FBI virus - Microsoft Windows Defender Offline powerless

[Triumphent]

Hello,

I woke up this morning with a greeting from the so-called FBI virus threatenning to send me to jail for 4 to 11 years if I did not shell out $450 within 72 hours (cash only.) Besides, it also stated it was a Federal crime to allow a computer to get infected that way and there could be more jail time for me.

I figured 72 hours left me plenty of time to eradicate the virus. I dowloaded the Microsoft Windows Defender Offline to a booting flash drive. After a 5 hour full scan it returned absolutely nothing! The virus is still there although I do not see the ad any longer, just a white page.

Needless to say, I cannot log into safe mode.

I have searched this site for a solution but I only found them relating to other OS. My Operating System is XP Professional and I have the installation disk... Yes Sir!

Can anyone point me to the right direction to remove this thing? A previously written guide would be fine.

Thanks for all and any help. It's greatly appreciated.

[MrCharlie]

Welcome to the forum, see if you can run Kaspersky scanner and Unlocker as outlined in the link below:

http://maddoktor2.com/forums/index.php/topic,55928.0.html

Let me know ....MrC

[Triumphent]

Hello MrC

Thank you so much for your quick response and for your willingness to help. I have just done what you said and the Kapersky Rescue Disk is now running. It's a rather large disk, so it will be a few hours before I get any result. I will let you know. Thank you again.

[MrCharlie]

OK...let me know....MrC

[Triumphent]

Good morning MrC,

I did run the Kaspersky Rescue Disk and it found two threats:

1- HEUR-Exploit.Java-CVE-2013-1493.a

2- Exploit.win32.CVE-2011-3402.a

It recommended no action on the first one (I assume that means it took care of it) and removal on the second.

I followed the recommendations.

I was then able to boot into Windows normally.

Are there other steps I should take to complete the removal process?

Thank you.

[MrCharlie]

Yes, it's very important to follow up with this infection:

Please download Farbar Recovery Scan Tool and save it to a folder. (32bit version)

• Double-click to run it. When the tool opens click Yes to disclaimer.
  
• Press Scan button.
  
• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
  

MrC

[Triumphent]

OK.

Here is FRST.txt:

---------------------

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-06-2013 03

Ran by Owner (administrator) on 03-06-2013 08:50:54

Running from C:\Documents and Settings\Owner\Desktop\Farbar

Microsoft Windows XP Service Pack 3 (X86) OS Language: English(US)

Internet Explorer Version 8

Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(IObit) C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe

(IObit) C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe

(Oracle Corporation) C:\Program Files\Java\jre1.7.0_09\bin\jqs.exe

() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe

() C:\Program Files\Macrium\Reflect\ReflectService.exe

(Microsoft Corporation) C:\WINDOWS\System32\snmp.exe

(IObit) C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(RealNetworks, Inc.) C:\program files\real\realplayer\update\realsched.exe

(Microsoft Corporation) C:\WINDOWS\system32\msfeedssync.exe

(IObit) C:\Program Files\IObit\Advanced SystemCare 6\ASC.exe

(IObit) C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe

(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

(RealNetworks, Inc.) C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe

(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe

(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [947152 2013-01-27] (Microsoft Corporation)

HKLM\...\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot [295512 2013-03-29] (RealNetworks, Inc.)

Winlogon\Notify\WgaLogon: WgaLogon.dll (Microsoft Corporation)

HKCU\...\Winlogon: [shell] Explorer.exe

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)

BootExecute: autocheck autochk * SmartDefragBootTime.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://localhost/

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKLM SearchScopes: DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

HKCU SearchScopes: DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC

SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC

BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)

BHO: Wondershare Video Converter Ultimate - {65DEE40A-3E93-4cae-9F98-B8E06DCEE2BF} - C:\Program Files\Wondershare\Video Converter Ultimate\SVRIEPlugin.dll (Wondershare Software Co., Ltd.)

BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.7.0_09\bin\ssv.dll (Oracle Corporation)

BHO: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\PROGRA~1\IObit\ADVANC~2\BROWER~1\ASCPLU~1.DLL (IObit)

BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.7.0_09\bin\jp2ssv.dll (Oracle Corporation)

PDF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204

PDF: {682C59F5-478C-4421-9070-AD170D143B77} http://www.dell.com/support/troubleshooting/Content/Ode/pcd86.cab

PDF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)

Winsock: Catalog5 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Winsock: Catalog5 03 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Winsock: Catalog9 01 mswsock.dll File Not found (Microsoft Corporation)

Winsock: Catalog9 02 mswsock.dll File Not found (Microsoft Corporation)

Winsock: Catalog9 03 mswsock.dll File Not found (Microsoft Corporation)

Winsock: Catalog9 04 mswsock.dll File Not found (Microsoft Corporation)

Winsock: Catalog9 05 mswsock.dll File Not found (Microsoft Corporation)

Winsock: Catalog9 06 mswsock.dll File Not found (Microsoft Corporation)

Winsock: Catalog9 07 mswsock.dll File Not found (Microsoft Corporation)

Winsock: Catalog9 08 mswsock.dll File Not found (Microsoft Corporation)

Winsock: Catalog9 09 mswsock.dll File Not found (Microsoft Corporation)

Winsock: Catalog9 10 mswsock.dll File Not found (Microsoft Corporation)

Winsock: Catalog9 11 mswsock.dll File Not found (Microsoft Corporation)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 71.252.0.12

FireFox:

========

FF ProfilePath: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9pwhqhwh.default

FF Homepage: hxxp://www.zastey.com/

FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()

FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.9.2 - C:\Program Files\Java\jre1.7.0_09\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF Plugin: @real.com/nppl3260;version=16.0.1.18 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.1 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.1 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.1 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprpplugin;version=16.0.1.18 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)

FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)

FF Plugin: @videolan.org/vlc,version=2.0.4 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Extension: Advanced SystemCare Surfing Protection - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9pwhqhwh.default\Extensions\ascsurfingprotection@iobit.com

FF Extension: WSecEdit Security Configuration Class - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9pwhqhwh.default\Extensions\{27607291-A937-C479-DE73-6CF4CBBF3771}

FF Extension: firebug - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9pwhqhwh.default\Extensions\firebug@software.joehewitt.com.xpi

FF Extension: lmklokrgkg - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9pwhqhwh.default\Extensions\lmklokrgkg@lmklokrgkg.org.xpi

========================== Services (Whitelisted) =================

R2 AdvancedSystemCareService6; C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe [574272 2013-04-18] (IObit)

S4 ASFIPmon; C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe [61440 2005-03-08] (Broadcom Corporation)

R2 IMFservice; C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe [821592 2012-01-09] (IObit)

S3 LPDSVC; C:\Windows\system32\tcpsvcs.exe [19456 2008-08-21] (Microsoft Corporation)

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [20456 2013-01-27] (Microsoft Corporation)

R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-03-06] ()

R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [254072 2013-04-16] ()

S4 XMail; C:\Program Files\acquia-drupal\xmail\XMail.exe [397824 2012-05-03] ()

R2 JavaQuickStarterService; "C:\Program Files\Java\jre1.7.0_09\bin\jqs.exe" -service -config "C:\Program Files\Java\jre1.7.0_09\lib\deploy\jqs\jqs.conf" [x]

S4 wampapache;

S4 wampmysqld;

==================== Drivers (Whitelisted) ====================

R3 b57w2k; C:\Windows\System32\DRIVERS\b57xp32.sys [132608 2005-03-17] (Broadcom Corporation)

R2 BASFND; C:\Program Files\Broadcom\ASFIPMon\BASFND.sys [6025 2003-04-24] (Broadcom Corporation)

S3 epmntdrv; C:\WINDOWS\system32\epmntdrv.sys [13192 2011-07-29] ()

S3 EuGdiDrv; C:\WINDOWS\system32\EuGdiDrv.sys [8456 2011-07-29] ()

S3 FileMonitor; C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys [246816 2012-01-05] (IObit)

R3 ialm; C:\Windows\System32\DRIVERS\ialmnt5.sys [1302812 2005-10-14] (Intel Corporation)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [195296 2013-01-20] (Microsoft Corporation)

S3 PSMounterEx; C:\WINDOWS\system32\drivers\psmounterex.sys [54464 2012-10-31] ()

R0 pssnap; C:\Windows\System32\DRIVERS\pssnap.sys [16504 2013-04-16] (Macrium Software)

S3 PSVolAcc; C:\Windows\System32\Drivers\PSVolAcc.sys [13432 2013-04-16] (Paramount Software UK Ltd)

S3 RegFilter; C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\regfilter.sys [30408 2012-07-05] (IObit.com)

R3 senfilt; C:\Windows\System32\drivers\senfilt.sys [732928 2004-09-17] (Creative Technology Ltd.)

R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [14776 2010-11-26] ()

S3 UrlFilter; C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\UrlFilter.sys [16248 2012-07-05] (IObit.com)

S4 Abiosdsk; No ImagePath

S4 abp480n5; No ImagePath

S4 adpu160m; No ImagePath

S4 Aha154x; No ImagePath

S4 aic78u2; No ImagePath

S4 aic78xx; No ImagePath

S4 AliIde; No ImagePath

S4 amsint; No ImagePath

S4 asc; No ImagePath

S4 asc3350p; No ImagePath

S4 asc3550; No ImagePath

S4 Atdisk; No ImagePath

S4 cd20xrnt; No ImagePath

S1 Changer; No ImagePath

S4 CmdIde; No ImagePath

S4 Cpqarray; No ImagePath

U4 dac2w2k; No ImagePath

S4 dac960nt; No ImagePath

S2 DgiVecp; No ImagePath

S4 dpti2o; No ImagePath

S4 hpn; No ImagePath

S1 i2omgmt; No ImagePath

S4 i2omp; No ImagePath

S4 ini910u; No ImagePath

S4 IntelIde; No ImagePath

S1 lbrtfdc; No ImagePath

S1 MpKslf56564e5; No ImagePath

S4 mraid35x; No ImagePath

S1 PCIDump; No ImagePath

S3 PDCOMP; No ImagePath

S3 PDFRAME; No ImagePath

S3 PDRELI; No ImagePath

S3 PDRFRAME; No ImagePath

S4 perc2; No ImagePath

S4 perc2hib; No ImagePath

S4 ql1080; No ImagePath

S4 Ql10wnt; No ImagePath

S4 ql12160; No ImagePath

S4 ql1240; No ImagePath

S4 ql1280; No ImagePath

S2 SC1BLPT; No ImagePath

S4 Simbad; No ImagePath

S4 Sparrow; No ImagePath

S2 SSPORT; No ImagePath

S4 symc810; No ImagePath

S4 symc8xx; No ImagePath

S4 sym_hi; No ImagePath

S4 sym_u3; No ImagePath

S4 TosIde; No ImagePath

S4 ultra; No ImagePath

S4 ViaIde; No ImagePath

S3 WDICA; No ImagePath

U1 WS2IFSL;

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-06-03 08:50 - 2013-06-03 08:50 - 00000000 ____D C:\FRST

2013-06-03 08:43 - 2013-06-03 08:50 - 00000000 ____D C:\Documents and Settings\Owner\Desktop\Farbar

2013-06-02 17:53 - 2013-06-02 21:45 - 00000000 ___AD C:\Kaspersky Rescue Disk 10.0

2013-06-02 16:48 - 2013-06-02 16:48 - 00000000 ____D C:\Windows\Microsoft Antimalware

2013-06-02 10:56 - 2013-06-02 10:56 - 00156672 ____A (Handy-Software INC.) C:\Documents and Settings\Owner\iexplore.exe

2013-06-02 10:56 - 2013-06-02 10:56 - 00000000 ____A C:\Documents and Settings\Owner\googleupdate.exe

2013-06-02 10:56 - 2013-06-02 10:56 - 00000000 ____A C:\Documents and Settings\Owner\firefox.exe

2013-06-02 10:51 - 2013-06-02 10:52 - 00118784 ____A C:\Documents and Settings\Owner\alg.exe

2013-06-02 10:51 - 2013-06-02 10:51 - 00156672 ____A (Handy-Software INC.) C:\Documents and Settings\Owner\windowsupdate.exe

2013-06-02 10:51 - 2013-06-02 10:51 - 00000000 ____A C:\Documents and Settings\Owner\chrome.exe

2013-06-02 10:39 - 2013-06-02 10:39 - 00118784 ____A C:\Documents and Settings\Owner\flashplayer.exe

2013-06-02 10:39 - 2013-06-02 10:39 - 00000000 ____A C:\Documents and Settings\Owner\spoolsv.exe

2013-06-02 10:35 - 2013-06-02 10:35 - 00156672 ____A (Handy-Software INC.) C:\Documents and Settings\Owner\opera.exe

2013-06-02 10:35 - 2013-06-02 10:35 - 00118784 ____A C:\Documents and Settings\Owner\acrobatreader.exe

2013-06-02 10:35 - 2013-06-02 10:35 - 00000000 ____A C:\Documents and Settings\Owner\teamviewer.exe

2013-06-02 10:35 - 2013-06-02 10:35 - 00000000 ____A C:\Documents and Settings\Owner\skype.exe

2013-06-02 10:35 - 2013-06-02 10:35 - 00000000 ____A C:\Documents and Settings\Owner\java.exe

2013-06-02 10:23 - 2013-06-02 19:13 - 00000004 ____A C:\Documents and Settings\Owner\Application Data\skype.ini

2013-06-02 10:20 - 2013-06-02 10:20 - 00156672 ____A (Handy-Software INC.) C:\Documents and Settings\Owner\jucheck.exe

2013-06-02 10:20 - 2013-06-02 10:20 - 00118784 ____A C:\Documents and Settings\Owner\jqs.exe

2013-06-02 10:20 - 2013-06-02 10:20 - 00000000 ____A C:\Documents and Settings\Owner\notepad.exe

2013-06-02 10:20 - 2013-06-02 10:20 - 00000000 ____A C:\Documents and Settings\Owner\icq.exe

2013-06-02 09:14 - 2013-06-02 09:13 - 00246760 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe

2013-06-02 09:14 - 2013-03-17 10:44 - 00174496 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe

2013-06-02 09:14 - 2013-03-17 10:44 - 00174496 ____A (Oracle Corporation) C:\Windows\System32\java.exe

2013-06-02 09:02 - 2013-06-02 09:02 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\wabEventSupport16

2013-06-01 09:00 - 2013-06-02 11:38 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\Ipswitch

2013-06-01 01:00 - 2013-06-01 01:01 - 00000000 ____D C:\Documents and Settings\Owner\Desktop\Site_06_01_13

2013-05-31 17:19 - 2013-05-31 17:25 - 00000000 ____D C:\Documents and Settings\Owner\Desktop\New Folder (3)

2013-05-29 12:27 - 2013-05-29 12:27 - 00001663 ____A C:\Documents and Settings\Owner\Desktop\FileZilla Client.lnk

2013-05-29 12:24 - 2013-05-29 12:29 - 00000000 ____D C:\Documents and Settings\Owner\Desktop\Sites 05-29-13

2013-05-28 16:23 - 2013-05-28 16:23 - 00000637 ____A C:\Documents and Settings\Owner\My Documents\flag3.txt

2013-05-28 16:21 - 2013-05-28 16:21 - 00000584 ____A C:\Documents and Settings\Owner\My Documents\flag2.txt

2013-05-28 16:20 - 2013-05-28 16:20 - 00000906 ____A C:\Documents and Settings\Owner\My Documents\flag1.txt

2013-05-24 16:26 - 2013-05-24 16:38 - 00039087 ____A C:\Documents and Settings\Owner\Desktop\block.module

2013-05-22 10:29 - 2013-05-23 07:20 - 00000000 ____D C:\Program Files\Mozilla Firefox

2013-05-21 00:57 - 2013-05-21 00:57 - 00006501 ____A C:\Documents and Settings\Owner\Desktop\views_handler_filter_date.inc

2013-05-17 19:01 - 2013-05-17 19:01 - 00000893 ____A C:\Documents and Settings\All Users\Desktop\Camtasia Studio 8.lnk

2013-05-17 19:01 - 2013-05-17 19:01 - 00000000 ____D C:\Program Files\QuickTime

2013-05-17 19:00 - 2013-05-17 19:00 - 00000000 ____D C:\Program Files\Common Files\TechSmith Shared

2013-05-17 18:50 - 2013-05-17 18:50 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\TechSmith

2013-05-17 18:49 - 2013-05-17 18:49 - 00000000 ____D C:\Documents and Settings\Owner\My Documents\Camtasia Studio

2013-05-17 18:31 - 2013-05-17 18:31 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\TechSmith

2013-05-14 22:18 - 2013-05-14 22:18 - 00000000 __HDC C:\Windows\$NtUninstallKB2820197$

2013-05-14 22:14 - 2013-05-14 22:14 - 00000000 __HDC C:\Windows\$NtUninstallKB2829361$

2013-05-09 00:14 - 2013-05-09 00:16 - 00000000 ____D C:\Documents and Settings\Owner\Desktop\Full backup 05-08-13

2013-05-08 23:41 - 2013-05-08 23:41 - 00040080 ____A C:\php.ini

2013-05-07 20:20 - 2013-05-07 20:20 - 00000000 ____D C:\Documents and Settings\Owner\Desktop\drupal-7.22

2013-05-04 13:50 - 2013-05-04 13:50 - 00000000 ____D C:\Documents and Settings\Owner\Desktop\birthdays

2013-05-04 13:17 - 2013-05-04 13:17 - 00000000 ____D C:\Documents and Settings\Owner\Desktop\coppa_lite

==================== One Month Modified Files and Folders ========

2013-06-03 08:51 - 2012-03-03 21:28 - 01293115 ____A C:\Windows\WindowsUpdate.log

2013-06-03 08:50 - 2013-06-03 08:50 - 00000000 ____D C:\FRST

2013-06-03 08:50 - 2013-06-03 08:43 - 00000000 ____D C:\Documents and Settings\Owner\Desktop\Farbar

2013-06-03 08:42 - 2013-04-02 09:21 - 00000268 ____A C:\Windows\Tasks\ASC6_PerformanceMonitor.job

2013-06-03 08:22 - 2013-04-29 10:39 - 38686720 ____A C:\Windows\System32\config\SOFTWARE.iobit

2013-06-03 08:22 - 2013-04-29 10:39 - 00512000 ____A C:\Windows\System32\config\default.iobit

2013-06-03 08:22 - 2013-04-29 10:39 - 00090112 ____A C:\Windows\System32\config\SECURITY.iobit

2013-06-03 08:22 - 2013-04-29 10:39 - 00028672 ____A C:\Windows\System32\config\SAM.iobit

2013-06-03 07:55 - 2012-04-03 08:56 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-06-03 07:35 - 2013-02-13 12:41 - 00000384 ___AH C:\Windows\Tasks\Microsoft Antimalware Scheduled Scan.job

2013-06-03 07:26 - 2013-03-03 13:27 - 00000278 ____A C:\Windows\Tasks\SmartDefragUpdate.job

2013-06-03 07:26 - 2013-01-14 13:23 - 00000278 ____A C:\Windows\Tasks\RealUpgradeLogonTaskS-1-5-21-602162358-1960408961-1177238915-1003.job

2013-06-03 07:26 - 2012-06-09 15:28 - 00000422 ___AH C:\Windows\Tasks\User_Feed_Synchronization-{5B8A6C57-EE63-477B-BC34-84887DC1ACA5}.job

2013-06-03 07:25 - 2013-04-27 21:06 - 00000300 ____A C:\Windows\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-602162358-1960408961-1177238915-1003.job

2013-06-03 07:25 - 2013-01-18 03:18 - 00000278 ____A C:\Windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-602162358-1960408961-1177238915-1003.job

2013-06-03 07:25 - 2012-03-31 12:00 - 00000280 ____A C:\Windows\Tasks\SmartDefrag_Startup.job

2013-06-03 07:25 - 2012-03-03 21:34 - 00000062 __ASH C:\Documents and Settings\Owner\Local Settings\desktop.ini

2013-06-03 07:25 - 2012-03-03 21:33 - 00000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini

2013-06-03 07:25 - 2012-03-03 21:33 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2013-06-03 07:25 - 2012-03-03 21:32 - 00000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini

2013-06-03 07:25 - 2008-08-21 08:00 - 00012598 ____A C:\Windows\System32\wpa.dbl

2013-06-03 01:48 - 2012-12-27 01:20 - 00032604 ____N C:\Windows\SchedLgU.Txt

2013-06-03 01:48 - 2012-03-03 21:34 - 00000178 ___SH C:\Documents and Settings\Owner\ntuser.ini

2013-06-02 21:45 - 2013-06-02 17:53 - 00000000 ___AD C:\Kaspersky Rescue Disk 10.0

2013-06-02 19:13 - 2013-06-02 10:23 - 00000004 ____A C:\Documents and Settings\Owner\Application Data\skype.ini

2013-06-02 16:48 - 2013-06-02 16:48 - 00000000 ____D C:\Windows\Microsoft Antimalware

2013-06-02 11:47 - 2013-01-18 03:18 - 00000286 ____A C:\Windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-602162358-1960408961-1177238915-1003.job

2013-06-02 11:38 - 2013-06-01 09:00 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\Ipswitch

2013-06-02 10:56 - 2013-06-02 10:56 - 00156672 ____A (Handy-Software INC.) C:\Documents and Settings\Owner\iexplore.exe

2013-06-02 10:56 - 2013-06-02 10:56 - 00000000 ____A C:\Documents and Settings\Owner\googleupdate.exe

2013-06-02 10:56 - 2013-06-02 10:56 - 00000000 ____A C:\Documents and Settings\Owner\firefox.exe

2013-06-02 10:52 - 2013-06-02 10:51 - 00118784 ____A C:\Documents and Settings\Owner\alg.exe

2013-06-02 10:51 - 2013-06-02 10:51 - 00156672 ____A (Handy-Software INC.) C:\Documents and Settings\Owner\windowsupdate.exe

2013-06-02 10:51 - 2013-06-02 10:51 - 00000000 ____A C:\Documents and Settings\Owner\chrome.exe

2013-06-02 10:39 - 2013-06-02 10:39 - 00118784 ____A C:\Documents and Settings\Owner\flashplayer.exe

2013-06-02 10:39 - 2013-06-02 10:39 - 00000000 ____A C:\Documents and Settings\Owner\spoolsv.exe

2013-06-02 10:35 - 2013-06-02 10:35 - 00156672 ____A (Handy-Software INC.) C:\Documents and Settings\Owner\opera.exe

2013-06-02 10:35 - 2013-06-02 10:35 - 00118784 ____A C:\Documents and Settings\Owner\acrobatreader.exe

2013-06-02 10:35 - 2013-06-02 10:35 - 00000000 ____A C:\Documents and Settings\Owner\teamviewer.exe

2013-06-02 10:35 - 2013-06-02 10:35 - 00000000 ____A C:\Documents and Settings\Owner\skype.exe

2013-06-02 10:35 - 2013-06-02 10:35 - 00000000 ____A C:\Documents and Settings\Owner\java.exe

2013-06-02 10:20 - 2013-06-02 10:20 - 00156672 ____A (Handy-Software INC.) C:\Documents and Settings\Owner\jucheck.exe

2013-06-02 10:20 - 2013-06-02 10:20 - 00118784 ____A C:\Documents and Settings\Owner\jqs.exe

2013-06-02 10:20 - 2013-06-02 10:20 - 00000000 ____A C:\Documents and Settings\Owner\notepad.exe

2013-06-02 10:20 - 2013-06-02 10:20 - 00000000 ____A C:\Documents and Settings\Owner\icq.exe

2013-06-02 09:13 - 2013-06-02 09:14 - 00246760 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe

2013-06-02 09:13 - 2013-03-17 10:45 - 00143872 ____A (Oracle Corporation) C:\Windows\System32\javacpl.cpl

2013-06-02 09:13 - 2012-06-28 23:45 - 00000000 ____D C:\Program Files\Java

2013-06-02 09:02 - 2013-06-02 09:02 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\wabEventSupport16

2013-06-01 09:00 - 2013-03-28 11:17 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\TechSmith

2013-06-01 02:13 - 2012-06-25 09:36 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\FileZilla

2013-06-01 01:01 - 2013-06-01 01:00 - 00000000 ____D C:\Documents and Settings\Owner\Desktop\Site_06_01_13

2013-05-31 17:25 - 2013-05-31 17:19 - 00000000 ____D C:\Documents and Settings\Owner\Desktop\New Folder (3)

2013-05-31 09:05 - 2013-04-27 21:06 - 00000308 ____A C:\Windows\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-602162358-1960408961-1177238915-1003.job

2013-05-30 09:56 - 2012-08-25 00:00 - 00000286 ____A C:\Windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-602162358-1960408961-1177238915-1003.job

2013-05-29 12:29 - 2013-05-29 12:24 - 00000000 ____D C:\Documents and Settings\Owner\Desktop\Sites 05-29-13

2013-05-29 12:27 - 2013-05-29 12:27 - 00001663 ____A C:\Documents and Settings\Owner\Desktop\FileZilla Client.lnk

2013-05-29 12:27 - 2012-06-25 09:35 - 00000000 ____D C:\Program Files\FileZilla FTP Client

2013-05-28 16:23 - 2013-05-28 16:23 - 00000637 ____A C:\Documents and Settings\Owner\My Documents\flag3.txt

2013-05-28 16:21 - 2013-05-28 16:21 - 00000584 ____A C:\Documents and Settings\Owner\My Documents\flag2.txt

2013-05-28 16:20 - 2013-05-28 16:20 - 00000906 ____A C:\Documents and Settings\Owner\My Documents\flag1.txt

2013-05-27 21:06 - 2013-04-27 21:06 - 00000326 ____A C:\Windows\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-602162358-1960408961-1177238915-1003.job

2013-05-26 13:00 - 2012-03-04 01:49 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\Adobe

2013-05-26 11:53 - 2012-03-04 15:24 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Adobe

2013-05-26 11:22 - 2013-04-07 12:13 - 00000000 ____D C:\Documents and Settings\Owner\Desktop\Fixes

2013-05-24 16:38 - 2013-05-24 16:26 - 00039087 ____A C:\Documents and Settings\Owner\Desktop\block.module

2013-05-24 09:02 - 2012-04-26 09:33 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service

2013-05-23 07:20 - 2013-05-22 10:29 - 00000000 ____D C:\Program Files\Mozilla Firefox

2013-05-21 01:09 - 2012-08-25 19:17 - 00000000 ____D C:\Documents and Settings\Owner\Desktop\Verge bartik

2013-05-21 00:57 - 2013-05-21 00:57 - 00006501 ____A C:\Documents and Settings\Owner\Desktop\views_handler_filter_date.inc

2013-05-20 01:19 - 2012-09-20 01:02 - 00660399 ____A C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-602162358-1960408961-1177238915-1003-0.dat

2013-05-20 01:19 - 2012-09-20 01:02 - 00366030 ____A C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat

2013-05-18 10:04 - 2012-12-19 14:22 - 00000925 ____A C:\Documents and Settings\All Users\Desktop\Uninstaller.lnk

2013-05-18 10:04 - 2012-12-19 14:22 - 00000874 ____A C:\Documents and Settings\All Users\Desktop\Advanced SystemCare 6.lnk

2013-05-17 19:01 - 2013-05-17 19:01 - 00000893 ____A C:\Documents and Settings\All Users\Desktop\Camtasia Studio 8.lnk

2013-05-17 19:01 - 2013-05-17 19:01 - 00000000 ____D C:\Program Files\QuickTime

2013-05-17 19:00 - 2013-05-17 19:00 - 00000000 ____D C:\Program Files\Common Files\TechSmith Shared

2013-05-17 18:59 - 2013-03-28 11:16 - 00000000 ____D C:\Program Files\TechSmith

2013-05-17 18:50 - 2013-05-17 18:50 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\TechSmith

2013-05-17 18:49 - 2013-05-17 18:49 - 00000000 ____D C:\Documents and Settings\Owner\My Documents\Camtasia Studio

2013-05-17 18:31 - 2013-05-17 18:31 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\TechSmith

2013-05-16 08:40 - 2012-04-03 08:56 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe

2013-05-16 08:40 - 2012-03-11 16:03 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl

2013-05-15 10:50 - 2012-03-04 01:09 - 00000000 ____D C:\Windows\Microsoft.NET

2013-05-15 09:05 - 2012-03-03 13:17 - 03609512 ____A C:\Windows\System32\FNTCACHE.DAT

2013-05-14 22:34 - 2013-01-13 18:40 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Microsoft Help

2013-05-14 22:31 - 2012-03-03 13:18 - 00611966 ____A C:\Windows\System32\PerfStringBackup.INI

2013-05-14 22:19 - 2012-03-04 00:43 - 00000000 ____D C:\Windows\ie8updates

2013-05-14 22:18 - 2013-05-14 22:18 - 00000000 __HDC C:\Windows\$NtUninstallKB2820197$

2013-05-14 22:18 - 2012-03-04 00:22 - 00000000 ___HD C:\Windows\$hf_mig$

2013-05-14 22:15 - 2012-03-04 00:41 - 72607752 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

2013-05-14 22:14 - 2013-05-14 22:14 - 00000000 __HDC C:\Windows\$NtUninstallKB2829361$

2013-05-14 15:18 - 2012-03-03 13:09 - 00000000 ____D C:\Windows\repair

2013-05-14 15:16 - 2012-03-03 21:26 - 00000000 ____D C:\Windows\Registration

2013-05-14 15:13 - 2013-01-01 17:10 - 00000000 ____A C:\ref~tmp~.txt

2013-05-14 15:13 - 2012-11-07 16:35 - 00002381 ____A C:\Documents and Settings\Owner\Desktop\Reflect.lnk

2013-05-09 00:16 - 2013-05-09 00:14 - 00000000 ____D C:\Documents and Settings\Owner\Desktop\Full backup 05-08-13

2013-05-08 23:41 - 2013-05-08 23:41 - 00040080 ____A C:\php.ini

2013-05-08 16:10 - 2012-06-29 00:43 - 00000000 ____D C:\Program Files\ActiveState Komodo Edit 7

2013-05-07 20:20 - 2013-05-07 20:20 - 00000000 ____D C:\Documents and Settings\Owner\Desktop\drupal-7.22

2013-05-07 00:27 - 2008-08-21 08:00 - 06015488 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\mshtml.dll

2013-05-07 00:27 - 2008-08-21 08:00 - 06015488 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2013-05-04 13:50 - 2013-05-04 13:50 - 00000000 ____D C:\Documents and Settings\Owner\Desktop\birthdays

2013-05-04 13:17 - 2013-05-04 13:17 - 00000000 ____D C:\Documents and Settings\Owner\Desktop\coppa_lite

Files to move or delete:

====================

C:\Documents and Settings\Owner\acrobatreader.exe

C:\Documents and Settings\Owner\alg.exe

C:\Documents and Settings\Owner\chrome.exe

C:\Documents and Settings\Owner\firefox.exe

C:\Documents and Settings\Owner\flashplayer.exe

C:\Documents and Settings\Owner\googleupdate.exe

C:\Documents and Settings\Owner\icq.exe

C:\Documents and Settings\Owner\iexplore.exe

C:\Documents and Settings\Owner\java.exe

C:\Documents and Settings\Owner\jqs.exe

C:\Documents and Settings\Owner\jucheck.exe

C:\Documents and Settings\Owner\notepad.exe

C:\Documents and Settings\Owner\opera.exe

C:\Documents and Settings\Owner\skype.exe

C:\Documents and Settings\Owner\spoolsv.exe

C:\Documents and Settings\Owner\teamviewer.exe

C:\Documents and Settings\Owner\windowsupdate.exe

C:\Documents and Settings\Owner\Application Data\skype.dat

C:\Documents and Settings\Owner\Application Data\skype.ini

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

Here is Addition.txt:

----------------------------------------

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 02-06-2013 03

Ran by Owner at 2013-06-03 08:52:15 Run:

Running from C:\Documents and Settings\Owner\Desktop\Farbar

Boot Mode: Normal

==========================================================

==================== Installed Programs =======================

7-Zip 9.22beta

Acquia Dev Desktop (Version: 7.14.14)

ActiveState Komodo Edit 7.0.2 (Version: 7.0.2)

Adobe Flash Player 11 ActiveX (Version: 11.5.502.135)

Adobe Flash Player 11 Plugin (Version: 11.7.700.202)

Adobe Illustrator CS (Version: 11)

Adobe Reader X (10.1.6) (Version: 10.1.6)

Adobe SVG Viewer 3.0 (Version: 3.0)

Advanced SystemCare 6 (Version: 6.2)

Audacity 2.0.3 (Version: 2.0.3)

Broadcom Advanced Control Suite (Version: 8.20.01)

Broadcom ASF Management Applications (Version: 8.06.01)

Camtasia Studio 8 (Version: 8.0.4.1060)

Dell Support Center (Version: 3.2.6032.102)

Dell System Detect (Version: 3.3.2.1)

Drush (Version: 1.0.13.20221)

EaseUS Partition Master 9.1.1 Home Edition

ExtractNow

FileZilla Client 3.7.0.2 (Version: 3.7.0.2)

GIMP 2.6.10 (Version: 2.6.10)

Git version 1.8.1.2-preview20130201 (Version: 1.8.1.2-preview20130201)

GlassFish Server Open Source Edition 3.1.2

hp LaserJet 4345 mfp

hp LaserJet 4345 mfp (Version: 2.5.10.002)

Intel® Graphics Media Accelerator Driver (Version: 6.14.10.4410)

IObit Malware Fighter (Version: 1.0)

Ipswitch WS_FTP Pro

IrfanView (remove only) (Version: 4.32)

Java 7 Update 17 (Version: 7.0.170)

Java 7 Update 9 (Version: 7.0.90)

Java Auto Updater (Version: 2.1.9.0)

Java SE Development Kit 7 Update 5 (Version: 1.7.0.50)

JavaFX 2.1.1 (Version: 2.1.1)

JavaFX 2.1.1 SDK (Version: 2.1.1)

Jing (Version: 2.8.13007.1)

LAME v3.99.3 (for Windows)

Macrium Reflect Free Edition (Version: 5.1.5299)

Microsoft .NET Framework 1.1 (Version: 1.1.4322)

Microsoft .NET Framework 1.1 Security Update (KB2698023)

Microsoft .NET Framework 1.1 Security Update (KB2742597)

Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)

Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)

Microsoft .NET Framework 4 Extended (Version: 4.0.30319)

Microsoft Application Error Reporting (Version: 12.0.6012.5000)

Microsoft Base Smart Card Cryptographic Service Provider Package

Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)

Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)

Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)

Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)

Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Security Client (Version: 4.2.0223.1)

Microsoft Security Essentials (Version: 4.2.223.1)

Microsoft Silverlight (Version: 5.1.20125.0)

Microsoft Software Update for Web Folders (English) 12 (Version: 12.0.6612.1000)

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)

Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)

Microsoft_VC90_CRT_x86 (Version: 1.00.0000)

Mozilla Firefox 21.0 (x86 en-US) (Version: 21.0)

Mozilla Maintenance Service (Version: 21.0)

MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)

MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)

MSXML 6.0 Parser (Version: 6.10.1129.0)

NetBeans IDE 7.1.2 (Version: 7.1.2)

NetWaiting (Version: 2.5.12)

Octoshape add-in for Adobe Flash Player

RealDownloader (Version: 1.3.1)

RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)

RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0)

RealPlayer (Version: 16.0.0)

RealUpgrade 1.1 (Version: 1.1.0)

Samsung CLP-610 Series

SHARP AL-1500/1600CS Series MFP Driver

SHARP SC-Print AL

Smart Defrag 2 (Version: 2.7)

SoundMAX (Version: 5.12.01.5246)

TeamViewer 7 (Version: 7.0.12799)

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition

Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817359) 32-Bit Edition

Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)

Update for Windows Internet Explorer 8 (KB2632503) (Version: 1)

Update for Windows XP (KB2345886) (Version: 1)

Update for Windows XP (KB2467659) (Version: 1)

Update for Windows XP (KB2492386) (Version: 1)

Update for Windows XP (KB2641690) (Version: 1)

Update for Windows XP (KB2661254-v2) (Version: 2)

Update for Windows XP (KB2718704) (Version: 1)

Update for Windows XP (KB2736233) (Version: 1)

Update for Windows XP (KB2749655) (Version: 1)

Update for Windows XP (KB898461) (Version: 1)

Update for Windows XP (KB951978) (Version: 1)

Update for Windows XP (KB955759) (Version: 1)

Update for Windows XP (KB968389) (Version: 1)

Update for Windows XP (KB971029) (Version: 1)

Update for Windows XP (KB973687) (Version: 1)

Update for Windows XP (KB973815) (Version: 1)

VLC media player 2.0.4 (Version: 2.0.4)

WampServer 2.2

WD SmartWare (Version: 1.5.1)

WebFldrs XP (Version: 9.50.7523)

Windows Automated Installation Kit (Version: 2.0.0.0)

Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)

Windows Internet Explorer 8 (Version: 20090308.140743)

Windows Management Framework Core

Windows Media Format 11 runtime

Windows Media Player 11

Windows Search 4.0 (Version: 04.00.6001.503)

Wondershare Video Converter Ultimate(Build 6.0.1.0) (Version: 6.0.1.0)

==================== Restore Points =========================

05-03-2013 15:37:44 Software Distribution Service 3.0

06-03-2013 17:01:21 Software Distribution Service 3.0

07-03-2013 22:34:26 System Checkpoint

08-03-2013 15:25:29 Software Distribution Service 3.0

09-03-2013 17:47:44 Software Distribution Service 3.0

10-03-2013 17:58:04 System Checkpoint

10-03-2013 18:26:15 Software Distribution Service 3.0

12-03-2013 04:04:12 Software Distribution Service 3.0

13-03-2013 13:35:34 Software Distribution Service 3.0

13-03-2013 15:00:26 Software Distribution Service 3.0

14-03-2013 15:04:58 System Checkpoint

15-03-2013 16:17:23 Software Distribution Service 3.0

16-03-2013 21:06:31 System Checkpoint

17-03-2013 14:43:15 Removed Java 7 Update 15

17-03-2013 14:43:55 Installed Java 7 Update 17

17-03-2013 14:47:18 Software Distribution Service 3.0

17-03-2013 17:51:36 Software Distribution Service 3.0

18-03-2013 14:28:42 Installed Windows XP KB2807986.

19-03-2013 14:27:43 Software Distribution Service 3.0

21-03-2013 15:07:30 Software Distribution Service 3.0

23-03-2013 00:38:20 System Checkpoint

23-03-2013 12:59:54 Software Distribution Service 3.0

24-03-2013 13:41:42 Software Distribution Service 3.0

24-03-2013 18:10:30 Software Distribution Service 3.0

25-03-2013 22:44:32 System Checkpoint

26-03-2013 13:51:55 Software Distribution Service 3.0

27-03-2013 20:14:24 System Checkpoint

28-03-2013 15:05:46 Software Distribution Service 3.0

28-03-2013 15:16:52 Installed Jing

29-03-2013 15:00:24 Software Distribution Service 3.0

30-03-2013 12:42:43 Software Distribution Service 3.0

31-03-2013 13:12:09 Software Distribution Service 3.0

31-03-2013 18:01:22 Software Distribution Service 3.0

01-04-2013 23:13:13 System Checkpoint

02-04-2013 13:29:11 Software Distribution Service 3.0

03-04-2013 14:02:20 Software Distribution Service 3.0

04-04-2013 14:48:08 Software Distribution Service 3.0

05-04-2013 15:34:12 Software Distribution Service 3.0

07-04-2013 14:49:35 Software Distribution Service 3.0

07-04-2013 18:31:35 Software Distribution Service 3.0

09-04-2013 03:52:58 Software Distribution Service 3.0

10-04-2013 13:00:50 Software Distribution Service 3.0

10-04-2013 15:00:35 Software Distribution Service 3.0

11-04-2013 13:12:19 Software Distribution Service 3.0

12-04-2013 13:34:40 Software Distribution Service 3.0

13-04-2013 14:13:24 Software Distribution Service 3.0

14-04-2013 15:01:38 Software Distribution Service 3.0

15-04-2013 15:22:51 System Checkpoint

16-04-2013 12:16:22 Software Distribution Service 3.0

17-04-2013 15:19:45 Software Distribution Service 3.0

19-04-2013 01:02:20 System Checkpoint

19-04-2013 13:01:20 Software Distribution Service 3.0

20-04-2013 14:08:39 Software Distribution Service 3.0

21-04-2013 18:13:15 Software Distribution Service 3.0

22-04-2013 22:57:21 System Checkpoint

23-04-2013 14:27:11 Software Distribution Service 3.0

24-04-2013 14:43:46 Software Distribution Service 3.0

25-04-2013 15:32:58 System Checkpoint

26-04-2013 13:17:43 Software Distribution Service 3.0

27-04-2013 15:30:08 Software Distribution Service 3.0

28-04-2013 15:47:25 Software Distribution Service 3.0

29-04-2013 16:12:05 System Checkpoint

30-04-2013 14:46:00 Software Distribution Service 3.0

02-05-2013 15:54:26 Software Distribution Service 3.0

04-05-2013 01:04:04 System Checkpoint

04-05-2013 15:14:31 Software Distribution Service 3.0

05-05-2013 15:58:49 Software Distribution Service 3.0

05-05-2013 18:20:02 Software Distribution Service 3.0

06-05-2013 19:36:16 Software Distribution Service 3.0

08-05-2013 12:40:21 Software Distribution Service 3.0

09-05-2013 12:41:17 Software Distribution Service 3.0

10-05-2013 13:08:20 Software Distribution Service 3.0

11-05-2013 14:40:06 Software Distribution Service 3.0

12-05-2013 16:06:10 System Checkpoint

12-05-2013 18:14:16 Software Distribution Service 3.0

13-05-2013 20:55:10 Software Distribution Service 3.0

14-05-2013 22:17:27 System Checkpoint

15-05-2013 02:13:45 Software Distribution Service 3.0

15-05-2013 13:19:55 Software Distribution Service 3.0

16-05-2013 14:16:59 System Checkpoint

17-05-2013 13:30:18 Software Distribution Service 3.0

17-05-2013 22:31:01 Installed Camtasia Studio 8

17-05-2013 22:56:50 Removed Camtasia Studio 8

17-05-2013 22:59:14 Installed Camtasia Studio 8

18-05-2013 14:10:39 Software Distribution Service 3.0

19-05-2013 14:12:51 System Checkpoint

19-05-2013 18:29:31 Software Distribution Service 3.0

22-05-2013 13:24:06 Software Distribution Service 3.0

23-05-2013 18:55:24 System Checkpoint

24-05-2013 13:14:09 Software Distribution Service 3.0

25-05-2013 16:38:48 Software Distribution Service 3.0

25-05-2013 17:01:31 Software Distribution Service 3.0

25-05-2013 17:41:11 Software Distribution Service 3.0

26-05-2013 17:56:47 Software Distribution Service 3.0

27-05-2013 21:32:35 System Checkpoint

28-05-2013 12:27:24 Software Distribution Service 3.0

29-05-2013 13:36:21 Software Distribution Service 3.0

30-05-2013 14:56:29 System Checkpoint

31-05-2013 12:46:31 Software Distribution Service 3.0

01-06-2013 13:51:13 System Checkpoint

02-06-2013 12:22:19 Software Distribution Service 3.0

02-06-2013 13:13:09 Installed Java 7 Update 9

==================== Hosts content: ==========================

127.0.0.1 localhost

127.0.0.1 learnphp.localhost

127.0.0.1 zastey.localhost

127.0.0.1 localhost

127.0.0.1 localhost

127.0.0.1 localhost

127.0.0.1 learnphp.localhost

127.0.0.1 zastey.localhost

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:

==================

Error: (06/01/2013 07:53:06 AM) (Source: Windows Search Service) (User: )

Description: The application cannot be initialized.

Context: Windows Application

Details:

The registry value cannot be read because the configuration is invalid. Recreate the content index configuration by removing the content index. (0x80040d03)

Error: (06/01/2013 07:53:06 AM) (Source: Windows Search Service) (User: )

Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:

The registry value cannot be read because the configuration is invalid. Recreate the content index configuration by removing the content index. (0x80040d03)

Error: (06/01/2013 07:50:49 AM) (Source: Windows Search Service) (User: )

Description: The gatherer is unable to read the registry DocIdMapFile.

Context: Application, SystemIndex Catalog

Details:

The system cannot find the file specified. (0x80070002)

Error: (05/31/2013 08:06:52 PM) (Source: Windows Search Service) (User: )

Description: The entry <C:\DOCUMENTS AND SETTINGS\OWNER\DESKTOP\SITES 5-30-13\SITES\ALL\LIBRARIES\TINYMCE\JSCRIPTS\TINY_MCE\PLUGINS\ADVHR\EDITOR_PLUGIN_SRC.JS> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:

A device attached to the system is not functioning. (0x8007001f)

Error: (05/31/2013 08:06:52 PM) (Source: Windows Search Service) (User: )

Description: The entry <C:\DOCUMENTS AND SETTINGS\OWNER\DESKTOP\SITES 5-30-13\SITES\ALL\LIBRARIES\TINYMCE\JSCRIPTS\TINY_MCE\PLUGINS\ADVHR\RULE.HTM> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:

A device attached to the system is not functioning. (0x8007001f)

Error: (05/31/2013 08:06:52 PM) (Source: Windows Search Service) (User: )

Description: The entry <C:\DOCUMENTS AND SETTINGS\OWNER\DESKTOP\SITES 5-30-13\SITES\ALL\LIBRARIES\TINYMCE\JSCRIPTS\TINY_MCE\LANGS\EN.JS> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:

A device attached to the system is not functioning. (0x8007001f)

Error: (05/31/2013 08:06:51 PM) (Source: Windows Search Service) (User: )

Description: The entry <C:\DOCUMENTS AND SETTINGS\OWNER\DESKTOP\SITES 5-30-13\SITES\ALL\LIBRARIES\TINYMCE\JSCRIPTS\TINY_MCE\LICENSE.TXT> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:

A device attached to the system is not functioning. (0x8007001f)

Error: (05/31/2013 08:06:51 PM) (Source: Windows Search Service) (User: )

Description: The entry <C:\DOCUMENTS AND SETTINGS\OWNER\DESKTOP\SITES 5-30-13\SITES\ALL\LIBRARIES\TINYMCE\JSCRIPTS\TINY_MCE\TINY_MCE.JS> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:

A device attached to the system is not functioning. (0x8007001f)

Error: (05/31/2013 08:06:51 PM) (Source: Windows Search Service) (User: )

Description: The entry <C:\DOCUMENTS AND SETTINGS\OWNER\DESKTOP\SITES 5-30-13\SITES\ALL\LIBRARIES\TINYMCE\JSCRIPTS\TINY_MCE\TINY_MCE_POPUP.JS> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:

A device attached to the system is not functioning. (0x8007001f)

Error: (05/31/2013 08:06:51 PM) (Source: Windows Search Service) (User: )

Description: The entry <C:\DOCUMENTS AND SETTINGS\OWNER\DESKTOP\SITES 5-30-13\SITES\ALL\LIBRARIES\TINYMCE\JSCRIPTS\TINY_MCE\TINY_MCE_SRC.JS> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:

A device attached to the system is not functioning. (0x8007001f)

System errors:

=============

Error: (06/03/2013 07:25:39 AM) (Source: DCOM) (User: NT AUTHORITY)

Description: DCOM got error "%%1058" attempting to start the service SENS with arguments ""

in order to run the server:

{D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}

Error: (06/03/2013 07:25:39 AM) (Source: DCOM) (User: NT AUTHORITY)

Description: DCOM got error "%%1058" attempting to start the service SENS with arguments ""

in order to run the server:

{D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}

Error: (06/03/2013 07:25:39 AM) (Source: DCOM) (User: NT AUTHORITY)

Description: DCOM got error "%%1058" attempting to start the service SENS with arguments ""

in order to run the server:

{D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}

Error: (06/03/2013 07:25:39 AM) (Source: DCOM) (User: NT AUTHORITY)

Description: DCOM got error "%%1058" attempting to start the service SENS with arguments ""

in order to run the server:

{D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}

Error: (06/03/2013 07:25:39 AM) (Source: DCOM) (User: NT AUTHORITY)

Description: DCOM got error "%%1058" attempting to start the service SENS with arguments ""

in order to run the server:

{D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}

Error: (06/03/2013 07:25:39 AM) (Source: DCOM) (User: NT AUTHORITY)

Description: DCOM got error "%%1058" attempting to start the service SENS with arguments ""

in order to run the server:

{D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}

Error: (06/03/2013 07:25:39 AM) (Source: DCOM) (User: NT AUTHORITY)

Description: DCOM got error "%%1058" attempting to start the service SENS with arguments ""

in order to run the server:

{D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}

Error: (06/03/2013 07:25:39 AM) (Source: DCOM) (User: NT AUTHORITY)

Description: DCOM got error "%%1058" attempting to start the service SENS with arguments ""

in order to run the server:

{D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}

Error: (06/03/2013 07:25:34 AM) (Source: Service Control Manager) (User: )

Description: The SSPORT service failed to start due to the following error:

%%2

Error: (06/03/2013 07:25:34 AM) (Source: Service Control Manager) (User: )

Description: The SC1BLPT service failed to start due to the following error:

%%2

Microsoft Office Sessions:

=========================

==================== Memory info ===========================

Percentage of memory in use: 29%

Total physical RAM: 3574.07 MB

Available physical RAM: 2523.8 MB

Total Pagefile: 5456.49 MB

Available Pagefile: 4501.31 MB

Total Virtual: 2047.88 MB

Available Virtual: 1951.46 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.51 GB) (Free:862.31 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (MBR Code: Windows XP) (Size: 932 GB) (Disk ID: 299CAC81)

Partition 1: (Active) - (Size=932 GB) - (Type=07 NTFS)

==================== End Of Log ============================

[MrCharlie]

Was there any sort of log created by Kaspersky??

------------------------

Download the attached fixlist.txt to the same folder as FRST.

Run FRST and click Fix only once and wait

The tool will create a log (Fixlog.txt) please post it to your reply.

Then..........

Download Malwarebytes Anti-Rootkit from HERE

• Unzip the contents to a folder in a convenient location.
  
• Open the folder where the contents were unzipped and run mbar.exe
  
• Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  
• Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  
• Wait while the system shuts down and the cleanup process is performed.
  
• Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  
• When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt
  

To attach a log if needed:

Bottom right corner of this page.

New window that comes up.

~~~~~~~~~~~~~~~~~~~~~~~

Note:

If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:

Internet access

Windows Update

Windows Firewall

If there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit and reboot. It's located in the Plugins folder which is in the MBAR folder.

Just run fixdamage.exe.

Verify that your system is now functioning normally.

MrC

[Triumphent]

Here is the Fixlog.txt file.

Re: Kaspersky log, I didn't see one. Will look.

Fixlog.txt

[MrCharlie]

OK.....next:

Download Malwarebytes Anti-Rootkit from HERE

• Unzip the contents to a folder in a convenient location.
  
• Open the folder where the contents were unzipped and run mbar.exe
  
• Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  
• Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  
• Wait while the system shuts down and the cleanup process is performed.
  
• Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  
• When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt
  

To attach a log if needed:

Bottom right corner of this page.

New window that comes up.

~~~~~~~~~~~~~~~~~~~~~~~

Note:

If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:

Internet access

Windows Update

Windows Firewall

If there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit and reboot. It's located in the Plugins folder which is in the MBAR folder.

Just run fixdamage.exe.

Verify that your system is now functioning normally.

MrC

[Triumphent]

Here are the mbar log files.

The system apears to be functioning normally.

Question:

Can it be assumed that the drive is now "as new" or will it always be a drive to keep a close eye on?

If so, would an image backup of the existing drive installed on a newly purchased drive remove the susceptibility of easy infection caused by a "weakened" drive?

system-log.txt

mbar-log-2013-06-03 (12-46-16).txt

mbar-log-2013-06-03 (13-27-20).txt

[MrCharlie]

OK......

Please read the following information first.

You're infected with Rootkit.ZeroAccess, a BackDoor Trojan also.

BACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

http://www.dslreports.com/faq/10451

When Should I Format, How Should I Reinstall

http://www.dslreports.com/faq/10063

I will try my best to clean this machine but I can't guarantee that it will be 100% secure afterwards.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Can it be assumed that the drive is now "as new" or will it always be a drive to keep a close eye on?

No, you have to keep an eye on your sensitive accounts and I would suggest you change all your passwords on said accounts.

If so, would an image backup of the existing drive installed on a newly purchased drive remove the susceptibility of easy infection caused by a "weakened" drive?

I would say so.

Let me know....MrC

[AdvancedSetup]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!