27 12:03 - 00000000 ____D C:\Support Tools
2013-05-26 18:25 - 2013-01-05 09:53 - 00000000 ____D C:\Windows\Help
2013-05-26 16:06 - 2013-02-01 12:33 - 00000000 ____D C:\Documents and Settings\Michael\Application Data\vlc
2013-05-25 16:18 - 2013-05-25 15:54 - 00000876 ____A C:\Documents and Settings\Michael\My Documents\wrsa websecure bugs and problems.txt
2013-05-25 15:42 - 2013-05-25 15:42 - 00000321 ____A C:\Documents and Settings\Michael\My Documents\websecure bugs and problems.txt
2013-05-25 01:08 - 2013-04-27 15:48 - 00000000 ____D C:\Documents and Settings\All Users\Documents\Verizon_Android
2013-05-25 01:07 - 2013-05-25 01:07 - 00090112 ____A C:\Windows\Minidump\Mini052513-01.dmp
2013-05-25 01:07 - 2013-01-05 18:56 - 00000816 ____A C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2013-05-25 01:07 - 2013-01-05 18:12 - 00000062 __ASH C:\Documents and Settings\Michael\Local Settings\desktop.ini
2013-05-25 01:07 - 2013-01-05 18:11 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-05-25 01:07 - 2013-01-05 10:02 - 00000159 ____A C:\Windows\wiadebug.log
2013-05-25 01:07 - 2013-01-05 10:02 - 00000049 ____A C:\Windows\wiaservc.log
2013-05-23 23:26 - 2013-05-23 23:26 - 00001526 ____A C:\Documents and Settings\Michael\Desktop\Paint.lnk
2013-05-23 23:21 - 2013-05-23 23:21 - 00001880 ____A C:\Windows\bitssetup.log
2013-05-23 11:48 - 2013-01-05 18:16 - 00000000 ____D C:\Windows\Microsoft.NET
2013-05-23 11:41 - 2013-01-05 18:11 - 00032426 ____A C:\Windows\SchedLgU.Txt
2013-05-23 11:40 - 2013-01-05 18:12 - 00000278 ___SH C:\Documents and Settings\Michael\ntuser.ini
2013-05-23 11:20 - 2013-01-19 05:25 - 00000000 ____D C:\Documents and Settings\Michael\My Documents\DlinkRouterDIR-655
2013-05-22 19:46 - 2013-01-19 05:25 - 00000000 ____D C:\Documents and Settings\Michael\My Documents\NewBizIdeas
2013-05-21 13:19 - 2013-05-21 13:19 - 00000176 ____A C:\Documents and Settings\Michael\Desktop\PPO VSP Dental Numbers.txt
2013-05-20 18:54 - 2013-05-20 15:00 - 00000000 ____D C:\Documents and Settings\Michael\dwhelper
2013-05-20 16:24 - 2013-05-20 15:41 - 00000000 ____D C:\Program Files\ConvertHelper
2013-05-20 15:41 - 2013-05-20 15:41 - 03782822 ____A (DownloadHelper                                              ) C:\Documents and Settings\Michael\My Documents\ConvertHelperSetup.exe
2013-05-20 14:09 - 2013-05-20 14:09 - 00183780 ____A C:\Documents and Settings\Michael\wrsa.log
2013-05-20 13:08 - 2013-05-20 13:08 - 00070936 ____A C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2013-05-19 14:31 - 2013-01-05 18:07 - 00000000 ____D C:\Windows\System32\Restore
2013-05-19 14:26 - 2013-04-04 23:23 - 00000000 ____D C:\Windows\System32\ZoneLabs
2013-05-18 18:42 - 2013-01-23 22:21 - 00000000 ____D C:\Program Files\Common Files\Nuance
2013-05-18 18:28 - 2013-02-01 13:23 - 00000037 ____A C:\Documents and Settings\Michael\Application Data\SAS7_000.DAT
2013-05-18 18:12 - 2013-05-18 18:09 - 00000000 ____D C:\Windows\System32\MpEngineStore
2013-05-18 16:08 - 2013-05-18 16:08 - 00000000 __SHD C:\Windows\CSC
2013-05-18 14:51 - 2013-05-18 14:51 - 00000000 __SHD C:\Documents and Settings\Administrator\PrivacIE
2013-05-18 14:26 - 2013-05-18 14:26 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2013-05-18 14:26 - 2013-05-16 16:59 - 00000795 ____A C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2013-05-18 14:26 - 2013-05-16 16:59 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-05-18 14:24 - 2013-05-18 14:24 - 00000000 __SHD C:\Documents and Settings\Administrator\IETldCache
2013-05-18 13:32 - 2013-01-09 19:36 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-05-18 13:00 - 2013-01-05 09:58 - 00278944 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-18 12:59 - 2013-01-09 21:01 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-05-18 12:51 - 2013-05-18 12:51 - 00133280 ____A C:\Windows\KB2829530-IE8.log
2013-05-18 12:51 - 2013-05-18 12:51 - 00132618 ____A C:\Windows\KB2847204-IE8.log
2013-05-18 12:51 - 2013-05-18 12:51 - 00132550 ____A C:\Windows\KB2820197.log
2013-05-18 12:51 - 2013-05-18 12:51 - 00000000 __HDC C:\Windows\$NtUninstallKB2829361$
2013-05-18 12:51 - 2013-05-18 12:51 - 00000000 __HDC C:\Windows\$NtUninstallKB2820197$
2013-05-18 12:51 - 2013-05-18 12:10 - 00135836 ____A C:\Windows\KB2829361.log
2013-05-18 12:51 - 2013-01-07 11:00 - 00000000 ____D C:\Windows\ie8updates
2013-05-18 12:51 - 2013-01-05 19:10 - 00061195 ____A C:\Windows\updspapi.log
2013-05-18 12:51 - 2013-01-05 18:47 - 00000000 ___HD C:\Windows\$hf_mig$
2013-05-18 12:51 - 2013-01-05 09:59 - 01012305 ____A C:\Windows\iis6.log
2013-05-18 12:51 - 2013-01-05 09:59 - 00920394 ____A C:\Windows\FaxSetup.log
2013-05-18 12:51 - 2013-01-05 09:59 - 00449304 ____A C:\Windows\ocgen.log
2013-05-18 12:51 - 2013-01-05 09:59 - 00425552 ____A C:\Windows\tsoc.log
2013-05-18 12:51 - 2013-01-05 09:59 - 00318648 ____A C:\Windows\comsetup.log
2013-05-18 12:51 - 2013-01-05 09:59 - 00281770 ____A C:\Windows\msmqinst.log
2013-05-18 12:51 - 2013-01-05 09:59 - 00191236 ____A C:\Windows\ntdtcsetup.log
2013-05-18 12:51 - 2013-01-05 09:59 - 00161991 ____A C:\Windows\netfxocm.log
2013-05-18 12:51 - 2013-01-05 09:59 - 00063962 ____A C:\Windows\MedCtrOC.log
2013-05-18 12:51 - 2013-01-05 09:59 - 00051159 ____A C:\Windows\ocmsn.log
2013-05-18 12:51 - 2013-01-05 09:59 - 00046969 ____A C:\Windows\tabletoc.log
2013-05-18 12:51 - 2013-01-05 09:59 - 00046294 ____A C:\Windows\msgsocm.log
2013-05-18 12:51 - 2013-01-05 09:59 - 00001374 ____A C:\Windows\imsins.log
2013-05-18 12:51 - 2013-01-05 09:59 - 00001374 ____A C:\Windows\imsins.BAK
2013-05-18 12:48 - 2013-05-18 12:48 - 00000000 __HDC C:\Windows\$NtUninstallKB2820917$
2013-05-18 12:48 - 2013-05-18 12:48 - 00000000 __HDC C:\Windows\$NtUninstallKB2813170$
2013-05-18 12:48 - 2013-05-18 12:10 - 00132264 ____A C:\Windows\KB2813345.log
2013-05-18 12:48 - 2013-05-18 12:10 - 00131135 ____A C:\Windows\KB2820917.log
2013-05-18 12:47 - 2013-05-18 12:47 - 00008012 ____A C:\Windows\KB2807986.log
2013-05-18 12:47 - 2013-05-18 12:47 - 00000000 __HDC C:\Windows\$NtUninstallKB2807986$
2013-05-18 12:47 - 2013-05-18 12:47 - 00000000 __HDC C:\Windows\$NtUninstallKB2802968$
2013-05-18 12:47 - 2013-05-18 12:47 - 00000000 __HDC C:\Windows\$NtUninstallKB2780091$
2013-05-18 12:47 - 2013-05-18 12:10 - 00012257 ____A C:\Windows\KB2802968.log
2013-05-18 12:47 - 2013-05-18 12:10 - 00011907 ____A C:\Windows\KB2780091.log
2013-05-18 12:42 - 2013-01-31 15:04 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Microsoft Help
2013-05-18 12:42 - 2013-01-23 20:01 - 00000000 ____D C:\Program Files\Microsoft Office
2013-05-18 12:41 - 2013-01-05 09:59 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-05-18 12:36 - 2013-01-23 22:23 - 00000000 ____D C:\Program Files\Common Files\Merge Modules
2013-05-18 12:13 - 2013-01-23 22:55 - 00000000 ____D C:\Program Files\Microsoft SQL Server
2013-05-18 12:12 - 2013-01-05 18:06 - 00000000 ____D C:\Windows\Registration
2013-05-18 10:07 - 2013-05-18 10:07 - 03288974 ____A C:\Documents and Settings\Michael\Desktop\Microsoft .NET Framework 4 Extended Setup_20130516_232108750-MSI_netfx_Extended_x86.msi.txt
2013-05-18 10:07 - 2013-05-18 10:07 - 00167947 ____A C:\Documents and Settings\Michael\Desktop\Error codes “0x80070643” or “0x643” occur when you install the .NET Framework updates.htm
2013-05-18 10:07 - 2013-05-18 10:07 - 00000000 ____D C:\Documents and Settings\Michael\Desktop\Error codes “0x80070643” or “0x643” occur when you install the .NET Framework updates_files
2013-05-18 09:24 - 2013-01-07 11:58 - 00000000 __HDC C:\Windows\$NtUninstallKB2345886$
2013-05-17 23:11 - 2013-01-19 05:25 - 00000000 ____D C:\Documents and Settings\Michael\My Documents\DragNatSpk
2013-05-17 22:50 - 2013-05-17 22:50 - 00000741 ____A C:\Documents and Settings\All Users\Desktop\FileASSASSIN.lnk
2013-05-17 22:50 - 2013-05-17 22:50 - 00000000 ____D C:\Program Files\FileASSASSIN
2013-05-17 22:35 - 2013-05-17 22:35 - 00000000 ___HD C:\Windows\PIF
2013-05-17 22:34 - 2013-05-17 22:34 - 00000000 ____D C:\Documents and Settings\Michael\Local Settings\Application Data\PCHealth
2013-05-16 23:32 - 2013-01-15 17:40 - 00000000 ____D C:\Documents and Settings\Michael\Application Data\Hewlett-Packard Company
2013-05-16 19:49 - 2013-01-07 10:55 - 00000000 __HDC C:\Windows\$NtUninstallKB978695_WM9$
2013-05-16 19:38 - 2013-01-09 19:35 - 11091432 ____A (Microsoft Corporation) C:\Documents and Settings\Michael\Desktop\mseinstall.exe
2013-05-16 17:25 - 2013-01-24 11:26 - 00000000 ____D C:\Program Files\Shared
2013-05-16 16:59 - 2013-05-16 16:59 - 00000000 ____D C:\Documents and Settings\Michael\Application Data\Malwarebytes
2013-05-16 16:59 - 2013-05-16 16:59 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2013-05-16 16:26 - 2013-01-05 09:59 - 00866697 ____A C:\Windows\setupapi.log
2013-05-16 16:22 - 2013-05-16 19:47 - 20214408 ____A (Microsoft Corporation) C:\Documents and Settings\Michael\Desktop\Windows-KB890830-V4.20.exe
2013-05-15 23:52 - 2013-05-15 23:52 - 00000000 __SHD C:\Documents and Settings\LocalService\IETldCache
2013-05-15 23:52 - 2013-05-15 23:52 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Macromedia
2013-05-15 23:52 - 2013-05-15 23:52 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Adobe
2013-05-12 16:10 - 2013-05-08 22:30 - 00000000 ____D C:\Documents and Settings\Michael\My Documents\Wheat Grass and Chelation
2013-05-10 23:45 - 2013-05-04 17:31 - 00000000 ____D C:\Documents and Settings\Michael\My Documents\AIDS
2013-05-09 11:02 - 2013-05-09 11:02 - 00000000 ____D C:\Documents and Settings\Michael\My Documents\RecordedThoughts
2013-05-09 10:57 - 2013-05-09 10:22 - 00000000 ____D C:\Documents and Settings\Michael\My Documents\Geico_Accident_050113
2013-05-09 10:36 - 2013-01-30 14:30 - 00000000 ____D C:\Documents and Settings\Michael\My Documents\OllieStone_UntoldHistoryOfUS
2013-05-06 21:27 - 2008-04-14 05:00 - 06015488 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\mshtml.dll
2013-05-06 21:27 - 2008-04-14 05:00 - 06015488 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-04 10:50 - 2013-04-28 12:23 - 00005451 ____A C:\Documents and Settings\Michael\My Documents\Email_yahoo_comcast_042813.txt
2013-05-03 15:57 - 2013-01-07 11:09 - 72607752 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
C:\Program Files\Microsoft Security Client\Backup => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender

==================== End Of Log ============================

 



#4 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,693 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:40 AM

Posted 02 June 2013 - 09:22 PM

Download the enclosed file. 

 

Save it next to FRST. Run FRST as you did before, except that this time around click on the Fix button and wait.

 

The tool will make a log next to FRST (Fixlog.txt) please post it to your reply.

 

 

 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#5 CheeseyFace

CheeseyFace
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:40 AM

Posted 03 June 2013 - 12:53 AM

Attached File  Fixlog.txt   825bytes   7 downloadsHi MSG.

 

Here is Fixlog.txt file.

Note: folder Microsoft Security Client and its sub folders: drivers, backup and en-us still

cannot be accessed(the file cannot be accessed by the system)   or deleted (the dir is not empty).

 

 

CheeseyFace



#6 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,693 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:40 AM

Posted 03 June 2013 - 09:58 AM

Re-scan with FRST and post the new FRST.txt.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#7 CheeseyFace

CheeseyFace
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:40 AM

Posted 03 June 2013 - 12:44 PM

Attached File  Addition.txt   23.58KB   0 downloadsOK.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-06-2013 03
Ran by Administrator (administrator) on 03-06-2013 08:45:54
Running from C:\Documents and Settings\Michael\My Documents\BleepingComputerVirusMalware
Microsoft Windows XP Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Safe Mode (with Networking)

==================== Processes (Whitelisted) ===================

(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\WINDOWS\system32\cmd.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Smoothduck Inc.) C:\Program Files\Smoothduck\WheresMyStuff\Wms.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDCPL] RTHDCPL.EXE [x]
HKLM\...\Run: [RemoteControl10] "C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe" [87336 2010-02-03] (CyberLink Corp.)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-10-11] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [421888 2012-10-25] (Apple Inc.)
HKLM\...\Run: [ToolboxFX] "C:\Program Files\HP\ToolboxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on [58936 2010-10-25] (Hewlett-Packard Company)
HKLM\...\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM\...\Run: [MSN Toolbar] "C:\Program Files\MSN Toolbar\Platform\4.0.0357.1\mswinext.exe" [240992 2009-11-16] (Microsoft Corp.)
HKLM\...\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume [288080 2009-07-17] (Microsoft Corporation)
HKLM\...\Run: [RUSB3MON] "C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe" [115048 2011-09-20] (Renesas Electronics Corporation)
HKLM\...\Run: [DNS7reminder] "C:\Program Files\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\Nuance\NaturallySpeaking11\Ereg.ini [344 2013-05-25] ()
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [39136 2012-12-18] (Adobe Systems Incorporated)
HKLM\...\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [825560 2012-12-18] (Adobe Systems Inc.)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Run: [TimeServer] "C:\Documents and Settings\Michael\Application Data\Hewlett-Packard Company\WIN1416.exe" [x]
HKLM\...\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k [x]
HKLM\...\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto [169984 2008-04-14] (Microsoft Corporation)
HKLM\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [1127496 2013-04-04] (Malwarebytes Corporation)
HKLM\...\RunOnce: [A0] cmd /c "C:\Documents and Settings\Michael\My Documents\MalwareBytes\mbar-1.06.0.1003\mbar\mbar.exe" /r /s [768584 2013-06-01] (Malwarebytes Corporation)
HKU\Michael\...\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe [ 2012-03-09] (SlySoft, Inc.)
HKU\Michael\...\Run: [ISUSPM] C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe -scheduler [ 2010-10-24] (Acresso Corporation)
HKU\Michael\...\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun [ 2013-01-08] (Skype Technologies S.A.)
HKU\Michael\...\Policies\system: [DisableCMD] 0
HKU\Michael\...\Policies\system: [NoDispAppearancePage] 0
HKU\Michael\...\Policies\system: [NoDispBackgroundPage] 0
HKU\Michael\...\Policies\system: [NoDispSettingsPage] 0
Startup: C:\Documents and Settings\Michael\Start Menu\Programs\Startup\Launch Utility Application.lnk
ShortcutTarget: Launch Utility Application.lnk -> C:\Documents and Settings\Administrator\Application Data\Verizon\UA_ar\UtilityApplication.exe (No File)
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKLM SearchScopes: DefaultScope {2C8E0536-6C7A-48D4-A4F2-17070D3AC5D0} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
HKCU SearchScopes: DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: No Name - {8DED283A-12D8-4E96-B973-94F0FB28A539} -  No File
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
Handler: g7ps - {9EACF0FB-4FC7-436E-989B-3197142AD979} - C:\Program Files\Common Files\G7PS\Shared Files\G7PSDLL\G7PS.dll (G7 Productivity Systems, Inc.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [147456] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

========================== Services (Whitelisted) =================

S2 Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [116040 2008-09-10] (Apple Inc.)
S2 DragonSvc; C:\Program Files\Common Files\Nuance\dgnsvc.exe [296808 2010-07-23] (Nuance Communications, Inc.)
S2 HP LaserJet Service; C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe [145920 2010-10-25] (HP)
S2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [462048 2012-04-20] (Intel® Corporation)
S2 Intel® ME Service; C:\Program Files\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-17] (Intel Corporation)
S2 Intel® PROSet Monitoring Service; C:\WINDOWS\system32\IProsetMonitor.exe [112968 2012-09-06] (Intel Corporation)
S2 jhi_service; C:\Program Files\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
S2 MotoHelper; C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe [214896 2011-12-06] ()
S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe [3201024 2008-07-29] (Microsoft Corporation)
S4 CltMngSvc; C:\Program Files\SearchProtect\bin\CltMngSvc.exe [x]
S2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [x]

==================== Drivers (Whitelisted) ====================

S3 Ambfilt; C:\Windows\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [121208 2012-03-09] (SlySoft, Inc.)
S1 BANTExt; C:\Windows\System32\Drivers\BANTExt.sys [3840 2011-08-09] ()
S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R3 e1cexpress; C:\Windows\System32\DRIVERS\e1c5132.sys [218448 2012-08-10] (Intel Corporation)
S1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [31088 2010-12-16] (Elaborate Bytes AG)
R3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [144384 2008-04-14] (Windows ® Server 2003 DDK provider)
R3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [35144 2013-06-01] ()
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [55104 2012-07-02] (Intel Corporation)
S3 Monfilt; C:\Windows\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
S3 NABTSFEC; C:\Windows\System32\DRIVERS\NABTSFEC.sys [85248 2008-04-14] (Microsoft Corporation)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R3 rusb3hub; C:\Windows\System32\DRIVERS\rusb3hub.sys [79616 2012-03-15] (Renesas Electronics Corporation)
R3 rusb3xhc; C:\Windows\System32\DRIVERS\rusb3xhc.sys [171264 2012-03-15] (Renesas Electronics Corporation)
S3 SLIP; C:\Windows\System32\DRIVERS\SLIP.sys [11136 2008-04-14] (Microsoft Corporation)
S3 streamip; C:\Windows\System32\DRIVERS\StreamIP.sys [15232 2008-04-14] (Microsoft Corporation)
S3 vsdatant; C:\WINDOWS\system32\vsdatant.sys [392824 2006-08-23] (Zone Labs, LLC)
S3 WSTCODEC; C:\Windows\System32\DRIVERS\WSTCODEC.SYS [19200 2008-04-14] (Microsoft Corporation)
S4 Abiosdsk; No ImagePath
S4 abp480n5; No ImagePath
S4 adpu160m; No ImagePath
S4 Aha154x; No ImagePath
S4 aic78u2; No ImagePath
S4 aic78xx; No ImagePath
S4 AliIde; No ImagePath
S4 amsint; No ImagePath
S4 asc; No ImagePath
S4 asc3350p; No ImagePath
S4 asc3550; No ImagePath
S4 Atdisk; No ImagePath
S4 cd20xrnt; No ImagePath
S1 Changer; No ImagePath
S4 CmdIde; No ImagePath
S4 Cpqarray; No ImagePath
U4 dac2w2k; No ImagePath
S4 dac960nt; No ImagePath
S4 dpti2o; No ImagePath
S4 hpn; No ImagePath
S1 i2omgmt; No ImagePath
S4 i2omp; No ImagePath
S4 ini910u; No ImagePath
S4 IntelIde; No ImagePath
S1 lbrtfdc; No ImagePath
S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [x]
S4 mraid35x; No ImagePath
S1 PCIDump; No ImagePath
S3 PDCOMP; No ImagePath
S3 PDFRAME; No ImagePath
S3 PDRELI; No ImagePath
S3 PDRFRAME; No ImagePath
S4 perc2; No ImagePath
S4 perc2hib; No ImagePath
S4 ql1080; No ImagePath
S4 Ql10wnt; No ImagePath
S4 ql12160; No ImagePath
S4 ql1240; No ImagePath
S4 ql1280; No ImagePath
S4 Simbad; No ImagePath
S4 Sparrow; No ImagePath
S0 sptd; System32\Drivers\sptd.sys [x]
S4 symc810; No ImagePath
S4 symc8xx; No ImagePath
S4 sym_hi; No ImagePath
S4 sym_u3; No ImagePath
S4 TosIde; No ImagePath
S4 ultra; No ImagePath
S4 ViaIde; No ImagePath
S3 WDICA; No ImagePath
U1 WS2IFSL;
U3 mbr; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mbr.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-06-02 17:53 - 2013-06-02 22:44 - 00000000 ____D C:\FRST
2013-06-02 14:50 - 2013-06-02 14:50 - 00022047 ____A C:\Documents and Settings\Administrator\Desktop\attach.txt
2013-06-02 14:50 - 2013-06-02 14:49 - 00014763 ____A C:\Documents and Settings\Administrator\Desktop\dds.txt
2013-06-02 14:44 - 2013-06-03 08:45 - 00000000 ____D C:\Documents and Settings\Michael\My Documents\BleepingComputerVirusMalware
2013-06-01 19:50 - 2013-06-01 23:50 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2013-06-01 19:50 - 2013-06-01 19:50 - 00035144 ____A C:\Windows\System32\Drivers\mbamchameleon.sys
2013-06-01 15:54 - 2013-06-01 19:52 - 00000000 ____D C:\Documents and Settings\Michael\My Documents\Virus Problem 05142013 Cannot install ZA MSE
2013-06-01 15:35 - 2013-06-01 15:35 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\ieSpell
2013-06-01 12:30 - 2013-06-01 12:30 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Macromedia
2013-06-01 12:22 - 2013-06-01 14:58 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Adobe
2013-06-01 12:22 - 2013-06-01 12:22 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe
2013-06-01 05:41 - 2013-06-01 05:40 - 00090112 ____A C:\Windows\Minidump\Mini060113-01.dmp
2013-05-31 23:24 - 2013-06-01 19:52 - 00000000 ____D C:\Documents and Settings\Michael\My Documents\Stories
2013-05-30 20:14 - 2013-05-30 20:14 - 00017392 ____A C:\FixitRegBackup.reg
2013-05-30 16:14 - 2013-05-30 16:14 - 00000276 ____A C:\Documents and Settings\Michael\My Documents\Insurance Dept CA BMW Gravel Damage Allstate.txt
2013-05-30 12:33 - 2013-05-30 12:33 - 00000000 ____D C:\Windows\Downloaded Installations
2013-05-30 12:26 - 2013-05-30 12:26 - 00000000 ____D C:\Documents and Settings\Michael\My Documents\pppp
2013-05-27 12:03 - 2013-05-27 12:08 - 00000000 ____D C:\Support Tools
2013-05-25 15:54 - 2013-05-25 16:18 - 00000876 ____A C:\Documents and Settings\Michael\My Documents\wrsa websecure bugs and problems.txt
2013-05-25 15:42 - 2013-05-25 15:42 - 00000321 ____A C:\Documents and Settings\Michael\My Documents\websecure bugs and problems.txt
2013-05-25 01:07 - 2013-05-25 01:07 - 00090112 ____A C:\Windows\Minidump\Mini052513-01.dmp
2013-05-23 23:26 - 2013-05-23 23:26 - 00001526 ____A C:\Documents and Settings\Michael\Desktop\Paint.lnk
2013-05-23 23:21 - 2013-05-23 23:21 - 00001880 ____A C:\Windows\bitssetup.log
2013-05-21 13:19 - 2013-05-21 13:19 - 00000176 ____A C:\Documents and Settings\Michael\Desktop\PPO VSP Dental Numbers.txt
2013-05-20 15:41 - 2013-05-20 16:24 - 00000000 ____D C:\Program Files\ConvertHelper
2013-05-20 15:41 - 2013-05-20 15:41 - 03782822 ____A (DownloadHelper                                              ) C:\Documents and Settings\Michael\My Documents\ConvertHelperSetup.exe
2013-05-20 15:00 - 2013-05-20 18:54 - 00000000 ____D C:\Documents and Settings\Michael\dwhelper
2013-05-20 14:09 - 2013-05-20 14:09 - 00183780 ____A C:\Documents and Settings\Michael\wrsa.log
2013-05-20 13:08 - 2013-05-20 13:08 - 00070936 ____A C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2013-05-18 18:09 - 2013-05-18 18:12 - 00000000 ____D C:\Windows\System32\MpEngineStore
2013-05-18 16:08 - 2013-05-18 16:08 - 00000000 __SHD C:\Windows\CSC
2013-05-18 14:51 - 2013-05-18 14:51 - 00000000 __SHD C:\Documents and Settings\Administrator\PrivacIE
2013-05-18 14:26 - 2013-05-18 14:26 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2013-05-18 14:24 - 2013-06-01 11:21 - 00000062 __ASH C:\Documents and Settings\Administrator\Local Settings\desktop.ini
2013-05-18 14:24 - 2013-06-01 11:20 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2013-05-18 14:24 - 2013-05-18 14:24 - 00000000 __SHD C:\Documents and Settings\Administrator\IETldCache
2013-05-18 14:24 - 2013-01-05 09:59 - 00000062 __ASH C:\Documents and Settings\Administrator\Application Data\desktop.ini
2013-05-18 12:51 - 2013-05-18 12:51 - 00133280 ____A C:\Windows\KB2829530-IE8.log
2013-05-18 12:51 - 2013-05-18 12:51 - 00132618 ____A C:\Windows\KB2847204-IE8.log
2013-05-18 12:51 - 2013-05-18 12:51 - 00132550 ____A C:\Windows\KB2820197.log
2013-05-18 12:51 - 2013-05-18 12:51 - 00000000 __HDC C:\Windows\$NtUninstallKB2829361$
2013-05-18 12:51 - 2013-05-18 12:51 - 00000000 __HDC C:\Windows\$NtUninstallKB2820197$
2013-05-18 12:48 - 2013-06-01 11:20 - 00000000 __HDC C:\Windows\$NtUninstallKB2813345$
2013-05-18 12:48 - 2013-05-18 12:48 - 00000000 __HDC C:\Windows\$NtUninstallKB2820917$
2013-05-18 12:48 - 2013-05-18 12:48 - 00000000 __HDC C:\Windows\$NtUninstallKB2813170$
2013-05-18 12:47 - 2013-05-18 12:47 - 00008012 ____A C:\Windows\KB2807986.log
2013-05-18 12:47 - 2013-05-18 12:47 - 00000000 __HDC C:\Windows\$NtUninstallKB2807986$
2013-05-18 12:47 - 2013-05-18 12:47 - 00000000 __HDC C:\Windows\$NtUninstallKB2802968$
2013-05-18 12:47 - 2013-05-18 12:47 - 00000000 __HDC C:\Windows\$NtUninstallKB2780091$
2013-05-18 12:10 - 2013-05-18 12:51 - 00135836 ____A C:\Windows\KB2829361.log
2013-05-18 12:10 - 2013-05-18 12:48 - 00132264 ____A C:\Windows\KB2813345.log
2013-05-18 12:10 - 2013-05-18 12:48 - 00131135 ____A C:\Windows\KB2820917.log
2013-05-18 12:10 - 2013-05-18 12:47 - 00012257 ____A C:\Windows\KB2802968.log
2013-05-18 12:10 - 2013-05-18 12:47 - 00011907 ____A C:\Windows\KB2780091.log
2013-05-18 12:10 - 2013-02-11 17:32 - 00012928 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\usb8023x.sys
2013-05-18 10:07 - 2013-05-18 10:07 - 03288974 ____A C:\Documents and Settings\Michael\Desktop\Microsoft .NET Framework 4 Extended Setup_20130516_232108750-MSI_netfx_Extended_x86.msi.txt
2013-05-18 10:07 - 2013-05-18 10:07 - 00167947 ____A C:\Documents and Settings\Michael\Desktop\Error codes “0x80070643” or “0x643” occur when you install the .NET Framework updates.htm
2013-05-18 10:07 - 2013-05-18 10:07 - 00000000 ____D C:\Documents and Settings\Michael\Desktop\Error codes “0x80070643” or “0x643” occur when you install the .NET Framework updates_files
2013-05-17 22:50 - 2013-05-17 22:50 - 00000741 ____A C:\Documents and Settings\All Users\Desktop\FileASSASSIN.lnk
2013-05-17 22:50 - 2013-05-17 22:50 - 00000000 ____D C:\Program Files\FileASSASSIN
2013-05-17 22:41 - 2013-06-01 19:49 - 00000000 ____D C:\Documents and Settings\Michael\My Documents\MalwareBytes
2013-05-17 22:35 - 2013-05-17 22:35 - 00000000 ___HD C:\Windows\PIF
2013-05-17 22:34 - 2013-05-17 22:34 - 00000000 ____D C:\Documents and Settings\Michael\Local Settings\Application Data\PCHealth
2013-05-16 19:47 - 2013-05-16 16:22 - 20214408 ____A (Microsoft Corporation) C:\Documents and Settings\Michael\Desktop\Windows-KB890830-V4.20.exe
2013-05-16 16:59 - 2013-05-18 14:26 - 00000795 ____A C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2013-05-16 16:59 - 2013-05-18 14:26 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-05-16 16:59 - 2013-05-16 16:59 - 00000000 ____D C:\Documents and Settings\Michael\Application Data\Malwarebytes
2013-05-16 16:59 - 2013-05-16 16:59 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2013-05-16 16:59 - 2013-04-04 14:50 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-05-15 23:52 - 2013-05-15 23:52 - 00000000 __SHD C:\Documents and Settings\LocalService\IETldCache
2013-05-15 23:52 - 2013-05-15 23:52 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Macromedia
2013-05-15 23:52 - 2013-05-15 23:52 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Adobe
2013-05-09 11:02 - 2013-05-09 11:02 - 00000000 ____D C:\Documents and Settings\Michael\My Documents\RecordedThoughts
2013-05-09 10:22 - 2013-05-09 10:57 - 00000000 ____D C:\Documents and Settings\Michael\My Documents\Geico_Accident_050113
2013-05-08 22:30 - 2013-05-12 16:10 - 00000000 ____D C:\Documents and Settings\Michael\My Documents\Wheat Grass and Chelation
2013-05-04 17:31 - 2013-05-10 23:45 - 00000000 ____D C:\Documents and Settings\Michael\My Documents\AIDS

==================== One Month Modified Files and Folders ========

2013-06-03 08:45 - 2013-06-02 14:44 - 00000000 ____D C:\Documents and Settings\Michael\My Documents\BleepingComputerVirusMalware
2013-06-02 22:44 - 2013-06-02 17:53 - 00000000 ____D C:\FRST
2013-06-02 14:50 - 2013-06-02 14:50 - 00022047 ____A C:\Documents and Settings\Administrator\Desktop\attach.txt
2013-06-02 14:49 - 2013-06-02 14:50 - 00014763 ____A C:\Documents and Settings\Administrator\Desktop\dds.txt
2013-06-02 14:29 - 2013-01-24 19:30 - 520671232 ____A C:\1815291333.wdx
2013-06-01 23:50 - 2013-06-01 19:50 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2013-06-01 23:00 - 2013-01-05 18:08 - 02113946 ____A C:\Windows\WindowsUpdate.log
2013-06-01 19:52 - 2013-06-01 15:54 - 00000000 ____D C:\Documents and Settings\Michael\My Documents\Virus Problem 05142013 Cannot install ZA MSE
2013-06-01 19:52 - 2013-05-31 23:24 - 00000000 ____D C:\Documents and Settings\Michael\My Documents\Stories
2013-06-01 19:52 - 2013-01-19 05:18 - 00005546 ____A C:\Documents and Settings\Michael\My Documents\Email_yahoo_comcast.txt
2013-06-01 19:50 - 2013-06-01 19:50 - 00035144 ____A C:\Windows\System32\Drivers\mbamchameleon.sys
2013-06-01 19:49 - 2013-05-17 22:41 - 00000000 ____D C:\Documents and Settings\Michael\My Documents\MalwareBytes
2013-06-01 15:35 - 2013-06-01 15:35 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\ieSpell
2013-06-01 15:27 - 2013-01-07 10:59 - 00001324 ____A C:\Windows\System32\d3d9caps.dat
2013-06-01 14:58 - 2013-06-01 12:22 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Adobe
2013-06-01 12:30 - 2013-06-01 12:30 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Macromedia
2013-06-01 12:22 - 2013-06-01 12:22 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe
2013-06-01 11:25 - 2013-01-05 09:59 - 00607426 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-01 11:21 - 2013-05-18 14:24 - 00000062 __ASH C:\Documents and Settings\Administrator\Local Settings\desktop.ini
2013-06-01 11:21 - 2013-01-05 18:11 - 00000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini
2013-06-01 11:21 - 2013-01-05 18:10 - 00000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini
2013-06-01 11:21 - 2008-04-14 05:00 - 00013646 ____A C:\Windows\System32\wpa.dbl
2013-06-01 11:20 - 2013-05-18 14:24 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2013-06-01 11:20 - 2013-05-18 12:48 - 00000000 __HDC C:\Windows\$NtUninstallKB2813345$
2013-06-01 05:41 - 2013-04-01 15:46 - 00000000 ____D C:\Windows\Minidump
2013-06-01 05:40 - 2013-06-01 05:41 - 00090112 ____A C:\Windows\Minidump\Mini060113-01.dmp
2013-06-01 02:12 - 2013-01-09 19:46 - 00000384 ___AH C:\Windows\Tasks\Microsoft Antimalware Scheduled Scan.job
2013-05-31 23:16 - 2013-01-24 16:45 - 00000000 ____D C:\logfiles
2013-05-31 15:15 - 2013-01-05 18:56 - 00000818 ____A C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2013-05-31 13:00 - 2013-04-27 13:00 - 00000354 ____A C:\Windows\Tasks\MotoHelper Routing.job
2013-05-31 09:30 - 2013-04-12 23:39 - 00000290 ____A C:\Windows\Tasks\SetAndSyncTime.job
2013-05-30 22:23 - 2013-01-09 19:36 - 00001954 ____A C:\Windows\epplauncher.mif
2013-05-30 20:44 - 2013-01-19 05:04 - 00000000 ____D C:\Windows\pss
2013-05-30 20:44 - 2013-01-05 09:57 - 00000211 ___SH C:\boot.ini
2013-05-30 20:44 - 2008-04-14 05:00 - 00000395 ____A C:\Windows\win.ini
2013-05-30 20:44 - 2008-04-14 05:00 - 00000227 ____A C:\Windows\system.ini
2013-05-30 20:21 - 2013-01-31 14:54 - 00000000 ____D C:\Documents and Settings\Michael\My Documents\MS DLs
2013-05-30 20:14 - 2013-05-30 20:14 - 00017392 ____A C:\FixitRegBackup.reg
2013-05-30 16:16 - 2013-04-01 12:41 - 00000000 ____D C:\Documents and Settings\Michael\My Documents\BMW2010  and Uncle Loan doc
2013-05-30 16:14 - 2013-05-30 16:14 - 00000276 ____A C:\Documents and Settings\Michael\My Documents\Insurance Dept CA BMW Gravel Damage Allstate.txt
2013-05-30 12:40 - 2013-02-19 21:24 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-05-30 12:33 - 2013-05-30 12:33 - 00000000 ____D C:\Windows\Downloaded Installations
2013-05-30 12:26 - 2013-05-30 12:26 - 00000000 ____D C:\Documents and Settings\Michael\My Documents\pppp
2013-05-30 11:03 - 2013-01-05 09:53 - 00000000 ____D C:\Windows\security
2013-05-30 10:48 - 2013-02-05 21:25 - 00000236 ____A C:\Windows\Tasks\KL.job
2013-05-29 22:30 - 2013-01-19 05:19 - 00000000 ____D C:\Documents and Settings\Michael\My Documents\Blood Tests
2013-05-27 13:00 - 2013-04-27 13:00 - 00000370 ____A C:\Windows\Tasks\MotoHelper Update.job
2013-05-27 13:00 - 2013-04-27 13:00 - 00000358 ____A C:\Windows\Tasks\MotoHelper MUM.job
2013-05-27 12:08 - 2013-05-27 12:03 - 00000000 ____D C:\Support Tools
2013-05-26 18:25 - 2013-01-05 09:53 - 00000000 ____D C:\Windows\Help
2013-05-26 16:06 - 2013-02-01 12:33 - 00000000 ____D C:\Documents and Settings\Michael\Application Data\vlc
2013-05-25 16:18 - 2013-05-25 15:54 - 00000876 ____A C:\Documents and Settings\Michael\My Documents\wrsa websecure bugs and problems.txt
2013-05-25 15:42 - 2013-05-25 15:42 - 00000321 ____A C:\Documents and Settings\Michael\My Documents\websecure bugs and problems.txt
2013-05-25 01:08 - 2013-04-27 15:48 - 00000000 ____D C:\Documents and Settings\All Users\Documents\Verizon_Android
2013-05-25 01:07 - 2013-05-25 01:07 - 00090112 ____A C:\Windows\Minidump\Mini052513-01.dmp
2013-05-25 01:07 - 2013-01-05 18:56 - 00000816 ____A C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2013-05-25 01:07 - 2013-01-05 18:12 - 00000062 __ASH C:\Documents and Settings\Michael\Local Settings\desktop.ini
2013-05-25 01:07 - 2013-01-05 18:11 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-05-25 01:07 - 2013-01-05 10:02 - 00000159 ____A C:\Windows\wiadebug.log
2013-05-25 01:07 - 2013-01-05 10:02 - 00000049 ____A C:\Windows\wiaservc.log
2013-05-23 23:26 - 2013-05-23 23:26 - 00001526 ____A C:\Documents and Settings\Michael\Desktop\Paint.lnk
2013-05-23 23:21 - 2013-05-23 23:21 - 00001880 ____A C:\Windows\bitssetup.log
2013-05-23 11:48 - 2013-01-05 18:16 - 00000000 ____D C:\Windows\Microsoft.NET
2013-05-23 11:41 - 2013-01-05 18:11 - 00032426 ____A C:\Windows\SchedLgU.Txt
2013-05-23 11:40 - 2013-01-05 18:12 - 00000278 ___SH C:\Documents and Settings\Michael\ntuser.ini
2013-05-23 11:20 - 2013-01-19 05:25 - 00000000 ____D C:\Documents and Settings\Michael\My Documents\DlinkRouterDIR-655
2013-05-22 19:46 - 2013-01-19 05:25 - 00000000 ____D C:\Documents and Settings\Michael\My Documents\NewBizIdeas
2013-05-21 13:19 - 2013-05-21 13:19 - 00000176 ____A C:\Documents and Settings\Michael\Desktop\PPO VSP Dental Numbers.txt
2013-05-20 18:54 - 2013-05-20 15:00 - 00000000 ____D C:\Documents and Settings\Michael\dwhelper
2013-05-20 16:24 - 2013-05-20 15:41 - 00000000 ____D C:\Program Files\ConvertHelper
2013-05-20 15:41 - 2013-05-20 15:41 - 03782822 ____A (DownloadHelper                                              ) C:\Documents and Settings\Michael\My Documents\ConvertHelperSetup.exe
2013-05-20 14:09 - 2013-05-20 14:09 - 00183780 ____A C:\Documents and Settings\Michael\wrsa.log
2013-05-20 13:08 - 2013-05-20 13:08 - 00070936 ____A C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2013-05-19 14:31 - 2013-01-05 18:07 - 00000000 ____D C:\Windows\System32\Restore
2013-05-19 14:26 - 2013-04-04 23:23 - 00000000 ____D C:\Windows\System32\ZoneLabs
2013-05-18 18:42 - 2013-01-23 22:21 - 00000000 ____D C:\Program Files\Common Files\Nuance
2013-05-18 18:28 - 2013-02-01 13:23 - 00000037 ____A C:\Documents and Settings\Michael\Application Data\SAS7_000.DAT
2013-05-18 18:12 - 2013-05-18 18:09 - 00000000 ____D C:\Windows\System32\MpEngineStore
2013-05-18 16:08 - 2013-05-18 16:08 - 00000000 __SHD C:\Windows\CSC
2013-05-18 14:51 - 2013-05-18 14:51 - 00000000 __SHD C:\Documents and Settings\Administrator\PrivacIE
2013-05-18 14:26 - 2013-05-18 14:26 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2013-05-18 14:26 - 2013-05-16 16:59 - 00000795 ____A C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2013-05-18 14:26 - 2013-05-16 16:59 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-05-18 14:24 - 2013-05-18 14:24 - 00000000 __SHD C:\Documents and Settings\Administrator\IETldCache
2013-05-18 13:32 - 2013-01-09 19:36 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-05-18 13:00 - 2013-01-05 09:58 - 00278944 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-18 12:59 - 2013-01-09 21:01 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-05-18 12:51 - 2013-05-18 12:51 - 00133280 ____A C:\Windows\KB2829530-IE8.log
2013-05-18 12:51 - 2013-05-18 12:51 - 00132618 ____A C:\Windows\KB2847204-IE8.log
2013-05-18 12:51 - 2013-05-18 12:51 - 00132550 ____A C:\Windows\KB2820197.log
2013-05-18 12:51 - 2013-05-18 12:51 - 00000000 __HDC C:\Windows\$NtUninstallKB2829361$
2013-05-18 12:51 - 2013-05-18 12:51 - 00000000 __HDC C:\Windows\$NtUninstallKB2820197$
2013-05-18 12:51 - 2013-05-18 12:10 - 00135836 ____A C:\Windows\KB2829361.log
2013-05-18 12:51 - 2013-01-07 11:00 - 00000000 ____D C:\Windows\ie8updates
2013-05-18 12:51 - 2013-01-05 19:10 - 00061195 ____A C:\Windows\updspapi.log
2013-05-18 12:51 - 2013-01-05 18:47 - 00000000 ___HD C:\Windows\$hf_mig$
2013-05-18 12:51 - 2013-01-05 09:59 - 01012305 ____A C:\Windows\iis6.log
2013-05-18 12:51 - 2013-01-05 09:59 - 00920394 ____A C:\Windows\FaxSetup.log
2013-05-18 12:51 - 2013-01-05 09:59 - 00449304 ____A C:\Windows\ocgen.log
2013-05-18 12:51 - 2013-01-05 09:59 - 00425552 ____A C:\Windows\tsoc.log
2013-05-18 12:51 - 2013-01-05 09:59 - 00318648 ____A C:\Windows\comsetup.log
2013-05-18 12:51 - 2013-01-05 09:59 - 00281770 ____A C:\Windows\msmqinst.log
2013-05-18 12:51 - 2013-01-05 09:59 - 00191236 ____A C:\Windows\ntdtcsetup.log
2013-05-18 12:51 - 2013-01-05 09:59 - 00161991 ____A C:\Windows\netfxocm.log
2013-05-18 12:51 - 2013-01-05 09:59 - 00063962 ____A C:\Windows\MedCtrOC.log
2013-05-18 12:51 - 2013-01-05 09:59 - 00051159 ____A C:\Windows\ocmsn.log
2013-05-18 12:51 - 2013-01-05 09:59 - 00046969 ____A C:\Windows\tabletoc.log
2013-05-18 12:51 - 2013-01-05 09:59 - 00046294 ____A C:\Windows\msgsocm.log
2013-05-18 12:51 - 2013-01-05 09:59 - 00001374 ____A C:\Windows\imsins.log
2013-05-18 12:51 - 2013-01-05 09:59 - 00001374 ____A C:\Windows\imsins.BAK
2013-05-18 12:48 - 2013-05-18 12:48 - 00000000 __HDC C:\Windows\$NtUninstallKB2820917$
2013-05-18 12:48 - 2013-05-18 12:48 - 00000000 __HDC C:\Windows\$NtUninstallKB2813170$
2013-05-18 12:48 - 2013-05-18 12:10 - 00132264 ____A C:\Windows\KB2813345.log
2013-05-18 12:48 - 2013-05-18 12:10 - 00131135 ____A C:\Windows\KB2820917.log
2013-05-18 12:47 - 2013-05-18 12:47 - 00008012 ____A C:\Windows\KB2807986.log
2013-05-18 12:47 - 2013-05-18 12:47 - 00000000 __HDC C:\Windows\$NtUninstallKB2807986$
2013-05-18 12:47 - 2013-05-18 12:47 - 00000000 __HDC C:\Windows\$NtUninstallKB2802968$
2013-05-18 12:47 - 2013-05-18 12:47 - 00000000 __HDC C:\Windows\$NtUninstallKB2780091$
2013-05-18 12:47 - 2013-05-18 12:10 - 00012257 ____A C:\Windows\KB2802968.log
2013-05-18 12:47 - 2013-05-18 12:10 - 00011907 ____A C:\Windows\KB2780091.log
2013-05-18 12:42 - 2013-01-31 15:04 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Microsoft Help
2013-05-18 12:42 - 2013-01-23 20:01 - 00000000 ____D C:\Program Files\Microsoft Office
2013-05-18 12:41 - 2013-01-05 09:59 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-05-18 12:36 - 2013-01-23 22:23 - 00000000 ____D C:\Program Files\Common Files\Merge Modules
2013-05-18 12:13 - 2013-01-23 22:55 - 00000000 ____D C:\Program Files\Microsoft SQL Server
2013-05-18 12:12 - 2013-01-05 18:06 - 00000000 ____D C:\Windows\Registration
2013-05-18 10:07 - 2013-05-18 10:07 - 03288974 ____A C:\Documents and Settings\Michael\Desktop\Microsoft .NET Framework 4 Extended Setup_20130516_232108750-MSI_netfx_Extended_x86.msi.txt
2013-05-18 10:07 - 2013-05-18 10:07 - 00167947 ____A C:\Documents and Settings\Michael\Desktop\Error codes “0x80070643” or “0x643” occur when you install the .NET Framework updates.htm
2013-05-18 10:07 - 2013-05-18 10:07 - 00000000 ____D C:\Documents and Settings\Michael\Desktop\Error codes “0x80070643” or “0x643” occur when you install the .NET Framework updates_files
2013-05-18 09:24 - 2013-01-07 11:58 - 00000000 __HDC C:\Windows\$NtUninstallKB2345886$
2013-05-17 23:11 - 2013-01-19 05:25 - 00000000 ____D C:\Documents and Settings\Michael\My Documents\DragNatSpk
2013-05-17 22:50 - 2013-05-17 22:50 - 00000741 ____A C:\Documents and Settings\All Users\Desktop\FileASSASSIN.lnk
2013-05-17 22:50 - 2013-05-17 22:50 - 00000000 ____D C:\Program Files\FileASSASSIN
2013-05-17 22:35 - 2013-05-17 22:35 - 00000000 ___HD C:\Windows\PIF
2013-05-17 22:34 - 2013-05-17 22:34 - 00000000 ____D C:\Documents and Settings\Michael\Local Settings\Application Data\PCHealth
2013-05-16 23:32 - 2013-01-15 17:40 - 00000000 ____D C:\Documents and Settings\Michael\Application Data\Hewlett-Packard Company
2013-05-16 19:49 - 2013-01-07 10:55 - 00000000 __HDC C:\Windows\$NtUninstallKB978695_WM9$
2013-05-16 19:38 - 2013-01-09 19:35 - 11091432 ____A (Microsoft Corporation) C:\Documents and Settings\Michael\Desktop\mseinstall.exe
2013-05-16 17:25 - 2013-01-24 11:26 - 00000000 ____D C:\Program Files\Shared
2013-05-16 16:59 - 2013-05-16 16:59 - 00000000 ____D C:\Documents and Settings\Michael\Application Data\Malwarebytes
2013-05-16 16:59 - 2013-05-16 16:59 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2013-05-16 16:26 - 2013-01-05 09:59 - 00866697 ____A C:\Windows\setupapi.log
2013-05-16 16:22 - 2013-05-16 19:47 - 20214408 ____A (Microsoft Corporation) C:\Documents and Settings\Michael\Desktop\Windows-KB890830-V4.20.exe
2013-05-15 23:52 - 2013-05-15 23:52 - 00000000 __SHD C:\Documents and Settings\LocalService\IETldCache
2013-05-15 23:52 - 2013-05-15 23:52 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Macromedia
2013-05-15 23:52 - 2013-05-15 23:52 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Adobe
2013-05-12 16:10 - 2013-05-08 22:30 - 00000000 ____D C:\Documents and Settings\Michael\My Documents\Wheat Grass and Chelation
2013-05-10 23:45 - 2013-05-04 17:31 - 00000000 ____D C:\Documents and Settings\Michael\My Documents\AIDS
2013-05-09 11:02 - 2013-05-09 11:02 - 00000000 ____D C:\Documents and Settings\Michael\My Documents\RecordedThoughts
2013-05-09 10:57 - 2013-05-09 10:22 - 00000000 ____D C:\Documents and Settings\Michael\My Documents\Geico_Accident_050113
2013-05-09 10:36 - 2013-01-30 14:30 - 00000000 ____D C:\Documents and Settings\Michael\My Documents\OllieStone_UntoldHistoryOfUS
2013-05-06 21:27 - 2008-04-14 05:00 - 06015488 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\mshtml.dll
2013-05-06 21:27 - 2008-04-14 05:00 - 06015488 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-04 10:50 - 2013-04-28 12:23 - 00005451 ____A C:\Documents and Settings\Michael\My Documents\Email_yahoo_comcast_042813.txt

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Microsoft Security Client\Backup => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender

==================== End Of Log ============================

 

 

 

 



#8 CheeseyFace

CheeseyFace
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:40 AM

Posted 03 June 2013 - 01:08 PM

Another thing I just noticed:

Task Sched will not start so none of the sched items are running.



#9 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,693 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:40 AM

Posted 03 June 2013 - 03:45 PM

Lets remove those junctions first.

Download the enclosed file.

Save it next to FRST overwriting the existing one. Run FRST as you did before, except that this time around click on the Fix button and wait.

The tool will make a log next to FRST (Fixlog.txt) please post it to your reply.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#10 CheeseyFace

CheeseyFace
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:40 AM

Posted 03 June 2013 - 06:13 PM

OK. Here it is.

Well, it fixed those ms sec cnt folders. They are now accessible. Thanks.

BTW, for this entire process I have been running in safe mode w/networking.

Should have told you earlier.

 

FYI: I have 1 USB kingstone 2GB FAT32 stick and 4 USB hard drives plus 2 installed hard drives.

I reckon stuff could be lurking ther too, eh?

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 02-06-2013 03
Ran by Administrator at 2013-06-03 15:53:49 Run:2
Running from C:\Documents and Settings\Michael\My Documents\BleepingComputerVirusMalware
Boot Mode: Safe Mode (with Networking)

==============================================

"C:\Program Files\Microsoft Security Client" => Deleting junctions and unlocking files completed successfully.
"C:\Program Files\Windows Defender" => Deleting junctions and unlocking files completed successfully.

=========  Dir /s /a:l c:\ =========

 Volume in drive C is 1st-1TB ©
 Volume Serial Number is 6C33-25C5

 Directory of c:\WINDOWS\assembly\GAC_32\System.EnterpriseServices

05/18/2013  12:50 PM    <JUNCTION>     2.0.0.0__b03f5f7f11d50a3a
               0 File(s)              0 bytes

 Directory of c:\WINDOWS\assembly\GAC_MSIL\IEExecRemote

05/18/2013  12:50 PM    <JUNCTION>     2.0.0.0__b03f5f7f11d50a3a
               0 File(s)              0 bytes

 Directory of c:\WINDOWS\assembly\GAC_MSIL\WcfSvcHost

02/01/2013  02:07 PM    <JUNCTION>     9.0.0.0__31bf3856ad364e35
               0 File(s)              0 bytes

 Directory of c:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices

05/23/2013  11:36 AM    <JUNCTION>     v4.0_4.0.0.0__b03f5f7f11d50a3a
               0 File(s)              0 bytes

 Directory of c:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler

05/23/2013  11:38 AM    <JUNCTION>     v4.0_4.0.0.0__31bf3856ad364e35
               0 File(s)              0 bytes

     Total Files Listed:
               0 File(s)              0 bytes
               5 Dir(s)  746,930,315,264 bytes free

========= End of CMD: =========

==== End of Fixlog ====



#11 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,693 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:40 AM

Posted 03 June 2013 - 07:16 PM

Can you boot in Normal Mode?

If you wish to reinstall MSE, run this tool first, then download and reinstall

Lets scan the computer:

Download AdwCleaner from here to your desktop
Run AdwCleaner and select Delete

AdwCleaner.GIF

Once done it will ask to reboot, allow this
On reboot a log will be produced at C:\ADWCleaner[XX].txt please post it in your next reply.

bf_new.gif Please download Malwarebytes' Anti-Malware from Here. Never download Malwarebytes' Anti-Malware from other sources. This program has the ability to scan all drives.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

Edited by JSntgRvr, 03 June 2013 - 07:18 PM.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#12 CheeseyFace

CheeseyFace
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:40 AM

Posted 04 June 2013 - 01:35 AM

Hi.

 

Adw will not function, starts for a second and then and stays hung.

Cannot re-install MSE - same message as b4.



#13 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,693 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:40 AM

Posted 04 June 2013 - 02:01 PM

Please download ComboFix from Here or Here to your Desktop.

**Note:  In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**

  • If you are using Firefox, make sure that your download settings are as follows:
    • Tools->Options->Main tab
    • Set to "Always ask me where to Save the files".
  • During the download, rename Combofix to MyPoppy as follows:

    CF_download_FF.gif

    CF_download_rename.gif
     
  • It is important you rename Combofix during the download, but not after.
  • Please do not rename Combofix to other names, but only to the one indicated.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link or this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on MyPoppy.exe & follow the prompts.
  • Install the Recovery Console if prompted.
  • When finished, it will produce a report for you.  
  • Please post the "C:\MyPoppy.txt" . ( I believe Combofix will also rename the report)

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**


Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

 

 

 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#14 CheeseyFace

CheeseyFace
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:40 AM

Posted 04 June 2013 - 08:24 PM

Hi.

 

Everything OK for about 1 minute. Then CF says MSE is running, which it is not.

I was never able to re-install it and there is no MSE client folder and it does not show up in TM.

So the current CF screen asks me to close MSE and continue, which I cannot do.

I am sending this on a different box.



#15 CheeseyFace

CheeseyFace
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:40 AM

Posted 04 June 2013 - 08:27 PM

BTW, alg.exe is running.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users