Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Had FBI Virus, removed it, now files won't open


  • This topic is locked This topic is locked
15 replies to this topic

#1 Mark12211

Mark12211

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:50 AM

Posted 15 November 2013 - 10:57 AM

I have seen lots of posts about the FBI ransom virus. And I have seen lots of posts about cryptolocker. But no one with this same problem as me.

 

I had the FBI virus on our personal computer. My 4 year old son was watching youtube and it popped up on the screen one night.

 

Simple removal through creating a new user in command prompt, then running Norton Power Eraser.

I have done it 100 times for other people's computers at work, so it can be usable and then connected to my company's remote removal website.

 

So I have lots of experience with this virus, but I have never seen this:  All the files in My Documents, My Music, and My Photos appear to be encrypted. None open, with any program. All jpg, .docx, and .m4p files within those folders. Any new files I add, work fine. When I try to open a .jpg file it says "Photo Gallery can't open this photo or video. The file appears to be damaged or corrupted."

 

I ran Panda's encryption dector program and it says there aren't any files on the computer that are encrpyted.

 

I have backups of almost everything, so it will be easy enough to replace my files, however... What about the next hundred people that bring their computer to me that have this new variant. You know they don't back up files.

 

I can submit samples of original and corrupt files somewhere if someone knows where to do so.

 

Attached is what it looks like when I try to open a .jpg with Photo Gallery and Pictureviewer.

 

Thanks for any help.

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 11,121 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:50 AM

Posted 20 November 2013 - 11:10 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/514126 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Mark12211

Mark12211
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:50 AM

Posted 20 November 2013 - 08:45 PM

My computer shows no signs of being infected anymore (used Norton Power Eraser), but no files in the user folders will open. I was hoping you guys knew of a tool to restore the files. I have backups, but a quicker tool would be nice. And if a tool doesn't exist; I didn't know if I could somehow help someone somewhere with creating a tool to repair the corruption by showing them the corrupt and non-corrept files. This variant is becoming more popular and I hope people don't lose un-backed up files.
 
Do the fake FBI virus makers even have a tool to un-corrupt the files?
 
Thanks!

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16520 BrowserJavaVersion: 10.5.1
Run by RiRi at 20:28:36 on 2013-11-20
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.1789.819 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\AOL Desktop 9.7\waol.exe
C:\Windows\system32\taskeng.exe
C:\Users\RiRi\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Google\Update\1.3.21.165\GoogleCrashHandler.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\AOL Desktop 9.7\shellmon.exe
C:\Program Files\Common Files\AOL\1332979884\ee\aolsoftware.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vb32&d=0509&m=aspire_5516
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vb32&d=0509&m=aspire_5516
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vb32&d=0509&m=aspire_5516
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
uRun: [AOL Fast Start] "c:\program files\aol desktop 9.7\AOL.EXE" -b
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [EKStatusMonitor] c:\program files\kodak\aio\statusmonitor\EKStatusMonitor.exe
mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
mRun: [Conime] c:\windows\system32\conime.exe
mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} - hxxps://www.icloud.com/system/iCloud.cab
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{484FF2C7-AEB2-4DE5-BBCF-A76F9904ECB1} : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{7D01B078-6DA2-47F9-81F2-2BB5675159DA} : DHCPNameServer = 172.20.10.1
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\31.0.1650.57\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-9-27 214696]
R2 CLHNService;CLHNService;c:\program files\acer arcade deluxe\homemedia\kernel\dmp\CLHNService.exe [2009-5-26 75048]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\EKAiOHostService.exe [2013-3-15 395640]
R2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;c:\program files\kodak\aio\statusmonitor\EKPrinterSDK.exe [2013-1-15 780152]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2013-6-18 104768]
R2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files\newtech infosystems\acer backup manager\IScheduleSvc.exe [2009-2-17 44800]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2008-9-23 144632]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\L1C60x86.sys [2009-4-18 49664]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2013-10-23 280288]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2012-9-28 19456]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2012-3-26 18432]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2008-9-23 50424]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
S4 ePowerSvc;Acer ePower Service;c:\program files\acer\acer epower management\ePowerSvc.exe [2009-5-26 723488]
.
=============== Created Last 30 ================
.
2013-11-20 12:30:41 7772552 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{6a17d7a1-3213-4f62-8b70-0af1ed3cdc51}\mpengine.dll
2013-11-19 10:26:47 7772552 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-11-17 03:10:02 -------- d-----w- c:\program files\Stellar Phoenix JPEG Repair
2013-11-16 03:47:08 -------- d-----w- c:\windows\9155DB04A032491A88B27C19B9E9F945.TMP
2013-11-15 16:02:06 -------- d-----w- c:\users\riri\appdata\roaming\Malwarebytes
2013-11-15 16:01:27 -------- d-----w- c:\programdata\Malwarebytes
2013-11-15 16:01:21 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-11-15 16:01:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-11-13 13:58:38 297984 ----a-w- c:\windows\system32\gdi32.dll
2013-11-13 13:58:32 993792 ----a-w- c:\windows\system32\crypt32.dll
2013-11-13 13:58:25 444928 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-11-13 13:58:24 596480 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2013-11-12 18:01:38 719224 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{ef501550-e32f-45e1-8985-a7bd4c02b597}\gapaengine.dll
2013-11-12 14:49:15 -------- d-----w- c:\users\riri\appdata\local\CrashDumps
2013-11-12 03:48:20 -------- d-----w- c:\programdata\uxeciuj
2013-11-12 03:48:12 -------- d-----w- c:\programdata\recn
2013-11-12 03:27:54 -------- d-----w- c:\programdata\jlmt
2013-11-10 12:35:33 -------- d-----w- c:\users\riri\appdata\roaming\QuickScan
2013-11-10 12:35:13 -------- d-----w- c:\users\riri\appdata\roaming\OpswatLogs
2013-11-10 12:23:53 -------- d-----w- C:\temp
2013-11-10 12:19:41 -------- d-----w- c:\program files\common files\supportsoft
.
==================== Find3M ====================
.
2013-11-19 10:21:30 230048 ------w- c:\windows\system32\MpSigStub.exe
2013-10-13 09:48:06 1806848 ----a-w- c:\windows\system32\jscript9.dll
2013-10-13 09:35:52 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-10-13 09:35:38 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-10-13 09:30:14 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-10-13 09:29:02 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-10-13 09:25:39 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-10-09 04:22:37 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-09 04:22:37 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-09-27 14:53:06 214696 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-09-27 14:53:06 104768 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2013-08-29 07:36:04 2050048 ----a-w- c:\windows\system32\win32k.sys
2013-08-27 02:47:50 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-08-27 02:47:50 189952 ----a-w- c:\windows\system32\d3d10core.dll
2013-08-27 02:47:50 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2013-08-27 02:47:50 1029120 ----a-w- c:\windows\system32\d3d10.dll
2013-08-27 01:52:08 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2013-08-27 01:50:40 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2013-08-27 01:32:20 683008 ----a-w- c:\windows\system32\d2d1.dll
2013-08-27 01:28:36 1069056 ----a-w- c:\windows\system32\DWrite.dll
2013-08-27 01:28:35 798208 ----a-w- c:\windows\system32\FntCache.dll
.
============= FINISH: 20:29:38.16 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume2
Install Date: 5/26/2009 12:45:59 PM
System Uptime: 11/20/2013 4:40:15 PM (4 hours ago)
.
Motherboard: Acer | | Aspire 5516
Processor: AMD Athlon™ Processor TF-20 | Socket M2/S1G1 | 1600/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 139 GiB total, 27.456 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP400: 11/14/2013 3:00:18 AM - Windows Update
RP401: 11/14/2013 11:17:33 PM - Scheduled Checkpoint
RP402: 11/16/2013 1:28:50 AM - Scheduled Checkpoint
RP403: 11/17/2013 9:09:09 PM - Windows Update
RP404: 11/19/2013 3:00:46 AM - Windows Update
RP405: 11/19/2013 10:52:45 PM - Scheduled Checkpoint
RP406: 11/20/2013 3:00:12 AM - Windows Update
RP407: 11/20/2013 5:33:22 PM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Acer Arcade Deluxe
Acer Assist
Acer Backup Manager
Acer ePower Management
Acer eRecovery Management
Acer GridVista
Adobe AIR
Adobe Digital Editions
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.2
aioprnt
aioscnnr
Airport Mania First Flight
AOL Uninstaller (Choose which Products to Remove)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
ATI Catalyst Install Manager
Backup Manager Basic
Bonjour
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization Czech
Catalyst Control Center Localization Danish
Catalyst Control Center Localization Dutch
Catalyst Control Center Localization Finnish
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Greek
Catalyst Control Center Localization Hungarian
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Norwegian
Catalyst Control Center Localization Polish
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Russian
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Swedish
Catalyst Control Center Localization Thai
Catalyst Control Center Localization Turkish
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
center
Compatibility Pack for the 2007 Office system
essentials
Google Chrome
Google Earth
Google Update Helper
Green Games And Ham Games Console
GreenGamesandHam Packages
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
iCloud
iTunes
Java Auto Updater
Java™ 7 Update 5
JavaFX 2.1.1
Kodak AIO Printer
KODAK AiO Software
LeapFrog Connect
LeapFrog LeapPad Explorer Plugin
LeapFrog My Pals Plugin
LeapFrog Tag Plugin
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Works
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NTI Backup Now 5
NTI Backup Now Standard
NTI Media Maker 8
ocr
Photo Transfer App
PreReq
PrintProjects
QuickTime
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Recuva
Safari
SeaTools for Windows
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827329) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2827330) 32-Bit Edition
SimTheme Park
Skins
Spelling Dictionaries Support For Adobe Reader 9
Stellar Phoenix JPEG Repair
Synaptics Pointing Device Driver
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Use the entry named LeapFrog Connect to uninstall (LeapFrog LeapPad Explorer Plugin)
Use the entry named LeapFrog Connect to uninstall (LeapFrog My Pals Plugin)
Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin)
Viewpoint Media Player
Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
.
==== Event Viewer Messages From Past Week ========
.
11/20/2013 9:16:44 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 172.20.10.3 for the Network Card with network address 002556069355 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
11/20/2013 7:25:01 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.8 for the Network Card with network address 002556069355 has been denied by the DHCP server 172.20.10.1 (The DHCP Server sent a DHCPNACK message).
11/20/2013 4:03:40 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.6 for the Network Card with network address 002556069355 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
11/20/2013 2:17:11 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
11/20/2013 2:15:52 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.8 for the Network Card with network address 002556069355 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
11/20/2013 12:26:01 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.4 for the Network Card with network address 002556069355 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
11/19/2013 6:44:09 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 0.0.0.0 for the Network Card with network address 002556069355 has been denied by the DHCP server 24.24.29.133 (The DHCP Server sent a DHCPNACK message).
11/19/2013 6:44:00 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.5 for the Network Card with network address 002556069355 has been denied by the DHCP server 24.24.29.133 (The DHCP Server sent a DHCPNACK message).
11/19/2013 3:25:39 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Security Essentials - 4.4.304.0 (KB2902885).
11/19/2013 11:21:04 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 0.0.0.0 for the Network Card with network address 002556069355 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
11/19/2013 11:20:46 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.4 for the Network Card with network address 002556069355 has been denied by the DHCP server 24.24.29.133 (The DHCP Server sent a DHCPNACK message).
11/19/2013 11:11:42 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.5 for the Network Card with network address 002556069355 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
11/19/2013 11:10:02 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.3 for the Network Card with network address 002556069355 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
11/18/2013 3:16:57 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
11/14/2013 10:48:22 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.
11/14/2013 10:48:22 AM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/14/2013 10:48:21 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}
.
==== End Of File ===========================

Attached Files


Edited by Oh My, 24 November 2013 - 09:25 AM.
Logs posted


#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 18,089 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:50 AM

Posted 24 November 2013 - 09:47 AM

Greetings Mark12211 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Based on your description I have some comcerns your files are beyond repair but time will tell.

Please run this program for me.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log

Regards,
Gary

If I do not respond to you within 24 hours of your post please send me a Personal Message .


"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Mark12211

Mark12211
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:50 AM

Posted 26 November 2013 - 07:51 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 25-11-2013 01
Ran by RiRi (administrator) on RIRILAPTOP on 26-11-2013 07:46:11
Running from C:\Users\RiRi\Downloads
Microsoft® Windows Vista™ Home Basic  Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Eastman Kodak Company) C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
(LeapFrog Enterprises, Inc.) C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Spotify Ltd) C:\Users\RiRi\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
(Eastman Kodak Company) C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
(Eastman Kodak Company) C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
(LeapFrog Enterprises, Inc.) C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
(NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Realtek Semiconductor Corp.) C:\Users\RiRi\AppData\Local\Temp\RtkBtMnt.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(AOL LLC) C:\Program Files\Common Files\AOL\acs\AOLacsd.exe
(AOL Inc.) C:\Program Files\Common Files\AOL\1332979884\ee\aolsoftware.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.22.3\GoogleCrashHandler.exe
(AOL Inc.) C:\Program Files\AOL Desktop 9.7\waol.exe
(AOL Inc.) C:\Program Files\AOL Desktop 9.7\shellmon.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [6711840 2009-04-09] (Realtek Semiconductor)
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-08-29] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1418536 2009-01-08] (Synaptics, Inc.)
HKLM\...\Run: [EKStatusMonitor] - C:\Program Files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe [2750840 2013-01-15] (Eastman Kodak Company)
HKLM\...\Run: [EKIJ5000StatusMonitor] - C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe [2804224 2012-10-08] (Eastman Kodak Company)
HKLM\...\Run: [Conime] - C:\Windows\System32\conime.exe [69120 2009-04-11] (Microsoft Corporation)
HKLM\...\Run: [Monitor] - C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe [106496 2013-10-31] (LeapFrog Enterprises, Inc.)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation)
HKCU\...\Run: [AOL Fast Start] - C:\Program Files\AOL Desktop 9.7\aol.exe [42320 2012-01-31] (AOL Inc.)
HKCU\...\Run: [Spotify Web Helper] - C:\Users\RiRi\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1168896 2013-11-20] (Spotify Ltd)
HKCU\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\system32\Macromed\Flash\FlashUtil32_11_9_900_117_ActiveX.exe -update activex [829832 2013-10-08] (Adobe Systems Incorporated)
MountPoints2: {cf19762e-e373-11e2-9b6d-00038a000015} - "E:\WD SmartWare.exe" autoplay=true
MountPoints2: {d3b35661-4a14-11de-9993-806e6f6e6963} - D:\autorun.exe
MountPoints2: {d6ac32eb-5b7e-11df-b96c-00235ada8f38} - F:\LaunchU3.exe -a
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\norton\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vb32&d=0509&m=aspire_5516
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vb32&d=0509&m=aspire_5516
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vb32&d=0509&m=aspire_5516
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} https://www.icloud.com/system/iCloud.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

Chrome:
=======
CHR Extension: (Google Wallet) - C:\Users\RiRi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0

========================== Services (Whitelisted) =================

R3 AOL ACS; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [46640 2006-10-23] (AOL LLC)
R2 CLHNService; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [75048 2009-03-06] ()
S4 ePowerSvc; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [723488 2009-04-03] (Acer Incorporated)
R2 Kodak AiO Network Discovery Service; C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe [395640 2013-03-15] (Eastman Kodak Company)
R2 Kodak AiO Status Monitor Service; C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [780152 2013-01-15] (Eastman Kodak Company)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [280288 2013-10-23] (Microsoft Corporation)
R2 NTI IScheduleSvc; C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [44800 2009-02-17] (NewTech Infosystems, Inc.)
R2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [144632 2008-09-23] (NewTech Infosystems, Inc.)

==================== Drivers (Whitelisted) ====================

R0 ahcix86s; C:\Windows\System32\DRIVERS\ahcix86s.sys [183312 2009-01-03] (Advanced Micro Devices, Inc)
S3 FlyUsb; C:\Windows\System32\DRIVERS\FlyUsb.sys [19456 2012-09-28] (LeapFrog)
R3 L1C; C:\Windows\System32\DRIVERS\L1C60x86.sys [49664 2009-01-14] (Atheros Communications, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
R3 wanatw; C:\Windows\System32\DRIVERS\wanatw4.sys [33588 2006-11-29] (America Online, Inc.)
S1 DritekPortIO; \??\C:\Program Files\Launch Manager\DPortIO.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-11-26 07:46 - 2013-11-26 07:47 - 00008664 _____ C:\Users\RiRi\Downloads\FRST.txt
2013-11-26 07:44 - 2013-11-26 07:44 - 01091605 _____ (Farbar) C:\Users\RiRi\Downloads\FRST.exe
2013-11-26 07:44 - 2013-11-26 07:44 - 00000000 ____D C:\FRST
2013-11-20 22:04 - 2013-11-20 22:12 - 00001710 _____ C:\Users\RiRi\Desktop\Spotify.lnk
2013-11-20 22:04 - 2013-11-20 22:12 - 00001696 _____ C:\Users\RiRi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2013-11-20 22:04 - 2013-11-20 22:04 - 00000000 ____D C:\Users\RiRi\AppData\Local\Spotify
2013-11-20 22:02 - 2013-11-23 09:45 - 00000000 ____D C:\Users\RiRi\AppData\Roaming\Spotify
2013-11-20 20:36 - 2013-11-20 20:36 - 00015376 _____ C:\Users\RiRi\Documents\Attach.txt
2013-11-20 20:36 - 2013-11-20 20:36 - 00011592 _____ C:\Users\RiRi\Documents\DDS.txt
2013-11-20 20:27 - 2013-11-20 20:27 - 00688992 ____R (Swearware) C:\Users\RiRi\Downloads\dds (1).com
2013-11-19 20:16 - 2013-11-19 20:16 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_netaapl_01009.Wdf
2013-11-17 10:48 - 2013-11-17 10:48 - 04200719 _____ C:\Users\RiRi\Documents\VID_20131115_191339.mp4
2013-11-16 22:10 - 2013-11-16 22:10 - 00000000 ____D C:\Program Files\Stellar Phoenix JPEG Repair
2013-11-16 00:44 - 2013-11-16 00:44 - 00000000 ____D C:\Program Files\Recuva
2013-11-16 00:42 - 2013-11-16 00:42 - 03992416 _____ (Piriform Ltd) C:\Users\RiRi\Downloads\rcsetup149.exe
2013-11-15 22:47 - 2013-11-15 22:47 - 00000000 ____D C:\Windows\9155DB04A032491A88B27C19B9E9F945.TMP
2013-11-15 22:30 - 2013-11-15 22:31 - 11171960 _____ (LeapFrog Enterprises, Inc.) C:\Users\RiRi\Downloads\LeapFrogConnectSetup_LeapPadExplorer (2).exe
2013-11-15 22:28 - 2013-11-15 22:29 - 11171960 _____ (LeapFrog Enterprises, Inc.) C:\Users\RiRi\Downloads\LeapFrogConnectSetup_LeapPadExplorer (1).exe
2013-11-15 11:02 - 2013-11-15 11:02 - 00000000 ____D C:\Users\RiRi\AppData\Roaming\Malwarebytes
2013-11-15 11:01 - 2013-11-15 11:01 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-15 11:01 - 2013-11-15 11:01 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-11-15 11:01 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-11-15 10:50 - 2013-11-20 20:29 - 00015376 _____ C:\Users\RiRi\Desktop\attach.txt
2013-11-15 10:50 - 2013-11-20 20:29 - 00011592 _____ C:\Users\RiRi\Desktop\dds.txt
2013-11-15 10:44 - 2013-11-15 10:44 - 00688992 _____ (Swearware) C:\Users\RiRi\Downloads\dds.com
2013-11-14 10:56 - 2013-10-13 05:42 - 12344832 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-14 10:56 - 2013-10-13 05:08 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-14 10:56 - 2013-10-13 04:48 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-14 10:56 - 2013-10-13 04:37 - 01104896 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-14 10:56 - 2013-10-13 04:35 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-14 10:56 - 2013-10-13 04:35 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-14 10:56 - 2013-10-13 04:33 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-14 10:56 - 2013-10-13 04:32 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-14 10:56 - 2013-10-13 04:30 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-14 10:56 - 2013-10-13 04:30 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-14 10:56 - 2013-10-13 04:29 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-11-14 10:56 - 2013-10-13 04:27 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-14 10:56 - 2013-10-13 04:27 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-14 10:56 - 2013-10-13 04:26 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-14 10:56 - 2013-10-13 04:25 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-14 10:56 - 2013-10-13 04:20 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-13 11:32 - 2013-11-13 11:35 - 00003420 _____ C:\Users\RiRi\Downloads\PandaRamsonwareDecrypt.log
2013-11-13 11:31 - 2013-11-13 11:31 - 02760672 _____ C:\Users\RiRi\Downloads\pandaunransom.exe
2013-11-13 08:58 - 2013-10-10 21:08 - 00444928 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-13 08:58 - 2013-10-10 21:07 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-13 08:58 - 2013-10-10 19:39 - 00218228 _____ C:\Windows\system32\WFP.TMF
2013-11-13 08:58 - 2013-10-03 07:45 - 00993792 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-13 08:58 - 2013-10-03 07:45 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-12 12:47 - 2013-11-12 12:47 - 00121824 _____ (Panda Security) C:\Users\RiRi\Downloads\dapatodecryptor.exe
2013-11-12 11:52 - 2013-11-12 11:52 - 00012270 _____ C:\ComboFix.txt
2013-11-12 11:34 - 2013-11-12 11:52 - 00000000 ____D C:\Qoobox
2013-11-12 09:49 - 2013-11-12 09:49 - 00000000 ____D C:\Users\RiRi\AppData\Local\CrashDumps
2013-11-12 00:36 - 2013-11-12 00:36 - 00070744 _____ C:\Users\norton\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-12 00:36 - 2013-11-12 00:36 - 00000000 ____D C:\Users\norton\AppData\Roaming\ATI
2013-11-12 00:36 - 2013-11-12 00:36 - 00000000 ____D C:\Users\norton\AppData\Local\ATI
2013-11-12 00:36 - 2013-11-12 00:36 - 00000000 ____D C:\Users\norton\AppData\Local\AOL
2013-11-12 00:22 - 2013-11-12 09:44 - 00000000 ____D C:\Users\norton\AppData\Local\NPE
2013-11-12 00:20 - 2013-11-12 00:20 - 00000000 ____D C:\Users\norton\AppData\Local\Google
2013-11-12 00:19 - 2013-11-12 10:04 - 00000000 ____D C:\Users\norton
2013-11-12 00:19 - 2013-05-28 21:59 - 00000000 ____D C:\Users\norton\AppData\Roaming\Macromedia
2013-11-12 00:19 - 2009-08-19 15:52 - 00000000 ____D C:\Users\norton\AppData\Local\Microsoft Help
2013-11-11 22:48 - 2013-11-12 00:02 - 00000000 ____D C:\ProgramData\uxeciuj
2013-11-11 22:48 - 2013-11-12 00:01 - 00000000 ____D C:\ProgramData\recn
2013-11-11 22:27 - 2013-11-12 00:01 - 00000000 ____D C:\ProgramData\jlmt
2013-11-10 07:38 - 2013-11-10 09:10 - 00000000 ____D C:\Users\RiRi\Documents\ctrlcenter PC Checkup and Tuneup
2013-11-10 07:35 - 2013-11-10 07:35 - 00000000 ____D C:\Users\RiRi\AppData\Roaming\QuickScan
2013-11-10 07:19 - 2013-11-10 07:19 - 00000000 ____D C:\Program Files\Common Files\supportsoft

==================== One Month Modified Files and Folders =======

2013-11-26 07:47 - 2013-11-26 07:46 - 00008664 _____ C:\Users\RiRi\Downloads\FRST.txt
2013-11-26 07:44 - 2013-11-26 07:44 - 01091605 _____ (Farbar) C:\Users\RiRi\Downloads\FRST.exe
2013-11-26 07:44 - 2013-11-26 07:44 - 00000000 ____D C:\FRST
2013-11-26 07:26 - 2013-08-22 20:24 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-26 07:26 - 2013-08-22 20:24 - 00000878 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-26 07:22 - 2012-06-04 22:22 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-26 07:14 - 2009-05-26 11:43 - 01113833 _____ C:\Windows\WindowsUpdate.log
2013-11-26 07:14 - 2006-11-02 07:45 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-26 07:14 - 2006-11-02 07:45 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-25 21:23 - 2013-09-09 09:00 - 00000000 ____D C:\ProgramData\Kodak
2013-11-24 22:22 - 2006-11-02 05:33 - 00777284 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-24 22:14 - 2006-11-02 07:58 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-24 22:12 - 2006-11-02 07:58 - 00032558 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-11-23 09:45 - 2013-11-20 22:02 - 00000000 ____D C:\Users\RiRi\AppData\Roaming\Spotify
2013-11-20 22:12 - 2013-11-20 22:04 - 00001710 _____ C:\Users\RiRi\Desktop\Spotify.lnk
2013-11-20 22:12 - 2013-11-20 22:04 - 00001696 _____ C:\Users\RiRi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2013-11-20 22:04 - 2013-11-20 22:04 - 00000000 ____D C:\Users\RiRi\AppData\Local\Spotify
2013-11-20 21:19 - 2012-07-16 07:39 - 00000000 ___HD C:\Program Files\MSN
2013-11-20 20:36 - 2013-11-20 20:36 - 00015376 _____ C:\Users\RiRi\Documents\Attach.txt
2013-11-20 20:36 - 2013-11-20 20:36 - 00011592 _____ C:\Users\RiRi\Documents\DDS.txt
2013-11-20 20:29 - 2013-11-15 10:50 - 00015376 _____ C:\Users\RiRi\Desktop\attach.txt
2013-11-20 20:29 - 2013-11-15 10:50 - 00011592 _____ C:\Users\RiRi\Desktop\dds.txt
2013-11-20 20:27 - 2013-11-20 20:27 - 00688992 ____R (Swearware) C:\Users\RiRi\Downloads\dds (1).com
2013-11-20 03:02 - 2013-08-08 23:29 - 00001945 _____ C:\Windows\epplauncher.mif
2013-11-20 03:01 - 2013-08-08 22:04 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-11-19 23:20 - 2008-01-20 22:02 - 00773492 _____ C:\Windows\PFRO.log
2013-11-19 20:16 - 2013-11-19 20:16 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_netaapl_01009.Wdf
2013-11-19 20:16 - 2006-11-02 07:49 - 00054067 _____ C:\Windows\setupact.log
2013-11-19 05:21 - 2010-04-27 06:01 - 00230048 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2013-11-17 10:48 - 2013-11-17 10:48 - 04200719 _____ C:\Users\RiRi\Documents\VID_20131115_191339.mp4
2013-11-16 22:10 - 2013-11-16 22:10 - 00000000 ____D C:\Program Files\Stellar Phoenix JPEG Repair
2013-11-16 00:47 - 2009-07-17 16:28 - 00000000 ____D C:\Users\RiRi
2013-11-16 00:47 - 2009-04-18 23:09 - 00000000 ____D C:\book
2013-11-16 00:44 - 2013-11-16 00:44 - 00000000 ____D C:\Program Files\Recuva
2013-11-16 00:42 - 2013-11-16 00:42 - 03992416 _____ (Piriform Ltd) C:\Users\RiRi\Downloads\rcsetup149.exe
2013-11-15 22:47 - 2013-11-15 22:47 - 00000000 ____D C:\Windows\9155DB04A032491A88B27C19B9E9F945.TMP
2013-11-15 22:47 - 2013-09-03 19:47 - 00000000 ____D C:\Windows\A47362E8CDF64347998407D8066D4195.TMP
2013-11-15 22:47 - 2009-05-26 11:50 - 00044974 _____ C:\Windows\DPINST.LOG
2013-11-15 22:45 - 2012-12-12 19:09 - 00000751 _____ C:\Users\Public\Desktop\LeapFrog Connect.lnk
2013-11-15 22:31 - 2013-11-15 22:30 - 11171960 _____ (LeapFrog Enterprises, Inc.) C:\Users\RiRi\Downloads\LeapFrogConnectSetup_LeapPadExplorer (2).exe
2013-11-15 22:29 - 2013-11-15 22:28 - 11171960 _____ (LeapFrog Enterprises, Inc.) C:\Users\RiRi\Downloads\LeapFrogConnectSetup_LeapPadExplorer (1).exe
2013-11-15 12:28 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\LiveKernelReports
2013-11-15 11:02 - 2013-11-15 11:02 - 00000000 ____D C:\Users\RiRi\AppData\Roaming\Malwarebytes
2013-11-15 11:01 - 2013-11-15 11:01 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-15 11:01 - 2013-11-15 11:01 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-11-15 10:44 - 2013-11-15 10:44 - 00688992 _____ (Swearware) C:\Users\RiRi\Downloads\dds.com
2013-11-14 11:49 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\rescache
2013-11-14 10:56 - 2009-04-18 21:53 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-11-14 10:53 - 2013-08-18 02:15 - 00000000 ____D C:\Windows\system32\MRT
2013-11-14 10:48 - 2006-11-02 05:24 - 80340640 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-11-13 11:35 - 2013-11-13 11:32 - 00003420 _____ C:\Users\RiRi\Downloads\PandaRamsonwareDecrypt.log
2013-11-13 11:31 - 2013-11-13 11:31 - 02760672 _____ C:\Users\RiRi\Downloads\pandaunransom.exe
2013-11-12 12:47 - 2013-11-12 12:47 - 00121824 _____ (Panda Security) C:\Users\RiRi\Downloads\dapatodecryptor.exe
2013-11-12 12:38 - 2006-11-02 05:22 - 43515904 _____ C:\Windows\system32\config\software_previous
2013-11-12 12:38 - 2006-11-02 05:22 - 42205184 _____ C:\Windows\system32\config\components_previous
2013-11-12 12:38 - 2006-11-02 05:22 - 17301504 _____ C:\Windows\system32\config\system_previous
2013-11-12 12:38 - 2006-11-02 05:22 - 00524288 _____ C:\Windows\system32\config\default_previous
2013-11-12 12:38 - 2006-11-02 05:22 - 00262144 _____ C:\Windows\system32\config\security_previous
2013-11-12 12:38 - 2006-11-02 05:22 - 00262144 _____ C:\Windows\system32\config\sam_previous
2013-11-12 12:37 - 2012-07-03 20:10 - 00000000 ____D C:\Windows\Minidump
2013-11-12 12:37 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\system32\spool
2013-11-12 12:36 - 2012-03-28 19:08 - 00000000 ____D C:\Program Files\Common Files\AOL
2013-11-12 12:36 - 2012-03-28 19:08 - 00000000 ____D C:\Program Files\AOL Desktop 9.7
2013-11-12 12:36 - 2006-11-02 06:18 - 00000000 __RHD C:\Users\Default
2013-11-12 12:36 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\registration
2013-11-12 11:52 - 2013-11-12 11:52 - 00012270 _____ C:\ComboFix.txt
2013-11-12 11:52 - 2013-11-12 11:34 - 00000000 ____D C:\Qoobox
2013-11-12 11:52 - 2006-11-02 06:18 - 00000000 ___RD C:\Users\Public
2013-11-12 11:38 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\system32\Msdtc
2013-11-12 10:04 - 2013-11-12 00:19 - 00000000 ____D C:\Users\norton
2013-11-12 09:49 - 2013-11-12 09:49 - 00000000 ____D C:\Users\RiRi\AppData\Local\CrashDumps
2013-11-12 09:44 - 2013-11-12 00:22 - 00000000 ____D C:\Users\norton\AppData\Local\NPE
2013-11-12 00:36 - 2013-11-12 00:36 - 00070744 _____ C:\Users\norton\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-12 00:36 - 2013-11-12 00:36 - 00000000 ____D C:\Users\norton\AppData\Roaming\ATI
2013-11-12 00:36 - 2013-11-12 00:36 - 00000000 ____D C:\Users\norton\AppData\Local\ATI
2013-11-12 00:36 - 2013-11-12 00:36 - 00000000 ____D C:\Users\norton\AppData\Local\AOL
2013-11-12 00:22 - 2013-04-25 19:43 - 00000000 ____D C:\ProgramData\Norton
2013-11-12 00:20 - 2013-11-12 00:20 - 00000000 ____D C:\Users\norton\AppData\Local\Google
2013-11-12 00:05 - 2012-03-27 19:58 - 00001356 _____ C:\Users\RiRi\AppData\Local\d3d9caps.dat
2013-11-12 00:02 - 2013-11-11 22:48 - 00000000 ____D C:\ProgramData\uxeciuj
2013-11-12 00:01 - 2013-11-11 22:48 - 00000000 ____D C:\ProgramData\recn
2013-11-12 00:01 - 2013-11-11 22:27 - 00000000 ____D C:\ProgramData\jlmt
2013-11-11 23:35 - 2013-10-24 10:51 - 00279550 _____ C:\Users\RiRi\Documents\image.zip
2013-11-11 23:35 - 2013-10-10 07:50 - 00010240 _____ C:\Users\RiRi\Documents\october2013.wps
2013-11-11 23:35 - 2013-10-09 12:03 - 00012520 _____ C:\Users\RiRi\Documents\StephCivilServiceCoverLetter.zip
2013-11-11 23:35 - 2013-10-05 20:42 - 02322720 _____ C:\Users\RiRi\Documents\IMG_1345.mov
2013-11-11 23:35 - 2013-09-22 10:47 - 01243894 _____ C:\Users\RiRi\Documents\IMG_0035.mov
2013-11-11 23:35 - 2013-05-28 21:43 - 03450225 _____ C:\Users\RiRi\Documents\IMG_0653.mov
2013-11-11 23:35 - 2013-05-28 21:41 - 03450225 _____ C:\Users\RiRi\Documents\couch.mov
2013-11-11 23:35 - 2013-05-16 21:55 - 01786338 _____ C:\Users\RiRi\Documents\Video.mov
2013-11-11 23:35 - 2013-05-16 21:54 - 01786338 _____ C:\Users\RiRi\Documents\cheetos.mov
2013-11-11 23:35 - 2013-05-15 09:07 - 00879378 _____ C:\Users\RiRi\Documents\roof.xps
2013-11-11 23:35 - 2012-10-12 21:32 - 01509355 _____ C:\Users\RiRi\Documents\MotivationalArtbyPanama.eml
2013-11-11 23:34 - 2013-09-07 12:34 - 00263753 _____ C:\Users\RiRi\Documents\application.xps
2013-11-11 00:22 - 2012-08-24 18:37 - 00000000 ____D C:\Users\RiRi\Documents\My Digital Editions
2013-11-10 09:10 - 2013-11-10 07:38 - 00000000 ____D C:\Users\RiRi\Documents\ctrlcenter PC Checkup and Tuneup
2013-11-10 07:35 - 2013-11-10 07:35 - 00000000 ____D C:\Users\RiRi\AppData\Roaming\QuickScan
2013-11-10 07:19 - 2013-11-10 07:19 - 00000000 ____D C:\Program Files\Common Files\supportsoft
2013-10-29 13:54 - 2013-09-26 19:50 - 00000000 ____D C:\Users\RiRi\Documents\cdphp denial p2

Some content of TEMP:
====================
C:\Users\RiRi\AppData\Local\Temp\AcsInstall.dll
C:\Users\RiRi\AppData\Local\Temp\AOLFirewallMgr.dll
C:\Users\RiRi\AppData\Local\Temp\AOLInstallerfw.dll
C:\Users\RiRi\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\RiRi\AppData\Local\Temp\oi_{226907C9-53C6-41CA-B0C6-24CC1708004B}.exe
C:\Users\RiRi\AppData\Local\Temp\RtkBtMnt.exe
C:\Users\RiRi\AppData\Local\Temp\SHFOLDER.DLL
C:\Users\RiRi\AppData\Local\Temp\UNINSTALL.EXE
C:\Users\RiRi\AppData\Local\Temp\{A43015D6-95F4-463E-AB8D-0261AF9490CA}-30.0.1599.66_29.0.1547.76_chrome_updater.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-11-24 22:20

==================== End Of Log ============================

 

 

 

 

 

 

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 25-11-2013 01
Ran by RiRi at 2013-11-26 07:48:00
Running from C:\Users\RiRi\Downloads
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958)
Acer Arcade Deluxe (Version: 2.5.6311)
Acer Assist
Acer Backup Manager (Version: 1.0.0.26)
Acer ePower Management (Version: 4.00.3006)
Acer eRecovery Management (Version: 4.00.3006)
Acer GridVista (Version: 2.75.825)
Adobe AIR (Version: 3.7.0.1860)
Adobe Digital Editions
Adobe Flash Player 11 ActiveX (Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (Version: 11.9.900.117)
Adobe Reader 9.2 (Version: 9.2.0)
aioprnt (Version: 5.3.1.0)
aioscnnr (Version: 5.8.10.0)
aioscnnr (Version: 7.6.13.10)
Airport Mania First Flight
AOL Uninstaller (Choose which Products to Remove)
Apple Application Support (Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (Version: 1.0.0.7)
ATI Catalyst Install Manager (Version: 3.0.704.0)
Backup Manager Basic (Version: 1.0.0.26)
Bonjour (Version: 3.0.0.10)
Catalyst Control Center Core Implementation (Version: 2008.1210.1623.29379)
Catalyst Control Center Graphics Full Existing (Version: 2008.1210.1623.29379)
Catalyst Control Center Graphics Full New (Version: 2008.1210.1623.29379)
Catalyst Control Center Graphics Light (Version: 2008.1210.1623.29379)
Catalyst Control Center Graphics Previews Vista (Version: 2008.1210.1623.29379)
Catalyst Control Center InstallProxy (Version: 2008.1210.1623.29379)
Catalyst Control Center Localization Chinese Standard (Version: 2008.1210.1623.29379)
Catalyst Control Center Localization Chinese Traditional (Version: 2008.1210.1623.29379)
Catalyst Control Center Localization Czech (Version: 2008.1210.1623.29379)
Catalyst Control Center Localization Danish (Version: 2008.1210.1623.29379)
Catalyst Control Center Localization Dutch (Version: 2008.1210.1623.29379)
Catalyst Control Center Localization Finnish (Version: 2008.1210.1623.29379)
Catalyst Control Center Localization French (Version: 2008.1210.1623.29379)
Catalyst Control Center Localization German (Version: 2008.1210.1623.29379)
Catalyst Control Center Localization Greek (Version: 2008.1210.1623.29379)
Catalyst Control Center Localization Hungarian (Version: 2008.1210.1623.29379)
Catalyst Control Center Localization Italian (Version: 2008.1210.1623.29379)
Catalyst Control Center Localization Japanese (Version: 2008.1210.1623.29379)
Catalyst Control Center Localization Korean (Version: 2008.1210.1623.29379)
Catalyst Control Center Localization Norwegian (Version: 2008.1210.1623.29379)
Catalyst Control Center Localization Polish (Version: 2008.1210.1623.29379)
Catalyst Control Center Localization Portuguese (Version: 2008.1210.1623.29379)
Catalyst Control Center Localization Russian (Version: 2008.1210.1623.29379)
Catalyst Control Center Localization Spanish (Version: 2008.1210.1623.29379)
Catalyst Control Center Localization Swedish (Version: 2008.1210.1623.29379)
Catalyst Control Center Localization Thai (Version: 2008.1210.1623.29379)
Catalyst Control Center Localization Turkish (Version: 2008.1210.1623.29379)
CCC Help Chinese Standard (Version: 2008.1210.1622.29379)
CCC Help Chinese Traditional (Version: 2008.1210.1622.29379)
CCC Help Czech (Version: 2008.1210.1622.29379)
CCC Help Danish (Version: 2008.1210.1622.29379)
CCC Help Dutch (Version: 2008.1210.1622.29379)
CCC Help English (Version: 2008.1210.1622.29379)
CCC Help Finnish (Version: 2008.1210.1622.29379)
CCC Help French (Version: 2008.1210.1622.29379)
CCC Help German (Version: 2008.1210.1622.29379)
CCC Help Greek (Version: 2008.1210.1622.29379)
CCC Help Hungarian (Version: 2008.1210.1622.29379)
CCC Help Italian (Version: 2008.1210.1622.29379)
CCC Help Japanese (Version: 2008.1210.1622.29379)
CCC Help Korean (Version: 2008.1210.1622.29379)
CCC Help Norwegian (Version: 2008.1210.1622.29379)
CCC Help Polish (Version: 2008.1210.1622.29379)
CCC Help Portuguese (Version: 2008.1210.1622.29379)
CCC Help Russian (Version: 2008.1210.1622.29379)
CCC Help Spanish (Version: 2008.1210.1622.29379)
CCC Help Swedish (Version: 2008.1210.1622.29379)
CCC Help Thai (Version: 2008.1210.1622.29379)
CCC Help Turkish (Version: 2008.1210.1622.29379)
ccc-core-static (Version: 2008.1210.1623.29379)
ccc-utility (Version: 2008.1210.1623.29379)
center (Version: 7.7.2.0)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
essentials (Version: 7.7.2.0)
Google Chrome (Version: 31.0.1650.57)
Google Earth (Version: 7.1.1.1888)
Google Update Helper (Version: 1.3.22.3)
Green Games And Ham Games Console (HKCU Version: 1.1.4)
GreenGamesandHam Packages
iCloud (Version: 2.1.2.8)
iTunes (Version: 11.0.4.4)
Java Auto Updater (Version: 2.1.6.0)
Java™ 7 Update 5 (Version: 7.0.50)
JavaFX 2.1.1 (Version: 2.1.1)
Kodak AIO Printer (Version: 7.7.2.0)
KODAK AiO Software (Version: 7.7.6.0)
LeapFrog Connect (Version: 5.1.26.18340)
LeapFrog LeapPad Explorer Plugin (Version: 5.1.26.18340)
LeapFrog My Pals Plugin (Version: 5.1.26.18340)
LeapFrog Tag Plugin (Version: 5.1.26.18340)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Suite Activation Assistant (Version: 2.9)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Security Client (Version: 4.4.0304.0)
Microsoft Security Essentials (Version: 4.4.304.0)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft VC9 runtime libraries (Version: 1.0.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Works (Version: 9.7.0621)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
NTI Backup Now 5 (Version: 5.1.2.616)
NTI Backup Now Standard (Version: 5.1.2.616)
NTI Media Maker 8 (Version: 8.0.12.6509)
ocr (Version: 6.2.3.50)
Photo Transfer App (Version: 2.0.0)
PreReq (Version: 6.2.4.0)
PrintProjects (Version: 1.0.0.9282)
QuickTime (Version: 7.74.80.86)
Realtek High Definition Audio Driver (Version: 6.0.1.5776)
Realtek USB 2.0 Card Reader (Version: 6.0.6000.20118)
Recuva (Version: 1.49)
Safari (Version: 5.34.57.2)
SeaTools for Windows (Version: 1.2.0.7)
SimTheme Park
Skins (Version: 2008.1210.1623.29379)
Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0)
Spotify (HKCU Version: 0.9.6.72.ge389c074)
Stellar Phoenix JPEG Repair (Version: 2.0.0.0)
Synaptics Pointing Device Driver (Version: 12.1.3.1)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (Version: 3)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Use the entry named LeapFrog Connect to uninstall (LeapFrog LeapPad Explorer Plugin)
Use the entry named LeapFrog Connect to uninstall (LeapFrog My Pals Plugin)
Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin) (Version: 5.1.26.18340)
Viewpoint Media Player
Windows Driver Package - LeapFrog (FlyUsb) USB  (11/05/2008 1.1.1.0) (Version: 11/05/2008 1.1.1.0)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net  (09/10/2009 02.03.05.012) (Version: 09/10/2009 02.03.05.012)

==================== Restore Points  =========================

18-11-2013 02:09:09 Windows Update
19-11-2013 08:00:46 Windows Update
20-11-2013 03:52:45 Scheduled Checkpoint
20-11-2013 08:00:12 Windows Update
20-11-2013 22:33:22 Scheduled Checkpoint
21-11-2013 18:33:59 Scheduled Checkpoint
22-11-2013 18:55:10 Scheduled Checkpoint
23-11-2013 07:39:15 Scheduled Checkpoint
23-11-2013 16:21:33 Windows Update
24-11-2013 15:26:19 Scheduled Checkpoint
25-11-2013 07:00:54 Scheduled Checkpoint
26-11-2013 07:22:01 Scheduled Checkpoint

==================== Hosts content: ==========================

2006-11-02 05:23 - 2006-09-18 16:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {037DE8F5-3864-41C7-A8DA-347D443EF834} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-08] (Adobe Systems Incorporated)
Task: {18DFD9FC-082E-4E9B-8285-5F21D2B4EDAE} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {25241131-FF97-4307-BE82-67F5917F405F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {5916F864-469C-4391-8604-E4EA141A2699} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\System32\gatherWirelessInfo.vbs [2008-01-20] ()
Task: {5B2CC10B-AD34-4A33-A413-77AAAD261930} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-08-22] (Google Inc.)
Task: {7C5A51E8-1AD7-48C6-8879-257A8A9609F5} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {8533C581-042E-4043-8DB7-06CEA41F644F} - System32\Tasks\Acer\Burn Notification => C:\Program Files\Acer\Acer eRecovery Management\NotificationCenter\Notification.exe [2009-02-25] (Acer)
Task: {8B0E6FAB-F43A-4988-AF0A-A21646C212F0} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {9ED703A9-5FFD-40D5-895A-4385EE1509DE} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\System32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
Task: {C2242B74-C366-4629-B282-AA2D8C0FCD58} - System32\Tasks\Apple Diagnostics => C:\Program Files\Common Files\Apple\Internet Services\EReporter.exe [2013-04-05] (Apple Inc.)
Task: {DE6C1512-7061-4AE2-8E8E-90E5939835F4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-08-22] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2009-04-18 20:54 - 2009-01-03 19:41 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll
2009-05-26 11:45 - 2009-05-26 11:45 - 00014848 _____ () C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
2012-01-31 13:25 - 2012-01-31 13:25 - 00048640 _____ () C:\Program Files\AOL Desktop 9.7\zlib.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:CDFF58FE
AlternateDataStreams: C:\ProgramData\Temp:FC595E85
AlternateDataStreams: C:\Users\RiRi\Documents\MotivationalArtbyPanama.eml:OECustomProperty

==================== Safe Mode (whitelisted) ===================

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (11/25/2013 07:49:40 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\RIRI\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\HR6SIR9X\BEACON[1].GIF> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog

Details:
 A device attached to the system is not functioning.   (0x8007001f)

Error: (11/25/2013 07:49:40 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\RIRI\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\HR6SIR9X\BEACON[1].GIF> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog

Details:
 A device attached to the system is not functioning.   (0x8007001f)

Error: (11/25/2013 07:46:38 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\RIRI\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\DFXVCXHQ\ATS[1].JPG> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog

Details:
 A device attached to the system is not functioning.   (0x8007001f)

Error: (11/25/2013 07:22:53 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\RIRI\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\BCQ8E39N\SPUG[1].HTM> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog

Details:
 A device attached to the system is not functioning.   (0x8007001f)

Error: (11/25/2013 06:43:52 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\RIRI\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\J50MDBOH\P[1].GIF> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog

Details:
 A device attached to the system is not functioning.   (0x8007001f)

Error: (11/25/2013 06:43:06 PM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 9.0.8112.16520 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 10c0
Start Time: 01ceea36f15c1b50
Termination Time: 32

Error: (11/25/2013 06:23:25 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\RIRI\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\T7CLYTGW\__UTM[1].GIF> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog

Details:
 A device attached to the system is not functioning.   (0x8007001f)

Error: (11/25/2013 06:19:52 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\RIRI\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\CC0AYBAU\DIS[1].HTM> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog

Details:
 A device attached to the system is not functioning.   (0x8007001f)

Error: (11/25/2013 06:13:49 PM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 9.0.8112.16520 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: f54
Start Time: 01ceea32092030a0
Termination Time: 0

Error: (11/25/2013 06:05:57 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\RIRI\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\J50MDBOH\P[1].GIF> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog

Details:
 A device attached to the system is not functioning.   (0x8007001f)

System errors:
=============
Error: (11/26/2013 07:14:49 AM) (Source: Dhcp) (User: )
Description: Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 002556069355.  The following error occurred:
%%1223. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Error: (11/25/2013 02:34:58 PM) (Source: Dhcp) (User: )
Description: Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 002556069355.  The following error occurred:
%%1223. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Error: (11/25/2013 02:34:56 PM) (Source: Service Control Manager) (User: )
Description: 30000ShellHWDetection

Error: (11/24/2013 10:15:42 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (11/24/2013 09:11:02 PM) (Source: Service Control Manager) (User: )
Description: 30000ShellHWDetection

Error: (11/24/2013 01:47:39 PM) (Source: Dhcp) (User: )
Description: Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 002556069355.  The following error occurred:
%%1223. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Error: (11/23/2013 09:08:03 AM) (Source: Dhcp) (User: )
Description: Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 002556069355.  The following error occurred:
%%1223. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Error: (11/22/2013 07:05:48 PM) (Source: Service Control Manager) (User: )
Description: 30000ShellHWDetection

Error: (11/22/2013 00:36:19 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

 New Signature Version:

 Previous Signature Version: 1.163.375.0

 Update Source: %NT AUTHORITY59

 Update Stage: 4.4.0304.00

 Source Path: 4.4.0304.01

 Signature Type: %NT AUTHORITY602

 Update Type: %NT AUTHORITY604

 User: NT AUTHORITY\SYSTEM

 Current Engine Version: %NT AUTHORITY605

 Previous Engine Version: %NT AUTHORITY606

 Error code: %NT AUTHORITY607

 Error description: %NT AUTHORITY608

Error: (11/22/2013 08:04:35 AM) (Source: Dhcp) (User: )
Description: Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 002556069355.  The following error occurred:
%%1223. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Microsoft Office Sessions:
=========================
Error: (01/17/2013 11:26:03 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 167 seconds with 120 seconds of active time.  This session ended with a crash.

CodeIntegrity Errors:
===================================
  Date: 2012-06-04 22:40:19.683
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2012-06-04 22:40:19.481
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2012-06-04 22:40:19.278
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2012-06-04 22:40:19.059
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2012-06-04 22:40:18.825
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2010-05-09 19:24:10.252
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2010-05-09 19:24:10.158
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2010-05-09 19:24:10.049
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2010-05-09 19:24:09.956
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2010-05-09 19:24:09.815
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Symantec\TEMP.^^^\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Percentage of memory in use: 54%
Total physical RAM: 1789.38 MB
Available physical RAM: 820.21 MB
Total Pagefile: 3827.3 MB
Available Pagefile: 2588 MB
Total Virtual: 2047.88 MB
Available Virtual: 1886.63 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:139.04 GB) (Free:27.64 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 149 GB) (Disk ID: 1B72E286)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=139 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#6 Mark12211

Mark12211
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:50 AM

Posted 26 November 2013 - 07:57 AM

Please note: the issues connecting to the internet were modem and cable line related.  I can now connect at a blazing 0.68Mb/s. Ugh. Road Runner.



#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 18,089 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:50 AM

Posted 26 November 2013 - 02:45 PM

Greetings,

Several thing to address in this post.

Do you recognize these directories?
 

2013-11-12 00:02 - 2013-11-11 22:48 - 00000000 ____D C:\ProgramData\uxeciuj
2013-11-12 00:01 - 2013-11-11 22:48 - 00000000 ____D C:\ProgramData\recn
2013-11-12 00:01 - 2013-11-11 22:27 - 00000000 ____D C:\ProgramData\jlmt


----------

Please upload a clean and infected copy of a couple of files here.

----------

Please do the following.

===================================================

Farbar's Recovery Scan Tool - Run Fix

--------------------
  • From a clean computer press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it on the flashdrive as fixlist.txt
C:\Users\RiRi\AppData\Local\Temp\AcsInstall.dll
C:\Users\RiRi\AppData\Local\Temp\AOLFirewallMgr.dll
C:\Users\RiRi\AppData\Local\Temp\AOLInstallerfw.dll
C:\Users\RiRi\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\RiRi\AppData\Local\Temp\oi_{226907C9-53C6-41CA-B0C6-24CC1708004B}.exe
C:\Users\RiRi\AppData\Local\Temp\RtkBtMnt.exe
C:\Users\RiRi\AppData\Local\Temp\SHFOLDER.DLL
C:\Users\RiRi\AppData\Local\Temp\UNINSTALL.EXE
C:\Users\RiRi\AppData\Local\Temp\{A43015D6-95F4-463E-AB8D-0261AF9490CA}-30.0.1599.66_29.0.1547.76_chrome_updater.exe
AlternateDataStreams: C:\ProgramData\Temp:CDFF58FE
AlternateDataStreams: C:\ProgramData\Temp:FC595E85
AlternateDataStreams: C:\Users\RiRi\Documents\MotivationalArtbyPanama.eml:OECustomProperty
  • Insert the USB device into your infected computer
  • Enter the System Recovery Options (press F8 during boot up) and select Command Prompt.
  • Run FRST as you did the first time and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the flashdrive (Fixlog.txt). Copy and paste that information in your reply.
  • Please attempt to boot your computer into Normal Mode, or if not, Safe Mode
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Do you recognize directories?
  • Were you able to upload files?
  • Fixlog log

Regards,
Gary

If I do not respond to you within 24 hours of your post please send me a Personal Message .


"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 Mark12211

Mark12211
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:50 AM

Posted 26 November 2013 - 07:08 PM

Will send samples of corrupt files.

 

These folders appear to be leftovers from the virus:

2013-11-12 00:02 - 2013-11-11 22:48 - 00000000 ____D C:\ProgramData\uxeciuj
2013-11-12 00:01 - 2013-11-11 22:48 - 00000000 ____D C:\ProgramData\recn
2013-11-12 00:01 - 2013-11-11 22:27 - 00000000 ____D C:\ProgramData\jlmt

 

Here is the fixlog:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 25-11-2013 01
Ran by SYSTEM at 2013-11-26 18:53:30 Run:1
Running from E:\
Boot Mode: Recovery

==============================================

Content of fixlist:
*****************
C:\Users\RiRi\AppData\Local\Temp\AcsInstall.dll
C:\Users\RiRi\AppData\Local\Temp\AOLFirewallMgr.dll
C:\Users\RiRi\AppData\Local\Temp\AOLInstallerfw.dll
C:\Users\RiRi\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\RiRi\AppData\Local\Temp\oi_{226907C9-53C6-41CA-B0C6-24CC1708004B}.exe
C:\Users\RiRi\AppData\Local\Temp\RtkBtMnt.exe
C:\Users\RiRi\AppData\Local\Temp\SHFOLDER.DLL
C:\Users\RiRi\AppData\Local\Temp\UNINSTALL.EXE
C:\Users\RiRi\AppData\Local\Temp\{A43015D6-95F4-463E-AB8D-0261AF9490CA}-30.0.1599.66_29.0.1547.76_chrome_updater.exe
AlternateDataStreams: C:\ProgramData\Temp:CDFF58FE
AlternateDataStreams: C:\ProgramData\Temp:FC595E85
AlternateDataStreams: C:\Users\RiRi\Documents\MotivationalArtbyPanama.eml:OECustomProperty

*****************

C:\Users\RiRi\AppData\Local\Temp\AcsInstall.dll => Moved successfully.
C:\Users\RiRi\AppData\Local\Temp\AOLFirewallMgr.dll => Moved successfully.
C:\Users\RiRi\AppData\Local\Temp\AOLInstallerfw.dll => Moved successfully.
C:\Users\RiRi\AppData\Local\Temp\FlashPlayerUpdate.exe => Moved successfully.
C:\Users\RiRi\AppData\Local\Temp\oi_{226907C9-53C6-41CA-B0C6-24CC1708004B}.exe => Moved successfully.
C:\Users\RiRi\AppData\Local\Temp\RtkBtMnt.exe => Moved successfully.
C:\Users\RiRi\AppData\Local\Temp\SHFOLDER.DLL => Moved successfully.
C:\Users\RiRi\AppData\Local\Temp\UNINSTALL.EXE => Moved successfully.
C:\Users\RiRi\AppData\Local\Temp\{A43015D6-95F4-463E-AB8D-0261AF9490CA}-30.0.1599.66_29.0.1547.76_chrome_updater.exe => Moved successfully.
C:\ProgramData\Temp => ":CDFF58FE" ADS removed successfully.
C:\ProgramData\Temp => ":FC595E85" ADS removed successfully.
C:\Users\RiRi\Documents\MotivationalArtbyPanama.eml => ":OECustomProperty" ADS removed successfully.

==== End of Fixlog ====



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 18,089 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:50 AM

Posted 26 November 2013 - 07:09 PM

Any files in those folders?


Regards,
Gary

If I do not respond to you within 24 hours of your post please send me a Personal Message .


"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 Mark12211

Mark12211
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:50 AM

Posted 26 November 2013 - 07:24 PM

Just an FYI, submit malware  page gives an Internet Explorer cannot display the webpage error after trying to submit. I tried on two computers. Same issue



#11 Mark12211

Mark12211
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:50 AM

Posted 26 November 2013 - 07:30 PM

Yes, jibberish files, Windows Shell Common dll files are in those folders. Example: In uxeciuj Folder  awrx.juq, hiuyk.kvc, itvh.kgc, plkjadj.anu, vdungyt.owt



#12 Mark12211

Mark12211
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:50 AM

Posted 26 November 2013 - 07:36 PM

Got one sample of a jpg submitted, same file. One version corrupt, one un-corrupt.



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 18,089 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:50 AM

Posted 26 November 2013 - 09:38 PM

Please be patient while I consult with an encryption expert colleague.


Regards,
Gary

If I do not respond to you within 24 hours of your post please send me a Personal Message .


"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 18,089 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:50 AM

Posted 28 November 2013 - 02:53 PM

I have not heard back from our expert but to be honest I really don't think there is much hope. If it is Cryptolocker we are out of luck. I have also tried other decryption programs without success. This, in combination with the efforts you have already taken seems to indicate the files cannot be decrypted. I think it is best if you resort back to your saved copies.
Regards,
Gary

If I do not respond to you within 24 hours of your post please send me a Personal Message .


"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 18,089 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:50 AM

Posted 02 December 2013 - 10:05 AM

Greetings,

===================================================

3 Day Bump

It has been more than 3 days since my last post.
  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

Regards,
Gary

If I do not respond to you within 24 hours of your post please send me a Personal Message .


"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users