ZeroAccess? problems/ regsvr32 missing

kuttus

kuttus

Level 2
Verified
Oct 5, 2012
2,697
Hi.

STEP -1
You can uncheck everything in scheduled task and all those Yellow highlighted one also.

STEP -2
Go to FRST and type regsvr32.exe in the search box. Then press search. Post the log that will be create on the USB


Can you please try to run a scan with Farbar Recovery Scan Tool. You will need a USB (Flash) pendrive.

For x32 (x86) bit systems download Farbar Recovery Scan Tooland save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Click on Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the flash drive. Please copy and paste it to your reply.
 
B

bravebird

New Member
Thread author
Verified
Jun 16, 2013
51
log from regsvr32.exe search


Farbar Recovery Scan Tool (x86) Version: 21-06-2013
Ran by OfficeMax at 2013-06-20 19:34:48
Running from F:\
Boot Mode: Normal

================== Search: "regsvr32.exe" ===================

C:\Windows\winsxs\x86_microsoft-windows-regsvr32_31bf3856ad364e35_6.0.6000.16386_none_76205b553298875e\regsvr32.exe
[2006-11-02 02:00] - [2006-11-02 02:45] - 0014336 ____A (Microsoft Corporation) CC1959AB3929997F4198AA69C854086F

C:\Windows\System32\regsvr32.exe
[2006-11-02 02:00] - [2006-11-02 02:45] - 0014336 ____A (Microsoft Corporation) CC1959AB3929997F4198AA69C854086F

C:\Program Files\HP\QuickPlay\regsvr32.exe
[2008-06-10 02:02] - [2007-12-19 19:27] - 0013824 ____A (Microsoft Corporation) 489D529F9612FA638810D22975362AF2

=== End Of Search ===
 
B

bravebird

New Member
Thread author
Verified
Jun 16, 2013
51
log from scan

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-06-2013
Ran by SYSTEM on 20-06-2013 19:50:56
Running from F:\
Windows Vista (TM) Home Premium (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet004
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1033512 2008-01-18] (Synaptics, Inc.)
HKLM\...\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [634880 2007-01-17] (Motorola Inc.)
HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x]
HKLM\...\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [178712 2007-10-24] (Intel Corporation)
HKLM\...\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0" [218408 2007-08-16] (CyberLink Corp.)
HKLM\...\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [80896 2007-08-22] (Hewlett-Packard)
HKLM\...\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM\...\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [480560 2007-09-13] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe [311296 2007-01-08] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
HKU\Default\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun [ 2007-10-01] (Hewlett-Packard)
HKU\Default User\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun [ 2007-10-01] (Hewlett-Packard)
HKU\OfficeMax\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [ 2008-01-20] (Microsoft Corporation)
HKU\OfficeMax\...\Run: [F.lux] "C:\Users\OfficeMax\Local Settings\Apps\F.lux\flux.exe" /noshow [ 2009-08-28] ()

========================== Services (Whitelisted) =================

S2 Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [132424 2008-11-07] (Apple Inc.)
S3 Com4Qlb; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe [110592 2007-03-05] (Hewlett-Packard Development Company, L.P.)
S2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [65536 2007-09-19] (Hewlett-Packard)
S2 mfevtp; C:\Windows\system32\mfevtps.exe [166320 2012-07-17] (McAfee, Inc.)
S2 QPCapSvc; C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe [271760 2007-12-19] ()
S2 QPSched; C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe [112016 2007-12-19] ()
S2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2007-01-09] ()
S3 Symantec Core LC; C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe [1251720 2009-01-04] ()
S4 UEBZ; C:\Users\OFFICE~1\AppData\Local\Temp\UEBZ.exe [x]

==================== Drivers (Whitelisted) ====================

S3 Dot4Scan; C:\Windows\System32\DRIVERS\Dot4Scan.sys [10752 2008-01-20] (Microsoft Corporation)
S3 HpqRemHid; C:\Windows\System32\DRIVERS\HpqRemHid.sys [7168 2007-07-11] (Hewlett-Packard Development Company, L.P.)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [31560 2013-06-19] ()
S4 mfeapfk; C:\Windows\system32\drivers\mfeapfk.sys [127992 2012-07-17] (McAfee, Inc.)
S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [554048 2012-07-17] (McAfee, Inc.)
S1 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [206784 2012-07-17] (McAfee, Inc.)
S1 SBRE; C:\Windows\system32\drivers\SBREdrv.sys [101112 2012-05-25] (GFI Software)
S4 A2DDA; \??\F:\EmsisoftEmergencyKit\Run\a2ddax86.sys [x]
S4 catchme; \??\C:\Users\OFFICE~1\AppData\Local\Temp\catchme.sys [x]
S4 COH_Mon; \??\C:\Windows\system32\Drivers\COH_Mon.sys [x]
S4 CO_Mon; \??\C:\Windows\system32\drivers\CO_Mon.sys [x]
S1 eabfiltr;
S4 eeCtrl; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [x]
S4 EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S4 IDSvix86; \??\C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20090217.004\IDSvix86.sys [x]
S4 IpInIp; system32\DRIVERS\ipinip.sys [x]
S4 MpKsl3539e50a; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E65AD0FB-B77D-47EA-B867-4BB6ED644CD5}\MpKsl3539e50a.sys [x]
S4 MpKsl546e8a23; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F17E6CC9-177C-42B6-922C-E607BD01FE85}\MpKsl546e8a23.sys [x]
S4 MpKsl6430cb37; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B2A6845F-A566-4C54-8DF8-7B75FFCCE511}\MpKsl6430cb37.sys [x]
S4 MpKsl7ee4e834; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B2A6845F-A566-4C54-8DF8-7B75FFCCE511}\MpKsl7ee4e834.sys [x]
S4 MpKsl8adbd91b; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{43900AF4-7886-4B5D-83D4-14E77764DA65}\MpKsl8adbd91b.sys [x]
S4 MpKsla944542e; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{56FF3638-EEF9-4A79-A64E-2825324F5A73}\MpKsla944542e.sys [x]
S4 MpKsld0dcd759; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7328A9AA-F1E4-4103-BDCB-3C82A17A8BAA}\MpKsld0dcd759.sys [x]
S4 MpKsldcfe8f12; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DC112CF5-CDBF-44A3-BF92-6D576069C4ED}\MpKsldcfe8f12.sys [x]
S4 MpNWMon; system32\DRIVERS\MpNWMon.sys [x]
S4 NAVENG; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20090223.048\NAVENG.SYS [x]
S4 NAVEX15; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20090223.048\NAVEX15.SYS [x]
S4 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S4 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S4 SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [x]
S4 SRTSP; System32\Drivers\SRTSP.SYS [x]
S4 SRTSPL; System32\Drivers\SRTSPL.SYS [x]
S4 SRTSPX; System32\Drivers\SRTSPX.SYS [x]
S4 SYMDNS; \SystemRoot\System32\Drivers\SYMDNS.SYS [x]
S4 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [x]
S4 SYMFW; \SystemRoot\System32\Drivers\SYMFW.SYS [x]
S4 SymIM; system32\DRIVERS\SymIMv.sys [x]
S4 SymIMMP; system32\DRIVERS\SymIM.sys [x]
S4 SYMNDISV; \SystemRoot\System32\Drivers\SYMNDISV.SYS [x]
S4 SYMREDRV; \SystemRoot\System32\Drivers\SYMREDRV.SYS [x]
S4 SYMTDI; \SystemRoot\System32\Drivers\SYMTDI.SYS [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-20 18:34 - 2013-06-20 18:34 - 00000000 ____D C:\FRST
2013-06-20 18:32 - 2013-06-20 18:33 - 01368343 ____A (Farbar) C:\Users\OfficeMax\Downloads\FRST.exe
2013-06-20 14:51 - 2013-06-20 14:51 - 00017380 ____A C:\ComboFix.txt
2013-06-20 10:30 - 2013-06-20 10:31 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\OfficeMax\Downloads\adeles.exe
2013-06-19 12:58 - 2013-06-19 12:58 - 00658624 ____A (Sysinternals - www.sysinternals.com) C:\Users\OfficeMax\Downloads\autoruns.exe
2013-06-19 10:59 - 2013-06-19 10:59 - 00004272 ____A C:\Users\OfficeMax\Downloads\HitmanPro.txt
2013-06-19 09:14 - 2013-06-19 09:14 - 00000000 ____D C:\Program Files\ESET
2013-06-19 09:04 - 2013-06-19 09:04 - 00000649 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-06-19 09:04 - 2013-06-19 09:04 - 00000649 ____A C:\ProgramData\Desktop\Malwarebytes Anti-Malware.lnk
2013-06-19 09:04 - 2013-04-04 13:50 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-06-19 09:01 - 2013-06-19 09:01 - 00031560 ____A C:\Windows\System32\Drivers\mbamchameleon.sys
2013-06-19 08:46 - 2013-06-19 08:46 - 00001852 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk
2013-06-19 08:46 - 2013-06-19 08:46 - 00001852 ____A C:\ProgramData\Desktop\Adobe Reader X.lnk
2013-06-19 08:45 - 2013-06-19 08:45 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-06-19 08:26 - 2013-06-19 08:42 - 50844096 ____A (Adobe Systems Incorporated) C:\Users\OfficeMax\Downloads\AdbeRdr1014_en_US.exe
2013-06-19 08:20 - 2013-06-19 08:21 - 02347384 ____A (ESET) C:\Users\OfficeMax\Downloads\esetsmartinstaller_enu(1).exe
2013-06-19 07:55 - 2013-06-19 07:55 - 00003584 ____A C:\Users\OfficeMax\Local Settings\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-06-19 07:55 - 2013-06-19 07:55 - 00003584 ____A C:\Users\OfficeMax\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-06-19 07:55 - 2013-06-19 07:55 - 00003584 ____A C:\Users\OfficeMax\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-06-19 06:23 - 2013-06-20 18:28 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-19 06:23 - 2013-06-19 06:23 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-06-19 06:23 - 2013-06-19 06:23 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-06-19 06:15 - 2013-06-19 06:15 - 00814472 ____A (Adobe Systems Incorporated) C:\Users\OfficeMax\Downloads\uninstall_flash_player.exe
2013-06-18 17:13 - 2013-06-18 17:13 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-06-18 17:13 - 2013-06-18 17:13 - 00000000 ____D C:\ProgramData\Application Data\Kaspersky Lab
2013-06-18 07:55 - 2013-06-19 10:58 - 00004272 ____A C:\Users\OfficeMax\Downloads\HitmanPro_20130618_0855.log
2013-06-18 07:55 - 2013-06-18 07:55 - 00012872 ____A (SurfRight B.V.) C:\Windows\System32\bootdelete.exe
2013-06-17 18:46 - 2013-06-19 09:04 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-06-17 18:39 - 2013-06-17 18:41 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\OfficeMax\Downloads\mbam-setup-1.75.0.1300(1).exe
2013-06-17 18:09 - 2013-06-17 18:09 - 00000000 ____D C:\Users\OfficeMax\Downloads\mbar-1.06.0.1003
2013-06-17 17:58 - 2013-06-17 18:07 - 13169742 ____A C:\Users\OfficeMax\Downloads\mbar-1.06.0.1003.zip
2013-06-17 17:53 - 2013-06-17 17:53 - 00033211 ____A C:\Users\OfficeMax\Desktop\JRT.txt
2013-06-17 17:51 - 2013-06-17 17:51 - 00000000 ____D C:\Windows\ERUNT
2013-06-17 17:51 - 2013-06-17 17:51 - 00000000 ____D C:\JRT
2013-06-17 17:50 - 2013-06-17 17:50 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\OfficeMax\Downloads\JRT.exe
2013-06-17 17:44 - 2013-06-17 17:45 - 00003607 ____A C:\AdwCleaner[S1].txt
2013-06-17 17:42 - 2013-06-17 17:43 - 00648201 ____A C:\Users\OfficeMax\Downloads\adwcleaner.exe
2013-06-17 17:34 - 2013-06-17 17:35 - 00011234 ____A C:\Users\OfficeMax\Downloads\new otl.log
2013-06-17 17:28 - 2013-06-17 17:28 - 00000000 ____D C:\_OTL
2013-06-17 08:15 - 2013-06-17 08:15 - 00000000 ____D C:\Users\OfficeMax\Local Settings\Macromedia
2013-06-17 08:15 - 2013-06-17 08:15 - 00000000 ____D C:\Users\OfficeMax\Local Settings\Application Data\Macromedia
2013-06-17 08:15 - 2013-06-17 08:15 - 00000000 ____D C:\Users\OfficeMax\AppData\Local\Macromedia
2013-06-17 07:47 - 2013-06-17 07:47 - 00000000 ____D C:\Program Files\Common Files\Java
2013-06-17 07:42 - 2013-06-17 07:42 - 00094112 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll
2013-06-17 07:42 - 2013-06-17 07:41 - 00866720 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2013-06-17 07:42 - 2013-06-17 07:41 - 00263584 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-06-17 07:42 - 2013-06-17 07:41 - 00174496 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-06-17 07:42 - 2013-06-17 07:41 - 00174496 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2013-06-17 06:36 - 2013-06-17 06:36 - 00063460 ____A C:\Users\OfficeMax\Downloads\Extras.Txt
2013-06-17 06:33 - 2013-06-17 06:33 - 00106512 ____A C:\Users\OfficeMax\Downloads\OTL.Txt
2013-06-17 06:22 - 2013-06-17 06:22 - 00602112 ____A (OldTimer Tools) C:\Users\OfficeMax\Downloads\OTL.exe
2013-06-17 06:01 - 2013-05-02 14:03 - 03603832 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2013-06-17 06:01 - 2013-05-02 14:03 - 03551096 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-06-17 03:17 - 2013-05-16 15:08 - 12329984 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-17 03:17 - 2013-05-16 14:49 - 09738752 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-17 03:17 - 2013-05-16 14:39 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-17 03:17 - 2013-05-16 14:28 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-17 03:17 - 2013-05-16 14:28 - 01104384 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-17 03:17 - 2013-05-16 14:27 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-17 03:17 - 2013-05-16 14:26 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-17 03:17 - 2013-05-16 14:23 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-17 03:17 - 2013-05-16 14:21 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-17 03:17 - 2013-05-16 14:21 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-17 03:17 - 2013-05-16 14:20 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-17 03:17 - 2013-05-16 14:19 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-17 03:17 - 2013-05-16 14:17 - 01796096 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-17 03:17 - 2013-05-16 14:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-17 03:17 - 2013-05-16 14:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-17 03:17 - 2013-05-16 14:12 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-17 02:05 - 2013-06-17 02:05 - 00000000 ___RD C:\Program Files\Skype
2013-06-17 02:05 - 2013-06-17 02:05 - 00000000 ____D C:\Program Files\Common Files\Skype
2013-06-17 02:02 - 2012-07-25 19:39 - 00526952 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys
2013-06-17 02:02 - 2012-07-25 19:39 - 00047720 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WdfLdr.sys
2013-06-17 02:02 - 2012-07-25 19:21 - 00196608 ____A (Microsoft Corporation) C:\Windows\System32\WUDFHost.exe
2013-06-17 02:02 - 2012-07-25 19:20 - 00613888 ____A (Microsoft Corporation) C:\Windows\System32\WUDFx.dll
2013-06-17 02:02 - 2012-07-25 19:20 - 00172032 ____A (Microsoft Corporation) C:\Windows\System32\WUDFPlatform.dll
2013-06-17 02:02 - 2012-07-25 19:20 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\WUDFSvc.dll
2013-06-17 02:02 - 2012-07-25 19:20 - 00038912 ____A (Microsoft Corporation) C:\Windows\System32\WUDFCoinstaller.dll
2013-06-17 02:02 - 2012-07-25 18:46 - 00009728 ____A (Microsoft Corporation) C:\Windows\System32\Wdfres.dll
2013-06-17 02:02 - 2012-07-25 18:33 - 00066560 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFPf.sys
2013-06-17 02:02 - 2012-07-25 18:32 - 00155136 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFRd.sys
2013-06-17 02:02 - 2012-06-02 06:57 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2013-06-17 02:02 - 2012-06-02 06:34 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2013-06-17 02:02 - 2009-07-14 04:12 - 00016896 ____A (Microsoft Corporation) C:\Windows\System32\winusb.dll
2013-06-16 21:09 - 2013-06-16 21:38 - 01985898 ____A (Mozilla) C:\Users\OfficeMax\Downloads\Firefox Setup 21.0.exe.part
2013-06-16 20:46 - 2013-06-17 07:41 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-06-16 20:20 - 2013-06-16 20:20 - 00001596 ____A C:\Users\OfficeMax\Desktop\aswMBR.txt
2013-06-16 20:16 - 2013-06-16 20:18 - 04745728 ____A (AVAST Software) C:\Users\OfficeMax\Downloads\aswMBR.exe
2013-06-16 18:44 - 2013-05-07 19:40 - 00914792 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-16 18:44 - 2013-05-07 17:58 - 00031232 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpipreg.sys
2013-06-16 18:21 - 2013-04-08 17:36 - 02049024 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-06-16 18:12 - 2012-09-25 08:19 - 00075776 ____A (Microsoft Corporation) C:\Windows\System32\synceng.dll
2013-06-16 18:10 - 2013-06-16 18:10 - 00001692 ____A C:\Users\Public\Desktop\HitmanPro.lnk
2013-06-16 18:10 - 2013-06-16 18:10 - 00001692 ____A C:\ProgramData\Desktop\HitmanPro.lnk
2013-06-16 18:09 - 2013-06-16 18:10 - 00000000 ____D C:\Program Files\HitmanPro
2013-06-16 18:08 - 2013-06-18 07:55 - 00000000 ____D C:\ProgramData\HitmanPro
2013-06-16 18:08 - 2013-06-18 07:55 - 00000000 ____D C:\ProgramData\Application Data\HitmanPro
2013-06-16 18:02 - 2013-02-11 17:57 - 00015872 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usb8023.sys
2013-06-16 17:56 - 2013-03-08 19:45 - 00049152 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2013-06-16 17:56 - 2013-03-08 17:28 - 00064000 ____A (Microsoft Corporation) C:\Windows\System32\smss.exe
2013-06-16 17:53 - 2013-06-16 18:00 - 09171472 ____A (SurfRight B.V.) C:\Users\OfficeMax\Downloads\HitmanPro.exe
2013-06-16 17:49 - 2013-04-15 06:20 - 00638328 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-06-16 17:49 - 2013-04-13 02:56 - 00037376 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
2013-06-16 17:49 - 2012-11-02 02:18 - 00376320 ____A (Microsoft Corporation) C:\Windows\System32\dpnet.dll
2013-06-16 17:49 - 2012-11-02 00:26 - 00023040 ____A (Microsoft Corporation) C:\Windows\System32\dpnsvr.exe
2013-06-16 17:48 - 2012-11-19 20:22 - 00204288 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2013-06-16 17:45 - 2013-03-03 11:07 - 01082232 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2013-06-16 17:45 - 2012-09-28 08:11 - 00892928 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2013-06-16 17:44 - 2013-05-01 20:04 - 00443904 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-16 17:44 - 2013-05-01 20:03 - 00037376 ____A (Microsoft Corporation) C:\Windows\System32\printcom.dll
2013-06-16 17:44 - 2012-11-21 19:54 - 00353280 ____A (Microsoft Corporation) C:\Windows\System32\shlwapi.dll
2013-06-16 17:44 - 2012-11-12 17:29 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2013-06-16 17:44 - 2012-11-07 19:48 - 01314816 ____A (Microsoft Corporation) C:\Windows\System32\quartz.dll
2013-06-16 17:44 - 2012-08-24 07:53 - 00172544 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2013-06-16 17:41 - 2013-04-23 20:00 - 00985600 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-16 17:41 - 2013-04-23 20:00 - 00133120 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-16 17:41 - 2013-04-23 20:00 - 00098304 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-16 17:41 - 2013-04-23 20:00 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-16 17:41 - 2013-04-23 17:46 - 00812544 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-16 17:40 - 2012-11-02 02:19 - 01400832 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2013-06-16 17:34 - 2013-03-07 19:53 - 00376320 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2013-06-16 17:34 - 2013-03-07 19:52 - 02067968 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2013-06-16 17:26 - 2013-04-17 04:30 - 00024576 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-16 17:25 - 2013-06-16 17:26 - 00001570 ____A C:\Users\OfficeMax\Desktop\Rkill.txt
2013-06-16 16:53 - 2012-12-16 05:12 - 00034304 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll
2013-06-16 16:53 - 2012-12-16 02:50 - 00293376 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2013-06-16 15:53 - 2013-06-16 15:53 - 00001429 ____A C:\Users\OfficeMax\Desktop\RKreport[3]_S_06162013_165301.txt
2013-06-16 15:05 - 2013-06-19 09:01 - 00000000 ____D C:\Users\OfficeMax\Downloads\mbam-chameleon-1.62.1.1000
2013-06-16 15:01 - 2013-06-16 15:04 - 01440846 ____A C:\Users\OfficeMax\Downloads\mbam-chameleon-1.62.1.1000.zip
2013-06-16 14:49 - 2013-06-20 14:54 - 00002790 ____A C:\Windows\PFRO.log
2013-06-16 14:43 - 2013-06-20 14:51 - 00000000 ____D C:\Qoobox
2013-06-16 14:43 - 2013-06-16 16:41 - 00000000 ____D C:\Windows\erdnt
2013-06-16 14:43 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2013-06-16 14:43 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2013-06-16 14:43 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-06-16 14:43 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-06-16 14:43 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-06-16 14:43 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2013-06-16 14:43 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2013-06-16 14:43 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2013-06-16 14:39 - 2013-06-16 14:39 - 00048966 ____A C:\Users\OfficeMax\Desktop\Remove Trojan ZeroAccess virus (Removal Guide).htm
2013-06-16 14:34 - 2013-06-20 14:38 - 05081444 ____R (Swearware) C:\Users\OfficeMax\Downloads\ComboFix.exe
2013-06-16 14:30 - 2013-06-16 15:49 - 00000000 ____D C:\Users\OfficeMax\Desktop\RK_Quarantine
2013-06-16 14:29 - 2013-06-16 14:30 - 00907776 ____A C:\Users\OfficeMax\Downloads\RogueKiller.exe
2013-06-16 14:24 - 2013-06-16 14:25 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\OfficeMax\Downloads\iexplore.exe.exe
2013-06-16 13:43 - 2013-06-16 13:43 - 00688992 ____R (Swearware) C:\Users\OfficeMax\Downloads\dds.com
2013-06-16 12:41 - 2013-06-16 12:41 - 00000000 ____D C:\Users\OfficeMax\Desktop\mbar-1.06.0.1003(1)
2013-06-16 12:32 - 2013-06-16 12:32 - 00001333 ____A C:\Users\OfficeMax\Desktop\securitycheck text.txt
2013-06-16 10:14 - 2013-06-20 18:42 - 01941593 ____A C:\Windows\WindowsUpdate.log
2013-06-16 09:01 - 2013-06-16 09:01 - 00000000 _RASH C:\MSDOS.SYS
2013-06-16 09:01 - 2013-06-16 09:01 - 00000000 _RASH C:\IO.SYS
2013-06-16 08:06 - 2013-06-16 08:06 - 01553028 ____A C:\Users\OfficeMax\My Documents\cc_20130616_090607.reg
2013-06-16 08:06 - 2013-06-16 08:06 - 01553028 ____A C:\Users\OfficeMax\Documents\cc_20130616_090607.reg
2013-06-16 07:45 - 2013-06-16 07:50 - 04378864 ____A (Piriform Ltd) C:\Users\OfficeMax\Downloads\ccsetup402.exe
2013-06-13 19:22 - 2013-06-13 19:22 - 00000000 ____D C:\found.011
2013-06-13 15:27 - 2013-06-13 15:27 - 00000000 ____D C:\found.010
2013-06-13 09:55 - 2013-06-13 09:55 - 00000000 ____D C:\366eab9c421c2d96fcef6e403a01ad
2013-06-13 09:37 - 2013-06-13 09:37 - 00000000 ____D C:\Program Files\Windows Installer Clean Up
2013-06-13 09:36 - 2013-06-13 09:36 - 00000000 ____D C:\Program Files\MSECACHE
2013-06-12 19:06 - 2013-06-12 19:06 - 00000000 ____D C:\c84656d8fdf2402e9d
2013-06-12 18:29 - 2013-06-12 18:32 - 11091432 ____A (Microsoft Corporation) C:\Users\OfficeMax\Desktop\mseinstall.exe
2013-06-12 18:04 - 2013-06-12 18:05 - 01814144 ____A (Bleeping Computer, LLC) C:\Users\OfficeMax\Desktop\rkill.exe
2013-06-12 13:50 - 2013-06-12 13:50 - 00000000 ____D C:\found.009
2013-06-12 13:07 - 2013-06-12 13:11 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\OfficeMax\Downloads\mbam-setup-1.75.0.1300.exe
2013-06-12 12:13 - 2013-06-12 12:13 - 00000000 ____D C:\Users\OfficeMax\Application Data\Malwarebytes
2013-06-12 12:13 - 2013-06-12 12:13 - 00000000 ____D C:\Users\OfficeMax\AppData\Roaming\Malwarebytes
2013-06-12 12:06 - 2013-06-12 12:06 - 00000000 ____D C:\Quarantine
2013-06-11 13:32 - 2013-06-11 13:32 - 00000000 ____A C:\Windows\System32\SBRC.dat
2013-06-11 13:32 - 2012-05-25 12:14 - 00101112 ____A (GFI Software) C:\Windows\System32\Drivers\SBREDrv.sys
2013-06-11 13:32 - 2012-05-25 12:14 - 00042864 ____A (GFI Software) C:\Windows\System32\sbbd.exe
2013-06-08 21:06 - 2013-06-08 21:06 - 00000000 ____D C:\63f496ee69557e4f173fcefa
2013-06-08 20:49 - 2013-06-08 20:49 - 00000000 ____D C:\f2ea61c736c459e4aad923
2013-06-08 18:49 - 2013-06-08 18:49 - 00377856 ____A C:\Users\OfficeMax\Downloads\75te9mme.exe
2013-06-08 17:55 - 2013-06-17 18:27 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-06-08 17:55 - 2013-06-17 18:27 - 00000000 ____D C:\ProgramData\Application Data\Malwarebytes' Anti-Malware (portable)
2013-06-08 17:49 - 2013-06-08 17:49 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-06-08 17:49 - 2013-06-08 17:49 - 00000000 ____D C:\ProgramData\Application Data\Malwarebytes
2013-06-08 17:49 - 2013-06-08 17:49 - 00000000 ____D C:\mbar-1.06.0.1003
2013-06-08 17:38 - 2013-06-08 17:47 - 13169742 ____A C:\mbar-1.06.0.1003.zip
2013-06-08 05:11 - 2013-06-08 21:03 - 00000000 ____D C:\Windows\pss
2013-05-25 10:09 - 2013-05-25 10:09 - 00001160 ____A C:\Users\OfficeMax\Downloads\ajax_price_update (2).cfm
2013-05-25 10:09 - 2013-05-25 10:09 - 00001160 ____A C:\Users\OfficeMax\Downloads\ajax_price_update (1).cfm
2013-05-23 15:50 - 2013-05-23 15:50 - 00001160 ____A C:\Users\OfficeMax\Downloads\ajax_price_update.cfm

==================== One Month Modified Files and Folders ========

2013-06-20 18:42 - 2013-06-16 10:14 - 01941593 ____A C:\Windows\WindowsUpdate.log
2013-06-20 18:42 - 2006-11-02 05:01 - 00032576 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-06-20 18:42 - 2006-11-02 05:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-20 18:42 - 2006-11-02 04:47 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-20 18:42 - 2006-11-02 04:47 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-20 18:34 - 2013-06-20 18:34 - 00000000 ____D C:\FRST
2013-06-20 18:34 - 2006-11-02 02:33 - 00010096 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-20 18:33 - 2013-06-20 18:32 - 01368343 ____A (Farbar) C:\Users\OfficeMax\Downloads\FRST.exe
2013-06-20 18:28 - 2013-06-19 06:23 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-20 14:54 - 2013-06-16 14:49 - 00002790 ____A C:\Windows\PFRO.log
2013-06-20 14:54 - 2010-08-29 12:06 - 00000924 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-894241628-2637172068-3778301761-1000UA.job
2013-06-20 14:54 - 2010-08-29 12:06 - 00000872 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-894241628-2637172068-3778301761-1000Core.job
2013-06-20 14:51 - 2013-06-20 14:51 - 00017380 ____A C:\ComboFix.txt
2013-06-20 14:51 - 2013-06-16 14:43 - 00000000 ____D C:\Qoobox
2013-06-20 14:49 - 2006-11-02 02:23 - 00000215 ____A C:\Windows\system.ini
2013-06-20 14:38 - 2013-06-16 14:34 - 05081444 ____R (Swearware) C:\Users\OfficeMax\Downloads\ComboFix.exe
2013-06-20 10:48 - 2012-03-02 12:00 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-06-20 10:31 - 2013-06-20 10:30 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\OfficeMax\Downloads\adeles.exe
2013-06-19 15:24 - 2010-06-08 15:59 - 00000000 ____D C:\Users\OfficeMax\Application Data\Skype
2013-06-19 15:24 - 2010-06-08 15:59 - 00000000 ____D C:\Users\OfficeMax\AppData\Roaming\Skype
2013-06-19 12:58 - 2013-06-19 12:58 - 00658624 ____A (Sysinternals - www.sysinternals.com) C:\Users\OfficeMax\Downloads\autoruns.exe
2013-06-19 10:59 - 2013-06-19 10:59 - 00004272 ____A C:\Users\OfficeMax\Downloads\HitmanPro.txt
2013-06-19 10:58 - 2013-06-18 07:55 - 00004272 ____A C:\Users\OfficeMax\Downloads\HitmanPro_20130618_0855.log
2013-06-19 09:14 - 2013-06-19 09:14 - 00000000 ____D C:\Program Files\ESET
2013-06-19 09:04 - 2013-06-19 09:04 - 00000649 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-06-19 09:04 - 2013-06-19 09:04 - 00000649 ____A C:\ProgramData\Desktop\Malwarebytes Anti-Malware.lnk
2013-06-19 09:04 - 2013-06-17 18:46 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-06-19 09:01 - 2013-06-19 09:01 - 00031560 ____A C:\Windows\System32\Drivers\mbamchameleon.sys
2013-06-19 09:01 - 2013-06-16 15:05 - 00000000 ____D C:\Users\OfficeMax\Downloads\mbam-chameleon-1.62.1.1000
2013-06-19 08:46 - 2013-06-19 08:46 - 00001852 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk
2013-06-19 08:46 - 2013-06-19 08:46 - 00001852 ____A C:\ProgramData\Desktop\Adobe Reader X.lnk
2013-06-19 08:45 - 2013-06-19 08:45 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-06-19 08:45 - 2008-02-17 22:44 - 00000000 ____D C:\ProgramData\Application Data\Adobe
2013-06-19 08:45 - 2008-02-17 22:44 - 00000000 ____D C:\ProgramData\Adobe
2013-06-19 08:45 - 2008-02-17 22:44 - 00000000 ____D C:\Program Files\Adobe
2013-06-19 08:42 - 2013-06-19 08:26 - 50844096 ____A (Adobe Systems Incorporated) C:\Users\OfficeMax\Downloads\AdbeRdr1014_en_US.exe
2013-06-19 08:21 - 2013-06-19 08:20 - 02347384 ____A (ESET) C:\Users\OfficeMax\Downloads\esetsmartinstaller_enu(1).exe
2013-06-19 08:10 - 2009-01-04 21:24 - 00000000 ____D C:\Users\OfficeMax\Local Settings\Application Data\Adobe
2013-06-19 08:10 - 2009-01-04 21:24 - 00000000 ____D C:\Users\OfficeMax\Local Settings\Adobe
2013-06-19 08:10 - 2009-01-04 21:24 - 00000000 ____D C:\Users\OfficeMax\AppData\Local\Adobe
2013-06-19 07:55 - 2013-06-19 07:55 - 00003584 ____A C:\Users\OfficeMax\Local Settings\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-06-19 07:55 - 2013-06-19 07:55 - 00003584 ____A C:\Users\OfficeMax\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-06-19 07:55 - 2013-06-19 07:55 - 00003584 ____A C:\Users\OfficeMax\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-06-19 06:45 - 2011-12-27 15:32 - 00000000 ____D C:\Users\OfficeMax\Local Settings\CrashDumps
2013-06-19 06:45 - 2011-12-27 15:32 - 00000000 ____D C:\Users\OfficeMax\Local Settings\Application Data\CrashDumps
2013-06-19 06:45 - 2011-12-27 15:32 - 00000000 ____D C:\Users\OfficeMax\AppData\Local\CrashDumps
2013-06-19 06:34 - 2008-02-17 21:42 - 00000000 ____D C:\Program Files\Hewlett-Packard
2013-06-19 06:23 - 2013-06-19 06:23 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-06-19 06:23 - 2013-06-19 06:23 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-06-19 06:15 - 2013-06-19 06:15 - 00814472 ____A (Adobe Systems Incorporated) C:\Users\OfficeMax\Downloads\uninstall_flash_player.exe
2013-06-18 17:13 - 2013-06-18 17:13 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-06-18 17:13 - 2013-06-18 17:13 - 00000000 ____D C:\ProgramData\Application Data\Kaspersky Lab
2013-06-18 16:55 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-06-18 15:57 - 2008-02-17 22:17 - 00000000 ____D C:\Program Files\Microsoft Office
2013-06-18 07:55 - 2013-06-18 07:55 - 00012872 ____A (SurfRight B.V.) C:\Windows\System32\bootdelete.exe
2013-06-18 07:55 - 2013-06-16 18:08 - 00000000 ____D C:\ProgramData\HitmanPro
2013-06-18 07:55 - 2013-06-16 18:08 - 00000000 ____D C:\ProgramData\Application Data\HitmanPro
2013-06-17 18:41 - 2013-06-17 18:39 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\OfficeMax\Downloads\mbam-setup-1.75.0.1300(1).exe
2013-06-17 18:27 - 2013-06-08 17:55 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-06-17 18:27 - 2013-06-08 17:55 - 00000000 ____D C:\ProgramData\Application Data\Malwarebytes' Anti-Malware (portable)
2013-06-17 18:09 - 2013-06-17 18:09 - 00000000 ____D C:\Users\OfficeMax\Downloads\mbar-1.06.0.1003
2013-06-17 18:07 - 2013-06-17 17:58 - 13169742 ____A C:\Users\OfficeMax\Downloads\mbar-1.06.0.1003.zip
2013-06-17 17:53 - 2013-06-17 17:53 - 00033211 ____A C:\Users\OfficeMax\Desktop\JRT.txt
2013-06-17 17:51 - 2013-06-17 17:51 - 00000000 ____D C:\Windows\ERUNT
2013-06-17 17:51 - 2013-06-17 17:51 - 00000000 ____D C:\JRT
2013-06-17 17:50 - 2013-06-17 17:50 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\OfficeMax\Downloads\JRT.exe
2013-06-17 17:45 - 2013-06-17 17:44 - 00003607 ____A C:\AdwCleaner[S1].txt
2013-06-17 17:43 - 2013-06-17 17:42 - 00648201 ____A C:\Users\OfficeMax\Downloads\adwcleaner.exe
2013-06-17 17:35 - 2013-06-17 17:34 - 00011234 ____A C:\Users\OfficeMax\Downloads\new otl.log
2013-06-17 17:28 - 2013-06-17 17:28 - 00000000 ____D C:\_OTL
2013-06-17 08:15 - 2013-06-17 08:15 - 00000000 ____D C:\Users\OfficeMax\Local Settings\Macromedia
2013-06-17 08:15 - 2013-06-17 08:15 - 00000000 ____D C:\Users\OfficeMax\Local Settings\Application Data\Macromedia
2013-06-17 08:15 - 2013-06-17 08:15 - 00000000 ____D C:\Users\OfficeMax\AppData\Local\Macromedia
2013-06-17 07:47 - 2013-06-17 07:47 - 00000000 ____D C:\Program Files\Common Files\Java
2013-06-17 07:42 - 2013-06-17 07:42 - 00094112 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll
2013-06-17 07:41 - 2013-06-17 07:42 - 00866720 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2013-06-17 07:41 - 2013-06-17 07:42 - 00263584 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-06-17 07:41 - 2013-06-17 07:42 - 00174496 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-06-17 07:41 - 2013-06-17 07:42 - 00174496 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2013-06-17 07:41 - 2013-06-16 20:46 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-06-17 07:41 - 2010-09-07 20:48 - 00788896 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2013-06-17 07:41 - 2008-02-17 23:04 - 00000000 ____D C:\Program Files\Java
2013-06-17 06:36 - 2013-06-17 06:36 - 00063460 ____A C:\Users\OfficeMax\Downloads\Extras.Txt
2013-06-17 06:33 - 2013-06-17 06:33 - 00106512 ____A C:\Users\OfficeMax\Downloads\OTL.Txt
2013-06-17 06:22 - 2013-06-17 06:22 - 00602112 ____A (OldTimer Tools) C:\Users\OfficeMax\Downloads\OTL.exe
2013-06-17 04:15 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\rescache
2013-06-17 03:48 - 2006-11-02 04:47 - 00398000 ____A C:\Windows\System32\FNTCACHE.DAT
2013-06-17 03:47 - 2011-01-12 16:36 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-06-17 03:46 - 2012-05-24 14:04 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-06-17 03:28 - 2008-02-17 22:38 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-06-17 03:28 - 2008-02-17 22:38 - 00000000 ____D C:\ProgramData\Application Data\Microsoft Help
2013-06-17 02:05 - 2013-06-17 02:05 - 00000000 ___RD C:\Program Files\Skype
2013-06-17 02:05 - 2013-06-17 02:05 - 00000000 ____D C:\Program Files\Common Files\Skype
2013-06-17 02:05 - 2011-07-24 21:27 - 00001878 ____A C:\Users\Public\Desktop\Skype.lnk
2013-06-17 02:05 - 2011-07-24 21:27 - 00001878 ____A C:\ProgramData\Desktop\Skype.lnk
2013-06-17 02:05 - 2009-01-21 19:08 - 00000000 ____D C:\ProgramData\Skype
2013-06-17 02:05 - 2009-01-21 19:08 - 00000000 ____D C:\ProgramData\Application Data\Skype
2013-06-17 02:02 - 2006-11-02 02:23 - 00000219 ____A C:\Windows\win.ini
2013-06-16 21:38 - 2013-06-16 21:09 - 01985898 ____A (Mozilla) C:\Users\OfficeMax\Downloads\Firefox Setup 21.0.exe.part
2013-06-16 20:20 - 2013-06-16 20:20 - 00001596 ____A C:\Users\OfficeMax\Desktop\aswMBR.txt
2013-06-16 20:18 - 2013-06-16 20:16 - 04745728 ____A (AVAST Software) C:\Users\OfficeMax\Downloads\aswMBR.exe
2013-06-16 18:10 - 2013-06-16 18:10 - 00001692 ____A C:\Users\Public\Desktop\HitmanPro.lnk
2013-06-16 18:10 - 2013-06-16 18:10 - 00001692 ____A C:\ProgramData\Desktop\HitmanPro.lnk
2013-06-16 18:10 - 2013-06-16 18:09 - 00000000 ____D C:\Program Files\HitmanPro
2013-06-16 18:00 - 2013-06-16 17:53 - 09171472 ____A (SurfRight B.V.) C:\Users\OfficeMax\Downloads\HitmanPro.exe
2013-06-16 17:26 - 2013-06-16 17:25 - 00001570 ____A C:\Users\OfficeMax\Desktop\Rkill.txt
2013-06-16 17:06 - 2008-02-17 22:16 - 00000000 ____D C:\Program Files\Microsoft Works
2013-06-16 16:44 - 2006-11-02 03:18 - 00000000 __RHD C:\users\Default
2013-06-16 16:44 - 2006-11-02 03:18 - 00000000 ___RD C:\users\Public
2013-06-16 16:41 - 2013-06-16 14:43 - 00000000 ____D C:\Windows\erdnt
2013-06-16 16:34 - 2008-07-07 09:34 - 00000000 ____D C:\users\OfficeMax
2013-06-16 15:53 - 2013-06-16 15:53 - 00001429 ____A C:\Users\OfficeMax\Desktop\RKreport[3]_S_06162013_165301.txt
2013-06-16 15:49 - 2013-06-16 14:30 - 00000000 ____D C:\Users\OfficeMax\Desktop\RK_Quarantine
2013-06-16 15:04 - 2013-06-16 15:01 - 01440846 ____A C:\Users\OfficeMax\Downloads\mbam-chameleon-1.62.1.1000.zip
2013-06-16 14:39 - 2013-06-16 14:39 - 00048966 ____A C:\Users\OfficeMax\Desktop\Remove Trojan ZeroAccess virus (Removal Guide).htm
2013-06-16 14:30 - 2013-06-16 14:29 - 00907776 ____A C:\Users\OfficeMax\Downloads\RogueKiller.exe
2013-06-16 14:25 - 2013-06-16 14:24 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\OfficeMax\Downloads\iexplore.exe.exe
2013-06-16 13:43 - 2013-06-16 13:43 - 00688992 ____R (Swearware) C:\Users\OfficeMax\Downloads\dds.com
2013-06-16 12:41 - 2013-06-16 12:41 - 00000000 ____D C:\Users\OfficeMax\Desktop\mbar-1.06.0.1003(1)
2013-06-16 12:32 - 2013-06-16 12:32 - 00001333 ____A C:\Users\OfficeMax\Desktop\securitycheck text.txt
2013-06-16 10:25 - 2008-07-07 10:08 - 00109600 ____A C:\Users\OfficeMax\Local Settings\GDIPFONTCACHEV1.DAT
2013-06-16 10:25 - 2008-07-07 10:08 - 00109600 ____A C:\Users\OfficeMax\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2013-06-16 10:25 - 2008-07-07 10:08 - 00109600 ____A C:\Users\OfficeMax\AppData\Local\GDIPFONTCACHEV1.DAT
2013-06-16 09:01 - 2013-06-16 09:01 - 00000000 _RASH C:\MSDOS.SYS
2013-06-16 09:01 - 2013-06-16 09:01 - 00000000 _RASH C:\IO.SYS
2013-06-16 08:06 - 2013-06-16 08:06 - 01553028 ____A C:\Users\OfficeMax\My Documents\cc_20130616_090607.reg
2013-06-16 08:06 - 2013-06-16 08:06 - 01553028 ____A C:\Users\OfficeMax\Documents\cc_20130616_090607.reg
2013-06-16 08:02 - 2011-01-12 18:14 - 00000000 ____D C:\Users\OfficeMax\Tracing
2013-06-16 08:01 - 2012-05-12 07:02 - 00000000 ____D C:\Windows\Minidump
2013-06-16 08:01 - 2008-02-17 21:29 - 00000000 ____D C:\Windows\panther
2013-06-16 07:50 - 2013-06-16 07:45 - 04378864 ____A (Piriform Ltd) C:\Users\OfficeMax\Downloads\ccsetup402.exe
2013-06-14 13:13 - 2012-05-25 09:37 - 00000000 ___AD C:\Kaspersky Rescue Disk 10.0
2013-06-13 19:22 - 2013-06-13 19:22 - 00000000 ____D C:\found.011
2013-06-13 15:27 - 2013-06-13 15:27 - 00000000 ____D C:\found.010
2013-06-13 10:16 - 2011-01-26 18:18 - 00001945 ____A C:\Windows\epplauncher.mif
2013-06-13 09:55 - 2013-06-13 09:55 - 00000000 ____D C:\366eab9c421c2d96fcef6e403a01ad
2013-06-13 09:37 - 2013-06-13 09:37 - 00000000 ____D C:\Program Files\Windows Installer Clean Up
2013-06-13 09:36 - 2013-06-13 09:36 - 00000000 ____D C:\Program Files\MSECACHE
2013-06-12 19:06 - 2013-06-12 19:06 - 00000000 ____D C:\c84656d8fdf2402e9d
2013-06-12 18:32 - 2013-06-12 18:29 - 11091432 ____A (Microsoft Corporation) C:\Users\OfficeMax\Desktop\mseinstall.exe
2013-06-12 18:05 - 2013-06-12 18:04 - 01814144 ____A (Bleeping Computer, LLC) C:\Users\OfficeMax\Desktop\rkill.exe
2013-06-12 13:50 - 2013-06-12 13:50 - 00000000 ____D C:\found.009
2013-06-12 13:11 - 2013-06-12 13:07 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\OfficeMax\Downloads\mbam-setup-1.75.0.1300.exe
2013-06-12 12:13 - 2013-06-12 12:13 - 00000000 ____D C:\Users\OfficeMax\Application Data\Malwarebytes
2013-06-12 12:13 - 2013-06-12 12:13 - 00000000 ____D C:\Users\OfficeMax\AppData\Roaming\Malwarebytes
2013-06-12 12:06 - 2013-06-12 12:06 - 00000000 ____D C:\Quarantine
2013-06-12 06:04 - 2008-06-10 01:08 - 00000000 ____D C:\ProgramData\WildTangent
2013-06-12 06:04 - 2008-06-10 01:08 - 00000000 ____D C:\ProgramData\Application Data\WildTangent
2013-06-11 13:32 - 2013-06-11 13:32 - 00000000 ____A C:\Windows\System32\SBRC.dat
2013-06-08 21:06 - 2013-06-08 21:06 - 00000000 ____D C:\63f496ee69557e4f173fcefa
2013-06-08 21:03 - 2013-06-08 05:11 - 00000000 ____D C:\Windows\pss
2013-06-08 20:49 - 2013-06-08 20:49 - 00000000 ____D C:\f2ea61c736c459e4aad923
2013-06-08 18:49 - 2013-06-08 18:49 - 00377856 ____A C:\Users\OfficeMax\Downloads\75te9mme.exe
2013-06-08 17:49 - 2013-06-08 17:49 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-06-08 17:49 - 2013-06-08 17:49 - 00000000 ____D C:\ProgramData\Application Data\Malwarebytes
2013-06-08 17:49 - 2013-06-08 17:49 - 00000000 ____D C:\mbar-1.06.0.1003
2013-06-08 17:47 - 2013-06-08 17:38 - 13169742 ____A C:\mbar-1.06.0.1003.zip
2013-06-08 17:15 - 2010-06-15 18:02 - 00000000 ____D C:\Users\OfficeMax\Local Settings\Yahoo
2013-06-08 17:15 - 2010-06-15 18:02 - 00000000 ____D C:\Users\OfficeMax\Local Settings\Application Data\Yahoo
2013-06-08 17:15 - 2010-06-15 18:02 - 00000000 ____D C:\Users\OfficeMax\AppData\Local\Yahoo
2013-06-08 17:15 - 2008-07-07 09:41 - 00000000 ____D C:\Program Files\Yahoo!
2013-06-08 17:14 - 2006-11-02 04:37 - 00000000 ____D C:\Windows\twain_32
2013-06-08 17:12 - 2008-02-17 21:46 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-06-07 21:32 - 2008-06-10 01:04 - 00000344 ____A C:\Users\Public\Documents\hpqp.ini
2013-06-07 21:32 - 2008-06-10 01:04 - 00000344 ____A C:\ProgramData\Documents\hpqp.ini
2013-06-03 16:43 - 2006-11-02 02:24 - 73393752 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2013-05-25 10:09 - 2013-05-25 10:09 - 00001160 ____A C:\Users\OfficeMax\Downloads\ajax_price_update (2).cfm
2013-05-25 10:09 - 2013-05-25 10:09 - 00001160 ____A C:\Users\OfficeMax\Downloads\ajax_price_update (1).cfm
2013-05-23 15:50 - 2013-05-23 15:50 - 00001160 ____A C:\Users\OfficeMax\Downloads\ajax_price_update.cfm

Files to move or delete:
====================
C:\Windows\Tasks\{22BC48D0-C7F8-477F-B8CE-C05108B69F1A}.job

==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-06-20 14:39:26

==================== Memory info ===========================

Percentage of memory in use: 17%
Total physical RAM: 3061.81 MB
Available physical RAM: 2514.59 MB
Total Pagefile: 2781.51 MB
Available Pagefile: 2596.54 MB
Total Virtual: 2047.88 MB
Available Virtual: 1968.17 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:221.19 GB) (Free:163.4 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (HP_RECOVERY) (Fixed) (Total:11.69 GB) (Free:2.02 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (BOOTCD_USB) (Removable) (Total:3.73 GB) (Free:3.51 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 233 GB) (Disk ID: DC596CAA)
Partition 1: (Active) - (Size=221 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=12 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 4 GB) (Disk ID: 1169C6BC)
Partition 1: (Active) - (Size=4 GB) - (Type=0B)


LastRegBack: 2013-06-20 17:44

==================== End Of Log ============================
 
kuttus

kuttus

Level 2
Verified
Oct 5, 2012
2,697
Now please download this file and save it to your Flash Drive.

[attachment=4920]

Then, boot to system recovery, plug in your flash drive, open FRST and click fix. Post the generated log. Then attempt to boot to normal mode.
 

Attachments

  • fixlist.txt
    801 bytes · Views: 107
B

bravebird

New Member
Thread author
Verified
Jun 16, 2013
51
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 21-06-2013
Ran by SYSTEM at 2013-06-21 07:36:53 Run:1
Running from F:\
Boot Mode: Recovery

==============================================

catchme => Service deleted successfully.
C:\Users\OfficeMax\Local Settings\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => Moved successfully.
C:\Users\OfficeMax\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => File/Directory not found.
C:\Users\OfficeMax\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => File/Directory not found.
C:\Users\OfficeMax\Downloads\75te9mme.exe => Moved successfully.
C:\Users\OfficeMax\Local Settings\Application Data\GDIPFONTCACHEV1.DAT => Moved successfully.
C:\Users\OfficeMax\AppData\Local\GDIPFONTCACHEV1.DAT => File/Directory not found.

==== End of Fixlog ====
 
kuttus

kuttus

Level 2
Verified
Oct 5, 2012
2,697
Now check if you are getting that regsvr32 missing error.... Are you getting this error only for Malware Bytes?
 
B

bravebird

New Member
Thread author
Verified
Jun 16, 2013
51
yes so far i only notice it when starting malwarebytes or chameleon. this regsvr32.exe is important right? why does it say it's missing when i can see it in the folder :( im just assuming my antivirus software wont fully work until this is resolved. it doesnt happen on my desktop when i run malwarebytes
 
kuttus

kuttus

Level 2
Verified
Oct 5, 2012
2,697
regsvr32.exe is located on c:\WINDOWS\system32 it seems on your computer this file is located... Do you try any other antivirus program?
 
B

bravebird

New Member
Thread author
Verified
Jun 16, 2013
51
i have..i might reinstall ms security essentials...but i was really banking on being able to use malwarebytes since it seems to be a good program. well i'll try ms essentials, scan and see what happens. i just hope im able to effectively use ANY antivirus with this issue happening. this computer was VERY infected and i wanna make sure i catch everything before i began accessing my personal information and emails
 
B

bravebird

New Member
Thread author
Verified
Jun 16, 2013
51
kuttus said:
How good you are with registry Editing?
Click to expand...

dont know much about it :( i know i'd have to use regedit, lol.
but im a quick learner if it's something that isnt too tough. i just want this computer fixed!

ran ms security essentials and saw that there were QUITE a few viruses this thing had from the last scan. unfortunately i cannot retrieve the list of viruses that were detected...i just recall fakerean...i know zeroaccess was one also
 
kuttus

kuttus

Level 2
Verified
Oct 5, 2012
2,697
Please Open MSE once more and goto History and check which file is detected as infection. Please send me the file name.
 
B

bravebird

New Member
Thread author
Verified
Jun 16, 2013
51
kuttus said:
Please Open MSE once more and goto History and check which file is detected as infection. Please send me the file name.
Click to expand...
ah i dont think i can :( i got button happy and wanted to delete the entries as soon as i saw them. i dont think i can retrieve them :(
is there any other way i can view the history because i cant using the history button. they're all gone.
 
B

bravebird

New Member
Thread author
Verified
Jun 16, 2013
51
i just scanned it, nothing was found BUT...im wondering if the program is working properly. when it finishes it usually tells me how many files were scanned and if something was found...this time that information wasnt displayed. it just says "security essentials is monitoring your PC and helping to protect it" It also says my last scan was today at 1:25PM but that is totally inaccurate. i started the scan around 11am and it finished at about 6pm
is it possible the virus is capable of tampering with security essentials? this is craziness!
 
kuttus

kuttus

Level 2
Verified
Oct 5, 2012
2,697
No it will do the scan. No need to worry, May be MSE remove the infected files in the first place.......
 
B

bravebird

New Member
Thread author
Verified
Jun 16, 2013
51
kuttus said:
No it will do the scan. No need to worry, May be MSE remove the infected files in the first place.......
Click to expand...

well i just dont understand how the process at the end was different..it didnt show me anything and the timing of the scan doesnt correspond to the correct time...just seems fishy. hmm...i dunno.
 
kuttus

kuttus

Level 2
Verified
Oct 5, 2012
2,697
Hmmm.... Do you try to run Malwarebytes Anti-Malware in safe mode? Just try it and check how it is working in safe mode?
 

Similar threads

M
  • Locked
BBWC not detected by malwarebytes and rkill but is there?
Replies
13
Views
478
Windows Malware Removal Help & Support
icotonev
icotonev
mjfneto
  • Locked
Persisting Suspicious Activity
Replies
5
Views
413
Windows Malware Removal Help & Support
nasdaq
nasdaq
simmerskool
    • Applause
    • Wow
  • Locked
KVRT found not-a-virus:HEUR:RemoteAdmin.Win32.ConnectWise.gen
Replies
5
Views
1,502
Windows Malware Removal Help & Support
nasdaq
nasdaq

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top