Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Microsoft Security Essentials Error 0x80073b01


  • This topic is locked This topic is locked
19 replies to this topic

#1 TheAcousticAssasin

TheAcousticAssasin

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:28 AM

Posted 17 June 2013 - 09:19 AM

Hi Guys,

 

I am having some trouble with my Microsoft Security Essentials on my Laptop.  On startup and ring to intilise the program the laptop displays the same error 0x80073b01.

 

I am running the Windows 7 Home Premium (64bit) Operating System and the Laptop is a DELL Inspiron.

 

I am pretty competent on a PC but this issue is probably well out of my comfort zone. 

 

Could somebody please help?

 

 



BC AdBot (Login to Remove)

 


#2 Larusso

Larusso

    Raggamuffin


  • Malware Response Team
  • 305 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austria
  • Local time:11:28 AM

Posted 18 June 2013 - 11:22 AM

Hy
my name is Daniel and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • I am currently visiting an evening school and working nightshift only which might be evening for you. In this time I am mostly online with my mobile devices and won't be able to reply.

 

 

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.


regards,
Daniel

Bread for the world instead Bombs and Bangers


I'll always help for free but if you want to support me in my fight against malware, please btn_donate_SM.gif

#3 TheAcousticAssasin

TheAcousticAssasin
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:28 AM

Posted 20 June 2013 - 01:22 PM

Hi Daniel,

 

I do not have 'Microsoft Security Essentials' on my PC anymore as Microsoft Support recommended that I 'Un-install' and 'Re-Install' the program. The MSE will not install on my PC.  Really at my wits end now Daniel. Anyway

 

I have followed you instructions to the letter as required and here are the results. I have copied and pasted the log files 'FRST.txt' file and the 'Addition.txt' file below:

 

The 'FRST.txt' file

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-06-2013 01
Ran by JohnJenny (administrator) on 20-06-2013 19:05:52
Running from C:\Users\JohnJenny\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

==================== Registry (Whitelisted) ==================

MountPoints2: {b81a98dd-1b34-11df-ad86-a4badba29ada} - "E:\WD SmartWare.exe" autoplay=true
HKU\Jenny\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Jenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USCON/2
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
HKCU SearchScopes: DefaultScope {A532A0A9-557A-4A65-BA4F-28B7753D9CC6} URL =
SearchScopes: HKCU - {34FF0DFD-ABE9-48CC-A23A-8B834FFEB9AE} URL =
SearchScopes: HKCU - {A532A0A9-557A-4A65-BA4F-28B7753D9CC6} URL =
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM-x32 - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Handler-x32: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

==================== Services (Whitelisted) =================

S4 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe [240128 2009-06-29] (IDT, Inc.)
S4 wltrysvc; C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE [33280 2009-07-17] ()

==================== Drivers (Whitelisted) ====================

R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-06-20 19:05 - 2013-06-20 19:05 - 00000000 ____D C:\FRST
2013-06-20 19:04 - 2013-06-20 19:04 - 01929538 ____A (Farbar) C:\Users\JohnJenny\Downloads\FRST64.exe
2013-06-20 18:51 - 2013-06-20 18:53 - 00000000 ____D C:\7f91dedfc689092517348943c0a870d4
2013-06-20 18:33 - 2013-05-17 02:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-20 18:33 - 2013-05-17 02:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-20 18:33 - 2013-05-17 02:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-20 18:33 - 2013-05-17 02:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-20 18:33 - 2013-05-17 02:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-20 18:33 - 2013-05-17 02:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-20 18:33 - 2013-05-17 02:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-20 18:33 - 2013-05-17 02:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-20 18:33 - 2013-05-17 01:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-20 18:33 - 2013-05-17 01:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-20 18:33 - 2013-05-17 01:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-20 18:33 - 2013-05-17 01:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-20 18:33 - 2013-05-17 01:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-20 18:33 - 2013-05-17 01:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-20 18:33 - 2013-05-17 01:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-20 18:33 - 2013-05-17 01:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-20 18:33 - 2013-05-17 01:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-20 18:33 - 2013-05-14 13:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-20 18:33 - 2013-05-14 09:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-20 18:32 - 2013-06-08 15:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-20 18:32 - 2013-06-08 15:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-20 18:32 - 2013-06-08 15:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-20 18:32 - 2013-06-08 15:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-20 18:32 - 2013-06-08 15:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-20 18:32 - 2013-06-08 13:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-20 18:32 - 2013-06-08 12:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-20 18:32 - 2013-06-08 12:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-20 18:32 - 2013-06-08 12:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-20 18:32 - 2013-06-08 12:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-20 18:32 - 2013-06-08 12:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-20 18:32 - 2013-06-08 12:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-20 08:24 - 2013-06-20 08:24 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-20 08:24 - 2013-06-20 08:24 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-06-20 08:24 - 2013-06-20 08:24 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-06-20 08:24 - 2013-06-20 08:24 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-06-20 08:24 - 2013-06-20 08:24 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-06-20 08:24 - 2013-06-20 08:24 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-06-20 08:24 - 2013-06-20 08:24 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-06-20 08:24 - 2013-06-20 08:24 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-20 08:24 - 2013-06-20 08:24 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-06-20 08:24 - 2013-06-20 08:24 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-06-20 08:24 - 2013-06-20 08:24 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-06-20 08:24 - 2013-06-20 08:24 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-06-20 08:24 - 2013-06-20 08:24 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-06-20 08:24 - 2013-06-20 08:24 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-06-20 08:24 - 2013-06-20 08:24 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-06-20 08:24 - 2013-06-20 08:24 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-06-20 08:24 - 2013-06-20 08:24 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-06-20 08:24 - 2013-06-20 08:24 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-06-20 08:24 - 2013-06-20 08:24 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-06-20 08:24 - 2013-06-20 08:24 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-06-20 08:24 - 2013-06-20 08:24 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-06-20 08:20 - 2013-06-20 08:27 - 00007921 ____A C:\Windows\IE10_main.log
2013-06-20 08:20 - 2013-06-20 08:20 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\JohnJenny\Desktop\tdsskiller.exe
2013-06-20 08:18 - 2013-06-20 08:18 - 85904656 ____A (Microsoft Corporation) C:\Users\JohnJenny\Desktop\msert.exe
2013-06-17 17:49 - 2013-06-17 17:50 - 00000000 ____D C:\Users\Jenny\AppData\Local\{852AC8A2-5C8D-4B46-83F9-B753D0E370E2}
2013-06-16 15:06 - 2013-06-16 15:06 - 00000000 ____D C:\Users\Jenny\AppData\Local\{FD677F71-6302-4097-A2C2-71B1DC8F6B0F}
2013-06-16 14:42 - 2013-06-16 14:42 - 00002526 ____A C:\Users\Administrator\Desktop\mseremoval.bat
2013-06-16 13:56 - 2013-06-16 13:56 - 213054506 ____A C:\Users\Administrator\Desktop\Regedit_16_06_13.reg
2013-06-16 13:40 - 2013-06-16 13:40 - 00002526 ____A C:\Users\Administrator\Desktop\229863724-0-MSE_Uninstall.txt
2013-06-15 18:40 - 2013-06-15 18:40 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Macromedia
2013-06-15 18:40 - 2013-06-15 18:40 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Dell
2013-06-15 18:40 - 2013-06-15 18:40 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2013-06-15 18:39 - 2013-06-15 18:39 - 00079992 ____A C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2013-06-15 18:39 - 2013-06-15 18:39 - 00000020 ___SH C:\Users\Administrator\ntuser.ini
2013-06-15 18:39 - 2013-06-15 18:39 - 00000000 ____D C:\Users\Administrator\AppData\Local\Stardock_Corporation
2013-06-15 18:39 - 2013-06-15 18:39 - 00000000 ____D C:\users\Administrator
2013-06-15 18:39 - 2010-08-14 13:28 - 00000000 ____D C:\Users\Administrator\AppData\Local\Microsoft Help
2013-06-15 15:27 - 2013-06-15 15:28 - 88079120 ____A (Microsoft Corporation) C:\Users\JohnJenny\Downloads\msert.exe
2013-06-15 15:05 - 2013-06-15 15:18 - 00000390 ____A C:\Windows\Tasks\ErrorEND.job
2013-06-15 15:04 - 2013-06-15 15:14 - 00000000 ____D C:\Program Files\ErrorEND
2013-06-15 15:04 - 2013-06-15 15:04 - 03891648 ____A C:\Users\JohnJenny\Downloads\ErrorEND_Installer.exe
2013-06-15 15:04 - 2013-06-15 15:04 - 00000814 ____A C:\Users\JohnJenny\Desktop\ErrorEND.lnk
2013-06-15 14:40 - 2013-06-15 14:40 - 00000000 ____D C:\Windows\pss
2013-06-15 13:28 - 2013-06-15 13:29 - 00000000 ____D C:\Users\JohnJenny\AppData\Local\{71D0AD8C-2E3A-4002-9E8C-72C199C63332}
2013-06-15 12:45 - 2013-06-15 12:45 - 13475464 ____A (Microsoft Corporation) C:\Users\JohnJenny\Downloads\mseinstall.exe
2013-06-15 12:38 - 2013-06-15 12:38 - 00000000 ____D C:\MATS
2013-06-15 10:20 - 2013-06-15 10:20 - 00000000 ____D C:\Users\JohnJenny\AppData\Roaming\Malwarebytes
2013-06-15 10:20 - 2013-06-15 10:20 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-06-15 10:19 - 2013-06-15 10:19 - 10285040 ____A (Malwarebytes Corporation                                    ) C:\Users\JohnJenny\Downloads\mbam-setup-1.75.0.1300.exe
2013-06-15 01:51 - 2013-06-15 15:14 - 00000000 ____D C:\ProgramData\ErrorEND64
2013-06-15 01:48 - 2013-04-12 15:45 - 01656680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2013-06-15 01:48 - 2013-04-10 07:01 - 00983400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-06-15 01:48 - 2013-04-10 07:01 - 00265064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2013-06-15 01:48 - 2013-04-10 04:30 - 03153920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-06-15 01:48 - 2013-03-19 06:53 - 00230400 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll
2013-06-15 01:48 - 2013-03-19 06:53 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll
2013-06-15 01:48 - 2013-02-27 07:02 - 00111448 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe
2013-06-15 01:48 - 2013-02-27 06:52 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-06-15 01:48 - 2013-02-27 06:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2013-06-15 01:48 - 2013-02-27 06:48 - 01930752 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-06-15 01:48 - 2013-02-27 06:47 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll
2013-06-15 01:48 - 2013-02-27 05:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-06-15 01:48 - 2013-02-27 05:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-06-15 01:48 - 2013-02-27 05:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-06-15 01:48 - 2013-02-15 07:08 - 00044032 ____A (Microsoft Corporation) C:\Windows\System32\tsgqec.dll
2013-06-15 01:48 - 2013-02-15 07:06 - 03717632 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2013-06-15 01:48 - 2013-02-15 07:02 - 00158720 ____A (Microsoft Corporation) C:\Windows\System32\aaclient.dll
2013-06-15 01:48 - 2013-02-15 05:37 - 03217408 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2013-06-15 01:48 - 2013-02-15 05:34 - 00131584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2013-06-15 01:48 - 2013-02-15 04:25 - 00036864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2013-06-15 01:48 - 2013-01-24 07:01 - 00223752 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fvevol.sys
2013-06-15 01:48 - 2011-02-03 12:25 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
2013-06-15 01:47 - 2013-05-08 07:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-15 01:46 - 2013-05-10 06:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-15 01:46 - 2013-05-10 04:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-15 01:46 - 2013-04-26 06:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-15 01:46 - 2013-04-26 05:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-15 01:45 - 2013-03-19 07:04 - 05550424 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-06-15 01:45 - 2013-03-19 06:46 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2013-06-15 01:45 - 2013-03-19 06:04 - 03968856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-06-15 01:45 - 2013-03-19 06:04 - 03913560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-06-15 01:45 - 2013-03-19 05:47 - 00006656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-06-15 01:45 - 2013-03-19 04:06 - 00112640 ____A (Microsoft Corporation) C:\Windows\System32\smss.exe
2013-06-15 01:44 - 2013-05-13 06:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-15 01:44 - 2013-05-13 06:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-15 01:44 - 2013-05-13 06:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-15 01:44 - 2013-05-13 06:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-15 01:44 - 2013-05-13 05:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-15 01:44 - 2013-05-13 05:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-15 01:44 - 2013-05-13 05:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-15 01:44 - 2013-05-13 04:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-15 01:44 - 2013-05-13 04:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-15 01:44 - 2013-05-13 04:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-15 01:44 - 2013-04-17 08:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-15 01:44 - 2013-04-17 07:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-15 01:40 - 2013-04-26 00:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-15 01:40 - 2013-03-31 23:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-06-15 01:28 - 2013-06-15 01:28 - 00000000 ____D C:\Users\JohnJenny\AppData\Local\{CCE8012A-9F4A-4BDB-A5DD-17748885A16C}
2013-06-14 22:27 - 2013-06-14 22:27 - 00000000 ____D C:\Users\JohnJenny\AppData\Local\{F4358D57-FB18-4522-880D-C4844C1DEDB4}
2013-06-06 20:53 - 2013-06-06 20:53 - 00000000 ____D C:\Users\JohnJenny\AppData\Local\{4F28D500-2B9E-4861-8197-5BC11C40EE50}
2013-06-02 21:37 - 2013-06-02 21:38 - 00000000 ____D C:\Users\JohnJenny\AppData\Local\{844AF40D-5403-4FA8-8836-FE71079FC264}
2013-05-31 17:35 - 2013-05-31 17:35 - 00000000 ____D C:\Users\Jenny\AppData\Local\{9BEB65D1-D395-4CA7-B054-2C7223FC6FE6}
2013-05-27 12:04 - 2013-05-27 12:04 - 00000000 ____D C:\Users\Jenny\AppData\Local\{D4A4B2E0-0F2A-471E-AF2A-39DAF089F421}
2013-05-26 08:57 - 2013-05-26 08:57 - 00000000 ____D C:\Users\JohnJenny\AppData\Local\{8E95877C-BD01-472A-B592-C38C27C2AB8C}
2013-05-24 17:23 - 2013-05-24 17:23 - 00000000 ____D C:\Users\Jenny\AppData\Local\{826F5D20-1D2F-482A-9409-77A403EF1B35}
2013-05-21 13:00 - 2013-05-21 13:00 - 00706671 ____A C:\Users\Jenny\Downloads\17-05-2013
2013-05-21 12:42 - 2013-05-21 12:42 - 00000000 ____D C:\Users\Jenny\AppData\Local\{0B232A69-02A9-4A14-B206-FEFDA8856E53}

==================== One Month Modified Files and Folders =======

2013-06-20 19:05 - 2013-06-20 19:05 - 00000000 ____D C:\FRST
2013-06-20 19:04 - 2013-06-20 19:04 - 01929538 ____A (Farbar) C:\Users\JohnJenny\Downloads\FRST64.exe
2013-06-20 18:56 - 2011-03-02 20:40 - 00002115 ____A C:\Windows\epplauncher.mif
2013-06-20 18:55 - 2011-03-02 20:39 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-06-20 18:54 - 2011-10-19 18:48 - 00000506 ____A C:\Windows\Tasks\SystemToolsDailyTest.job
2013-06-20 18:53 - 2013-06-20 18:51 - 00000000 ____D C:\7f91dedfc689092517348943c0a870d4
2013-06-20 18:46 - 2012-04-02 18:03 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-20 18:43 - 2009-07-14 05:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-20 18:43 - 2009-07-14 05:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-20 18:42 - 2009-07-14 06:10 - 01513699 ____A C:\Windows\WindowsUpdate.log
2013-06-20 18:35 - 2009-07-14 06:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-20 18:35 - 2009-07-14 05:51 - 00087045 ____A C:\Windows\setupact.log
2013-06-20 08:30 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-06-20 08:27 - 2013-06-20 08:20 - 00007921 ____A C:\Windows\IE10_main.log
2013-06-20 08:27 - 2009-07-14 06:13 - 00726444 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-20 08:24 - 2013-06-20 08:24 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-20 08:24 - 2013-06-20 08:24 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-06-20 08:24 - 2013-06-20 08:24 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-06-20 08:24 - 2013-06-20 08:24 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-06-20 08:24 - 2013-06-20 08:24 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-06-20 08:24 - 2013-06-20 08:24 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-06-20 08:24 - 2013-06-20 08:24 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-06-20 08:24 - 2013-06-20 08:24 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-20 08:24 - 2013-06-20 08:24 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-06-20 08:24 - 2013-06-20 08:24 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-06-20 08:24 - 2013-06-20 08:24 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-06-20 08:24 - 2013-06-20 08:24 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-06-20 08:24 - 2013-06-20 08:24 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-06-20 08:24 - 2013-06-20 08:24 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-06-20 08:24 - 2013-06-20 08:24 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-06-20 08:24 - 2013-06-20 08:24 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-06-20 08:24 - 2013-06-20 08:24 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-06-20 08:24 - 2013-06-20 08:24 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-06-20 08:24 - 2013-06-20 08:24 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-06-20 08:24 - 2013-06-20 08:24 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-06-20 08:24 - 2013-06-20 08:24 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-06-20 08:20 - 2013-06-20 08:20 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\JohnJenny\Desktop\tdsskiller.exe
2013-06-20 08:18 - 2013-06-20 08:18 - 85904656 ____A (Microsoft Corporation) C:\Users\JohnJenny\Desktop\msert.exe
2013-06-17 19:18 - 2010-02-10 14:05 - 00000000 ____D C:\Users\Jenny\Tracing
2013-06-17 17:50 - 2013-06-17 17:49 - 00000000 ____D C:\Users\Jenny\AppData\Local\{852AC8A2-5C8D-4B46-83F9-B753D0E370E2}
2013-06-16 15:06 - 2013-06-16 15:06 - 00000000 ____D C:\Users\Jenny\AppData\Local\{FD677F71-6302-4097-A2C2-71B1DC8F6B0F}
2013-06-16 14:42 - 2013-06-16 14:42 - 00002526 ____A C:\Users\Administrator\Desktop\mseremoval.bat
2013-06-16 13:56 - 2013-06-16 13:56 - 213054506 ____A C:\Users\Administrator\Desktop\Regedit_16_06_13.reg
2013-06-16 13:40 - 2013-06-16 13:40 - 00002526 ____A C:\Users\Administrator\Desktop\229863724-0-MSE_Uninstall.txt
2013-06-15 18:40 - 2013-06-15 18:40 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Macromedia
2013-06-15 18:40 - 2013-06-15 18:40 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Dell
2013-06-15 18:40 - 2013-06-15 18:40 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2013-06-15 18:39 - 2013-06-15 18:39 - 00079992 ____A C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2013-06-15 18:39 - 2013-06-15 18:39 - 00000020 ___SH C:\Users\Administrator\ntuser.ini
2013-06-15 18:39 - 2013-06-15 18:39 - 00000000 ____D C:\Users\Administrator\AppData\Local\Stardock_Corporation
2013-06-15 18:39 - 2013-06-15 18:39 - 00000000 ____D C:\users\Administrator
2013-06-15 15:28 - 2013-06-15 15:27 - 88079120 ____A (Microsoft Corporation) C:\Users\JohnJenny\Downloads\msert.exe
2013-06-15 15:18 - 2013-06-15 15:05 - 00000390 ____A C:\Windows\Tasks\ErrorEND.job
2013-06-15 15:14 - 2013-06-15 15:04 - 00000000 ____D C:\Program Files\ErrorEND
2013-06-15 15:14 - 2013-06-15 01:51 - 00000000 ____D C:\ProgramData\ErrorEND64
2013-06-15 15:14 - 2011-10-19 18:45 - 00000000 ____D C:\Program Files\Bonjour
2013-06-15 15:04 - 2013-06-15 15:04 - 03891648 ____A C:\Users\JohnJenny\Downloads\ErrorEND_Installer.exe
2013-06-15 15:04 - 2013-06-15 15:04 - 00000814 ____A C:\Users\JohnJenny\Desktop\ErrorEND.lnk
2013-06-15 14:44 - 2010-10-23 06:40 - 00000000 ____D C:\Users\JohnJenny\AppData\Local\Windows Live
2013-06-15 14:40 - 2013-06-15 14:40 - 00000000 ____D C:\Windows\pss
2013-06-15 14:27 - 2010-02-14 11:37 - 00000000 ____D C:\Users\JohnJenny\Tracing
2013-06-15 13:29 - 2013-06-15 13:28 - 00000000 ____D C:\Users\JohnJenny\AppData\Local\{71D0AD8C-2E3A-4002-9E8C-72C199C63332}
2013-06-15 12:45 - 2013-06-15 12:45 - 13475464 ____A (Microsoft Corporation) C:\Users\JohnJenny\Downloads\mseinstall.exe
2013-06-15 12:38 - 2013-06-15 12:38 - 00000000 ____D C:\MATS
2013-06-15 10:20 - 2013-06-15 10:20 - 00000000 ____D C:\Users\JohnJenny\AppData\Roaming\Malwarebytes
2013-06-15 10:20 - 2013-06-15 10:20 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-06-15 10:19 - 2013-06-15 10:19 - 10285040 ____A (Malwarebytes Corporation                                    ) C:\Users\JohnJenny\Downloads\mbam-setup-1.75.0.1300.exe
2013-06-15 09:55 - 2009-07-14 05:45 - 00340864 ____A C:\Windows\System32\FNTCACHE.DAT
2013-06-15 01:57 - 2011-10-19 18:48 - 00000564 ____A C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2013-06-15 01:46 - 2012-04-02 18:03 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-15 01:46 - 2011-06-17 17:28 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-15 01:28 - 2013-06-15 01:28 - 00000000 ____D C:\Users\JohnJenny\AppData\Local\{CCE8012A-9F4A-4BDB-A5DD-17748885A16C}
2013-06-15 01:28 - 2010-02-03 07:06 - 00000000 ____D C:\ProgramData\PCDr
2013-06-15 01:23 - 2010-02-09 21:33 - 00000000 ____D C:\users\Jenny
2013-06-15 01:23 - 2010-02-09 20:11 - 00000000 ____D C:\users\JohnJenny
2013-06-15 01:23 - 2009-07-14 06:32 - 00000000 ____D C:\Windows\Offline Web Pages
2013-06-15 01:23 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-06-15 01:23 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-06-15 01:23 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\L2Schemas
2013-06-15 01:22 - 2012-02-18 11:27 - 00000000 ____D C:\Windows\System32\Macromed
2013-06-15 01:22 - 2010-02-03 06:57 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2013-06-15 01:22 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\AppCompat
2013-06-15 01:22 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-06-15 01:21 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration
2013-06-14 22:27 - 2013-06-14 22:27 - 00000000 ____D C:\Users\JohnJenny\AppData\Local\{F4358D57-FB18-4522-880D-C4844C1DEDB4}
2013-06-08 15:08 - 2013-06-20 18:32 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-08 15:07 - 2013-06-20 18:32 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-08 15:06 - 2013-06-20 18:32 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-08 15:06 - 2013-06-20 18:32 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-08 15:06 - 2013-06-20 18:32 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-08 13:28 - 2013-06-20 18:32 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-08 12:42 - 2013-06-20 18:32 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-08 12:40 - 2013-06-20 18:32 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-08 12:40 - 2013-06-20 18:32 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-08 12:40 - 2013-06-20 18:32 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-08 12:40 - 2013-06-20 18:32 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-08 12:13 - 2013-06-20 18:32 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-06 20:53 - 2013-06-06 20:53 - 00000000 ____D C:\Users\JohnJenny\AppData\Local\{4F28D500-2B9E-4861-8197-5BC11C40EE50}
2013-06-02 21:38 - 2013-06-02 21:37 - 00000000 ____D C:\Users\JohnJenny\AppData\Local\{844AF40D-5403-4FA8-8836-FE71079FC264}
2013-06-02 17:11 - 2010-02-09 20:35 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-05-31 17:35 - 2013-05-31 17:35 - 00000000 ____D C:\Users\Jenny\AppData\Local\{9BEB65D1-D395-4CA7-B054-2C7223FC6FE6}
2013-05-27 12:04 - 2013-05-27 12:04 - 00000000 ____D C:\Users\Jenny\AppData\Local\{D4A4B2E0-0F2A-471E-AF2A-39DAF089F421}
2013-05-26 08:57 - 2013-05-26 08:57 - 00000000 ____D C:\Users\JohnJenny\AppData\Local\{8E95877C-BD01-472A-B592-C38C27C2AB8C}
2013-05-24 17:23 - 2013-05-24 17:23 - 00000000 ____D C:\Users\Jenny\AppData\Local\{826F5D20-1D2F-482A-9409-77A403EF1B35}
2013-05-21 13:00 - 2013-05-21 13:00 - 00706671 ____A C:\Users\Jenny\Downloads\17-05-2013
2013-05-21 12:42 - 2013-05-21 12:42 - 00000000 ____D C:\Users\Jenny\AppData\Local\{0B232A69-02A9-4A14-B206-FEFDA8856E53}

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-2001653805-1938361806-551336057-1001\$6f17c38f690a058e09e03cc98c00d8ff

ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$6f17c38f690a058e09e03cc98c00d8ff

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\en-US => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
C:\Program Files\Microsoft Security Client\Backup => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Microsoft Security Client

LastRegBack: 2013-05-06 18:13

==================== End Of Log ============================

 

The 'Addition.txt' file

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-06-2013 01
Ran by JohnJenny at 2013-06-20 19:09:02 Run:
Running from C:\Users\JohnJenny\Downloads
Boot Mode: Normal
==========================================================

==================== Installed Programs =======================

 Update for Microsoft Office 2007 (KB2508958)
64 Bit HP CIO Components Installer (Version: 7.2.8)
Adobe Flash Player 11 ActiveX (Version: 11.7.700.224)
Adobe Reader XI (11.0.02) (Version: 11.0.02)
Advanced Audio FX Engine (Version: 1.12.05)
Apple Application Support (Version: 2.3.3)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
ATI Catalyst Control Center (Version: 2.009.0625.1811)
Bonjour (Version: 3.0.0.10)
BufferChm (Version: 130.0.331.000)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Core Implementation (Version: 2009.0625.1812.30825)
Catalyst Control Center Graphics Full Existing (Version: 2009.0625.1812.30825)
Catalyst Control Center Graphics Full New (Version: 2009.0625.1812.30825)
Catalyst Control Center Graphics Light (Version: 2009.0625.1812.30825)
Catalyst Control Center Graphics Previews Common (Version: 2009.0625.1812.30825)
Catalyst Control Center Graphics Previews Vista (Version: 2009.0625.1812.30825)
Catalyst Control Center InstallProxy (Version: 2009.0625.1812.30825)
Catalyst Control Center Localization All (Version: 2009.0625.1812.30825)
CCC Help Chinese Standard (Version: 2009.0625.1811.30825)
CCC Help Chinese Traditional (Version: 2009.0625.1811.30825)
CCC Help Danish (Version: 2009.0625.1811.30825)
CCC Help Dutch (Version: 2009.0625.1811.30825)
CCC Help English (Version: 2009.0625.1811.30825)
CCC Help Finnish (Version: 2009.0625.1811.30825)
CCC Help French (Version: 2009.0625.1811.30825)
CCC Help German (Version: 2009.0625.1811.30825)
CCC Help Italian (Version: 2009.0625.1811.30825)
CCC Help Japanese (Version: 2009.0625.1811.30825)
CCC Help Korean (Version: 2009.0625.1811.30825)
CCC Help Norwegian (Version: 2009.0625.1811.30825)
CCC Help Portuguese (Version: 2009.0625.1811.30825)
CCC Help Russian (Version: 2009.0625.1811.30825)
CCC Help Spanish (Version: 2009.0625.1811.30825)
CCC Help Swedish (Version: 2009.0625.1811.30825)
ccc-core-static (Version: 2009.0625.1812.30825)
ccc-utility64 (Version: 2009.0625.1812.30825)
Cisco EAP-FAST Module (Version: 2.2.14)
Cisco LEAP Module (Version: 1.0.19)
Cisco PEAP Module (Version: 1.1.6)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Copy (Version: 130.0.366.000)
D3DX10 (Version: 15.4.2368.0902)
Dell Dock (Version: 2.0.0)
Dell Edoc Viewer (Version: 1.0.0)
Dell Getting Started Guide (Version: 1.00.0000)
Dell Support Center (Version: 3.1.5907.12)
Dell Touchpad (Version: 13.2.3.0)
Dell Webcam Central (Version: 1.40.05)
Dell Wireless WLAN Card Utility (Version: 5.30.21.0)
Destinations (Version: 130.0.0.0)
DeviceDiscovery (Version: 130.0.372.000)
DHTML Editing Component (Version: 6.02.0001)
DJ_AIO_06_F4500_SW_MIN (Version: 130.0.406.000)
ErrorEND (Version: 1.0.9.3)
F4500 (Version: 130.0.406.000)
GPBaseService2 (Version: 130.0.371.000)
HP Customer Participation Program 13.0 (Version: 13.0)
HP Deskjet F4500 Printer Driver Software 13.0 Rel .6 (Version: 13.0)
HP Imaging Device Functions 13.0 (Version: 13.0)
HP Print Projects 1.0 (Version: 1.0)
HP Smart Web Printing 4.5 (Version: 4.5)
HP Solution Center 13.0 (Version: 13.0)
HP Update (Version: 5.005.000.002)
HPDiagnosticAlert (Version: 1.00.0000)
HPPhotoGadget (Version: 130.0.282.000)
hpPrintProjects (Version: 130.0.303.000)
HPProductAssistant (Version: 130.0.371.000)
HPSSupply (Version: 130.0.371.000)
hpWLPGInstaller (Version: 130.0.303.000)
iCloud (Version: 2.1.1.3)
Intel® Rapid Storage Technology (Version: 10.5.0.1029)
Intel® Matrix Storage Manager
iTunes (Version: 11.0.2.26)
Java 7 Update 15 (Version: 7.0.150)
Java Auto Updater (Version: 2.1.9.0)
Java™ 6 Update 17 (64-bit) (Version: 6.0.170)
Junk Mail filter update (Version: 15.4.3502.0922)
Live! Cam Avatar Creator (Version: 4.6.3009.1)
MarketResearch (Version: 130.0.374.000)
Mesh Runtime (Version: 15.4.5722.2)
Messenger Companion (Version: 15.4.3502.0922)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Search Enhancement Pack (Version: 3.0.133.0)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Works (Version: 9.7.0621)
MobileMe Control Panel (Version: 3.1.8.0)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Network64 (Version: 130.0.572.000)
Network64 (Version: 140.0.221.000)
PowerDVD DX (Version: 8.3.5424)
Quickset64 (Version: 9.6.6)
QuickTime (Version: 7.73.80.64)
Roxio Burn (Version: 1.01)
Safari (Version: 5.34.57.2)
Scan (Version: 13.0.0.0)
Shop for HP Supplies (Version: 13.0)
Skins (Version: 2009.0625.1812.30825)
SmartWebPrinting (Version: 130.0.373.000)
SolutionCenter (Version: 130.0.373.000)
Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0)
Status (Version: 130.0.373.000)
Toolbox (Version: 130.0.648.000)
TrayApp (Version: 130.0.376.000)
Turbo Lister 2 (Version: 2.00.0000)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Visual C++ 8.0 Runtime Setup Package (x64) (Version: 9.0.0.623)
WD SmartWare (Version: 1.1.0.7)
WebReg (Version: 130.0.132.017)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live Family Safety (Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live Messenger Companion Core (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)

==================== Restore Points  =========================

17-05-2013 22:38:08 Microsoft Antimalware Checkpoint
21-05-2013 11:49:51 Windows Update
24-05-2013 16:32:15 Windows Update
31-05-2013 16:44:53 Windows Update
06-06-2013 20:01:36 Windows Update
06-06-2013 20:19:14 Windows Update
14-06-2013 21:18:15 Windows Update
14-06-2013 23:26:20 Microsoft Antimalware Checkpoint
14-06-2013 23:51:14 Windows Update
15-06-2013 00:13:50 Restore Operation
15-06-2013 00:40:25 Windows Update
15-06-2013 01:09:22 Windows Update
15-06-2013 10:01:47 Microsoft Antimalware Checkpoint
15-06-2013 11:38:22  Microsoft Security Client
15-06-2013 14:13:58 ErrorEND Backup
16-06-2013 12:51:49  Microsoft Security Client
16-06-2013 13:06:20 MSE Removal and Regedit Export 160613
18-06-2013 18:53:04 Windows Update
20-06-2013 07:19:33 Windows Update
20-06-2013 17:31:53 Windows Update

==================== Scheduled Tasks (whitelisted) =============

Task: {03AF8859-0306-4810-A7BA-2E1DBC001C0A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {056910EA-B49B-4603-90B9-2C070C049528} - System32\Tasks\ErrorEND => C:\Program Files\ErrorEND\ERROREND.exe [2013-06-05] (Seven Servos Software Inc.)
Task: {10A3C1B9-C79A-4492-870C-AFB5BA1A32C6} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => C:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation)
Task: {15F6C638-F402-4E71-B948-EE2AE81335EA} - System32\Tasks\D6S5JSJ1\Administrator - Start WLAN Tray Applet => C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE [2009-07-17] (Dell Inc.)
Task: {1B5E3ABA-A15B-48D3-9D13-13129AFBA7E0} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2001653805-1938361806-551336057-1003
Task: {3ED90DD0-35D9-43D4-BA00-7E5746327AE5} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\MpCmdRun.exe No File
Task: {5092DBB4-9C08-432E-AAD5-7B1B8833B6A2} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-11-20] (Microsoft Corporation)
Task: {535D08DC-47F3-407F-910D-2A1A40591753} - System32\Tasks\PCDoctorBackgroundMonitorTask-Delay => C:\Program Files\Dell Support Center\uaclauncher.exe [2011-10-06] (PC-Doctor, Inc.)
Task: {720C18AA-7146-47E6-9A67-7525642C550D} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2010-06-16] (Microsoft Corporation)
Task: {859ACBE9-BCA4-4217-8D26-A78E8E435C1C} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation)
Task: {99BED052-3061-4949-920E-102C8247FA49} - System32\Tasks\Microsoft\Windows Defender\MpIdleTask => C:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation)
Task: {A275936A-0197-47AA-80FF-AC5DD6EA8B56} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell Support Center\uaclauncher.exe [2011-10-06] (PC-Doctor, Inc.)
Task: {C6D67C34-9C72-431E-B8A9-10EB1D1DFF8E} - System32\Tasks\WPD\SqmUpload_S-1-5-21-2001653805-1938361806-551336057-1001 => C:\Windows\system32\rundll32.exe [2009-07-14] (Microsoft Corporation)
Task: {CC2F1ABB-8237-4822-AAE9-A8D9A7F6462E} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2001653805-1938361806-551336057-1001
Task: {D4A0B741-AE40-4E44-B866-40B9167E8612} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\Dell Support Center\uaclauncher.exe [2011-10-06] (PC-Doctor, Inc.)
Task: {D4B80B50-0D65-4A50-955E-ED98E3CD74BA} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {D9398850-59AF-45DB-A203-B55C3B4BBB0E} - System32\Tasks\WPD\SqmUpload_S-1-5-21-2001653805-1938361806-551336057-1003 => C:\Windows\system32\rundll32.exe [2009-07-14] (Microsoft Corporation)
Task: {DD1E2E1C-17B5-4F09-8C81-547469E9FCEB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-15] (Adobe Systems Incorporated)
Task: {EE4C3B27-9659-4CC4-97A0-27F66FDE712D} - System32\Tasks\PCDEventLauncher => C:\Program Files\Dell Support Center\sessionchecker.exe [2011-10-06] (PC-Doctor, Inc.)

==================== Faulty Device Manager Devices =============

Name: Deskjet F4500 series
Description: Deskjet F4500 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Deskjet F4500 series
Description: Deskjet F4500 series
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: HP
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (06/20/2013 06:55:38 PM) (Source: MsiInstaller) (User: JohnJenny-PC)
Description: Product: Microsoft Security Client -- Error 1920. Service 'Microsoft Antimalware Service' (MsMpSvc) failed to start.  Verify that you have sufficient privileges to start system services.

Error: (06/20/2013 06:53:00 PM) (Source: MsiInstaller) (User: JohnJenny-PC)
Description: Product: Microsoft Security Client -- Error 1920. Service 'Microsoft Antimalware Service' (MsMpSvc) failed to start.  Verify that you have sufficient privileges to start system services.

Error: (06/16/2013 01:51:49 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {19920115-3ac7-4eef-8d1a-f6b4cef5f3af}

Error: (06/15/2013 03:14:40 PM) (Source: Microsoft Security Client Setup) (User: JohnJenny-PC)
Description: HRESULT:0x80070643
Description:Cannot complete the Security Essentials installation. An error has prevented the Security Essentials setup wizard from completing successfully. Please restart your computer and try again. Error code:0x80070643. Fatal error during installation.

Error: (06/15/2013 03:13:58 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {eba84ce0-052b-4cf7-b111-1d793863734d}

Error: (06/15/2013 02:43:45 PM) (Source: MsiInstaller) (User: JohnJenny-PC)
Description: Product: Microsoft Security Client -- Error 1316. A network error occurred while attempting to read from the file: c:\Windows\Installer\epp.msi

Error: (06/15/2013 02:36:33 PM) (Source: Microsoft Security Client Setup) (User: JohnJenny-PC)
Description: HRESULT:0x80070643
Description:Cannot complete the Security Essentials installation. An error has prevented the Security Essentials setup wizard from completing successfully. Please restart your computer and try again. Error code:0x80070643. Fatal error during installation.

Error: (06/15/2013 02:36:27 PM) (Source: MsiInstaller) (User: JohnJenny-PC)
Description: Product: Microsoft Security Client -- Error 1316. A network error occurred while attempting to read from the file: c:\Windows\Installer\epp.msi

Error: (06/15/2013 02:34:51 PM) (Source: Microsoft Security Client Setup) (User: JohnJenny-PC)
Description: HRESULT:0x80070643
Description:Cannot complete the Security Essentials installation. An error has prevented the Security Essentials setup wizard from completing successfully. Please restart your computer and try again. Error code:0x80070643. Fatal error during installation.

Error: (06/15/2013 02:31:47 PM) (Source: MsiInstaller) (User: JohnJenny-PC)
Description: Product: Microsoft Security Client -- Error 1316. A network error occurred while attempting to read from the file: c:\Windows\Installer\epp.msi

System errors:
=============
Error: (06/20/2013 06:55:38 PM) (Source: Service Control Manager) (User: )
Description: The Microsoft Antimalware Service service terminated with the following error:
%%-2146869247

Error: (06/20/2013 06:55:33 PM) (Source: Service Control Manager) (User: )
Description: The Microsoft Antimalware Service service terminated with the following error:
%%-2146869247

Error: (06/20/2013 06:55:27 PM) (Source: Service Control Manager) (User: )
Description: The Microsoft Antimalware Service service terminated with the following error:
%%-2146869247

Error: (06/20/2013 06:55:21 PM) (Source: Service Control Manager) (User: )
Description: The Microsoft Antimalware Service service terminated with the following error:
%%-2146869247

Error: (06/20/2013 06:55:16 PM) (Source: Service Control Manager) (User: )
Description: The Microsoft Antimalware Service service terminated with the following error:
%%-2146869247

Error: (06/20/2013 06:55:10 PM) (Source: Service Control Manager) (User: )
Description: The Microsoft Antimalware Service service terminated with the following error:
%%-2146869247

Error: (06/20/2013 06:55:05 PM) (Source: Service Control Manager) (User: )
Description: The Microsoft Antimalware Service service terminated with the following error:
%%-2146869247

Error: (06/20/2013 06:53:00 PM) (Source: Service Control Manager) (User: )
Description: The Microsoft Antimalware Service service terminated with the following error:
%%-2146869247

Error: (06/20/2013 06:52:54 PM) (Source: Service Control Manager) (User: )
Description: The Microsoft Antimalware Service service terminated with the following error:
%%-2146869247

Error: (06/20/2013 06:52:49 PM) (Source: Service Control Manager) (User: )
Description: The Microsoft Antimalware Service service terminated with the following error:
%%-2146869247

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 29%
Total physical RAM: 4092.36 MB
Available physical RAM: 2897.83 MB
Total Pagefile: 8182.89 MB
Available Pagefile: 6821.73 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:283.4 GB) (Free:192.96 GB) NTFS (Disk=0 Partition=3)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298 GB) (Disk ID: CF5ACF27)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=283 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 



#4 Larusso

Larusso

    Raggamuffin


  • Malware Response Team
  • 305 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austria
  • Local time:11:28 AM

Posted 22 June 2013 - 05:41 AM

Hy there and sorry for the delay. Had a show yesterday :)

I do not have 'Microsoft Security Essentials' on my PC anymore as Microsoft Support recommended that I 'Un-install' and 'Re-Install' the program.

Not the best idea. The problem here is that this kind of infection changes the folderpermissions that you do not have accessto them.
2nd it creates junction points ( ask if you are not sure what them are )
So if you manually delete one of the MSC or Windows Defender Folders, your system becomes unbootable cause it will delete an important systemfolder instead the folder you want to delete.

Good thing is, that I only see the junction points are present from this infection. Did you run any other tools before you asked here for help. If so, please let me know which ones.



Download ComboFix from this location:

Link 1



* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================


Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to this topic %5BB%5D How to disable your security applications[/b]


====================================================


Double click on combofix.exe & follow the prompts.


When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.

*Note - if after running ComboFix you see a message similar to 'registry key marked for deletion..' rebooting the machine will resolve that.
regards,
Daniel

Bread for the world instead Bombs and Bangers


I'll always help for free but if you want to support me in my fight against malware, please btn_donate_SM.gif

#5 TheAcousticAssasin

TheAcousticAssasin
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:28 AM

Posted 22 June 2013 - 10:55 AM

Hi Larusso,

I have carried out the instructions to the letter. I am a little concerned as now non of my shortcuts of links to my mail account are working and it took a little time to get back to the site and find the post.

The tools that have been run as instructed by Microsoft Support in two procedures are as follows:

MS Security Scanner

TDS Killer

MSERT

ErrorEnd

Fixit

 

Please find below as requested the 'ComboFix.txt' file

 

ComboFix.txt File

 

ComboFix 13-06-22.01 - JohnJenny 22/06/2013  16:12:33.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.4092.2943 [GMT 1:00]
Running from: c:\users\JohnJenny\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\JohnJenny\AppData\Roaming\Adobe\plugs
c:\users\JohnJenny\AppData\Roaming\Adobe\shed
c:\windows\SysWow64\system
.
.
(((((((((((((((((((((((((   Files Created from 2013-05-22 to 2013-06-22  )))))))))))))))))))))))))))))))
.
.
2013-06-22 15:20 . 2013-06-22 15:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-22 15:20 . 2013-06-22 15:20 -------- d-----w- c:\users\Jenny\AppData\Local\temp
2013-06-20 18:05 . 2013-06-20 18:05 -------- d-----w- C:\FRST
2013-06-20 17:32 . 2013-06-08 12:28 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-06-15 17:39 . 2013-06-15 17:39 -------- d-----w- c:\users\Administrator
2013-06-15 14:04 . 2013-06-15 14:14 -------- d-----w- c:\program files\ErrorEND
2013-06-15 11:38 . 2013-06-15 11:38 -------- d-----w- C:\MATS
2013-06-15 09:20 . 2013-06-15 09:20 -------- d-----w- c:\users\JohnJenny\AppData\Roaming\Malwarebytes
2013-06-15 09:20 . 2013-06-15 09:20 -------- d-----w- c:\programdata\Malwarebytes
2013-06-15 09:20 . 2013-06-15 09:20 -------- d-----w- c:\users\JohnJenny\AppData\Local\Programs
2013-06-15 00:51 . 2013-06-15 14:14 -------- d-----w- c:\programdata\ErrorEND64
2013-06-15 00:47 . 2013-05-08 06:39 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-06-15 00:46 . 2013-04-26 05:51 751104 ----a-w- c:\windows\system32\win32spl.dll
2013-06-15 00:46 . 2013-04-26 04:55 492544 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-06-15 00:46 . 2013-05-10 05:49 30720 ----a-w- c:\windows\system32\cryptdlg.dll
2013-06-15 00:46 . 2013-05-10 03:20 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll
2013-06-15 00:45 . 2013-03-19 06:04 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-06-15 00:45 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-06-15 00:45 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-06-15 00:45 . 2013-03-19 05:46 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-06-15 00:45 . 2013-03-19 04:47 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-06-15 00:45 . 2013-03-19 03:06 112640 ----a-w- c:\windows\system32\smss.exe
2013-06-15 00:44 . 2013-04-17 06:24 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-06-15 00:44 . 2013-04-17 07:02 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2013-06-15 00:44 . 2013-05-13 05:51 1464320 ----a-w- c:\windows\system32\crypt32.dll
2013-06-15 00:44 . 2013-05-13 04:45 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-06-15 00:44 . 2013-05-13 03:43 1192448 ----a-w- c:\windows\system32\certutil.exe
2013-06-15 00:44 . 2013-05-13 03:08 903168 ----a-w- c:\windows\SysWow64\certutil.exe
2013-06-15 00:44 . 2013-05-13 05:51 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-06-15 00:44 . 2013-05-13 05:51 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-06-15 00:44 . 2013-05-13 05:50 52224 ----a-w- c:\windows\system32\certenc.dll
2013-06-15 00:44 . 2013-05-13 04:45 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-06-15 00:44 . 2013-05-13 04:45 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-06-15 00:44 . 2013-05-13 03:08 43008 ----a-w- c:\windows\SysWow64\certenc.dll
2013-06-15 00:40 . 2013-04-25 23:30 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll
2013-06-15 00:40 . 2013-03-31 22:52 1887232 ----a-w- c:\windows\system32\d3d11.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-15 00:46 . 2012-04-02 17:03 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-15 00:46 . 2011-06-17 16:28 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-15 00:26 . 2011-10-19 17:27 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-06-02 16:11 . 2010-02-09 19:35 75825640 ----a-w- c:\windows\system32\MRT.exe
2013-05-02 01:06 . 2010-02-09 19:45 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-04-13 05:49 . 2013-06-15 00:48 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-06-15 00:48 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-06-15 00:48 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-06-15 00:48 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-06-15 00:48 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-06-15 00:48 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
.
c:\users\Jenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2009-9-21 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
R4 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe;c:\program files\Dell\DellDock\DockLogin.exe [x]
R4 WDDMService.exe;WD SmartWare Drive Manager Service;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [x]
R4 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ    hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 00:46]
.
2013-06-15 c:\windows\Tasks\ErrorEND.job
- c:\program files\ErrorEND\ERROREND.exe [2013-06-05 07:11]
.
2011-11-14 c:\windows\Tasks\PCDoctorBackgroundMonitorTask-Delay.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-10-06 20:32]
.
2013-06-15 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-10-06 20:32]
.
2013-06-22 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-10-06 20:32]
.
.
--------- X64 Entries -----------
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2001653805-1938361806-551336057-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2001653805-1938361806-551336057-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-06-22  16:24:04
ComboFix-quarantined-files.txt  2013-06-22 15:24
.
Pre-Run: 206,241,456,128 bytes free
Post-Run: 207,429,398,528 bytes free
.
- - End Of File - - 0EBE72A12659628BD6273467B6788C2D
D41D8CD98F00B204E9800998ECF8427E
 

I hope this correct.



#6 Larusso

Larusso

    Raggamuffin


  • Malware Response Team
  • 305 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austria
  • Local time:11:28 AM

Posted 23 June 2013 - 02:09 PM

Hy there

non of my shortcuts of links to my mail account are working

I am not really sure what you mean here. Sorry, first language is still not English :D


Go here to run an online scannner from ESET. Windows Vista/Windows 7 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator
  • Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
  • Close the ESET online scan, and let me know how things are now.

regards,
Daniel

Bread for the world instead Bombs and Bangers


I'll always help for free but if you want to support me in my fight against malware, please btn_donate_SM.gif

#7 TheAcousticAssasin

TheAcousticAssasin
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:28 AM

Posted 24 June 2013 - 03:21 PM

Hi

Please see below the results of the Online Scanner ESET

 

C:\Users\Jenny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\52de297d-52556f3a multiple threats
C:\Users\JohnJenny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\765aaecd-46d8654e multiple threats
C:\Users\JohnJenny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\23e7692-71658074 multiple threats
C:\Users\JohnJenny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\73601213-36e58973 Java/Exploit.Agent.OOZ Trojan

 

The program did not let me remove the infected files.

The 'New Tab' on my IE is not available when I type a new address or select a favourite site.

Not really sure what is going on with the laptop



#8 TheAcousticAssasin

TheAcousticAssasin
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:28 AM

Posted 24 June 2013 - 04:16 PM

Hi Guys,

Just a little update for you. I have managed to get MSE installed on the Laptop and completed a scan (Quick Scan Only so far).

To run the MSE application I have had to right click on the application and selected the 'Run as Administrator' option under the advanced button. 

I have also had to do this for my I.E. I have installed and all the 'Favorites' short cuts in the I.E. program now work.

This is very confusing but it is a start.



#9 Larusso

Larusso

    Raggamuffin


  • Malware Response Team
  • 305 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austria
  • Local time:11:28 AM

Posted 25 June 2013 - 11:22 AM

The 'New Tab' on my IE is not available when I type a new address or select a favourite site.

Thanks for the explanation. Now I understand :)

Just a little update for you. I have managed to get MSE installed on the Laptop and completed a scan (Quick Scan Only so far).

Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.



Please delete the current version of FRST.exe



Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

regards,
Daniel

Bread for the world instead Bombs and Bangers


I'll always help for free but if you want to support me in my fight against malware, please btn_donate_SM.gif

#10 TheAcousticAssasin

TheAcousticAssasin
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:28 AM

Posted 27 June 2013 - 12:26 PM

Hi

Please find below the latest "Fanbar Recovery Scan Test"

My apologies for loading MSE, this was a must as we needed to access the Internet

 

Fanbar Recovery Scan Test

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-06-2013 02
Ran by JohnJenny (administrator) on 27-06-2013 18:17:09
Running from C:\Users\JohnJenny\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Windows\system32\wermgr.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1281512 2013-01-27] (Microsoft Corporation)
HKU\Jenny\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Jenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
HKCU SearchScopes: DefaultScope {A532A0A9-557A-4A65-BA4F-28B7753D9CC6} URL =
SearchScopes: HKCU - {34FF0DFD-ABE9-48CC-A23A-8B834FFEB9AE} URL =
SearchScopes: HKCU - {A532A0A9-557A-4A65-BA4F-28B7753D9CC6} URL =
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM-x32 - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler-x32: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

==================== Services (Whitelisted) =================

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)
S4 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe [240128 2009-06-29] (IDT, Inc.)
S4 wltrysvc; C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE [33280 2009-07-17] ()

==================== Drivers (Whitelisted) ====================

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-06-27 18:16 - 2013-06-27 18:16 - 01931940 ____A (Farbar) C:\Users\JohnJenny\Desktop\FRST64.exe
2013-06-24 22:02 - 2013-06-24 22:02 - 00000000 ____D C:\Users\Jenny\AppData\Local\{1D0D5358-B95C-4F92-884C-99DB7084CB06}
2013-06-24 21:28 - 2013-06-24 21:28 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-06-24 21:27 - 2013-06-24 21:27 - 13475464 ____A (Microsoft Corporation) C:\Users\JohnJenny\Downloads\mseinstall (1).exe
2013-06-24 21:07 - 2013-06-24 21:07 - 00000428 ____A C:\Users\JohnJenny\Desktop\List of found threats.txt
2013-06-24 18:57 - 2013-06-24 18:57 - 00000000 ___HD C:\Windows\AxInstSV
2013-06-24 18:57 - 2013-06-24 18:57 - 00000000 ____D C:\Program Files (x86)\ESET
2013-06-22 16:57 - 2013-06-22 16:24 - 00015168 ____A C:\Users\JohnJenny\Desktop\ComboFix.txt
2013-06-22 16:24 - 2013-06-22 16:24 - 00015168 ____A C:\ComboFix.txt
2013-06-22 16:09 - 2013-06-22 16:24 - 00000000 ____D C:\Qoobox
2013-06-22 16:09 - 2013-06-22 16:22 - 00000000 ____D C:\Windows\erdnt
2013-06-22 16:09 - 2011-06-26 07:45 - 00256000 ____A C:\Windows\PEV.exe
2013-06-22 16:09 - 2010-11-07 18:20 - 00208896 ____A C:\Windows\MBR.exe
2013-06-22 16:09 - 2009-04-20 05:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-06-22 16:09 - 2000-08-31 01:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-06-22 16:09 - 2000-08-31 01:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-06-22 16:09 - 2000-08-31 01:00 - 00098816 ____A C:\Windows\sed.exe
2013-06-22 16:09 - 2000-08-31 01:00 - 00080412 ____A C:\Windows\grep.exe
2013-06-22 16:09 - 2000-08-31 01:00 - 00068096 ____A C:\Windows\zip.exe
2013-06-22 16:05 - 2013-06-22 16:06 - 05082201 ____R (Swearware) C:\Users\JohnJenny\Desktop\ComboFix.exe
2013-06-22 12:40 - 2013-06-22 12:40 - 00000000 ____D C:\Users\Jenny\AppData\Local\{B5E3D7BF-B8B7-4D48-9DC7-E9CFF2E77D2F}
2013-06-20 19:09 - 2013-06-20 19:09 - 00021527 ____A C:\Users\JohnJenny\Downloads\Addition.txt
2013-06-20 19:05 - 2013-06-20 19:05 - 00000000 ____D C:\FRST
2013-06-20 18:33 - 2013-05-17 02:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-20 18:33 - 2013-05-17 02:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-20 18:33 - 2013-05-17 02:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-20 18:33 - 2013-05-17 02:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-20 18:33 - 2013-05-17 02:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-20 18:33 - 2013-05-17 02:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-20 18:33 - 2013-05-17 02:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-20 18:33 - 2013-05-17 02:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-20 18:33 - 2013-05-17 01:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-20 18:33 - 2013-05-17 01:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-20 18:33 - 2013-05-17 01:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-20 18:33 - 2013-05-17 01:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-20 18:33 - 2013-05-17 01:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-20 18:33 - 2013-05-17 01:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-20 18:33 - 2013-05-17 01:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-20 18:33 - 2013-05-17 01:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-20 18:33 - 2013-05-17 01:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-20 18:33 - 2013-05-14 13:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-20 18:33 - 2013-05-14 09:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-20 18:32 - 2013-06-08 15:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-20 18:32 - 2013-06-08 15:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-20 18:32 - 2013-06-08 15:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-20 18:32 - 2013-06-08 15:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-20 18:32 - 2013-06-08 15:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-20 18:32 - 2013-06-08 13:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-20 18:32 - 2013-06-08 12:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-20 18:32 - 2013-06-08 12:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-20 18:32 - 2013-06-08 12:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-20 18:32 - 2013-06-08 12:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-20 18:32 - 2013-06-08 12:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-20 18:32 - 2013-06-08 12:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-20 08:24 - 2013-06-20 08:24 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-20 08:24 - 2013-06-20 08:24 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-06-20 08:24 - 2013-06-20 08:24 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-06-20 08:24 - 2013-06-20 08:24 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-06-20 08:24 - 2013-06-20 08:24 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-06-20 08:24 - 2013-06-20 08:24 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-06-20 08:24 - 2013-06-20 08:24 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-06-20 08:24 - 2013-06-20 08:24 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-20 08:24 - 2013-06-20 08:24 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-06-20 08:24 - 2013-06-20 08:24 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-06-20 08:24 - 2013-06-20 08:24 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-06-20 08:24 - 2013-06-20 08:24 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-06-20 08:24 - 2013-06-20 08:24 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-06-20 08:24 - 2013-06-20 08:24 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-06-20 08:24 - 2013-06-20 08:24 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-06-20 08:24 - 2013-06-20 08:24 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-06-20 08:24 - 2013-06-20 08:24 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-06-20 08:24 - 2013-06-20 08:24 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-06-20 08:24 - 2013-06-20 08:24 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-06-20 08:24 - 2013-06-20 08:24 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-06-20 08:24 - 2013-06-20 08:24 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-06-20 08:20 - 2013-06-20 08:27 - 00007921 ____A C:\Windows\IE10_main.log
2013-06-20 08:20 - 2013-06-20 08:20 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\JohnJenny\Desktop\tdsskiller.exe
2013-06-20 08:18 - 2013-06-20 08:18 - 85904656 ____A (Microsoft Corporation) C:\Users\JohnJenny\Desktop\msert.exe
2013-06-17 17:49 - 2013-06-17 17:50 - 00000000 ____D C:\Users\Jenny\AppData\Local\{852AC8A2-5C8D-4B46-83F9-B753D0E370E2}
2013-06-16 15:06 - 2013-06-16 15:06 - 00000000 ____D C:\Users\Jenny\AppData\Local\{FD677F71-6302-4097-A2C2-71B1DC8F6B0F}
2013-06-16 14:42 - 2013-06-16 14:42 - 00002526 ____A C:\Users\Administrator\Desktop\mseremoval.bat
2013-06-16 13:56 - 2013-06-16 13:56 - 213054506 ____A C:\Users\Administrator\Desktop\Regedit_16_06_13.reg
2013-06-16 13:40 - 2013-06-16 13:40 - 00002526 ____A C:\Users\Administrator\Desktop\229863724-0-MSE_Uninstall.txt
2013-06-15 18:40 - 2013-06-15 18:40 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Macromedia
2013-06-15 18:40 - 2013-06-15 18:40 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Dell
2013-06-15 18:40 - 2013-06-15 18:40 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2013-06-15 18:39 - 2013-06-15 18:39 - 00079992 ____A C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2013-06-15 18:39 - 2013-06-15 18:39 - 00000020 ___SH C:\Users\Administrator\ntuser.ini
2013-06-15 18:39 - 2013-06-15 18:39 - 00000000 ____D C:\Users\Administrator\AppData\Local\Stardock_Corporation
2013-06-15 18:39 - 2013-06-15 18:39 - 00000000 ____D C:\users\Administrator
2013-06-15 18:39 - 2010-08-14 13:28 - 00000000 ____D C:\Users\Administrator\AppData\Local\Microsoft Help
2013-06-15 15:27 - 2013-06-15 15:28 - 88079120 ____A (Microsoft Corporation) C:\Users\JohnJenny\Downloads\msert.exe
2013-06-15 15:05 - 2013-06-15 15:18 - 00000390 ____A C:\Windows\Tasks\ErrorEND.job
2013-06-15 15:04 - 2013-06-15 15:14 - 00000000 ____D C:\Program Files\ErrorEND
2013-06-15 15:04 - 2013-06-15 15:04 - 03891648 ____A C:\Users\JohnJenny\Downloads\ErrorEND_Installer.exe
2013-06-15 15:04 - 2013-06-15 15:04 - 00000814 ____A C:\Users\JohnJenny\Desktop\ErrorEND.lnk
2013-06-15 14:40 - 2013-06-15 14:40 - 00000000 ____D C:\Windows\pss
2013-06-15 13:28 - 2013-06-15 13:29 - 00000000 ____D C:\Users\JohnJenny\AppData\Local\{71D0AD8C-2E3A-4002-9E8C-72C199C63332}
2013-06-15 12:45 - 2013-06-15 12:45 - 13475464 ____A (Microsoft Corporation) C:\Users\JohnJenny\Downloads\mseinstall.exe
2013-06-15 12:38 - 2013-06-15 12:38 - 00000000 ____D C:\MATS
2013-06-15 10:20 - 2013-06-15 10:20 - 00000000 ____D C:\Users\JohnJenny\AppData\Roaming\Malwarebytes
2013-06-15 10:20 - 2013-06-15 10:20 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-06-15 10:19 - 2013-06-15 10:19 - 10285040 ____A (Malwarebytes Corporation                                    ) C:\Users\JohnJenny\Downloads\mbam-setup-1.75.0.1300.exe
2013-06-15 01:51 - 2013-06-15 15:14 - 00000000 ____D C:\ProgramData\ErrorEND64
2013-06-15 01:48 - 2013-04-12 15:45 - 01656680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2013-06-15 01:48 - 2013-04-10 07:01 - 00983400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-06-15 01:48 - 2013-04-10 07:01 - 00265064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2013-06-15 01:48 - 2013-04-10 04:30 - 03153920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-06-15 01:48 - 2013-03-19 06:53 - 00230400 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll
2013-06-15 01:48 - 2013-03-19 06:53 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll
2013-06-15 01:48 - 2013-02-27 07:02 - 00111448 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe
2013-06-15 01:48 - 2013-02-27 06:52 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-06-15 01:48 - 2013-02-27 06:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2013-06-15 01:48 - 2013-02-27 06:48 - 01930752 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-06-15 01:48 - 2013-02-27 06:47 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll
2013-06-15 01:48 - 2013-02-27 05:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-06-15 01:48 - 2013-02-27 05:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-06-15 01:48 - 2013-02-27 05:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-06-15 01:48 - 2013-02-15 07:08 - 00044032 ____A (Microsoft Corporation) C:\Windows\System32\tsgqec.dll
2013-06-15 01:48 - 2013-02-15 07:06 - 03717632 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2013-06-15 01:48 - 2013-02-15 07:02 - 00158720 ____A (Microsoft Corporation) C:\Windows\System32\aaclient.dll
2013-06-15 01:48 - 2013-02-15 05:37 - 03217408 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2013-06-15 01:48 - 2013-02-15 05:34 - 00131584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2013-06-15 01:48 - 2013-02-15 04:25 - 00036864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2013-06-15 01:48 - 2013-01-24 07:01 - 00223752 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fvevol.sys
2013-06-15 01:48 - 2011-02-03 12:25 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
2013-06-15 01:47 - 2013-05-08 07:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-15 01:46 - 2013-05-10 06:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-15 01:46 - 2013-05-10 04:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-15 01:46 - 2013-04-26 06:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-15 01:46 - 2013-04-26 05:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-15 01:45 - 2013-03-19 07:04 - 05550424 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-06-15 01:45 - 2013-03-19 06:46 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2013-06-15 01:45 - 2013-03-19 06:04 - 03968856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-06-15 01:45 - 2013-03-19 06:04 - 03913560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-06-15 01:45 - 2013-03-19 05:47 - 00006656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-06-15 01:45 - 2013-03-19 04:06 - 00112640 ____A (Microsoft Corporation) C:\Windows\System32\smss.exe
2013-06-15 01:44 - 2013-05-13 06:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-15 01:44 - 2013-05-13 06:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-15 01:44 - 2013-05-13 06:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-15 01:44 - 2013-05-13 06:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-15 01:44 - 2013-05-13 05:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-15 01:44 - 2013-05-13 05:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-15 01:44 - 2013-05-13 05:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-15 01:44 - 2013-05-13 04:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-15 01:44 - 2013-05-13 04:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-15 01:44 - 2013-05-13 04:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-15 01:44 - 2013-04-17 08:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-15 01:44 - 2013-04-17 07:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-15 01:40 - 2013-04-26 00:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-15 01:40 - 2013-03-31 23:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-06-15 01:28 - 2013-06-15 01:28 - 00000000 ____D C:\Users\JohnJenny\AppData\Local\{CCE8012A-9F4A-4BDB-A5DD-17748885A16C}
2013-06-14 22:27 - 2013-06-14 22:27 - 00000000 ____D C:\Users\JohnJenny\AppData\Local\{F4358D57-FB18-4522-880D-C4844C1DEDB4}
2013-06-06 20:53 - 2013-06-06 20:53 - 00000000 ____D C:\Users\JohnJenny\AppData\Local\{4F28D500-2B9E-4861-8197-5BC11C40EE50}
2013-06-02 21:37 - 2013-06-02 21:38 - 00000000 ____D C:\Users\JohnJenny\AppData\Local\{844AF40D-5403-4FA8-8836-FE71079FC264}
2013-05-31 17:35 - 2013-05-31 17:35 - 00000000 ____D C:\Users\Jenny\AppData\Local\{9BEB65D1-D395-4CA7-B054-2C7223FC6FE6}

==================== One Month Modified Files and Folders =======

2013-06-27 18:17 - 2009-07-14 06:10 - 01476933 ____A C:\Windows\WindowsUpdate.log
2013-06-27 18:16 - 2013-06-27 18:16 - 01931940 ____A (Farbar) C:\Users\JohnJenny\Desktop\FRST64.exe
2013-06-27 18:08 - 2011-10-19 18:48 - 00000506 ____A C:\Windows\Tasks\SystemToolsDailyTest.job
2013-06-27 18:07 - 2009-07-14 05:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-27 18:07 - 2009-07-14 05:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-27 18:00 - 2009-07-14 06:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-27 18:00 - 2009-07-14 05:51 - 00087437 ____A C:\Windows\setupact.log
2013-06-24 22:02 - 2013-06-24 22:02 - 00000000 ____D C:\Users\Jenny\AppData\Local\{1D0D5358-B95C-4F92-884C-99DB7084CB06}
2013-06-24 22:02 - 2010-02-10 14:05 - 00000000 ____D C:\Users\Jenny\Tracing
2013-06-24 21:46 - 2012-04-02 18:03 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-24 21:35 - 2011-03-02 20:40 - 00002198 ____A C:\Windows\epplauncher.mif
2013-06-24 21:28 - 2013-06-24 21:28 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-06-24 21:28 - 2011-03-02 20:39 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-06-24 21:27 - 2013-06-24 21:27 - 13475464 ____A (Microsoft Corporation) C:\Users\JohnJenny\Downloads\mseinstall (1).exe
2013-06-24 21:07 - 2013-06-24 21:07 - 00000428 ____A C:\Users\JohnJenny\Desktop\List of found threats.txt
2013-06-24 21:05 - 2010-02-09 20:14 - 00000000 ____D C:\Users\JohnJenny\AppData\Local\VirtualStore
2013-06-24 18:57 - 2013-06-24 18:57 - 00000000 ___HD C:\Windows\AxInstSV
2013-06-24 18:57 - 2013-06-24 18:57 - 00000000 ____D C:\Program Files (x86)\ESET
2013-06-22 16:31 - 2010-02-03 08:48 - 00491370 ____A C:\Windows\PFRO.log
2013-06-22 16:30 - 2010-10-23 06:40 - 00000000 ____D C:\Users\JohnJenny\AppData\Local\Windows Live
2013-06-22 16:24 - 2013-06-22 16:57 - 00015168 ____A C:\Users\JohnJenny\Desktop\ComboFix.txt
2013-06-22 16:24 - 2013-06-22 16:24 - 00015168 ____A C:\ComboFix.txt
2013-06-22 16:24 - 2013-06-22 16:09 - 00000000 ____D C:\Qoobox
2013-06-22 16:22 - 2013-06-22 16:09 - 00000000 ____D C:\Windows\erdnt
2013-06-22 16:21 - 2009-07-14 03:34 - 00000215 ____A C:\Windows\system.ini
2013-06-22 16:19 - 2010-02-09 20:23 - 00000000 ____D C:\Users\JohnJenny\AppData\Roaming\Adobe
2013-06-22 16:08 - 2010-02-09 20:11 - 00000000 ____D C:\users\JohnJenny
2013-06-22 16:06 - 2013-06-22 16:05 - 05082201 ____R (Swearware) C:\Users\JohnJenny\Desktop\ComboFix.exe
2013-06-22 12:40 - 2013-06-22 12:40 - 00000000 ____D C:\Users\Jenny\AppData\Local\{B5E3D7BF-B8B7-4D48-9DC7-E9CFF2E77D2F}
2013-06-20 19:09 - 2013-06-20 19:09 - 00021527 ____A C:\Users\JohnJenny\Downloads\Addition.txt
2013-06-20 19:05 - 2013-06-20 19:05 - 00000000 ____D C:\FRST
2013-06-20 08:30 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-06-20 08:27 - 2013-06-20 08:20 - 00007921 ____A C:\Windows\IE10_main.log
2013-06-20 08:27 - 2009-07-14 06:13 - 00726444 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-20 08:24 - 2013-06-20 08:24 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-20 08:24 - 2013-06-20 08:24 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-06-20 08:24 - 2013-06-20 08:24 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-06-20 08:24 - 2013-06-20 08:24 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-06-20 08:24 - 2013-06-20 08:24 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-06-20 08:24 - 2013-06-20 08:24 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-06-20 08:24 - 2013-06-20 08:24 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-06-20 08:24 - 2013-06-20 08:24 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-20 08:24 - 2013-06-20 08:24 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-06-20 08:24 - 2013-06-20 08:24 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-06-20 08:24 - 2013-06-20 08:24 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-06-20 08:24 - 2013-06-20 08:24 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-06-20 08:24 - 2013-06-20 08:24 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-06-20 08:24 - 2013-06-20 08:24 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-06-20 08:24 - 2013-06-20 08:24 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-06-20 08:24 - 2013-06-20 08:24 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-06-20 08:24 - 2013-06-20 08:24 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-06-20 08:24 - 2013-06-20 08:24 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-06-20 08:24 - 2013-06-20 08:24 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-06-20 08:24 - 2013-06-20 08:24 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-06-20 08:24 - 2013-06-20 08:24 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-06-20 08:20 - 2013-06-20 08:20 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\JohnJenny\Desktop\tdsskiller.exe
2013-06-20 08:18 - 2013-06-20 08:18 - 85904656 ____A (Microsoft Corporation) C:\Users\JohnJenny\Desktop\msert.exe
2013-06-17 17:50 - 2013-06-17 17:49 - 00000000 ____D C:\Users\Jenny\AppData\Local\{852AC8A2-5C8D-4B46-83F9-B753D0E370E2}
2013-06-16 15:06 - 2013-06-16 15:06 - 00000000 ____D C:\Users\Jenny\AppData\Local\{FD677F71-6302-4097-A2C2-71B1DC8F6B0F}
2013-06-16 14:42 - 2013-06-16 14:42 - 00002526 ____A C:\Users\Administrator\Desktop\mseremoval.bat
2013-06-16 13:56 - 2013-06-16 13:56 - 213054506 ____A C:\Users\Administrator\Desktop\Regedit_16_06_13.reg
2013-06-16 13:40 - 2013-06-16 13:40 - 00002526 ____A C:\Users\Administrator\Desktop\229863724-0-MSE_Uninstall.txt
2013-06-15 18:40 - 2013-06-15 18:40 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Macromedia
2013-06-15 18:40 - 2013-06-15 18:40 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Dell
2013-06-15 18:40 - 2013-06-15 18:40 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2013-06-15 18:39 - 2013-06-15 18:39 - 00079992 ____A C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2013-06-15 18:39 - 2013-06-15 18:39 - 00000020 ___SH C:\Users\Administrator\ntuser.ini
2013-06-15 18:39 - 2013-06-15 18:39 - 00000000 ____D C:\Users\Administrator\AppData\Local\Stardock_Corporation
2013-06-15 18:39 - 2013-06-15 18:39 - 00000000 ____D C:\users\Administrator
2013-06-15 15:28 - 2013-06-15 15:27 - 88079120 ____A (Microsoft Corporation) C:\Users\JohnJenny\Downloads\msert.exe
2013-06-15 15:18 - 2013-06-15 15:05 - 00000390 ____A C:\Windows\Tasks\ErrorEND.job
2013-06-15 15:14 - 2013-06-15 15:04 - 00000000 ____D C:\Program Files\ErrorEND
2013-06-15 15:14 - 2013-06-15 01:51 - 00000000 ____D C:\ProgramData\ErrorEND64
2013-06-15 15:14 - 2011-10-19 18:45 - 00000000 ____D C:\Program Files\Bonjour
2013-06-15 15:04 - 2013-06-15 15:04 - 03891648 ____A C:\Users\JohnJenny\Downloads\ErrorEND_Installer.exe
2013-06-15 15:04 - 2013-06-15 15:04 - 00000814 ____A C:\Users\JohnJenny\Desktop\ErrorEND.lnk
2013-06-15 14:40 - 2013-06-15 14:40 - 00000000 ____D C:\Windows\pss
2013-06-15 14:27 - 2010-02-14 11:37 - 00000000 ____D C:\Users\JohnJenny\Tracing
2013-06-15 13:29 - 2013-06-15 13:28 - 00000000 ____D C:\Users\JohnJenny\AppData\Local\{71D0AD8C-2E3A-4002-9E8C-72C199C63332}
2013-06-15 12:45 - 2013-06-15 12:45 - 13475464 ____A (Microsoft Corporation) C:\Users\JohnJenny\Downloads\mseinstall.exe
2013-06-15 12:38 - 2013-06-15 12:38 - 00000000 ____D C:\MATS
2013-06-15 10:20 - 2013-06-15 10:20 - 00000000 ____D C:\Users\JohnJenny\AppData\Roaming\Malwarebytes
2013-06-15 10:20 - 2013-06-15 10:20 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-06-15 10:19 - 2013-06-15 10:19 - 10285040 ____A (Malwarebytes Corporation                                    ) C:\Users\JohnJenny\Downloads\mbam-setup-1.75.0.1300.exe
2013-06-15 09:55 - 2009-07-14 05:45 - 00340864 ____A C:\Windows\System32\FNTCACHE.DAT
2013-06-15 01:57 - 2011-10-19 18:48 - 00000564 ____A C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2013-06-15 01:46 - 2012-04-02 18:03 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-15 01:46 - 2011-06-17 17:28 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-15 01:28 - 2013-06-15 01:28 - 00000000 ____D C:\Users\JohnJenny\AppData\Local\{CCE8012A-9F4A-4BDB-A5DD-17748885A16C}
2013-06-15 01:28 - 2010-02-03 07:06 - 00000000 ____D C:\ProgramData\PCDr
2013-06-15 01:23 - 2010-02-09 21:33 - 00000000 ____D C:\users\Jenny
2013-06-15 01:23 - 2009-07-14 06:32 - 00000000 ____D C:\Windows\Offline Web Pages
2013-06-15 01:23 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-06-15 01:23 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-06-15 01:23 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\L2Schemas
2013-06-15 01:22 - 2012-02-18 11:27 - 00000000 ____D C:\Windows\System32\Macromed
2013-06-15 01:22 - 2010-02-03 06:57 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2013-06-15 01:22 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\AppCompat
2013-06-15 01:22 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-06-15 01:21 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration
2013-06-14 22:27 - 2013-06-14 22:27 - 00000000 ____D C:\Users\JohnJenny\AppData\Local\{F4358D57-FB18-4522-880D-C4844C1DEDB4}
2013-06-08 15:08 - 2013-06-20 18:32 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-08 15:07 - 2013-06-20 18:32 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-08 15:06 - 2013-06-20 18:32 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-08 15:06 - 2013-06-20 18:32 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-08 15:06 - 2013-06-20 18:32 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-08 13:28 - 2013-06-20 18:32 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-08 12:42 - 2013-06-20 18:32 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-08 12:40 - 2013-06-20 18:32 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-08 12:40 - 2013-06-20 18:32 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-08 12:40 - 2013-06-20 18:32 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-08 12:40 - 2013-06-20 18:32 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-08 12:13 - 2013-06-20 18:32 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-06 20:53 - 2013-06-06 20:53 - 00000000 ____D C:\Users\JohnJenny\AppData\Local\{4F28D500-2B9E-4861-8197-5BC11C40EE50}
2013-06-02 21:38 - 2013-06-02 21:37 - 00000000 ____D C:\Users\JohnJenny\AppData\Local\{844AF40D-5403-4FA8-8836-FE71079FC264}
2013-06-02 17:11 - 2010-02-09 20:35 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-05-31 17:35 - 2013-05-31 17:35 - 00000000 ____D C:\Users\Jenny\AppData\Local\{9BEB65D1-D395-4CA7-B054-2C7223FC6FE6}

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-05-06 18:13

==================== End Of Log ============================



#11 Larusso

Larusso

    Raggamuffin


  • Malware Response Team
  • 305 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austria
  • Local time:11:28 AM

Posted 28 June 2013 - 06:40 AM

Log is looking good now. How does your system behave ?


Please download Malwarebytes Anti-Rootkit and save it to your desktop.
  • Right click on the .zip file and choose "Extract here"
  • Open the mbar folder.
  • Launch the mbar.exe.
  • Click on next.
  • The tool will now open an Update Window. Please click the Update Button to download the newest definitions.
  • Press the Scan Button.
  • When the scan is done, Don't click the "CleanUP" Button.
  • Click Exit instead.
A logfile ( mbar-log-<YYYY.MM.DD<.txt ) has been created in the mbar folder. Please post its content here
regards,
Daniel

Bread for the world instead Bombs and Bangers


I'll always help for free but if you want to support me in my fight against malware, please btn_donate_SM.gif

#12 TheAcousticAssasin

TheAcousticAssasin
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:28 AM

Posted 28 June 2013 - 11:09 AM

Hi,

Here is the result of the last scan requested.  The Laptop seems OK, maybe a little slow on the Internet but that could be down to the time of day.  Slightly concerned about the Trojan and the other infections the previous scan picked up.  Has this been dealt with?

 

Malwarebytes Anti-Rootkit BETA 1.06.0.1004
www.malwarebytes.org

Database version: v2013.06.28.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16618
JohnJenny :: JOHNJENNY-PC [administrator]

28/06/2013 16:46:58
mbar-log-2013-06-28 (16-46-58).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: PUP
Objects scanned: 294160
Time elapsed: 16 minute(s), 55 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)



#13 Larusso

Larusso

    Raggamuffin


  • Malware Response Team
  • 305 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austria
  • Local time:11:28 AM

Posted 30 June 2013 - 02:03 PM

Hy there and sorry for the delay.

and the other infections the previous scan picked up.

You mean those detected by ESET ? If so, nothing to worry about for the moment. They will get removed now.


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
  • Download the latest version of Java Runtime Environment (JRE) 7 and Save it to your Desktop.
  • Scroll down to where it says Java SE 7u21
  • Click the Download button under JRE to the right.
  • Read the License Agreement then select Accept License Agreement
  • Click on the link to download Windows x86 Offline and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add or Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java™ 6) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u25-windows-i586.exe to install the newest version.
  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are three options in the window to clear the cache - Leave these two Checked

      • Trace and Log Files
        Cached Applications and Applets
      • Click OK on Delete Temporary Files Window
        Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
      • Click OK to leave the Temporary Files Window
      • Click OK to leave the Java Control Panel.
:spacer:
:spacer:
:spacer:
Please delete the current version of FRST.exe
:spacer:
:spacer:
:spacer:
Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

regards,
Daniel

Bread for the world instead Bombs and Bangers


I'll always help for free but if you want to support me in my fight against malware, please btn_donate_SM.gif

#14 TheAcousticAssasin

TheAcousticAssasin
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:28 AM

Posted 01 July 2013 - 01:30 PM

Hi,

I hope you had a good weekend.

Procedure carried out and complete

I had an error message after completing the "jre-7u25-windows-i586.exe" install

The install was reported as complete and when I closed the window I got the following error message

 

BrowserLaunchError:3

 

I clicked the 'OK' button and the error message cleared.

 

Please find below the requested 'FRST.txt' file

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-07-2013 02
Ran by JohnJenny (administrator) on 01-07-2013 19:20:00
Running from C:\Users\JohnJenny\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\system32\msiexec.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1281512 2013-01-27] (Microsoft Corporation)
HKCR\...0c966feabec1\InprocServer32: [Default-shell32] %SystemRoot%\system32\shell32.dll ATTENTION! ====> ZeroAccess?
HKCR\...409d6c4515e9\InprocServer32: [Default-shell32] %SystemRoot%\system32\shell32.dll ATTENTION! ====> ZeroAccess?
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKU\Jenny\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Jenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
HKCU SearchScopes: DefaultScope {A532A0A9-557A-4A65-BA4F-28B7753D9CC6} URL =
SearchScopes: HKCU - {34FF0DFD-ABE9-48CC-A23A-8B834FFEB9AE} URL =
SearchScopes: HKCU - {A532A0A9-557A-4A65-BA4F-28B7753D9CC6} URL =
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM-x32 - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler-x32: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

==================== Services (Whitelisted) =================

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)
S4 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe [240128 2009-06-29] (IDT, Inc.)
S4 wltrysvc; C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE [33280 2009-07-17] ()

==================== Drivers (Whitelisted) ====================

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-07-01 19:19 - 2013-07-01 19:19 - 01933776 ____A (Farbar) C:\Users\JohnJenny\Desktop\FRST64.exe
2013-07-01 19:12 - 2013-07-01 19:12 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-07-01 19:12 - 2013-07-01 19:12 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-07-01 19:12 - 2013-07-01 19:12 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-07-01 19:12 - 2013-07-01 19:12 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-07-01 18:37 - 2013-07-01 18:38 - 31714216 ____A (Oracle Corporation) C:\Users\JohnJenny\Desktop\jre-7u25-windows-i586.exe
2013-06-28 16:46 - 2013-06-28 17:04 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-06-28 16:43 - 2013-06-28 16:43 - 00000000 ____D C:\Users\JohnJenny\Desktop\mbar-1.06.0.1004
2013-06-28 16:42 - 2013-06-28 16:42 - 13399154 ____A C:\Users\JohnJenny\Desktop\mbar-1.06.0.1004.zip
2013-06-24 22:02 - 2013-06-24 22:02 - 00000000 ____D C:\Users\Jenny\AppData\Local\{1D0D5358-B95C-4F92-884C-99DB7084CB06}
2013-06-24 21:28 - 2013-06-24 21:28 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-06-24 21:27 - 2013-06-24 21:27 - 13475464 ____A (Microsoft Corporation) C:\Users\JohnJenny\Downloads\mseinstall (1).exe
2013-06-24 21:07 - 2013-06-24 21:07 - 00000428 ____A C:\Users\JohnJenny\Desktop\List of found threats.txt
2013-06-24 18:57 - 2013-06-24 18:57 - 00000000 ___HD C:\Windows\AxInstSV
2013-06-24 18:57 - 2013-06-24 18:57 - 00000000 ____D C:\Program Files (x86)\ESET
2013-06-22 16:57 - 2013-06-22 16:24 - 00015168 ____A C:\Users\JohnJenny\Desktop\ComboFix.txt
2013-06-22 16:24 - 2013-06-22 16:24 - 00015168 ____A C:\ComboFix.txt
2013-06-22 16:09 - 2013-06-22 16:24 - 00000000 ____D C:\Qoobox
2013-06-22 16:09 - 2013-06-22 16:22 - 00000000 ____D C:\Windows\erdnt
2013-06-22 16:09 - 2011-06-26 07:45 - 00256000 ____A C:\Windows\PEV.exe
2013-06-22 16:09 - 2010-11-07 18:20 - 00208896 ____A C:\Windows\MBR.exe
2013-06-22 16:09 - 2009-04-20 05:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-06-22 16:09 - 2000-08-31 01:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-06-22 16:09 - 2000-08-31 01:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-06-22 16:09 - 2000-08-31 01:00 - 00098816 ____A C:\Windows\sed.exe
2013-06-22 16:09 - 2000-08-31 01:00 - 00080412 ____A C:\Windows\grep.exe
2013-06-22 16:09 - 2000-08-31 01:00 - 00068096 ____A C:\Windows\zip.exe
2013-06-22 16:05 - 2013-06-22 16:06 - 05082201 ____R (Swearware) C:\Users\JohnJenny\Desktop\ComboFix.exe
2013-06-22 12:40 - 2013-06-22 12:40 - 00000000 ____D C:\Users\Jenny\AppData\Local\{B5E3D7BF-B8B7-4D48-9DC7-E9CFF2E77D2F}
2013-06-20 19:09 - 2013-06-20 19:09 - 00021527 ____A C:\Users\JohnJenny\Downloads\Addition.txt
2013-06-20 19:05 - 2013-06-20 19:05 - 00000000 ____D C:\FRST
2013-06-20 18:33 - 2013-05-17 02:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-20 18:33 - 2013-05-17 02:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-20 18:33 - 2013-05-17 02:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-20 18:33 - 2013-05-17 02:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-20 18:33 - 2013-05-17 02:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-20 18:33 - 2013-05-17 02:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-20 18:33 - 2013-05-17 02:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-20 18:33 - 2013-05-17 02:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-20 18:33 - 2013-05-17 01:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-20 18:33 - 2013-05-17 01:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-20 18:33 - 2013-05-17 01:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-20 18:33 - 2013-05-17 01:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-20 18:33 - 2013-05-17 01:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-20 18:33 - 2013-05-17 01:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-20 18:33 - 2013-05-17 01:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-20 18:33 - 2013-05-17 01:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-20 18:33 - 2013-05-17 01:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-20 18:33 - 2013-05-14 13:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-20 18:33 - 2013-05-14 09:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-20 18:32 - 2013-06-08 15:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-20 18:32 - 2013-06-08 15:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-20 18:32 - 2013-06-08 15:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-20 18:32 - 2013-06-08 15:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-20 18:32 - 2013-06-08 15:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-20 18:32 - 2013-06-08 13:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-20 18:32 - 2013-06-08 12:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-20 18:32 - 2013-06-08 12:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-20 18:32 - 2013-06-08 12:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-20 18:32 - 2013-06-08 12:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-20 18:32 - 2013-06-08 12:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-20 18:32 - 2013-06-08 12:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-20 08:24 - 2013-06-20 08:24 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-20 08:24 - 2013-06-20 08:24 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-06-20 08:24 - 2013-06-20 08:24 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-06-20 08:24 - 2013-06-20 08:24 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-06-20 08:24 - 2013-06-20 08:24 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-06-20 08:24 - 2013-06-20 08:24 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-06-20 08:24 - 2013-06-20 08:24 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-06-20 08:24 - 2013-06-20 08:24 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-20 08:24 - 2013-06-20 08:24 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-06-20 08:24 - 2013-06-20 08:24 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-06-20 08:24 - 2013-06-20 08:24 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-06-20 08:24 - 2013-06-20 08:24 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-06-20 08:24 - 2013-06-20 08:24 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-06-20 08:24 - 2013-06-20 08:24 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-06-20 08:24 - 2013-06-20 08:24 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-06-20 08:24 - 2013-06-20 08:24 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-06-20 08:24 - 2013-06-20 08:24 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-06-20 08:24 - 2013-06-20 08:24 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-06-20 08:24 - 2013-06-20 08:24 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-06-20 08:24 - 2013-06-20 08:24 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-06-20 08:24 - 2013-06-20 08:24 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-06-20 08:20 - 2013-06-20 08:27 - 00007921 ____A C:\Windows\IE10_main.log
2013-06-20 08:20 - 2013-06-20 08:20 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\JohnJenny\Desktop\tdsskiller.exe
2013-06-20 08:18 - 2013-06-20 08:18 - 85904656 ____A (Microsoft Corporation) C:\Users\JohnJenny\Desktop\msert.exe
2013-06-17 17:49 - 2013-06-17 17:50 - 00000000 ____D C:\Users\Jenny\AppData\Local\{852AC8A2-5C8D-4B46-83F9-B753D0E370E2}
2013-06-16 15:06 - 2013-06-16 15:06 - 00000000 ____D C:\Users\Jenny\AppData\Local\{FD677F71-6302-4097-A2C2-71B1DC8F6B0F}
2013-06-16 14:42 - 2013-06-16 14:42 - 00002526 ____A C:\Users\Administrator\Desktop\mseremoval.bat
2013-06-16 13:56 - 2013-06-16 13:56 - 213054506 ____A C:\Users\Administrator\Desktop\Regedit_16_06_13.reg
2013-06-16 13:40 - 2013-06-16 13:40 - 00002526 ____A C:\Users\Administrator\Desktop\229863724-0-MSE_Uninstall.txt
2013-06-15 18:40 - 2013-06-15 18:40 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Macromedia
2013-06-15 18:40 - 2013-06-15 18:40 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Dell
2013-06-15 18:40 - 2013-06-15 18:40 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2013-06-15 18:39 - 2013-06-15 18:39 - 00079992 ____A C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2013-06-15 18:39 - 2013-06-15 18:39 - 00000020 ___SH C:\Users\Administrator\ntuser.ini
2013-06-15 18:39 - 2013-06-15 18:39 - 00000000 ____D C:\Users\Administrator\AppData\Local\Stardock_Corporation
2013-06-15 18:39 - 2013-06-15 18:39 - 00000000 ____D C:\users\Administrator
2013-06-15 18:39 - 2010-08-14 13:28 - 00000000 ____D C:\Users\Administrator\AppData\Local\Microsoft Help
2013-06-15 15:27 - 2013-06-15 15:28 - 88079120 ____A (Microsoft Corporation) C:\Users\JohnJenny\Downloads\msert.exe
2013-06-15 15:05 - 2013-06-15 15:18 - 00000390 ____A C:\Windows\Tasks\ErrorEND.job
2013-06-15 15:04 - 2013-06-15 15:14 - 00000000 ____D C:\Program Files\ErrorEND
2013-06-15 15:04 - 2013-06-15 15:04 - 03891648 ____A C:\Users\JohnJenny\Downloads\ErrorEND_Installer.exe
2013-06-15 15:04 - 2013-06-15 15:04 - 00000814 ____A C:\Users\JohnJenny\Desktop\ErrorEND.lnk
2013-06-15 14:40 - 2013-06-15 14:40 - 00000000 ____D C:\Windows\pss
2013-06-15 13:28 - 2013-06-15 13:29 - 00000000 ____D C:\Users\JohnJenny\AppData\Local\{71D0AD8C-2E3A-4002-9E8C-72C199C63332}
2013-06-15 12:45 - 2013-06-15 12:45 - 13475464 ____A (Microsoft Corporation) C:\Users\JohnJenny\Downloads\mseinstall.exe
2013-06-15 12:38 - 2013-06-15 12:38 - 00000000 ____D C:\MATS
2013-06-15 10:20 - 2013-06-15 10:20 - 00000000 ____D C:\Users\JohnJenny\AppData\Roaming\Malwarebytes
2013-06-15 10:20 - 2013-06-15 10:20 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-06-15 10:19 - 2013-06-15 10:19 - 10285040 ____A (Malwarebytes Corporation                                    ) C:\Users\JohnJenny\Downloads\mbam-setup-1.75.0.1300.exe
2013-06-15 01:51 - 2013-06-15 15:14 - 00000000 ____D C:\ProgramData\ErrorEND64
2013-06-15 01:48 - 2013-04-12 15:45 - 01656680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2013-06-15 01:48 - 2013-04-10 07:01 - 00983400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-06-15 01:48 - 2013-04-10 07:01 - 00265064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2013-06-15 01:48 - 2013-04-10 04:30 - 03153920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-06-15 01:48 - 2013-03-19 06:53 - 00230400 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll
2013-06-15 01:48 - 2013-03-19 06:53 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll
2013-06-15 01:48 - 2013-02-27 07:02 - 00111448 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe
2013-06-15 01:48 - 2013-02-27 06:52 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-06-15 01:48 - 2013-02-27 06:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2013-06-15 01:48 - 2013-02-27 06:48 - 01930752 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-06-15 01:48 - 2013-02-27 06:47 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll
2013-06-15 01:48 - 2013-02-27 05:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-06-15 01:48 - 2013-02-27 05:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-06-15 01:48 - 2013-02-27 05:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-06-15 01:48 - 2013-02-15 07:08 - 00044032 ____A (Microsoft Corporation) C:\Windows\System32\tsgqec.dll
2013-06-15 01:48 - 2013-02-15 07:06 - 03717632 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2013-06-15 01:48 - 2013-02-15 07:02 - 00158720 ____A (Microsoft Corporation) C:\Windows\System32\aaclient.dll
2013-06-15 01:48 - 2013-02-15 05:37 - 03217408 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2013-06-15 01:48 - 2013-02-15 05:34 - 00131584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2013-06-15 01:48 - 2013-02-15 04:25 - 00036864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2013-06-15 01:48 - 2013-01-24 07:01 - 00223752 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fvevol.sys
2013-06-15 01:48 - 2011-02-03 12:25 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
2013-06-15 01:47 - 2013-05-08 07:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-15 01:46 - 2013-05-10 06:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-15 01:46 - 2013-05-10 04:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-15 01:46 - 2013-04-26 06:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-15 01:46 - 2013-04-26 05:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-15 01:45 - 2013-03-19 07:04 - 05550424 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-06-15 01:45 - 2013-03-19 06:46 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2013-06-15 01:45 - 2013-03-19 06:04 - 03968856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-06-15 01:45 - 2013-03-19 06:04 - 03913560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-06-15 01:45 - 2013-03-19 05:47 - 00006656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-06-15 01:45 - 2013-03-19 04:06 - 00112640 ____A (Microsoft Corporation) C:\Windows\System32\smss.exe
2013-06-15 01:44 - 2013-05-13 06:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-15 01:44 - 2013-05-13 06:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-15 01:44 - 2013-05-13 06:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-15 01:44 - 2013-05-13 06:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-15 01:44 - 2013-05-13 05:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-15 01:44 - 2013-05-13 05:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-15 01:44 - 2013-05-13 05:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-15 01:44 - 2013-05-13 04:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-15 01:44 - 2013-05-13 04:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-15 01:44 - 2013-05-13 04:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-15 01:44 - 2013-04-17 08:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-15 01:44 - 2013-04-17 07:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-15 01:40 - 2013-04-26 00:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-15 01:40 - 2013-03-31 23:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-06-15 01:28 - 2013-06-15 01:28 - 00000000 ____D C:\Users\JohnJenny\AppData\Local\{CCE8012A-9F4A-4BDB-A5DD-17748885A16C}
2013-06-14 22:27 - 2013-06-14 22:27 - 00000000 ____D C:\Users\JohnJenny\AppData\Local\{F4358D57-FB18-4522-880D-C4844C1DEDB4}
2013-06-06 20:53 - 2013-06-06 20:53 - 00000000 ____D C:\Users\JohnJenny\AppData\Local\{4F28D500-2B9E-4861-8197-5BC11C40EE50}
2013-06-02 21:37 - 2013-06-02 21:38 - 00000000 ____D C:\Users\JohnJenny\AppData\Local\{844AF40D-5403-4FA8-8836-FE71079FC264}

==================== One Month Modified Files and Folders =======

2013-07-01 19:19 - 2013-07-01 19:19 - 01933776 ____A (Farbar) C:\Users\JohnJenny\Desktop\FRST64.exe
2013-07-01 19:13 - 2011-10-19 18:48 - 00000506 ____A C:\Windows\Tasks\SystemToolsDailyTest.job
2013-07-01 19:12 - 2013-07-01 19:12 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-07-01 19:12 - 2013-07-01 19:12 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-07-01 19:12 - 2013-07-01 19:12 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-07-01 19:12 - 2013-07-01 19:12 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-07-01 19:12 - 2012-10-17 19:31 - 00867240 ____A (Oracle Corporation) C:\Windows\SysWOW64\npdeployJava1.dll
2013-07-01 19:12 - 2012-10-17 19:31 - 00789416 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-07-01 19:11 - 2010-02-03 06:58 - 00000000 ____D C:\Program Files (x86)\Java
2013-07-01 19:08 - 2009-07-14 06:10 - 01265543 ____A C:\Windows\WindowsUpdate.log
2013-07-01 18:54 - 2009-07-14 05:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-01 18:54 - 2009-07-14 05:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-01 18:46 - 2009-07-14 06:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-01 18:46 - 2009-07-14 05:51 - 00087661 ____A C:\Windows\setupact.log
2013-07-01 18:38 - 2013-07-01 18:37 - 31714216 ____A (Oracle Corporation) C:\Users\JohnJenny\Desktop\jre-7u25-windows-i586.exe
2013-06-28 22:00 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-06-28 21:46 - 2012-04-02 18:03 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-28 17:04 - 2013-06-28 16:46 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-06-28 16:43 - 2013-06-28 16:43 - 00000000 ____D C:\Users\JohnJenny\Desktop\mbar-1.06.0.1004
2013-06-28 16:42 - 2013-06-28 16:42 - 13399154 ____A C:\Users\JohnJenny\Desktop\mbar-1.06.0.1004.zip
2013-06-24 22:02 - 2013-06-24 22:02 - 00000000 ____D C:\Users\Jenny\AppData\Local\{1D0D5358-B95C-4F92-884C-99DB7084CB06}
2013-06-24 22:02 - 2010-02-10 14:05 - 00000000 ____D C:\Users\Jenny\Tracing
2013-06-24 21:35 - 2011-03-02 20:40 - 00002198 ____A C:\Windows\epplauncher.mif
2013-06-24 21:28 - 2013-06-24 21:28 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-06-24 21:28 - 2011-03-02 20:39 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-06-24 21:27 - 2013-06-24 21:27 - 13475464 ____A (Microsoft Corporation) C:\Users\JohnJenny\Downloads\mseinstall (1).exe
2013-06-24 21:07 - 2013-06-24 21:07 - 00000428 ____A C:\Users\JohnJenny\Desktop\List of found threats.txt
2013-06-24 21:05 - 2010-02-09 20:14 - 00000000 ____D C:\Users\JohnJenny\AppData\Local\VirtualStore
2013-06-24 18:57 - 2013-06-24 18:57 - 00000000 ___HD C:\Windows\AxInstSV
2013-06-24 18:57 - 2013-06-24 18:57 - 00000000 ____D C:\Program Files (x86)\ESET
2013-06-22 16:31 - 2010-02-03 08:48 - 00491370 ____A C:\Windows\PFRO.log
2013-06-22 16:30 - 2010-10-23 06:40 - 00000000 ____D C:\Users\JohnJenny\AppData\Local\Windows Live
2013-06-22 16:24 - 2013-06-22 16:57 - 00015168 ____A C:\Users\JohnJenny\Desktop\ComboFix.txt
2013-06-22 16:24 - 2013-06-22 16:24 - 00015168 ____A C:\ComboFix.txt
2013-06-22 16:24 - 2013-06-22 16:09 - 00000000 ____D C:\Qoobox
2013-06-22 16:22 - 2013-06-22 16:09 - 00000000 ____D C:\Windows\erdnt
2013-06-22 16:21 - 2009-07-14 03:34 - 00000215 ____A C:\Windows\system.ini
2013-06-22 16:19 - 2010-02-09 20:23 - 00000000 ____D C:\Users\JohnJenny\AppData\Roaming\Adobe
2013-06-22 16:08 - 2010-02-09 20:11 - 00000000 ____D C:\users\JohnJenny
2013-06-22 16:06 - 2013-06-22 16:05 - 05082201 ____R (Swearware) C:\Users\JohnJenny\Desktop\ComboFix.exe
2013-06-22 12:40 - 2013-06-22 12:40 - 00000000 ____D C:\Users\Jenny\AppData\Local\{B5E3D7BF-B8B7-4D48-9DC7-E9CFF2E77D2F}
2013-06-20 19:09 - 2013-06-20 19:09 - 00021527 ____A C:\Users\JohnJenny\Downloads\Addition.txt
2013-06-20 19:05 - 2013-06-20 19:05 - 00000000 ____D C:\FRST
2013-06-20 08:30 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-06-20 08:27 - 2013-06-20 08:20 - 00007921 ____A C:\Windows\IE10_main.log
2013-06-20 08:27 - 2009-07-14 06:13 - 00726444 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-20 08:24 - 2013-06-20 08:24 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-20 08:24 - 2013-06-20 08:24 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-06-20 08:24 - 2013-06-20 08:24 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-06-20 08:24 - 2013-06-20 08:24 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-06-20 08:24 - 2013-06-20 08:24 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-06-20 08:24 - 2013-06-20 08:24 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-06-20 08:24 - 2013-06-20 08:24 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-06-20 08:24 - 2013-06-20 08:24 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-20 08:24 - 2013-06-20 08:24 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-06-20 08:24 - 2013-06-20 08:24 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-06-20 08:24 - 2013-06-20 08:24 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-06-20 08:24 - 2013-06-20 08:24 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-06-20 08:24 - 2013-06-20 08:24 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-06-20 08:24 - 2013-06-20 08:24 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-06-20 08:24 - 2013-06-20 08:24 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-06-20 08:24 - 2013-06-20 08:24 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-06-20 08:24 - 2013-06-20 08:24 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-06-20 08:24 - 2013-06-20 08:24 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-06-20 08:24 - 2013-06-20 08:24 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-06-20 08:24 - 2013-06-20 08:24 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-06-20 08:24 - 2013-06-20 08:24 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-06-20 08:24 - 2013-06-20 08:24 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-06-20 08:20 - 2013-06-20 08:20 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\JohnJenny\Desktop\tdsskiller.exe
2013-06-20 08:18 - 2013-06-20 08:18 - 85904656 ____A (Microsoft Corporation) C:\Users\JohnJenny\Desktop\msert.exe
2013-06-17 17:50 - 2013-06-17 17:49 - 00000000 ____D C:\Users\Jenny\AppData\Local\{852AC8A2-5C8D-4B46-83F9-B753D0E370E2}
2013-06-16 15:06 - 2013-06-16 15:06 - 00000000 ____D C:\Users\Jenny\AppData\Local\{FD677F71-6302-4097-A2C2-71B1DC8F6B0F}
2013-06-16 14:42 - 2013-06-16 14:42 - 00002526 ____A C:\Users\Administrator\Desktop\mseremoval.bat
2013-06-16 13:56 - 2013-06-16 13:56 - 213054506 ____A C:\Users\Administrator\Desktop\Regedit_16_06_13.reg
2013-06-16 13:40 - 2013-06-16 13:40 - 00002526 ____A C:\Users\Administrator\Desktop\229863724-0-MSE_Uninstall.txt
2013-06-15 18:40 - 2013-06-15 18:40 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Macromedia
2013-06-15 18:40 - 2013-06-15 18:40 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Dell
2013-06-15 18:40 - 2013-06-15 18:40 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2013-06-15 18:39 - 2013-06-15 18:39 - 00079992 ____A C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2013-06-15 18:39 - 2013-06-15 18:39 - 00000020 ___SH C:\Users\Administrator\ntuser.ini
2013-06-15 18:39 - 2013-06-15 18:39 - 00000000 ____D C:\Users\Administrator\AppData\Local\Stardock_Corporation
2013-06-15 18:39 - 2013-06-15 18:39 - 00000000 ____D C:\users\Administrator
2013-06-15 15:28 - 2013-06-15 15:27 - 88079120 ____A (Microsoft Corporation) C:\Users\JohnJenny\Downloads\msert.exe
2013-06-15 15:18 - 2013-06-15 15:05 - 00000390 ____A C:\Windows\Tasks\ErrorEND.job
2013-06-15 15:14 - 2013-06-15 15:04 - 00000000 ____D C:\Program Files\ErrorEND
2013-06-15 15:14 - 2013-06-15 01:51 - 00000000 ____D C:\ProgramData\ErrorEND64
2013-06-15 15:14 - 2011-10-19 18:45 - 00000000 ____D C:\Program Files\Bonjour
2013-06-15 15:04 - 2013-06-15 15:04 - 03891648 ____A C:\Users\JohnJenny\Downloads\ErrorEND_Installer.exe
2013-06-15 15:04 - 2013-06-15 15:04 - 00000814 ____A C:\Users\JohnJenny\Desktop\ErrorEND.lnk
2013-06-15 14:40 - 2013-06-15 14:40 - 00000000 ____D C:\Windows\pss
2013-06-15 14:27 - 2010-02-14 11:37 - 00000000 ____D C:\Users\JohnJenny\Tracing
2013-06-15 13:29 - 2013-06-15 13:28 - 00000000 ____D C:\Users\JohnJenny\AppData\Local\{71D0AD8C-2E3A-4002-9E8C-72C199C63332}
2013-06-15 12:45 - 2013-06-15 12:45 - 13475464 ____A (Microsoft Corporation) C:\Users\JohnJenny\Downloads\mseinstall.exe
2013-06-15 12:38 - 2013-06-15 12:38 - 00000000 ____D C:\MATS
2013-06-15 10:20 - 2013-06-15 10:20 - 00000000 ____D C:\Users\JohnJenny\AppData\Roaming\Malwarebytes
2013-06-15 10:20 - 2013-06-15 10:20 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-06-15 10:19 - 2013-06-15 10:19 - 10285040 ____A (Malwarebytes Corporation                                    ) C:\Users\JohnJenny\Downloads\mbam-setup-1.75.0.1300.exe
2013-06-15 09:55 - 2009-07-14 05:45 - 00340864 ____A C:\Windows\System32\FNTCACHE.DAT
2013-06-15 01:57 - 2011-10-19 18:48 - 00000564 ____A C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2013-06-15 01:46 - 2012-04-02 18:03 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-15 01:46 - 2011-06-17 17:28 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-15 01:28 - 2013-06-15 01:28 - 00000000 ____D C:\Users\JohnJenny\AppData\Local\{CCE8012A-9F4A-4BDB-A5DD-17748885A16C}
2013-06-15 01:28 - 2010-02-03 07:06 - 00000000 ____D C:\ProgramData\PCDr
2013-06-15 01:23 - 2010-02-09 21:33 - 00000000 ____D C:\users\Jenny
2013-06-15 01:23 - 2009-07-14 06:32 - 00000000 ____D C:\Windows\Offline Web Pages
2013-06-15 01:23 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-06-15 01:23 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\L2Schemas
2013-06-15 01:22 - 2012-02-18 11:27 - 00000000 ____D C:\Windows\System32\Macromed
2013-06-15 01:22 - 2010-02-03 06:57 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2013-06-15 01:22 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\AppCompat
2013-06-15 01:22 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-06-15 01:21 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration
2013-06-14 22:27 - 2013-06-14 22:27 - 00000000 ____D C:\Users\JohnJenny\AppData\Local\{F4358D57-FB18-4522-880D-C4844C1DEDB4}
2013-06-08 15:08 - 2013-06-20 18:32 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-08 15:07 - 2013-06-20 18:32 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-08 15:06 - 2013-06-20 18:32 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-08 15:06 - 2013-06-20 18:32 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-08 15:06 - 2013-06-20 18:32 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-08 13:28 - 2013-06-20 18:32 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-08 12:42 - 2013-06-20 18:32 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-08 12:40 - 2013-06-20 18:32 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-08 12:40 - 2013-06-20 18:32 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-08 12:40 - 2013-06-20 18:32 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-08 12:40 - 2013-06-20 18:32 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-08 12:13 - 2013-06-20 18:32 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-06 20:53 - 2013-06-06 20:53 - 00000000 ____D C:\Users\JohnJenny\AppData\Local\{4F28D500-2B9E-4861-8197-5BC11C40EE50}
2013-06-02 21:38 - 2013-06-02 21:37 - 00000000 ____D C:\Users\JohnJenny\AppData\Local\{844AF40D-5403-4FA8-8836-FE71079FC264}
2013-06-02 17:11 - 2010-02-09 20:35 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-06-28 21:52

==================== End Of Log ============================



#15 Larusso

Larusso

    Raggamuffin


  • Malware Response Team
  • 305 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austria
  • Local time:11:28 AM

Posted 02 July 2013 - 12:42 PM

Thanks, it was a great weekend with my girlfriend :)

Any open issues ?
regards,
Daniel

Bread for the world instead Bombs and Bangers


I'll always help for free but if you want to support me in my fight against malware, please btn_donate_SM.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users