Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

MSE Error 0x80073b01


  • This topic is locked This topic is locked
24 replies to this topic

#1 Lilly123

Lilly123

  • Members
  • 124 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:20 PM

Posted 13 June 2013 - 04:55 PM

Hi,

 

As I was using my computer this morning, I realized that the Microsoft Security Essentials (MSE) icon was missing from the taskbar. I suspected an update which had taken place the night before had resulted in the MSE icon not being found.

 

I decided to do a system restore, and it gave me the option to restore to a point on 6/11/13. I did that, and it was unsuccessful, resulting in something called a 'catastrophic failure'. 

 

To this point, MSE still did not reappear. I tried to uninstall it using the Add/Remove programs, and it told me that I did not have sufficient access. I ran Microsoft 'Fix It', and I was able to uninstall Microsoft Security Client/ MSE.

 

I then tried to reinstall MSE.

(Before I tried reinstalling MSE, I removed MBAM because MSE installer told me to remove any security programs before installation.)

 

The first time I tried, it was unsuccessful. I restarted the computer, and tried a second time. This time, it completed the install, but it brought up Error 0x80073b01.

 

I am currently running a full scan on Microsoft Windows Malicious Software Removal Tool.

 

( I would like to add that I am using an ASUS notebook computer with Windows 7 64bit.)

 

Thank you


Edited by Lilly123, 13 June 2013 - 04:59 PM.


BC AdBot (Login to Remove)

 


#2 Lilly123

Lilly123
  • Topic Starter

  • Members
  • 124 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:20 PM

Posted 13 June 2013 - 05:42 PM

The Microsoft Windows Malicious Software Removal Tool scan has finished, and it said no malicious items were found.



#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:20 PM

Posted 14 June 2013 - 09:53 AM



Hello Lilly123

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.





I need to get some reports to get a base to start from so I need you to run these programs first.



-Download DDS-
  • Please download DDS from one of the links below and save it to your desktop:

    dds_scr.gif
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3
    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
      • DDS.txt
      • Attach.txt
    • A window will open instructing you save & post the logs
    • Save the logs to a convenient place such as your desktop
    • Copy the contents of both logs & post in your next reply
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 Lilly123

Lilly123
  • Topic Starter

  • Members
  • 124 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:20 PM

Posted 14 June 2013 - 01:16 PM

Hello Gringo,

 

Thanks once again for your help.

 

 

I ran the DDS scan, and here are the the logs

 

 

== DDS txt  ==

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 9.0.8112.16476  BrowserJavaVersion: 10.5.1
Run by Aisha at 14:11:56 on 2013-06-14
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.3884.2571 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\FBAgent.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe
C:\Users\Aisha\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Aisha\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Aisha\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://mywings.unf.edu/
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - 
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - 
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [Google Update] "C:\Users\Aisha\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [RemoteControl9] "C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe"
mRun: [UpdatePSTShortCut] "C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Cyberlink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [Boingo Wi-Fi] "C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk"
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe"  -osboot
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg"&"inst=NzctNTUzMDY4MTY4LVhPMTArMTItTElDKzItU1AxKzEtU1VQKzQtRkwxMCsxLVNQMVM0KzEtRERUKzQ4NjIxLUREMTBGKzEtU1QxMEZBUFArMS1GMTBNMTJBVCsyLUYxME0xMkErMS1GMTBNMTJBQisxLVUxMCsxLUYxME0xMkFUQk4rMS1GVUkrMi1UQlZVUEcrMTItRjEwTTEyRk4rMS1UQk4rMS1GMTBNMTJUQSszLVZJUDEyKzEtRjEwTTEyUisx"&"prod=90"&"ver=10.0.1424
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK - C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SRSPRE~1.LNK - C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe
uPolicies-Explorer: NoDriveAutoRun = dword:0
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to AMV Converter... - C:\Program Files (x86)\MP3 Player Utilities 4.15\AMVConverter\grab.html
IE: Add to Media Manager... - C:\Program Files (x86)\MP3 Player Utilities 4.15\MediaManager\grab.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {C228AEDD-FC47-11D3-AF87-D128A9381404} - hxxp://www.link-systems.com/sdkhtml/SDK/paste/lsiw9x.cab
TCP: NameServer = 10.0.0.1
TCP: Interfaces\{8CE7C8E9-B4B7-4EAD-B27C-155501320F49} : DHCPNameServer = 13.6.0.10 13.6.0.100
TCP: Interfaces\{A686206F-0A31-4A89-AF24-DAC905049CBE} : DHCPNameServer = 10.0.0.1
TCP: Interfaces\{A686206F-0A31-4A89-AF24-DAC905049CBE}\2375942554233333 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{A686206F-0A31-4A89-AF24-DAC905049CBE}\541676C656 : DHCPNameServer = 10.0.0.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
x64-BHO: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [ETDWare] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [ASUS WebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
x64-Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Aisha\AppData\Roaming\Mozilla\Firefox\Profiles\f3z7q5bh.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
FF - plugin: C:\Users\Aisha\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R0 lullaby;lullaby;C:\Windows\System32\drivers\lullaby.sys [2010-12-1 15928]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
R2 AFBAgent;AFBAgent;C:\Windows\System32\FBAgent.exe [2010-12-1 379520]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-6-15 249648]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-1-20 130008]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-11-29 38608]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-1 2314240]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2010-7-21 129024]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-12-1 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-2-26 158976]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-2-2 271872]
R3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2009-8-18 143472]
R3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);C:\Windows\System32\drivers\JME.sys [2010-2-24 115312]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-7-7 195336]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-9-6 48488]
S3 fsssvc;Windows Live Family Safety;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2008-12-8 533344]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-10 56832]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-3-3 1255736]
SUnknown obxbhhte;obxbhhte; [x]
.
=============== Created Last 30 ================
.
2013-06-13 11:27:11 964552 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FAC3000E-3E81-4909-92A3-4EE7F9104418}\gapaengine.dll
2013-06-13 11:27:07 9460464 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B85AD6F5-55F3-46B8-A39D-DCEBCDBAC3F6}\mpengine.dll
2013-06-13 11:23:15 8760 ----a-w- C:\Program Files\Windows Defender\en-US\setupres.dll
2013-06-13 11:23:15 241984 ----a-w- C:\Program Files\Windows Defender\en-US\amd64\sqmapi.dll
2013-06-13 11:23:15 182248 ----a-w- C:\Program Files\Windows Defender\en-US\EppManifest.dll
2013-06-13 11:23:15 1094152 ----a-w- C:\Program Files\Windows Defender\en-US\amd64\setup.exe
2013-06-13 11:22:39 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2013-06-13 11:02:40 -------- d-----w- C:\MATS
2013-06-13 10:26:45 -------- d-----w- C:\Windows\System32\SPReview
.
==================== Find3M  ====================
.
2013-06-12 01:36:58 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-12 01:36:58 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-05-02 15:29:56 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-04-12 14:36:37 1653096 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2013-03-19 06:19:35 5497688 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-03-19 05:54:37 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2013-03-19 05:06:09 3958120 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:06:09 3902312 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-03-19 04:53:45 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2013-03-19 03:19:03 112640 ----a-w- C:\Windows\System32\smss.exe
2009-04-08 18:31:56 106496 ----a-w- C:\Program Files (x86)\Common Files\CPInstallAction.dll
2008-08-12 05:45:20 155648 ----a-w- C:\Program Files (x86)\Common Files\MSIactionall.dll
.
============= FINISH: 14:12:26.65 ===============
 

AND

 

 

== Attach txt ==

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume2
Install Date: 2/26/2011 4:22:06 AM
System Uptime: 6/13/2013 7:17:21 AM (31 hours ago)
.
Motherboard: ASUSTeK Computer Inc.         |  | K52F
Processor: Intel® Pentium® CPU        P6200  @ 2.13GHz | Socket 989 | 2133/533mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 116 GiB total, 73.519 GiB free.
D: is FIXED (NTFS) - 330 GiB total, 329.681 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP216: 6/13/2013 6:26:39 AM - Windows 7 Service Pack 1
RP218: 6/13/2013 7:02:45 AM -  Microsoft Security Client 
.
==== Installed Programs ======================
.
 Update for Microsoft Office 2007 (KB2508958)
ACD/Labs Software in C:\ACDFREE12\
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.7)
Adobe Shockwave Player 11.6
Amazon Kindle For PC v1.0
Apple Application Support
Apple Software Update
ASUS AI Recovery
ASUS AP Bank
ASUS CopyProtect
ASUS Data Security Manager
ASUS FancyStart
ASUS LifeFrame3
ASUS Live Update
ASUS MultiFrame
ASUS Power4Gear Hybrid
ASUS SmartLogon
ASUS Splendid Video Enhancement Technology
ASUS Video Magic
ASUS Virtual Camera
ASUS WebStorage
ATK Package
Audacity 2.0
Bing Bar
Boingo Wi-Fi
Bookworm Deluxe
CCleaner
Choice Guard
Conexant HD Audio
ControlDeck
Cooking Dash
CyberLink LabelPrint
CyberLink MediaShow Espresso
CyberLink PhotoNow
CyberLink Power2Go
CyberLink PowerDirector
CyberLink PowerDVD 9
ETDWare PS/2-x64 7.0.5.13_WHQL
Fast Boot
Game Park Console
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Governor of Poker
Hotel Dash Suite Success
Intel® Control Center
Intel® Graphics Media Accelerator Driver
Intel® Management Engine Components
Java Auto Updater
Java™ 7 Update 5
JavaFX 2.1.1
Jewel Quest 3
JMicron Ethernet Adapter NDIS Driver
JMicron Flash Media Controller Driver
Junk Mail filter update
K_Series_ScreenSaver_EN
Luxor 3
Mahjongg dimensions
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 15.0.1 (x86 en-US)
Mozilla Maintenance Service
MP3 Player Utilities 4.15
MSVCRT
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
MSXML 4.0 SP3 Parser (KB973685)
Plants vs Zombies
QuickTime
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
RealUpgrade 1.1
Revo Uninstaller 1.94
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition 
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition 
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition 
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition 
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition 
Skype™ 6.3
swMSM
syncables desktop SE
Times Reader
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817327) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
USB2.0 UVC VGA WebCam
Visual Studio 2008 x64 Redistributables
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Movie Maker 2.6
WinFlash
Wireless Console 3
World of Goo
.
==== Event Viewer Messages From Past Week ========
.
6/7/2013 8:11:21 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.151.1681.0   Update Source: Microsoft Update Server   Update Stage: Install   Source Path: http://www.microsoft.com   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:   Previous Engine Version: 1.1.9506.0   Error code: 0x80240016   Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
6/7/2013 8:11:21 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.151.1681.0   Update Source: Microsoft Update Server   Update Stage: Install   Source Path: http://www.microsoft.com   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:   Previous Engine Version: 1.1.9506.0   Error code: 0x80240016   Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
6/7/2013 8:11:21 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.151.1681.0   Update Source: Microsoft Update Server   Update Stage: Download   Source Path: http://www.microsoft.com   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:   Previous Engine Version: 1.1.9506.0   Error code: 0x80240016   Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
6/13/2013 6:33:54 AM, Error: Service Control Manager [7000]  - The Microsoft Antimalware Service service failed to start due to the following error:  Access is denied.
6/13/2013 6:30:23 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x8024200d: Windows 7 Service Pack 1 for x64-based Systems (KB976932).
6/13/2013 6:25:14 AM, Error: Microsoft-Windows-Kernel-General [6]  - An I/O operation initiated by the Registry failed unrecoverably.The Registry could not flush hive (file): '\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy3\Users\default\ntuser.dat'.
6/13/2013 6:14:14 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Windows 7 Service Pack 1 for x64-based Systems (KB976932).
6/13/2013 6:14:08 AM, Error: Microsoft-Windows-Service Pack Installer [8]  - Service Pack installation failed with error code 0x800f0829.
6/13/2013 6:14:08 AM, Error: Microsoft-Windows-Service Pack Installer [6]  - The Service Pack cannot be installed when the computer is running on battery power.
6/13/2013 6:08:34 AM, Error: Service Control Manager [7023]  - The WinDefend service terminated with the following error:  Access is denied.
.
==== End Of File ===========================


#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:20 PM

Posted 14 June 2013 - 05:54 PM



Hello Lilly123

These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 Lilly123

Lilly123
  • Topic Starter

  • Members
  • 124 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:20 PM

Posted 14 June 2013 - 11:35 PM

Thanks for your help thus far. :) Here is the ADWCleaner Logfile:
 
 
# AdwCleaner v2.303 - Logfile created 06/15/2013 at 00:11:21
# Updated 08/06/2013 by Xplode
# Operating system : Windows 7 Home Premium  (64 bits)
# User : Aisha - AISHA-PC
# Boot Mode : Normal
# Running from : C:\Users\Aisha\Downloads\AdwCleaner.exe
# Option [Delete]
 
 
***** [Services] *****
 
 
***** [Files / Folders] *****
 
File Deleted : C:\Users\Public\Desktop\eBay.lnk
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\Users\Aisha\AppData\Roaming\Mozilla\Firefox\Profiles\f3z7q5bh.default\extensions\staged
 
***** [Registry] *****
 
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v9.0.8112.16476
 
[OK] Registry is clean.
 
-\\ Mozilla Firefox v15.0.1 (en-US)
 
File : C:\Users\Aisha\AppData\Roaming\Mozilla\Firefox\Profiles\f3z7q5bh.default\prefs.js
 
C:\Users\Aisha\AppData\Roaming\Mozilla\Firefox\Profiles\f3z7q5bh.default\user.js ... Deleted !
 
[OK] File is clean.
 
-\\ Google Chrome v27.0.1453.110
 
File : C:\Users\Aisha\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
[OK] File is clean.
 
*************************
 
AdwCleaner[S1].txt - [1524 octets] - [15/06/2013 00:11:22]
 
########## EOF - C:\AdwCleaner[S1].txt - [1584 octets] ##########
 
 
and here is the Junkware Removal Tool log:
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by Aisha on Sat 06/15/2013 at  0:21:02.94
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Empty Folder] C:\Users\Aisha\appdata\local\{3D2F6968-AF5D-4DDB-A707-63CBBD6F8D77}
 
 
 
~~~ FireFox
 
Emptied folder: C:\Users\Aisha\AppData\Roaming\mozilla\firefox\profiles\f3z7q5bh.default\minidumps [8 files]
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 06/15/2013 at  0:25:16.14
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

As for an update on how the computer is doing, it seems to be running smoothly. However, I would like to add that after the reboot from the ADWCleaner, the 'Microsoft Security Client Error' still appeared. Also, before running the Junkware Removal Tool, I attempted to turn off Microsoft Security Essentials. It first didn't allow me to open it, but then I right-clicked it, and selected 'Run as an Administrator'. It then allowed me to run it and ultimately, turn off the protection. Microsoft Security Essentials has not given me a hard time opening it after that. Should I turn its protection back on? 

 

Thanks once again.



#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:20 PM

Posted 14 June 2013 - 11:59 PM


Hello Lilly123

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 Lilly123

Lilly123
  • Topic Starter

  • Members
  • 124 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:20 PM

Posted 15 June 2013 - 12:17 AM

Hi,

 

Here is the ComboFix log:

 

ComboFix 13-06-13.01 - Aisha 06/15/2013   1:06.3.2 - x64
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.3884.2645 [GMT -4:00]
Running from: c:\users\Aisha\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Aisha\Documents\~WRL3343.tmp
c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe
c:\windows\msvcr71.dll
.
.
(((((((((((((((((((((((((   Files Created from 2013-05-15 to 2013-06-15  )))))))))))))))))))))))))))))))
.
.
2013-06-15 05:13 . 2013-06-15 05:13 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-06-15 05:13 . 2013-06-15 05:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-15 04:20 . 2013-06-15 04:20 -------- d-----w- c:\windows\ERUNT
2013-06-15 04:20 . 2013-06-15 04:20 -------- d-----w- C:\JRT
2013-06-14 18:18 . 2013-06-13 11:27 964552 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-06-14 18:18 . 2013-06-13 11:27 964552 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CA02BA84-A43B-44D1-B256-A20A913CC5D9}\gapaengine.dll
2013-06-14 18:18 . 2013-05-13 03:37 9460464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{810EB0FC-91B0-4E41-A1FE-7F3FF504A285}\mpengine.dll
2013-06-13 11:27 . 2013-05-13 03:37 9460464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-06-13 11:23 . 2013-01-27 18:37 182248 ----a-w- c:\program files\Windows Defender\en-US\EppManifest.dll
2013-06-13 11:23 . 2013-01-27 15:35 8760 ----a-w- c:\program files\Windows Defender\en-US\setupres.dll
2013-06-13 11:23 . 2013-01-27 15:34 1094152 ----a-w- c:\program files\Windows Defender\en-US\amd64\setup.exe
2013-06-13 11:23 . 2013-01-20 19:58 241984 ----a-w- c:\program files\Windows Defender\en-US\amd64\sqmapi.dll
2013-06-13 11:22 . 2013-06-13 11:22 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2013-06-13 11:02 . 2013-06-13 11:02 -------- d-----w- C:\MATS
2013-06-13 10:26 . 2013-06-13 10:26 -------- d-----w- c:\windows\system32\SPReview
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-12 01:36 . 2012-08-19 03:29 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-12 01:36 . 2011-11-17 22:40 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-03 22:16 . 2012-09-18 04:00 75898224 ----a-w- c:\windows\system32\MRT.exe
2013-05-02 15:29 . 2012-07-11 03:33 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-04-12 14:36 . 2013-04-25 03:20 1653096 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-03-19 06:19 . 2013-04-11 04:58 5497688 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 05:54 . 2013-04-11 04:58 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 05:06 . 2013-04-11 04:58 3958120 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:06 . 2013-04-11 04:58 3902312 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:53 . 2013-04-11 04:58 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:19 . 2013-04-11 04:58 112640 ----a-w- c:\windows\system32\smss.exe
2009-04-08 18:31 . 2009-04-08 18:31 106496 ----a-w- c:\program files (x86)\Common Files\CPInstallAction.dll
2008-08-12 05:45 . 2008-08-12 05:45 155648 ----a-w- c:\program files (x86)\Common Files\MSIactionall.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 01:08 143360 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-02-28 18642024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl9"="c:\program files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]
"UpdatePSTShortCut"="c:\program files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2010-06-24 210216]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"Boingo Wi-Fi"="c:\program files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk" [2010-12-01 2429]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-05-03 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-08-12 1597440]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2013-02-14 295072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
FancyStart daemon.lnk - c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe -d [2010-12-1 12862]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys;c:\windows\SYSNATIVE\DRIVERS\lullaby.sys [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe;c:\windows\SYSNATIVE\FBAgent.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [x]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
S3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);c:\windows\system32\DRIVERS\JME.sys;c:\windows\SYSNATIVE\DRIVERS\JME.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-19 01:37]
.
2013-06-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-01 07:15]
.
2013-06-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-01 07:15]
.
2013-06-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3264811060-1101015550-240933154-1000Core.job
- c:\users\Aisha\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-10 04:41]
.
2013-06-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3264811060-1101015550-240933154-1000UA.job
- c:\users\Aisha\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-10 04:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:52 159744 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ASUS WebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" [2010-03-16 1754448]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://mywings.unf.edu/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to AMV Converter... - c:\program files (x86)\MP3 Player Utilities 4.15\AMVConverter\grab.html
IE: Add to Media Manager... - c:\program files (x86)\MP3 Player Utilities 4.15\MediaManager\grab.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.1
DPF: {C228AEDD-FC47-11D3-AF87-D128A9381404} - hxxp://www.link-systems.com/sdkhtml/SDK/paste/lsiw9x.cab
FF - ProfilePath - c:\users\Aisha\AppData\Roaming\Mozilla\Firefox\Profiles\f3z7q5bh.default\
.
- - - - ORPHANS REMOVED - - - -
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\SRS Premium Sound.lnk - c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe /f=srs_premium_sound_nopreset.zip /h
HKLM-Run-ETDWare - c:\program files (x86)\Elantech\ETDCtrl.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-K_Series_ScreenSaver_EN - c:\windows\system32\K_Series_ScreenSaver_EN.scr
AddRemove-RealPlayer 16.0 - c:\program files (x86)\real\realplayer\Update\r1puninst.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-06-15  01:15:26
ComboFix-quarantined-files.txt  2013-06-15 05:15
.
Pre-Run: 78,441,996,288 bytes free
Post-Run: 78,192,365,568 bytes free
.
- - End Of File - - 0E51AAD343F87EB0A1F140169DA4D324
A36C5E4F47E84449FF07ED3517B43A31
 

 

 

The computer seems to be doing just fine. I am not experiencing much, if any, difficulties using the computer. MSE disappeared from the taskbar once again though.



#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:20 PM

Posted 15 June 2013 - 01:21 AM


Hello Lilly123



Please download Farbar Recovery Scan Tool and save it to your desktop.


Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 Lilly123

Lilly123
  • Topic Starter

  • Members
  • 124 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:20 PM

Posted 15 June 2013 - 02:04 AM

I ran the Farbar Recovery Scan Tool; here are the log:

 

FRST log :
 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-06-2013
Ran by Aisha (administrator) on 15-06-2013 02:59:20
Running from C:\Users\Aisha\Desktop
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(ASUSTeK Computer Inc.) C:\Windows\system32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe
(ATK) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ATK) C:\Program Files\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
() C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
(Boingo Wireless, Inc.) C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(asus) C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
(ASUS) C:\Windows\AsScrPro.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [ETDWare] %ProgramFiles%\Elantech\ETDCtrl.exe [649608 2010-06-10] (ELAN Microelectronic Corp.)
HKLM\...\Run: [ASUS WebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe [1754448 2010-03-15] ()
HKLM\...\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t [307768 2009-11-19] ()
HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1281512 2013-01-27] (Microsoft Corporation)
HKLM-x32\...\Runonce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg"&"inst=NzctNTUzMDY4MTY4LVhPMTArMTItTElDKzItU1AxKzEtU1VQKzQtRkwxMCsxLVNQMVM0KzEtRERUKzQ4NjIxLUREMTBGKzEtU1QxMEZBUFArMS1GMTBNMTJBVCsyLUYxME0xMkErMS1GMTBNMTJBQisxLVUxMCsxLUYxME0xMkFUQk4rMS1GVUkrMi1UQlZVUEcrMTItRjEwTTEyRk4rMS1UQk4rMS1GMTBNMTJUQSszLVZJUDEyKzEtRjEwTTEyUisx"&"prod=90"&"ver=10.0.1424 [x]
HKCU\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [18642024 2013-02-28] (Skype Technologies S.A.)
HKLM-x32\...\Runonce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg"&"inst=NzctNTUzMDY4MTY4LVhPMTArMTItTElDKzItU1AxKzEtU1VQKzQtRkwxMCsxLVNQMVM0KzEtRERUKzQ4NjIxLUREMTBGKzEtU1QxMEZBUFArMS1GMTBNMTJBVCsyLUYxME0xMkErMS1GMTBNMTJBQisxLVUxMCsxLUYxME0xMkFUQk4rMS1GVUkrMi1UQlZVUEcrMTItRjEwTTEyRk4rMS1UQk4rMS1GMTBNMTJUQSszLVZJUDEyKzEtRjEwTTEyUisx"&"prod=90"&"ver=10.0.1424 [x]
HKLM-x32\...\Run: [RemoteControl9] "C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe" [87336 2009-07-06] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePSTShortCut] "C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Cyberlink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" [210216 2010-06-24] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [Boingo Wi-Fi] "C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk" [x]
HKLM-x32\...\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-05-03] (ASUS)
HKLM-x32\...\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1597440 2010-08-11] ()
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-07-05] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-17] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe"  -osboot [295072 2013-02-13] (RealNetworks, Inc.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\FancyStart daemon.lnk
ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe ()
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mywings.unf.edu/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Windows Live Family Safety Browser Helper Class - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {C228AEDD-FC47-11D3-AF87-D128A9381404} http://www.link-systems.com/sdkhtml/SDK/paste/lsiw9x.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1
 
FireFox:
========
FF ProfilePath: C:\Users\Aisha\AppData\Roaming\Mozilla\Firefox\Profiles\f3z7q5bh.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.5.1 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.5.1 - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8051.1204 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=12.0.1.666 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.0.282 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Yahoo! Toolbar - C:\Users\Aisha\AppData\Roaming\Mozilla\Firefox\Profiles\f3z7q5bh.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF Extension: DownloadHelper - C:\Users\Aisha\AppData\Roaming\Mozilla\Firefox\Profiles\f3z7q5bh.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
 
Chrome: 
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Users\Aisha\AppData\Local\Google\Chrome\Application\27.0.1453.110\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Aisha\AppData\Local\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Aisha\AppData\Local\Google\Chrome\Application\27.0.1453.110\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (Java™ Platform SE 7 U5) - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Windows Live\u00AE Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (RealNetworks™ RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks™ RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks™ RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealDownloader Plugin) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.50.255) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Download Plugin) - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
CHR Extension: (Google Docs) - C:\Users\Aisha\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Aisha\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Aisha\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Aisha\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (RealDownloader) - C:\Users\Aisha\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.0_0
CHR Extension: (Gmail) - C:\Users\Aisha\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
 
==================== Services (Whitelisted) =================
 
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-11-29] ()
R3 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2010-04-06] ()
 
==================== Drivers (Whitelisted) ====================
 
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1800192 2009-08-19] ()
U3 catchme; \??\C:\ComboFix\catchme.sys [x]
U3 tmlwf; 
U3 tmwfp; 
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-06-15 02:59 - 2013-06-15 02:59 - 00000000 ____D C:\FRST
2013-06-15 02:58 - 2013-06-15 02:58 - 01920398 ____A (Farbar) C:\Users\Aisha\Downloads\FRST64.exe
2013-06-15 02:58 - 2013-06-15 02:58 - 01920398 ____A (Farbar) C:\Users\Aisha\Desktop\FRST64.exe
2013-06-15 01:15 - 2013-06-15 01:15 - 00018575 ____A C:\ComboFix.txt
2013-06-15 01:04 - 2013-06-15 01:15 - 00000000 ____D C:\Qoobox
2013-06-15 01:04 - 2013-06-15 01:15 - 00000000 ____D C:\ComboFix
2013-06-15 01:04 - 2011-06-26 02:45 - 00256000 ____A C:\Windows\PEV.exe
2013-06-15 01:04 - 2010-11-07 13:20 - 00208896 ____A C:\Windows\MBR.exe
2013-06-15 01:04 - 2009-04-20 00:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-06-15 01:04 - 2000-08-30 20:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-06-15 01:04 - 2000-08-30 20:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-06-15 01:04 - 2000-08-30 20:00 - 00098816 ____A C:\Windows\sed.exe
2013-06-15 01:04 - 2000-08-30 20:00 - 00080412 ____A C:\Windows\grep.exe
2013-06-15 01:04 - 2000-08-30 20:00 - 00068096 ____A C:\Windows\zip.exe
2013-06-15 01:03 - 2013-06-15 01:03 - 05080197 ____R (Swearware) C:\Users\Aisha\Desktop\ComboFix.exe
2013-06-15 01:03 - 2013-06-15 01:03 - 05080197 ____A (Swearware) C:\Users\Aisha\Downloads\ComboFix.exe
2013-06-15 00:25 - 2013-06-15 00:25 - 00000872 ____A C:\Users\Aisha\Desktop\JRT.txt
2013-06-15 00:20 - 2013-06-15 00:20 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Aisha\Downloads\JRT.exe
2013-06-15 00:20 - 2013-06-15 00:20 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Aisha\Desktop\JRT.exe
2013-06-15 00:20 - 2013-06-15 00:20 - 00000000 ____D C:\Windows\ERUNT
2013-06-15 00:20 - 2013-06-15 00:20 - 00000000 ____D C:\JRT
2013-06-15 00:11 - 2013-06-15 00:11 - 00001653 ____A C:\AdwCleaner[S1].txt
2013-06-15 00:10 - 2013-06-15 00:10 - 00648201 ____A C:\Users\Aisha\Desktop\AdwCleaner.exe
2013-06-15 00:09 - 2013-06-15 00:10 - 00648201 ____A C:\Users\Aisha\Downloads\AdwCleaner.exe
2013-06-14 14:12 - 2013-06-14 14:12 - 00016741 ____A C:\Users\Aisha\Desktop\dds.txt
2013-06-14 14:12 - 2013-06-14 14:12 - 00012183 ____A C:\Users\Aisha\Desktop\attach.txt
2013-06-14 14:11 - 2013-06-14 14:11 - 00688992 ____R (Swearware) C:\Users\Aisha\Desktop\dds.com
2013-06-13 07:23 - 2013-06-13 07:23 - 00000000 ____D C:\Windows\System32\config\amd64
2013-06-13 07:23 - 2013-01-27 14:37 - 00182248 ____A (Microsoft Corporation) C:\Windows\System32\config\EppManifest.dll
2013-06-13 07:23 - 2013-01-27 11:35 - 00008760 ____A (Microsoft Corporation) C:\Windows\System32\config\setupres.dll
2013-06-13 07:22 - 2013-06-13 07:22 - 00000000 ____D C:\Windows\System32\config\NisDrv
2013-06-13 07:22 - 2013-06-13 07:22 - 00000000 ____D C:\Windows\System32\config\mpfilter
2013-06-13 07:22 - 2013-06-13 07:22 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-06-13 07:06 - 2013-06-13 07:06 - 13475464 ____A (Microsoft Corporation) C:\Users\Aisha\Downloads\mseinstall (4).exe
2013-06-13 07:02 - 2013-06-13 07:02 - 00000000 ____D C:\MATS
2013-06-13 06:53 - 2013-06-13 06:53 - 13475464 ____A (Microsoft Corporation) C:\Users\Aisha\Downloads\mseinstall (3).exe
2013-06-13 06:45 - 2013-06-13 06:46 - 13475464 ____A (Microsoft Corporation) C:\Users\Aisha\Downloads\mseinstall (2).exe
2013-06-13 06:26 - 2013-06-13 06:26 - 00000000 ____D C:\Windows\System32\SPReview
 
==================== One Month Modified Files and Folders =======
 
2013-06-15 02:59 - 2013-06-15 02:59 - 00000000 ____D C:\FRST
2013-06-15 02:58 - 2013-06-15 02:58 - 01920398 ____A (Farbar) C:\Users\Aisha\Downloads\FRST64.exe
2013-06-15 02:58 - 2013-06-15 02:58 - 01920398 ____A (Farbar) C:\Users\Aisha\Desktop\FRST64.exe
2013-06-15 02:54 - 2012-09-24 18:24 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-15 02:54 - 2012-07-10 00:41 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3264811060-1101015550-240933154-1000UA.job
2013-06-15 02:54 - 2010-12-01 03:15 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-15 01:31 - 2010-12-01 02:43 - 01258414 ____A C:\Windows\WindowsUpdate.log
2013-06-15 01:19 - 2010-12-01 03:15 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-15 01:15 - 2013-06-15 01:15 - 00018575 ____A C:\ComboFix.txt
2013-06-15 01:15 - 2013-06-15 01:04 - 00000000 ____D C:\Qoobox
2013-06-15 01:15 - 2013-06-15 01:04 - 00000000 ____D C:\ComboFix
2013-06-15 01:13 - 2009-07-13 22:34 - 00000215 ____A C:\Windows\system.ini
2013-06-15 01:04 - 2012-07-07 20:57 - 00000000 ____D C:\Windows\erdnt
2013-06-15 01:03 - 2013-06-15 01:03 - 05080197 ____R (Swearware) C:\Users\Aisha\Desktop\ComboFix.exe
2013-06-15 01:03 - 2013-06-15 01:03 - 05080197 ____A (Swearware) C:\Users\Aisha\Downloads\ComboFix.exe
2013-06-15 00:25 - 2013-06-15 00:25 - 00000872 ____A C:\Users\Aisha\Desktop\JRT.txt
2013-06-15 00:20 - 2013-06-15 00:20 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Aisha\Downloads\JRT.exe
2013-06-15 00:20 - 2013-06-15 00:20 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Aisha\Desktop\JRT.exe
2013-06-15 00:20 - 2013-06-15 00:20 - 00000000 ____D C:\Windows\ERUNT
2013-06-15 00:20 - 2013-06-15 00:20 - 00000000 ____D C:\JRT
2013-06-15 00:20 - 2009-07-14 00:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-15 00:20 - 2009-07-14 00:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-15 00:14 - 2012-04-19 19:17 - 00000000 ____D C:\Users\Aisha\AppData\Roaming\Skype
2013-06-15 00:12 - 2009-07-14 01:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-15 00:12 - 2009-07-14 00:51 - 00077976 ____A C:\Windows\setupact.log
2013-06-15 00:11 - 2013-06-15 00:11 - 00001653 ____A C:\AdwCleaner[S1].txt
2013-06-15 00:10 - 2013-06-15 00:10 - 00648201 ____A C:\Users\Aisha\Desktop\AdwCleaner.exe
2013-06-15 00:10 - 2013-06-15 00:09 - 00648201 ____A C:\Users\Aisha\Downloads\AdwCleaner.exe
2013-06-14 14:12 - 2013-06-14 14:12 - 00016741 ____A C:\Users\Aisha\Desktop\dds.txt
2013-06-14 14:12 - 2013-06-14 14:12 - 00012183 ____A C:\Users\Aisha\Desktop\attach.txt
2013-06-14 14:11 - 2013-06-14 14:11 - 00688992 ____R (Swearware) C:\Users\Aisha\Desktop\dds.com
2013-06-14 14:11 - 2012-07-06 18:22 - 00688992 ____A (Swearware) C:\Users\Aisha\Downloads\dds.com
2013-06-14 14:08 - 2013-03-16 00:22 - 00000000 ____D C:\Users\Aisha\Desktop\bcomp
2013-06-14 14:08 - 2012-07-10 00:41 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3264811060-1101015550-240933154-1000Core.job
2013-06-13 07:30 - 2012-07-10 23:23 - 00002127 ____A C:\Windows\epplauncher.mif
2013-06-13 07:23 - 2013-06-13 07:23 - 00000000 ____D C:\Windows\System32\config\amd64
2013-06-13 07:23 - 2009-07-14 01:13 - 00726444 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-13 07:22 - 2013-06-13 07:22 - 00000000 ____D C:\Windows\System32\config\NisDrv
2013-06-13 07:22 - 2013-06-13 07:22 - 00000000 ____D C:\Windows\System32\config\mpfilter
2013-06-13 07:22 - 2013-06-13 07:22 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-06-13 07:22 - 2012-07-10 23:30 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-06-13 07:06 - 2013-06-13 07:06 - 13475464 ____A (Microsoft Corporation) C:\Users\Aisha\Downloads\mseinstall (4).exe
2013-06-13 07:02 - 2013-06-13 07:02 - 00000000 ____D C:\MATS
2013-06-13 06:53 - 2013-06-13 06:53 - 13475464 ____A (Microsoft Corporation) C:\Users\Aisha\Downloads\mseinstall (3).exe
2013-06-13 06:46 - 2013-06-13 06:45 - 13475464 ____A (Microsoft Corporation) C:\Users\Aisha\Downloads\mseinstall (2).exe
2013-06-13 06:26 - 2013-06-13 06:26 - 00000000 ____D C:\Windows\System32\SPReview
2013-06-13 03:05 - 2011-02-26 09:21 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-06-11 21:36 - 2012-08-18 23:29 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-11 21:36 - 2011-11-17 18:40 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-07 20:10 - 2012-07-10 00:42 - 00002368 ____A C:\Users\Aisha\Desktop\Google Chrome.lnk
2013-06-03 18:16 - 2012-09-18 00:00 - 75898224 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-05-22 18:51 - 2011-12-12 03:28 - 00000000 ____D C:\Users\Aisha\Documents\Kalthoum
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-05-24 02:10
 
==================== End Of Log ============================

 

 

 

and Additional scan log :

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-06-2013
Ran by Aisha at 2013-06-15 03:00:37 Run:
Running from C:\Users\Aisha\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Installed Programs =======================
 
 Update for Microsoft Office 2007 (KB2508958)
ACD/Labs Software in C:\ACDFREE12\ (Version: v12.00, FREE)
Acrobat.com (Version: 1.6.65)
Adobe AIR (Version: 1.5.3.9130)
Adobe Flash Player 11 ActiveX (Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (Version: 11.7.700.224)
Adobe Reader X (10.1.7) (Version: 10.1.7)
Adobe Shockwave Player 11.6 (Version: 11.6.1.629)
Amazon Kindle For PC v1.0
Apple Application Support (Version: 2.0.1)
Apple Software Update (Version: 2.1.3.127)
ASUS AI Recovery (Version: 1.0.10)
ASUS AP Bank (Version: 1.0.0.0)
ASUS CopyProtect (Version: 1.0.0015)
ASUS Data Security Manager (Version: 1.00.0014)
ASUS FancyStart (Version: 1.0.8)
ASUS LifeFrame3 (Version: 3.0.20)
ASUS Live Update (Version: 2.5.9)
ASUS MultiFrame (Version: 1.0.0021)
ASUS Power4Gear Hybrid (Version: 1.1.37)
ASUS SmartLogon (Version: 1.0.0008)
ASUS Splendid Video Enhancement Technology (Version: 1.02.0028)
ASUS Video Magic (Version: 6.0.4015)
ASUS Virtual Camera (Version: 1.0.20)
ASUS WebStorage (Version: 2.0.46.1429)
ATK Package (Version: 1.0.0006)
Audacity 2.0
Bing Bar (Version: 7.0.822.0)
Boingo Wi-Fi (Version: 1.7.0048)
Bookworm Deluxe
CCleaner (Version: 3.20)
Choice Guard (Version: 1.2.87.0)
Conexant HD Audio (Version: 4.111.0.63)
ControlDeck (Version: 1.0.8)
Cooking Dash
CyberLink LabelPrint (Version: 2.5.1908)
CyberLink MediaShow Espresso (Version: 5.0.1606_25588)
CyberLink PhotoNow (Version: 1.1.6904)
CyberLink Power2Go (Version: 6.1.3602c)
CyberLink PowerDirector (Version: 8.0.2609a)
CyberLink PowerDVD 9 (Version: 9.0.3009.50)
ETDWare PS/2-x64 7.0.5.13_WHQL (Version: 7.0.5.13)
Fast Boot (Version: 1.0.6)
Game Park Console (Version: 6.2.1.1)
Google Chrome (Version: 27.0.1453.110)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.4.3607.2246)
Google Update Helper (Version: 1.3.21.145)
Governor of Poker
Hotel Dash Suite Success
Intel® Control Center (Version: 1.2.1.1007)
Intel® Graphics Media Accelerator Driver (Version: 8.15.10.2125)
Intel® Management Engine Components (Version: 6.0.0.1179)
Java Auto Updater (Version: 2.1.6.0)
Java™ 7 Update 5 (Version: 7.0.50)
JavaFX 2.1.1 (Version: 2.1.1)
Jewel Quest 3
JMicron Ethernet Adapter NDIS Driver (Version: 6.0.17.1)
JMicron Flash Media Controller Driver (Version: 1.0.33.2)
Junk Mail filter update (Version: 14.0.8050.1202)
K_Series_ScreenSaver_EN
Luxor 3
Mahjongg dimensions
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Professional Plus 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Security Client (Version: 4.2.0223.1)
Microsoft Security Essentials (Version: 4.2.223.1)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Mozilla Firefox 15.0.1 (x86 en-US) (Version: 15.0.1)
Mozilla Maintenance Service (Version: 15.0.1)
MP3 Player Utilities 4.15 (Version: 4.15)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (KB973685) (Version: 4.30.2107.0)
Plants vs Zombies
QuickTime (Version: 7.70.80.34)
RealDownloader (Version: 1.3.0)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0)
RealPlayer (Version: 16.0.0)
RealUpgrade 1.1 (Version: 1.1.0)
Revo Uninstaller 1.94 (Version: 1.94)
Skype™ 6.3 (Version: 6.3.105)
swMSM (Version: 12.0.0.1)
syncables desktop SE (Version: 5.5.746.11492)
Times Reader (Version: 2.055)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817327) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
USB2.0 UVC VGA WebCam (Version: 5.8.54000.207)
Visual Studio 2008 x64 Redistributables (Version: 10.0.0.2)
Windows Live Call (Version: 14.0.8050.1202)
Windows Live Communications Platform (Version: 14.0.8050.1202)
Windows Live Essentials (Version: 14.0.8050.1202)
Windows Live Family Safety (Version: 14.0.8052.1208)
Windows Live Mail (Version: 14.0.8050.1202)
Windows Live Messenger (Version: 14.0.8050.1202)
Windows Live Photo Gallery (Version: 14.0.8051.1204)
Windows Live Sync (Version: 14.0.8050.1202)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8050.1202)
Windows Movie Maker 2.6 (Version: 2.6.4037.0)
WinFlash (Version: 2.30.3)
Wireless Console 3 (Version: 3.0.18)
World of Goo
 
==================== Restore Points  =========================
 
13-06-2013 10:26:39 Windows 7 Service Pack 1
13-06-2013 11:02:45  Microsoft Security Client 
15-06-2013 05:04:38 ComboFix created restore point
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
 
System errors:
=============
Error: (06/15/2013 02:54:49 AM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
 
Error: (06/15/2013 01:13:27 AM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (06/15/2013 01:12:35 AM) (Source: Application Popup) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (06/15/2013 01:09:46 AM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
 
Microsoft Office Sessions:
=========================
Error: (03/31/2013 07:14:07 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 1346 seconds with 480 seconds of active time.  This session ended with a crash.
 
Error: (02/21/2013 06:57:20 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 357 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error: (10/11/2012 00:30:00 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1307 seconds with 1200 seconds of active time.  This session ended with a crash.
 
Error: (10/11/2012 00:07:54 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 10388 seconds with 5280 seconds of active time.  This session ended with a crash.
 
Error: (10/10/2012 09:14:17 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 49672 seconds with 2880 seconds of active time.  This session ended with a crash.
 
Error: (09/15/2012 04:00:19 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1048 seconds with 840 seconds of active time.  This session ended with a crash.
 
Error: (09/15/2012 03:42:41 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 598806 seconds with 29940 seconds of active time.  This session ended with a crash.
 
Error: (06/18/2011 09:27:31 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 13876 seconds with 4860 seconds of active time.  This session ended with a crash.
 
Error: (06/18/2011 03:16:34 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 1825 seconds with 1500 seconds of active time.  This session ended with a crash.
 
 
CodeIntegrity Errors:
===================================
  Date: 2013-06-15 01:12:35.870
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-06-15 01:12:35.730
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-07-07 21:06:04.997
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-07-07 21:06:04.919
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 46%
Total physical RAM: 3884.38 MB
Available physical RAM: 2090.06 MB
Total Pagefile: 7766.89 MB
Available Pagefile: 5896.92 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:116.44 GB) (Free:72.46 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)]
Drive d: (Data) (Fixed) (Total:329.79 GB) (Free:329.68 GB) NTFS (Disk=0 Partition=3)
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 1E24BAB9)
Partition 1: (Not Active) - (Size=20 GB) - (Type=1C)
Partition 2: (Active) - (Size=116 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=330 GB) - (Type=OF Extended)
 
==================== End Of Log ============================


#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:20 PM

Posted 15 June 2013 - 01:16 PM

Hello


that looks good, so if you still having issues with MSE I want you to uninstall it and reinstall it to see if it clears up



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 Lilly123

Lilly123
  • Topic Starter

  • Members
  • 124 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:20 PM

Posted 15 June 2013 - 03:08 PM

MSE reappeared on the taskbar, and its opening normally. Protection is still off, though. Should I still uninstall and reinstall MSE? 



#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:20 PM

Posted 15 June 2013 - 03:13 PM

reboot and verify if protection will not turn on and if it still will not turn on then reinstall


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 Lilly123

Lilly123
  • Topic Starter

  • Members
  • 124 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:20 PM

Posted 15 June 2013 - 03:20 PM

OK, I rebooted, and when the computer started it up, MSE was on the taskbar. It also opened smoothly with no issues, and I turned on the protection with no issues as well.



#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:20 PM

Posted 15 June 2013 - 04:17 PM


Hello Lilly123

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

ClearJavaCache::


 
Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe
CFScriptB-4.gif
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
    • report from Combofix
    • let me know of any problems you may have had
    • How is the computer doing now after running the script?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users