MikeInFla Posted July 28, 2013 ID:708232 Share Posted July 28, 2013 The program hangs up at one second and just sits there. Does not run in safe mode either. Chameleon also does not run. Have tried ComboFix, TDSSKiller, SpyBot, SuperAnti Spyware, etc. Nothing seems to help. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 28, 2013 Root Admin ID:708233 Share Posted July 28, 2013 Hi Mike,Okay please click on START and type in MSCONFIG and set it to a Diagnostic Startup and then reboot the computerThen try to run MBAM and let me know.If it still does not run the please run the following scanner and post back the log.Please download RogueKiller and save it to your desktop.You can check here if you're not sure if your computer is 32-bit or 64-bitRogueKiller 32-bit | RogueKiller 64-bitQuit all running programs.For Windows XP, double-click to start.For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.Read and accept the EULA (End User Licene Agreement)Click Scan to scan the system.When the scan completes Close the program > Don't Fix anything!Don't run any other options, they're not all bad!!Post back the report which should be located on your desktop. Link to post Share on other sites More sharing options...
MikeInFla Posted July 28, 2013 Author ID:708240 Share Posted July 28, 2013 Did not run when changing MSCONFIG. Here is the RKiller log RogueKiller V8.6.3 [Jul 17 2013] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://www.adlice.com/forum/Website : http://www.adlice.com/softwares/roguekiller/Blog : http://tigzyrk.blogspot.com/ Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits versionStarted in : Normal modeUser : Mike [Admin rights]Mode : Scan -- Date : 07/28/2013 18:41:22| ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 7 ¤¤¤[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND[HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ ¤¤¤ External Hives: ¤¤¤-> D:\windows\system32\config\SYSTEM x:\Windows\system32 -> D:\windows\system32\config\SOFTWARE x:\Windows\system32 -> D:\windows\system32\config\SECURITY x:\Windows\system32 -> D:\windows\system32\config\SAM x:\Windows\system32 -> D:\windows\system32\config\DEFAULT x:\Windows\system32 -> D:\Users\Default\NTUSER.DAT x:\Windows\system32 ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤--> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD3200AAKS-75B3A0 ATA Device +++++--- User ---[MBR] 35cfb1979106781af36ca07e593ef2b7[bSP] 389b93f2421e68d4604b664e537f8b21 : Windows Vista MBR CodePartition table:0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15000 Mo2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 30801920 | Size: 290204 MoUser = LL1 ... OK!User = LL2 ... OK! +++++ PhysicalDrive1: WDC WD3200AAKS-75B3A0 ATA Device +++++--- User ---[MBR] e25890f977ff9b55d431c2d503f7091a[bSP] 80800248c3ad43dc24815dfff0d27317 : Windows XP MBR CodePartition table:0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476269 MoUser = LL1 ... OK!Error reading LL2 MBR! Finished : << RKreport[0]_S_07282013_184122.txt >> Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 29, 2013 Root Admin ID:708318 Share Posted July 29, 2013 Let me check on this and get back to you. Link to post Share on other sites More sharing options...
MikeInFla Posted July 30, 2013 Author ID:708820 Share Posted July 30, 2013 Any ideas? I'm still stuck at 1 second on MB. Thanks Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 31, 2013 Root Admin ID:709054 Share Posted July 31, 2013 Have you used the Microsoft Process Monitor tool before? Please review the video from this posthttp://forums.malwarebytes.org/index.php?showtopic=124715 Then download the tool and run it (don't filter it for now though) and then immediately run MBAM and then stop the Process Monitor and save the log and then zip it and post it back for me please. If you have questions let me know. Thanks Link to post Share on other sites More sharing options...
MikeInFla Posted July 31, 2013 Author ID:709091 Share Posted July 31, 2013 Thanks, I hope I did it right. I ran the Process Monitor and quickly ran MB (which did not run). Then I stopped the Process Monitor and thought I saved the log but since I did not "filter" anything the file is too large to attach to this message and I cant seem to copy and paste. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 31, 2013 Root Admin ID:709093 Share Posted July 31, 2013 No, you need to zip up the file and then see if you can attach it or use a site like RapidShare to host it. Link to post Share on other sites More sharing options...
MikeInFla Posted July 31, 2013 Author ID:709098 Share Posted July 31, 2013 Hmmmm Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 31, 2013 Root Admin ID:709099 Share Posted July 31, 2013 No, I need the log file zipped up please. An image is not going to show the thousands of lines of entries Link to post Share on other sites More sharing options...
MikeInFla Posted July 31, 2013 Author ID:709103 Share Posted July 31, 2013 OK, did not see your post. I will do that screen capture left too much out. Will post the logfile. I posted it on Mega https://mega.co.nz/#!xJxDmSSJ!JvsvdWpUyPMNR4Mc8jASxw8wedNbPeXgezauZsJJfqo Link to post Share on other sites More sharing options...
MikeInFla Posted July 31, 2013 Author ID:709104 Share Posted July 31, 2013 http://Logfile.PML (54.8 MB) https://mega.co.nz/#!xJxDmSSJ!JvsvdWpUyPMNR4Mc8jASxw8wedNbPeXgezauZsJJfqo Link to post Share on other sites More sharing options...
MikeInFla Posted July 31, 2013 Author ID:709105 Share Posted July 31, 2013 http://www.mediafire.com/?v1wbdcraecddgbz try that one, ignore the other 2 Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 31, 2013 Root Admin ID:709108 Share Posted July 31, 2013 Please download Gmer from here by clicking on the "Download EXE" Button.Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.In the right panel, you will see several boxes that have been checked. Uncheck the following ...SectionsIAT/EATShow All ( should be unchecked by default )Leave everything else as it is.Close all other running programs as well as your Browser.Click the Scan button & wait for it to finish.Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.Save it where you can easily find it, such as your desktop.Please post the content of the ark.txt here.**Caution**Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries Link to post Share on other sites More sharing options...
MikeInFla Posted July 31, 2013 Author ID:709169 Share Posted July 31, 2013 I tried 3 times. First 2 times it crashed. Third time it ran around 15 minutes then quit when it said "Please insert disc in drive" I had no idea what it meant. Below is all I was able to see. Getting ready for work now, will be home after a 12 hour shift and we can try it again. GMER 2.1.19163 - http://www.gmer.netRootkit scan 2013-07-31 05:56:31Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD3200AAKS-75B3A0 rev.01.03A01 298.09GBRunning: jpdw7008.exe; Driver: C:\Users\Mike\AppData\Local\Temp\kxldypod.sys ---- System - GMER 2.1 ---- SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwAssignProcessToJobObject [0x9144BFC0]SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwCreateFile [0x9144CA56]SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwDeleteFile [0x9144CBD4]SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwDeleteKey [0x9145027C]SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwDeleteValueKey [0x914502AE]SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwLoadKey [0x91450410]SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwOpenFile [0x9144CB2C]SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwOpenProcess [0x9144C104]SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwOpenThread [0x9144C2F6]SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwProtectVirtualMemory [0x9144C428]SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwQueryValueKey [0x91450386]SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwRenameKey [0x914502F0]SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwReplaceKey [0x91450322]SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwRestoreKey [0x91450354]SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSetContextThread [0x9144BF66]SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSetInformationFile [0x9144CC40]SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSetValueKey [0x91450214]SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSuspendThread [0x9144BF02]SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwTerminateProcess [0x9144BE56]SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwTerminateThread [0x9144BE9E]SSDT \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\29574\RapportCerberus32_29574.sys ZwCreateThreadEx [0x90C48190] ---- Devices - GMER 2.1 ---- AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted August 1, 2013 Root Admin ID:709443 Share Posted August 1, 2013 Okay, let's try the following. Please download ListParts and run it with Admin rights and post back the log. Link to post Share on other sites More sharing options...
MikeInFla Posted August 1, 2013 Author ID:709570 Share Posted August 1, 2013 ListParts by Farbar Version: 10-05-2013Ran by Mike (administrator) on 01-08-2013 at 05:17:51Windows Vista (X86)Running From: C:\Users\Mike\DesktopLanguage: 0409************************************************************ ========================= Memory info ====================== Percentage of memory in use: 69%Total physical RAM: 2036.45 MBAvailable physical RAM: 612.33 MBTotal Pagefile: 4316.07 MBAvailable Pagefile: 2560.62 MBTotal Virtual: 2047.88 MBAvailable Virtual: 1959.73 MB ======================= Partitions ========================= 1 Drive c: (OS) (Fixed) (Total:283.4 GB) (Free:185.21 GB) NTFS ==>[Drive with boot components (obtained from BCD)]2 Drive d: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:9.75 GB) NTFS4 Drive f: (WD SmartWare) (CDROM) (Total:0.43 GB) (Free:0 GB) UDF9 Drive k: (My Book) (Fixed) (Total:465.11 GB) (Free:273.89 GB) NTFS Disk ### Status Size Free Dyn Gpt -------- ---------- ------- ------- --- --- Disk 0 Online 298 GB 0 B Disk 1 No Media 0 B 0 B Disk 2 No Media 0 B 0 B Disk 3 No Media 0 B 0 B Disk 4 No Media 0 B 0 B Disk 5 Online 465 GB 0 B Partitions of Disk 0:=============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 OEM 39 MB 32 KB Partition 2 Primary 15 GB 40 MB Partition 3 Primary 283 GB 15 GB ====================================================================================================== Disk: 0Partition 1Type : DEHidden: YesActive: No There is no volume associated with this partition. ====================================================================================================== Disk: 0Partition 2Type : 07Hidden: NoActive: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- --------* Volume 2 D RECOVERY NTFS Partition 15 GB Healthy ====================================================================================================== Disk: 0Partition 3Type : 07Hidden: NoActive: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- --------* Volume 3 C OS NTFS Partition 283 GB Healthy System (partition with boot components) ====================================================================================================== Partitions of Disk 5:=============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 465 GB 1024 KB ====================================================================================================== Disk: 5Partition 1Type : 07Hidden: NoActive: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- --------* Volume 8 K My Book NTFS Partition 465 GB Healthy ==================================================================================================================================== MBR Partition Table ================== ==============================Partitions of Disk 0:===============Disk ID: 7AC063A6Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)Partition 2: (Not Active) - (Size=15 GB) - (Type=07 NTFS)Partition 3: (Active) - (Size=283 GB) - (Type=07 NTFS) ==============================Partitions of Disk 5:===============Disk ID: 000487A0Partition 1: (Not Active) - (Size=465 GB) - (Type=07 NTFS) ****** End Of Log ****** Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted August 1, 2013 Root Admin ID:709572 Share Posted August 1, 2013 Let's try running FRST from the Windows Recovery EnvironmentPlease download Farbar Recovery Scan Tool and save it to a flash drive.Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.Plug the flashdrive into the infected PC. If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.If you are using Vista or Windows 7 enter System Recovery Options.To enter System Recovery Options from the Advanced Boot Options:Note: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used.To make a repair disk on Windows 7 consult: http://www.sevenforums.com/tutorials/2083-system-repair-disc-create.htmlTo enter System Recovery Options by using Windows installation disc:Restart the computer.As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.Use the arrow keys to select the Repair your computer menu item.Select US as the keyboard language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account an click Next.Insert the installation disc.Restart your computer.If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.Click Repair your computer.Select US as the keyboard language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account and click Next.On the System Recovery Options menu you will get the following options:Startup RepairSystem RestoreWindows Complete PC RestoreWindows Memory Diagnostic ToolCommand PromptSelect Command Prompt Once in the Command Prompt:In the command window type in notepad and press Enter.The notepad opens. Under File menu select Open.Select "Computer" and find your flash drive letter and close the notepad.In the command window type e:\frst (for x64 bit version type e:\frst64) and press EnterNote: Replace letter e with the drive letter of your flash drive.The tool will start to run.When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply. Link to post Share on other sites More sharing options...
MikeInFla Posted August 1, 2013 Author ID:709907 Share Posted August 1, 2013 Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-08-2013 01Ran by SYSTEM on 01-08-2013 18:36:50Running from G:\Windows Vista Home Premium Service Pack 1 (X86) OS Language: English(US)Internet Explorer Version 9Boot Mode: Recovery The current controlset is ControlSet001ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and Addition.txt log. ==================== Registry (Whitelisted) ================== HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [947152 2013-01-27] (Microsoft Corporation)HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)HKLM\...\Run: [dellsupportcenter] - C:\Program Files\Dell Support Center\bin\sprtcmd.exe [206064 2009-05-21] (SupportSoft, Inc.)HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)HKU\Mike\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [ 2008-01-20] (Microsoft Corporation)HKU\Mike\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [ 2008-01-20] (Microsoft Corporation)HKU\Mike\...\Policies\system: [LogonHoursAction] 2HKU\Mike\...\Policies\system: [DontDisplayLogonHoursWarnings] 1HKU\Rhonda\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [ 2008-01-20] (Microsoft Corporation)HKU\Rhonda\...\Run: [Google Update] - C:\Users\Rhonda\AppData\Local\Google\Update\GoogleUpdate.exe [ 2010-06-17] (Google Inc.)HKU\Rhonda\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [ 2008-01-20] (Microsoft Corporation)HKU\Rhonda\...\Run: [spybotSD TeaTimer] - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [x]HKU\Rhonda\...\Policies\system: [LogonHoursAction] 2HKU\Rhonda\...\Policies\system: [DontDisplayLogonHoursWarnings] 1Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnkShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnkShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)Startup: C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnkShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)Startup: C:\Users\Rhonda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnkShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) ========================== Services (Whitelisted) ================= S2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [119056 2013-05-23] (SUPERAntiSpyware.com)S2 AERTFilters; C:\Windows\system32\AERTSrv.exe [77824 2007-12-05] (Andrea Electronics Corporation)S2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [161048 2008-05-02] (Stardock Corporation)S2 FlipShare Service; C:\Program Files\Flip Video\FlipShare\FlipShareService.exe [460144 2011-05-06] ()S2 FlipShareServer; C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe [1085440 2011-05-06] ()S2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)S2 MMIndexer; C:\Program Files\Common Files\Microsoft Shared\Media Manager\airsvcu.exe [136704 1997-07-14] (Microsoft Corporation)S2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [20456 2013-01-27] (Microsoft Corporation)S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [295232 2013-01-27] (Microsoft Corporation)S2 sprtsvc_dellsupportcenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [201968 2008-08-13] (SupportSoft, Inc.)S2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [110592 2010-01-21] (WDC)S2 WDSmartWareBackgroundService; C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [20480 2009-06-16] (Memeo) ==================== Drivers (Whitelisted) ==================== S3 dvd43llh; C:\Windows\System32\DRIVERS\dvd43llh.sys [18816 2012-07-16] (RIF)S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)S3 MBAMSwissArmy; C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2013-07-30] (Malwarebytes Corporation)S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [195296 2013-01-20] (Microsoft Corporation)S3 pfc; C:\Windows\System32\drivers\pfc.sys [10368 2003-09-19] (Padus, Inc.)S1 RapportCerberus_29574; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\29574\RapportCerberus32_29574.sys [216912 2011-08-07] ()S1 RapportEI; C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys [70416 2011-09-25] (Trusteer Ltd.)S1 RapportPG; C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys [161936 2011-09-25] (Trusteer Ltd.)S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)S3 catchme; \??\C:\Users\Mike\AppData\Local\Temp\catchme.sys [x]S3 IpInIp; system32\DRIVERS\ipinip.sys [x]S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]S3 Profos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-08-01 02:17 - 2013-08-01 02:18 - 00004030 _____ C:\Users\Mike\Desktop\Result.txt2013-08-01 02:16 - 2013-08-01 02:16 - 00360583 _____ (Farbar) C:\Users\Mike\Desktop\ListParts.exe2013-07-31 02:42 - 2013-07-31 02:42 - 00377856 _____ C:\Users\Mike\Downloads\jpdw7008.exe2013-07-30 19:19 - 2013-07-30 19:20 - 01110478 _____ C:\Users\Mike\Desktop\ProcessMonitor.zip2013-07-28 14:17 - 2013-07-30 19:41 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys2013-07-28 14:17 - 2013-07-28 14:17 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Mike\Downloads\mbam-setup-1.75.0.1300 (2).exe2013-07-28 14:17 - 2013-07-28 14:17 - 00000908 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2013-07-28 14:17 - 2013-07-28 14:17 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Malwarebytes2013-07-28 14:17 - 2013-07-28 14:17 - 00000000 ____D C:\ProgramData\Malwarebytes2013-07-28 14:17 - 2013-07-28 14:17 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware2013-07-28 14:17 - 2013-04-04 11:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys2013-07-28 10:02 - 2013-07-28 10:02 - 20874888 _____ (Microsoft Corporation) C:\Users\Mike\Downloads\Windows-KB890830-V5.2 (1).exe2013-07-28 09:59 - 2013-07-28 09:59 - 04411440 _____ (AVG Technologies) C:\Users\Mike\Downloads\avg_avct_stb_all_2013_2667_cm10.exe2013-07-28 09:53 - 2013-07-28 09:53 - 00000000 ____D C:\Users\Mike\Downloads\AboutBuster2013-07-28 09:52 - 2013-07-28 09:52 - 00024435 _____ C:\Users\Mike\Downloads\AboutBuster.zip2013-07-27 17:09 - 2013-07-28 13:55 - 00353352 _____ (Malwarebytes Corporation) C:\Users\Mike\Desktop\mbam-check-2.0.0.1000.exe2013-07-27 04:42 - 2013-07-27 04:43 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Mike\Desktop\mbam-setup-1.75.0.1300 (2).exe2013-07-26 17:14 - 2013-07-26 17:14 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Mike\Downloads\mbam-setup-1.75.0.1300 (1).exe2013-07-26 17:06 - 2013-07-26 17:07 - 00080456 _____ (Malwarebytes Corporation) C:\Users\Mike\Desktop\mbam-clean-1.60.2.0003.exe2013-07-26 16:55 - 2013-07-26 16:55 - 00004511 _____ C:\AdwCleaner[s1].txt2013-07-26 16:54 - 2013-07-26 16:54 - 00004491 _____ C:\AdwCleaner[R2].txt2013-07-26 16:11 - 2013-07-26 16:12 - 00004431 _____ C:\AdwCleaner[R1].txt2013-07-26 16:10 - 2013-07-26 16:11 - 00666633 _____ C:\Users\Mike\Desktop\adwcleaner.exe2013-07-26 15:36 - 2013-07-26 15:36 - 00015982 _____ C:\ComboFix.txt2013-07-26 15:16 - 2009-04-19 20:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe2013-07-26 15:16 - 2000-08-30 16:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe2013-07-26 15:16 - 2000-08-30 16:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe2013-07-26 15:16 - 2000-08-30 16:00 - 00098816 _____ C:\Windows\sed.exe2013-07-26 15:16 - 2000-08-30 16:00 - 00080412 _____ C:\Windows\grep.exe2013-07-26 15:16 - 2000-08-30 16:00 - 00068096 _____ C:\Windows\zip.exe2013-07-26 15:15 - 2013-07-26 15:36 - 00000000 ____D C:\Qoobox2013-07-26 15:15 - 2013-07-26 15:12 - 05093969 ____R (Swearware) C:\Users\Mike\Desktop\ComboFix.exe2013-07-26 15:11 - 2013-07-26 15:12 - 05093969 _____ (Swearware) C:\Users\Mike\Downloads\ComboFix.exe2013-07-26 15:10 - 2013-07-26 15:10 - 00000000 ____D C:\TDSSKiller_Quarantine2013-07-26 07:58 - 2013-07-26 07:59 - 02240864 _____ (Kaspersky Lab ZAO) C:\Users\Mike\Desktop\tdsskiller.exe2013-07-25 17:53 - 2013-07-25 17:53 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)2013-07-25 17:26 - 2013-07-25 17:34 - 00000000 ____D C:\Users\Mike\Desktop\RK_Quarantine2013-07-25 17:22 - 2013-07-25 17:22 - 00915968 _____ C:\Users\Mike\Desktop\RogueKiller.exe2013-07-25 14:20 - 2013-07-25 14:20 - 00760937 _____ (Farbar) C:\Users\Mike\Desktop\MiniToolBox.exe2013-07-25 14:13 - 2013-07-25 14:13 - 00688992 ____R (Swearware) C:\Users\Mike\Desktop\dds.com2013-07-25 14:12 - 2013-07-25 14:12 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Mike\Downloads\mbam-setup-1.75.0.1300.exe2013-07-24 03:58 - 2013-07-24 03:58 - 00001802 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk2013-07-24 03:58 - 2013-07-24 03:58 - 00000000 ____D C:\Users\Mike\AppData\Roaming\SUPERAntiSpyware.com2013-07-24 03:57 - 2013-07-24 03:58 - 00000000 ____D C:\Program Files\SUPERAntiSpyware2013-07-24 03:57 - 2013-07-24 03:57 - 26603280 _____ (SUPERAntiSpyware.com) C:\Users\Mike\Downloads\SUPERAntiSpyware.exe2013-07-24 03:57 - 2013-07-24 03:57 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com2013-07-22 00:13 - 2013-07-22 00:13 - 00000795 _____ C:\Windows\setupact.log2013-07-22 00:13 - 2013-07-22 00:13 - 00000000 _____ C:\Windows\setuperr.log2013-07-21 10:52 - 2010-06-09 16:52 - 00000027 _____ C:\Windows\System32\Drivers\etc\hosts.20130721-135241.backup2013-07-21 10:50 - 2013-07-21 10:50 - 00001000 _____ C:\Windows\wininit.ini2013-07-21 02:57 - 2013-07-27 16:18 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy2013-07-21 02:56 - 2013-07-21 02:56 - 16409960 _____ (Safer Networking Limited ) C:\Users\Rhonda\Desktop\spybotsd162.exe2013-07-19 23:23 - 2013-07-19 23:23 - 00803636 _____ C:\Users\Mike\Downloads\RegpairSetup (1).exe2013-07-19 17:08 - 2013-07-19 17:08 - 20874888 _____ (Microsoft Corporation) C:\Users\Mike\Downloads\Windows-KB890830-V5.2.exe2013-07-19 16:44 - 2013-07-19 16:44 - 01440846 _____ C:\Users\Mike\Downloads\mbam-chameleon-1.62.1.1000.zip2013-07-19 14:46 - 2013-07-19 14:46 - 00000000 ____D C:\Program Files\MP3Gain2013-07-19 14:44 - 2013-07-19 14:45 - 00667344 _____ C:\Users\Mike\Downloads\mp3gain-win-1_2_5.exe2013-07-19 14:37 - 2013-08-01 15:21 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Audacity2013-07-11 14:54 - 2013-07-11 14:54 - 00000000 ____D C:\Users\Rhonda\Documents\My Scans2013-07-07 05:02 - 2013-05-16 15:08 - 12329984 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll2013-07-07 05:02 - 2013-05-16 14:49 - 09738752 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll2013-07-07 05:02 - 2013-05-16 14:39 - 01800704 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll2013-07-07 05:02 - 2013-05-16 14:28 - 01129472 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll2013-07-07 05:02 - 2013-05-16 14:28 - 01104384 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll2013-07-07 05:02 - 2013-05-16 14:27 - 01427968 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl2013-07-07 05:02 - 2013-05-16 14:26 - 00231936 _____ (Microsoft Corporation) C:\Windows\System32\url.dll2013-07-07 05:02 - 2013-05-16 14:23 - 00065024 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll2013-07-07 05:02 - 2013-05-16 14:21 - 00717824 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll2013-07-07 05:02 - 2013-05-16 14:21 - 00142848 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe2013-07-07 05:02 - 2013-05-16 14:20 - 00420864 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll2013-07-07 05:02 - 2013-05-16 14:19 - 00607744 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll2013-07-07 05:02 - 2013-05-16 14:17 - 01796096 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll2013-07-07 05:02 - 2013-05-16 14:17 - 00073216 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll2013-07-07 05:02 - 2013-05-16 14:16 - 02382848 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb2013-07-07 05:02 - 2013-05-16 14:12 - 00176640 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll2013-07-07 04:48 - 2013-05-02 14:03 - 03603832 _____ (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe2013-07-07 04:48 - 2013-05-02 14:03 - 03551096 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe2013-07-07 04:48 - 2013-04-23 20:00 - 00985600 _____ (Microsoft Corporation) C:\Windows\System32\crypt32.dll2013-07-07 04:48 - 2013-04-23 20:00 - 00133120 _____ (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll2013-07-07 04:48 - 2013-04-23 20:00 - 00098304 _____ (Microsoft Corporation) C:\Windows\System32\cryptnet.dll2013-07-07 04:48 - 2013-04-23 20:00 - 00041984 _____ (Microsoft Corporation) C:\Windows\System32\certenc.dll2013-07-07 04:48 - 2013-04-23 17:46 - 00812544 _____ (Microsoft Corporation) C:\Windows\System32\certutil.exe2013-07-07 04:48 - 2013-03-08 19:45 - 00049152 _____ (Microsoft Corporation) C:\Windows\System32\csrsrv.dll2013-07-07 04:48 - 2013-03-08 17:28 - 00064000 _____ (Microsoft Corporation) C:\Windows\System32\smss.exe2013-07-07 04:47 - 2013-05-07 19:40 - 00914792 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys2013-07-07 04:47 - 2013-05-07 17:58 - 00031232 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpipreg.sys2013-07-07 04:47 - 2013-05-01 20:04 - 00443904 _____ (Microsoft Corporation) C:\Windows\System32\win32spl.dll2013-07-07 04:47 - 2013-05-01 20:03 - 00037376 _____ (Microsoft Corporation) C:\Windows\System32\printcom.dll2013-07-07 04:47 - 2013-04-15 06:20 - 00638328 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys2013-07-07 04:47 - 2013-04-13 02:56 - 00037376 _____ (Microsoft Corporation) C:\Windows\System32\cdd.dll2013-07-07 04:47 - 2013-04-08 17:36 - 02049024 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys2013-07-07 04:47 - 2013-03-03 11:07 - 01082232 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys2013-07-07 04:45 - 2013-03-07 19:53 - 00376320 _____ (Microsoft Corporation) C:\Windows\System32\winsrv.dll2013-07-06 13:06 - 2013-07-11 10:07 - 00000000 ____D C:\Users\Rhonda\AppData\Roaming\Audacity2013-07-06 13:04 - 2013-07-06 13:04 - 00000806 _____ C:\Users\Rhonda\Desktop\Audacity.lnk2013-07-05 06:46 - 2013-03-07 19:52 - 02067968 _____ (Microsoft Corporation) C:\Windows\System32\mstscax.dll2013-07-05 06:45 - 2013-04-17 04:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll2013-07-05 06:44 - 2013-02-11 17:57 - 00015872 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usb8023.sys2013-07-05 06:10 - 2013-07-04 09:28 - 00263592 _____ (Oracle Corporation) C:\Windows\System32\javaws.exe2013-07-05 06:10 - 2013-07-04 09:28 - 00175016 _____ (Oracle Corporation) C:\Windows\System32\javaw.exe2013-07-05 06:10 - 2013-07-04 09:28 - 00175016 _____ (Oracle Corporation) C:\Windows\System32\java.exe2013-07-04 09:29 - 2013-07-04 09:28 - 00094632 _____ (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll117 ==================== One Month Modified Files and Folders ======= 2013-08-01 15:32 - 2012-09-28 14:43 - 01632693 _____ C:\Windows\WindowsUpdate.log2013-08-01 15:32 - 2006-11-02 04:47 - 00003616 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A02013-08-01 15:32 - 2006-11-02 04:47 - 00003616 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A02013-08-01 15:31 - 2006-11-02 02:33 - 00703388 _____ C:\Windows\System32\PerfStringBackup.INI2013-08-01 15:21 - 2013-07-19 14:37 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Audacity2013-08-01 14:42 - 2009-05-25 04:57 - 00000000 ____H C:\Windows\cmsstorage.lst2013-08-01 14:42 - 2009-05-25 04:57 - 00000000 ____H C:\cmsstorage.lst2013-08-01 13:43 - 2008-11-15 19:56 - 00013874 _____ C:\Users\Rhonda\AppData\Roaming\wklnhst.dat2013-08-01 13:06 - 2010-09-07 06:28 - 00002049 _____ C:\Users\Rhonda\Desktop\Google Chrome.lnk2013-08-01 02:18 - 2013-08-01 02:17 - 00004030 _____ C:\Users\Mike\Desktop\Result.txt2013-08-01 02:16 - 2013-08-01 02:16 - 00360583 _____ (Farbar) C:\Users\Mike\Desktop\ListParts.exe2013-07-31 02:42 - 2013-07-31 02:42 - 00377856 _____ C:\Users\Mike\Downloads\jpdw7008.exe2013-07-30 19:41 - 2013-07-28 14:17 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys2013-07-30 19:20 - 2013-07-30 19:19 - 01110478 _____ C:\Users\Mike\Desktop\ProcessMonitor.zip2013-07-28 15:29 - 2011-05-16 07:32 - 00000000 ____D C:\Windows\pss2013-07-28 14:17 - 2013-07-28 14:17 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Mike\Downloads\mbam-setup-1.75.0.1300 (2).exe2013-07-28 14:17 - 2013-07-28 14:17 - 00000908 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2013-07-28 14:17 - 2013-07-28 14:17 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Malwarebytes2013-07-28 14:17 - 2013-07-28 14:17 - 00000000 ____D C:\ProgramData\Malwarebytes2013-07-28 14:17 - 2013-07-28 14:17 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware2013-07-28 13:55 - 2013-07-27 17:09 - 00353352 _____ (Malwarebytes Corporation) C:\Users\Mike\Desktop\mbam-check-2.0.0.1000.exe2013-07-28 13:52 - 2012-10-01 08:58 - 00103772 _____ C:\Windows\PFRO.log2013-07-28 10:02 - 2013-07-28 10:02 - 20874888 _____ (Microsoft Corporation) C:\Users\Mike\Downloads\Windows-KB890830-V5.2 (1).exe2013-07-28 09:59 - 2013-07-28 09:59 - 04411440 _____ (AVG Technologies) C:\Users\Mike\Downloads\avg_avct_stb_all_2013_2667_cm10.exe2013-07-28 09:53 - 2013-07-28 09:53 - 00000000 ____D C:\Users\Mike\Downloads\AboutBuster2013-07-28 09:52 - 2013-07-28 09:52 - 00024435 _____ C:\Users\Mike\Downloads\AboutBuster.zip2013-07-27 16:30 - 2008-11-17 08:29 - 00000000 ____D C:\ProgramData\Roxio2013-07-27 16:18 - 2013-07-21 02:57 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy2013-07-27 16:17 - 2010-05-07 09:42 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy2013-07-27 14:48 - 2008-11-15 18:40 - 00241664 _____ C:\Users\Mike\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini2013-07-27 13:30 - 2008-11-11 11:52 - 00002473 _____ C:\Users\Mike\Desktop\Microsoft Works Word Processor.lnk2013-07-27 04:43 - 2013-07-27 04:42 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Mike\Desktop\mbam-setup-1.75.0.1300 (2).exe2013-07-26 17:14 - 2013-07-26 17:14 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Mike\Downloads\mbam-setup-1.75.0.1300 (1).exe2013-07-26 17:07 - 2013-07-26 17:06 - 00080456 _____ (Malwarebytes Corporation) C:\Users\Mike\Desktop\mbam-clean-1.60.2.0003.exe2013-07-26 16:55 - 2013-07-26 16:55 - 00004511 _____ C:\AdwCleaner[s1].txt2013-07-26 16:55 - 2010-12-29 13:53 - 00000000 ____D C:\Program Files\Common Files\DVDVideoSoft2013-07-26 16:54 - 2013-07-26 16:54 - 00004491 _____ C:\AdwCleaner[R2].txt2013-07-26 16:12 - 2013-07-26 16:11 - 00004431 _____ C:\AdwCleaner[R1].txt2013-07-26 16:11 - 2013-07-26 16:10 - 00666633 _____ C:\Users\Mike\Desktop\adwcleaner.exe2013-07-26 15:36 - 2013-07-26 15:36 - 00015982 _____ C:\ComboFix.txt2013-07-26 15:36 - 2013-07-26 15:15 - 00000000 ____D C:\Qoobox2013-07-26 15:32 - 2006-11-02 02:23 - 00000260 _____ C:\Windows\system.ini2013-07-26 15:12 - 2013-07-26 15:15 - 05093969 ____R (Swearware) C:\Users\Mike\Desktop\ComboFix.exe2013-07-26 15:12 - 2013-07-26 15:11 - 05093969 _____ (Swearware) C:\Users\Mike\Downloads\ComboFix.exe2013-07-26 15:10 - 2013-07-26 15:10 - 00000000 ____D C:\TDSSKiller_Quarantine2013-07-26 07:59 - 2013-07-26 07:58 - 02240864 _____ (Kaspersky Lab ZAO) C:\Users\Mike\Desktop\tdsskiller.exe2013-07-26 07:56 - 2008-11-15 17:47 - 00008486 _____ C:\Users\Mike\AppData\Roaming\wklnhst.dat2013-07-25 17:53 - 2013-07-25 17:53 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)2013-07-25 17:34 - 2013-07-25 17:26 - 00000000 ____D C:\Users\Mike\Desktop\RK_Quarantine2013-07-25 17:22 - 2013-07-25 17:22 - 00915968 _____ C:\Users\Mike\Desktop\RogueKiller.exe2013-07-25 14:20 - 2013-07-25 14:20 - 00760937 _____ (Farbar) C:\Users\Mike\Desktop\MiniToolBox.exe2013-07-25 14:13 - 2013-07-25 14:13 - 00688992 ____R (Swearware) C:\Users\Mike\Desktop\dds.com2013-07-25 14:12 - 2013-07-25 14:12 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Mike\Downloads\mbam-setup-1.75.0.1300.exe2013-07-24 12:36 - 2008-11-11 11:49 - 00000000 ____D C:\Program Files\Google2013-07-24 03:58 - 2013-07-24 03:58 - 00001802 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk2013-07-24 03:58 - 2013-07-24 03:58 - 00000000 ____D C:\Users\Mike\AppData\Roaming\SUPERAntiSpyware.com2013-07-24 03:58 - 2013-07-24 03:57 - 00000000 ____D C:\Program Files\SUPERAntiSpyware2013-07-24 03:57 - 2013-07-24 03:57 - 26603280 _____ (SUPERAntiSpyware.com) C:\Users\Mike\Downloads\SUPERAntiSpyware.exe2013-07-24 03:57 - 2013-07-24 03:57 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com2013-07-22 00:13 - 2013-07-22 00:13 - 00000795 _____ C:\Windows\setupact.log2013-07-22 00:13 - 2013-07-22 00:13 - 00000000 _____ C:\Windows\setuperr.log2013-07-21 13:27 - 2010-01-26 04:56 - 00000000 ____D C:\Windows\Minidump2013-07-21 10:50 - 2013-07-21 10:50 - 00001000 _____ C:\Windows\wininit.ini2013-07-21 02:56 - 2013-07-21 02:56 - 16409960 _____ (Safer Networking Limited ) C:\Users\Rhonda\Desktop\spybotsd162.exe2013-07-19 23:23 - 2013-07-19 23:23 - 00803636 _____ C:\Users\Mike\Downloads\RegpairSetup (1).exe2013-07-19 23:23 - 2012-02-23 16:20 - 00000842 _____ C:\Users\Rhonda\Desktop\Free Window Registry Repair.lnk2013-07-19 23:23 - 2012-02-23 16:20 - 00000842 _____ C:\Users\Mike\Desktop\Free Window Registry Repair.lnk2013-07-19 23:23 - 2012-02-23 16:20 - 00000000 ____D C:\Program Files\Free Window Registry Repair2013-07-19 17:08 - 2013-07-19 17:08 - 20874888 _____ (Microsoft Corporation) C:\Users\Mike\Downloads\Windows-KB890830-V5.2.exe2013-07-19 16:44 - 2013-07-19 16:44 - 01440846 _____ C:\Users\Mike\Downloads\mbam-chameleon-1.62.1.1000.zip2013-07-19 15:17 - 2010-06-26 17:27 - 00000000 ____D C:\Program Files\SpywareBlaster2013-07-19 14:46 - 2013-07-19 14:46 - 00000000 ____D C:\Program Files\MP3Gain2013-07-19 14:45 - 2013-07-19 14:44 - 00667344 _____ C:\Users\Mike\Downloads\mp3gain-win-1_2_5.exe2013-07-19 14:41 - 2011-02-18 12:22 - 00000000 ____D C:\Program Files\Lame For Audacity2013-07-12 20:40 - 2010-08-14 17:12 - 00002039 _____ C:\Users\Mike\Desktop\Google Chrome.lnk2013-07-11 14:54 - 2013-07-11 14:54 - 00000000 ____D C:\Users\Rhonda\Documents\My Scans2013-07-11 10:07 - 2013-07-06 13:06 - 00000000 ____D C:\Users\Rhonda\AppData\Roaming\Audacity2013-07-07 05:59 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\rescache2013-07-07 05:58 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\Microsoft.NET2013-07-07 05:43 - 2006-11-02 04:47 - 00348624 _____ C:\Windows\System32\FNTCACHE.DAT2013-07-07 04:57 - 2012-10-01 13:35 - 00001945 _____ C:\Windows\epplauncher.mif2013-07-07 04:57 - 2012-10-01 13:34 - 00000000 ____D C:\Program Files\Microsoft Security Client2013-07-06 13:04 - 2013-07-06 13:04 - 00000806 _____ C:\Users\Rhonda\Desktop\Audacity.lnk2013-07-06 13:04 - 2011-02-18 12:07 - 00000000 ____D C:\Program Files\Audacity2013-07-05 06:53 - 2010-10-19 14:07 - 00000000 ____D C:\Program Files\Microsoft Silverlight2013-07-05 05:56 - 2008-11-11 11:47 - 00000000 ____D C:\Program Files\Java2013-07-05 05:56 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\spool2013-07-05 05:56 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\Msdtc2013-07-05 05:56 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\registration2013-07-05 04:30 - 2010-01-26 14:03 - 00001356 _____ C:\Users\Mike\AppData\Local\d3d9caps.dat2013-07-04 09:28 - 2013-07-05 06:10 - 00263592 _____ (Oracle Corporation) C:\Windows\System32\javaws.exe2013-07-04 09:28 - 2013-07-05 06:10 - 00175016 _____ (Oracle Corporation) C:\Windows\System32\javaw.exe2013-07-04 09:28 - 2013-07-05 06:10 - 00175016 _____ (Oracle Corporation) C:\Windows\System32\java.exe2013-07-04 09:28 - 2013-07-04 09:29 - 00094632 _____ (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll2013-07-04 09:28 - 2013-06-12 05:05 - 00867240 _____ (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll2013-07-04 09:28 - 2010-06-15 07:41 - 00789416 _____ (Oracle Corporation) C:\Windows\System32\deployJava1.dll ==================== Known DLLs (Whitelisted) ============ ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legitC:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OKHKLM\...\exefile\DefaultIcon: %1 => OKHKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2013-07-04 09:27:51Restore point made on: 2013-07-05 06:09:56Restore point made on: 2013-07-05 06:13:18Restore point made on: 2013-07-05 06:46:00Restore point made on: 2013-07-07 04:49:07Restore point made on: 2013-07-11 04:21:14Restore point made on: 2013-07-14 09:55:33Restore point made on: 2013-07-18 06:10:40Restore point made on: 2013-07-22 00:21:38Restore point made on: 2013-07-25 14:25:29Restore point made on: 2013-07-30 02:49:47 ==================== Memory info =========================== Percentage of memory in use: 15%Total physical RAM: 2036.45 MBAvailable physical RAM: 1721.32 MBTotal Pagefile: 1970.08 MBAvailable Pagefile: 1839.54 MBTotal Virtual: 2047.88 MBAvailable Virtual: 1964.27 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:283.4 GB) (Free:185.1 GB) NTFS ==>[Drive with boot components (obtained from BCD)]Drive d: (My Book) (Fixed) (Total:465.11 GB) (Free:273.62 GB) NTFSDrive f: (WD SmartWare) (CDROM) (Total:0.43 GB) (Free:0 GB) UDFDrive g: () (Removable) (Total:3.72 GB) (Free:3.08 GB) FAT32Drive x: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:9.75 GB) NTFS ==================== MBR & Partition Table ================== ========================================================Disk: 0 (Size: 298 GB) (Disk ID: 7AC063A6)Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)Partition 2: (Not Active) - (Size=15 GB) - (Type=07 NTFS)Partition 3: (Active) - (Size=283 GB) - (Type=07 NTFS) ========================================================Disk: 1 (MBR Code: Windows XP) (Size: 465 GB) (Disk ID: 000487A0)Partition 1: (Not Active) - (Size=465 GB) - (Type=07 NTFS) ========================================================Disk: 2 (Size: 4 GB) (Disk ID: 00000000)Partition 1: (Not Active) - (Size=4 GB) - (Type=0B) LastRegBack: 2013-08-01 07:45 ==================== End Of Log ============================ Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted August 2, 2013 Root Admin ID:709982 Share Posted August 2, 2013 Please download the attached fixlist.txt file and save it to the Desktop.NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.Run FRST or FRST64 and press the Fix button just once and wait.If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.Note: If the tool warned you about an outdated version please download and run the updated version. When that's done please reboot the computer. Then download the following service pack file and update your copy of Vista. Windows Server 2008 Service Pack 2 and Windows Vista Service Pack 2 - Five Language Standalone (KB948465) Then shut down your antivirus and install the Service Pack. Once that's done please run a new DDS scan and post back the new logs.fixlist.txt Link to post Share on other sites More sharing options...
MikeInFla Posted August 2, 2013 Author ID:710121 Share Posted August 2, 2013 Ran FRST, selected FIX. Was very fast. Rebooting now to d/load Vista update. Here is what fixlist said: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 01-08-2013 01Ran by Mike at 2013-08-02 06:06:40 Run:1Running from C:\Users\Mike\DesktopBoot Mode: Normal ============================================== Profos => Service deleted successfully. ==== End of Fixlog ==== Link to post Share on other sites More sharing options...
MikeInFla Posted August 2, 2013 Author ID:710139 Share Posted August 2, 2013 Went to install the update, turned off virus software and was told "the update is already installed". For what its worth here is the DDS log. .UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft® Windows Vista™ Home Premium Boot Device: \Device\HarddiskVolume3Install Date: 11/11/2008 7:37:52 AMSystem Uptime: 8/2/2013 6:12:31 AM (0 hours ago).Motherboard: Dell Inc. | | 0RY007Processor: Intel® Celeron® CPU 450 @ 2.20GHz | Socket 775 | 2194/200mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 283 GiB total, 183.362 GiB free.D: is FIXED (NTFS) - 15 GiB total, 9.746 GiB free.E: is CDROM ()F: is CDROM (UDF)G: is RemovableH: is RemovableI: is RemovableJ: is RemovableK: is FIXED (NTFS) - 465 GiB total, 273.607 GiB free..==== Disabled Device Manager Items =============.==== System Restore Points ===================..==== Installed Programs ======================.32 Bit HP CIO Components Installer3ivx MPEG-4 5.0.3 (remove only)7-Zip 9.20Acrobat.comAdobe AIRAdobe Flash Player 11 ActiveXAdobe Flash Player 11 PluginAdobe Reader X (10.1.7)Adobe Shockwave Player 11.6Amazon MP3 Downloader 1.0.17Apple Application SupportApple Mobile Device SupportApple Software UpdateArcSoft Software SuiteAudacity 2.0.3AviSynth 2.5AVS Update Manager 1.0BonjourBrowser Address Error RedirectorBufferChmCCScoreCompatibility Pack for the 2007 Office systemCool Edit Pro 2.1CopyDell-eBayDell Best of WebDell DockDell Getting Started GuideDell Support Center (Support Software)DestinationsDeviceDiscoveryDJ_AIO_05_F4400_Software_MinDVD Audio Extractor 4.5.5DVD Decrypter (Remove Only)DVD Shrink 3.2DVD43 v4.6.0DVDFab 8.0.5.0 (18/11/2010)EDocsESET Online Scanner v3ESSCDBKESScoreESSguiESShelpESSiniESSPCDESSSONICESSTOOLSESSvpahtESSvpotF4400ffdshow [rev 2583] [2009-01-05]FlipShareFree Audio CD to MP3 Converter version 1.3.12.1228Free DVD Creator version 2.0Free DVD Video Converter version 2.0.7.608Free M4a to MP3 Converter 7.1Free Mp3 Wma Converter V 1.95Free Video to DVD Converter version 1.6.21.602Free Video to MP3 Converter version 4.2.16Free Window Registry RepairFreeRIP 4.1.2FreeRIP Toolbar v7.2Google ChromeGoogle Update HelperGoToAssist 8.0.0.514GPBaseService2Haali Media SplitterHLPIndexHLPRFOHotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)HP Customer Participation Program 13.0HP Deskjet F4400 Printer Driver Software 13.0 Rel .5HP Imaging Device Functions 13.0HP Print Projects 1.0HP Smart Web Printing 4.60HP Solution Center 13.0HP UpdateHPPhotoGadgethpPrintProjectsHPProductAssistantHPSSupplyhpWLPGInstalleriCloudImgBurnIntel® Graphics Media Accelerator DriverIntel® PRO Network Connections 12.1.11.0iTunesJava 7 Update 25Java Auto UpdaterJumpStart ArtistJumpStart ExplorersKodak EasyShare softwareKSULAME v3.98.3 for AudacityLAME v3.99.3 (for Windows)LITTLEST PET SHOP™Malwarebytes Anti-Malware version 1.75.0.1300MarketResearchMicrosoft .NET Framework 3.5 SP1Microsoft .NET Framework 4 Client ProfileMicrosoft Media Manager 1.5Microsoft Office PowerPoint Viewer 2007 (English)Microsoft Picture It! 2.0Microsoft Security ClientMicrosoft Security EssentialsMicrosoft SilverlightMicrosoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219Microsoft WorksMp3 My Mp3 3.1MSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)Nikon Message CenterNotifierOGA Notifier 2.0.0048.0OriginOTtBPOTtBPSDKPCDADDINPCDHELPQuickTimeRapportRealtek High Definition Audio DriverRoxio Creator AudioRoxio Creator CopyRoxio Creator DataRoxio Creator DERoxio Creator ToolsRoxio Express Labeler 3Roxio Update ManagerSafariScanSecurity Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)SFRSFR2SHASTAShop for HP SuppliesSKIN0001SKINXSDKSlick SavingsSmartWebPrintingSolutionCenterSothink Movie DVD MakerSpywareBlaster 5.0StatusSUPERAntiSpywareswMSMToolboxTrayAppUninstall 1.0.0.1Update for Microsoft .NET Framework 3.5 SP1 (KB963707)Update for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)VPRINTOLWD SmartWareWebRegWindows Live ID Sign-in AssistantWinRAR archiverWIRELESSWONswap.==== End Of File =========================== Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted August 3, 2013 Root Admin ID:710369 Share Posted August 3, 2013 That's only one part of the DDS log. Please click on START and type in WINVER and then take a screen shot and post back. Then let me have you do the following. Create a Dependency Walker Log:Download Dependency Walker from here and save it to your desktopExtract it to its own folder and open the folder and double-click on depends.exe to run the program Note: If using Windows Vista or Windows 7 you must right-click on depends.exe and choose Run as administrator or it will not work.Click on File at the top and click Open...Browse to Malwarebytes' Anti-Malware program folder in one of the following locations depeding on your operating system:32 bit - C:\Program Files64 bit - C:\Program Files (x86)Once there, double-click on mbam.exeOnce the information loads in the Dependency Walker window, click on Profile at the top and choose Start Profiling...In the Profile Module window, check the box next to Use full paths when logging file names. and click on OKOnce you see the Malwarebytes' Anti-Malware window open, exit Malwarebytes' Anti-MalwareOnce Malwarebytes' Anti-Malware has closed, click on File and choose Save As...Browse to your desktop and save the file, making certain that Save as type: is set to Dependency Walker Image (*.dwi)Right-click on the mbam.dwi file you just saved and hover your mouse over Send to and choose Compressed (zipped) FolderAttach the mbam.zip file you just created to your next reply Link to post Share on other sites More sharing options...
MikeInFla Posted August 3, 2013 Author ID:710400 Share Posted August 3, 2013 Here is the screen capture... Of to do the rest... Link to post Share on other sites More sharing options...
MikeInFla Posted August 3, 2013 Author ID:710417 Share Posted August 3, 2013 File attachedmbam.zip Link to post Share on other sites More sharing options...
Recommended Posts