Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Stop C0000135 Error


  • This topic is locked This topic is locked
13 replies to this topic

#1 jwhitake

jwhitake

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:17 AM

Posted 12 November 2011 - 02:24 AM

Hello,

I'm helping my brother-in-law with his year-and-a-half old Dell Inspiron 1750. He says that it began behaving irregularly - browser redirects and opening random windows. Since then, it will not boot. No diagnostic boot options work. I selected the option not to reboot on error and have the following BSOD:

STOP: C0000135 The program can't start because %hs is missing from your computer.


Please help. It sounds like a virus with the behavior leading up to the problem but I'm not sure how to proceed without even being able to boot into safe mode. Thanks for the help.

BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,311 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:11:17 AM

Posted 12 November 2011 - 01:16 PM

:welcome:

Which operating system is installed?

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 jwhitake

jwhitake
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:17 AM

Posted 12 November 2011 - 01:50 PM

Thanks for the welcome. It is Windows 7 x64. Since it's not my computer, I don't know what updates have or have not been installed.

Edited by jwhitake, 12 November 2011 - 01:51 PM.


#4 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,311 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:11:17 AM

Posted 12 November 2011 - 09:37 PM

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Click on Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the flash drive. Please copy and paste it to your reply.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#5 jwhitake

jwhitake
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:17 AM

Posted 12 November 2011 - 10:37 PM

Here are the results:

Scan result of Farbars's Recovery Tool (FRST written by farbar) Version 2.2.7
Ran by SYSTEM at 2011-11-12 00:58:07
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1808680 2009-06-25] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [444416 2009-06-28] (IDT, Inc.)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [165912 2009-06-29] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [385560 2009-06-29] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [365080 2009-06-29] (Intel Corporation)
HKLM\...\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe [4968960 2009-07-16] (Dell Inc.)
HKLM\...\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe [3180624 2009-07-02] (Dell Inc.)
HKLM\...\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [EKIJ5000StatusMonitor] C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe [2023936 2009-08-03] (Eastman Kodak Company)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe" [148888 2009-11-08] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [140520 2009-06-24] (CyberLink Corp.)
HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [494064 2009-06-18] ()
HKLM-x32\...\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter [206064 2009-05-21] (SupportSoft, Inc.)
HKLM-x32\...\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [47392 2010-03-16] (Apple Inc.)
HKLM-x32\...\Run: [EKIJ5000StatusMonitor] C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe [2023936 2009-08-03] (Eastman Kodak Company)
HKLM-x32\...\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1658440 2011-05-02] (McAfee, Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2011-10-09] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKU\Justin\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [3883856 2009-07-26] (Microsoft Corporation)
HKU\Justin\...\Run: [jLtWTsYoEQTTWyD.exe] C:\ProgramData\jLtWTsYoEQTTWyD.exe [460800 2011-11-06] (Recover Inc)
HKLM-x32\...\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe [165104 2009-08-17] (Softthinks)
HKLM-x32\...\RunOnce: [STToasterLauncher] C:\program files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe [120048 2009-08-17] ()
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
SubSystems: [Windows] ==> ZeroAccess

==================== Services (Whitelisted) ======

2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
2 Bonjour Service; "C:\Program Files\Bonjour\mDNSResponder.exe" [462184 2011-08-30] (Apple Inc.)
2 McAfee SiteAdvisor Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 McciCMService; "C:\Program Files (x86)\Common Files\Motive\McciCMService.exe" [319488 2010-05-04] (Alcatel-Lucent)
2 McciCMService64; "C:\Program Files\Common Files\Motive\McciCMService.exe" [517632 2010-05-04] (Alcatel-Lucent)
2 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 mcmscsvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 McNaiAnn; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 McNASvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
3 McODS; "C:\Program Files\McAfee\VirusScan\mcods.exe" [501768 2011-03-17] (McAfee, Inc.)
2 McProxy; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [197960 2011-03-13] (McAfee, Inc.)
2 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [208272 2011-03-13] (McAfee, Inc.)
2 mfevtp; "C:\Windows\system32\mfevtps.exe" [158832 2011-03-13] (McAfee, Inc.)
2 MSK80Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe [240128 2009-06-28] (IDT, Inc.)
2 MpfService; %ProgramFiles(x86)%\McAfee\MPF\MPFSrv.exe [x]

========================== Drivers (Whitelisted) =============

3 cfwids; C:\Windows\System32\drivers\cfwids.sys [65128 2011-03-13] (McAfee, Inc.)
3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [156792 2011-03-13] (McAfee, Inc.)
3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [227856 2011-03-13] (McAfee, Inc.)
3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [41032 2009-06-18] (McAfee, Inc.)
3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [481376 2011-03-13] (McAfee, Inc.)
0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [639216 2011-03-13] (McAfee, Inc.)
1 mfenlfk; C:\Windows\System32\DRIVERS\mfenlfk.sys [75672 2011-03-13] (McAfee, Inc.)
3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [98728 2011-03-13] (McAfee, Inc.)
3 mferkdk; C:\Windows\System32\drivers\mferkdk.sys [40904 2009-11-04] (McAfee, Inc.)
3 mfesmfk; C:\Windows\System32\drivers\mfesmfk.sys [49480 2009-11-04] (McAfee, Inc.)
1 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [281928 2011-03-13] (McAfee, Inc.)
1 MPFP; C:\Windows\System32\Drivers\Mpfp.sys [176144 2009-04-09] (McAfee, Inc.)
3 MREMP50; \??\C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [21248 2010-05-04] (Printing Communications Assoc., Inc. (PCAUSA))
3 MRESP50; \??\C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [20096 2010-05-04] (Printing Communications Assoc., Inc. (PCAUSA))
3 mfeavfk01; [x]
3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [x]
3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [x]
3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [x]
3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2011-11-12 00:57 - 2011-11-12 00:58 - 0000000 ____D C:\FRST
2011-11-11 20:27 - 2011-11-11 20:41 - 0540230 ____A C:\Windows\ntbtlog.txt
2011-11-07 01:33 - 2011-11-07 01:33 - 0035840 ____N C:\bootex.log
2011-11-07 01:33 - 2011-11-07 01:33 - 0003472 ____N C:\bootsqm.dat
2011-11-07 01:27 - 2011-11-07 01:27 - 0065536 __ASH C:\Windows\System32\config\components{82bba4b8-d2af-11e0-a974-0025646d2670}.TxR.blf
2011-11-07 01:19 - 2011-11-07 01:19 - 0000280 ____A C:\Users\All Users\~1kAlMiG2Kb7FzP
2011-11-07 01:19 - 2011-11-07 01:19 - 0000280 ____A C:\ProgramData\~1kAlMiG2Kb7FzP
2011-11-07 01:19 - 2011-11-07 01:19 - 0000216 ____A C:\Users\All Users\~1kAlMiG2Kb7FzPr
2011-11-07 01:19 - 2011-11-07 01:19 - 0000216 ____A C:\ProgramData\~1kAlMiG2Kb7FzPr
2011-11-06 15:18 - 2011-11-06 15:18 - 0000659 ___AH C:\Users\Justin\Desktop\System Restore.lnk
2011-11-06 15:18 - 2011-11-06 15:18 - 0000440 ___AH C:\Users\All Users\1kAlMiG2Kb7FzP
2011-11-06 15:18 - 2011-11-06 15:18 - 0000440 ___AH C:\ProgramData\1kAlMiG2Kb7FzP
2011-11-06 15:17 - 2011-11-06 15:17 - 0350208 ___AH (Recover Inc) C:\Users\All Users\1kAlMiG2Kb7FzP.exe
2011-11-06 15:17 - 2011-11-06 15:17 - 0350208 ___AH (Recover Inc) C:\ProgramData\1kAlMiG2Kb7FzP.exe
2011-11-06 15:12 - 2011-11-06 15:12 - 0460800 __ASH (Recover Inc) C:\Users\All Users\jLtWTsYoEQTTWyD.exe
2011-11-06 15:12 - 2011-11-06 15:12 - 0460800 __ASH (Recover Inc) C:\ProgramData\jLtWTsYoEQTTWyD.exe
2011-11-03 19:29 - 2011-11-03 19:29 - 0000000 ____D C:\Program Files (x86)\QuickTime
2011-11-03 19:24 - 2011-11-03 19:25 - 0000000 ____D C:\Program Files\iTunes
2011-11-03 19:24 - 2011-11-03 19:25 - 0000000 ____D C:\Program Files (x86)\iTunes
2011-11-03 19:24 - 2011-11-03 19:24 - 0000000 ____D C:\Program Files\iPod
2011-11-03 19:22 - 2011-11-03 19:22 - 0000000 ____D C:\Program Files\Bonjour
2011-11-03 19:22 - 2011-11-03 19:22 - 0000000 ____D C:\Program Files (x86)\Bonjour
2011-11-03 19:14 - 2011-11-03 19:14 - 0000000 ____D C:\Program Files (x86)\Apple Software Update
2011-10-27 11:55 - 2011-10-27 11:55 - 0414368 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2011-10-26 20:23 - 2011-10-26 20:23 - 0026624 ___AH C:\Users\Justin\Documents\Katie 4920 Reflection.doc
2011-10-24 11:29 - 2011-10-24 11:29 - 0094208 ____A (Apple Inc.) C:\Windows\SysWOW64\QuickTimeVR.qtx
2011-10-24 11:29 - 2011-10-24 11:29 - 0069632 ____A (Apple Inc.) C:\Windows\SysWOW64\QuickTime.qts
2011-10-15 16:09 - 2011-10-15 16:09 - 0000000 __SHD C:\Windows\System32\%APPDATA%

============ 3 Months Modified Files and Folders =============

2011-11-12 00:58 - 2011-11-12 00:57 - 0000000 ____D C:\FRST
2011-11-11 20:41 - 2011-11-11 20:27 - 0540230 ____A C:\Windows\ntbtlog.txt
2011-11-11 20:41 - 2009-11-08 19:15 - 3190050816 __ASH C:\hiberfil.sys
2011-11-07 01:33 - 2011-11-07 01:33 - 0035840 ____N C:\bootex.log
2011-11-07 01:33 - 2011-11-07 01:33 - 0003472 ____N C:\bootsqm.dat
2011-11-07 01:28 - 2011-02-13 20:07 - 0000000 ____D C:\Users\Justin\AppData\Local\ElevatedDiagnostics
2011-11-07 01:28 - 2009-07-13 21:10 - 1680108 ____A C:\Windows\WindowsUpdate.log
2011-11-07 01:27 - 2011-11-07 01:27 - 0065536 __ASH C:\Windows\System32\config\components{82bba4b8-d2af-11e0-a974-0025646d2670}.TxR.blf
2011-11-07 01:27 - 2009-07-13 20:45 - 0014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2011-11-07 01:27 - 2009-07-13 20:45 - 0014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2011-11-07 01:24 - 2009-07-13 21:13 - 0726316 ____A C:\Windows\System32\PerfStringBackup.INI
2011-11-07 01:19 - 2011-11-07 01:19 - 0000280 ____A C:\Users\All Users\~1kAlMiG2Kb7FzP
2011-11-07 01:19 - 2011-11-07 01:19 - 0000280 ____A C:\ProgramData\~1kAlMiG2Kb7FzP
2011-11-07 01:19 - 2011-11-07 01:19 - 0000216 ____A C:\Users\All Users\~1kAlMiG2Kb7FzPr
2011-11-07 01:19 - 2011-11-07 01:19 - 0000216 ____A C:\ProgramData\~1kAlMiG2Kb7FzPr
2011-11-07 01:19 - 2009-12-25 08:59 - 0000000 ___HD C:\Users\Justin\AppData\Local\VirtualStore
2011-11-07 01:18 - 2010-01-05 12:35 - 0000000 ___HD C:\Users\Justin\Tracing
2011-11-07 01:18 - 2009-11-08 17:31 - 0000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2011-11-07 01:17 - 2009-12-25 08:56 - 0000000 ___HD C:\Users\Justin\AppData\Local\SoftThinks
2011-11-07 01:17 - 2009-11-08 17:55 - 0000072 ____A C:\Windows\SysWOW64\ToasterLauncherLog.log
2011-11-07 01:17 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2011-11-07 01:17 - 2009-07-13 20:51 - 0061725 ____A C:\Windows\setupact.log
2011-11-06 15:34 - 2009-12-25 09:22 - 0000000 ___HD C:\Users\Justin\AppData\Roaming\LimeWire
2011-11-06 15:18 - 2011-11-06 15:18 - 0000659 ___AH C:\Users\Justin\Desktop\System Restore.lnk
2011-11-06 15:18 - 2011-11-06 15:18 - 0000440 ___AH C:\Users\All Users\1kAlMiG2Kb7FzP
2011-11-06 15:18 - 2011-11-06 15:18 - 0000440 ___AH C:\ProgramData\1kAlMiG2Kb7FzP
2011-11-06 15:17 - 2011-11-06 15:17 - 0350208 ___AH (Recover Inc) C:\Users\All Users\1kAlMiG2Kb7FzP.exe
2011-11-06 15:17 - 2011-11-06 15:17 - 0350208 ___AH (Recover Inc) C:\ProgramData\1kAlMiG2Kb7FzP.exe
2011-11-06 15:16 - 2009-11-08 19:15 - 0492372 ____A C:\Windows\PFRO.log
2011-11-06 15:12 - 2011-11-06 15:12 - 0460800 __ASH (Recover Inc) C:\Users\All Users\jLtWTsYoEQTTWyD.exe
2011-11-06 15:12 - 2011-11-06 15:12 - 0460800 __ASH (Recover Inc) C:\ProgramData\jLtWTsYoEQTTWyD.exe
2011-11-05 01:18 - 2009-12-30 11:12 - 0000010 ___AH C:\Windows\popcinfo.dat
2011-11-03 19:29 - 2011-11-03 19:29 - 0000000 ____D C:\Program Files (x86)\QuickTime
2011-11-03 19:27 - 2010-04-01 18:28 - 0000000 ____D C:\Program Files (x86)\Safari
2011-11-03 19:25 - 2011-11-03 19:24 - 0000000 ____D C:\Program Files\iTunes
2011-11-03 19:25 - 2011-11-03 19:24 - 0000000 ____D C:\Program Files (x86)\iTunes
2011-11-03 19:24 - 2011-11-03 19:24 - 0000000 ____D C:\Program Files\iPod
2011-11-03 19:22 - 2011-11-03 19:22 - 0000000 ____D C:\Program Files\Bonjour
2011-11-03 19:22 - 2011-11-03 19:22 - 0000000 ____D C:\Program Files (x86)\Bonjour
2011-11-03 19:14 - 2011-11-03 19:14 - 0000000 ____D C:\Program Files (x86)\Apple Software Update
2011-10-27 11:55 - 2011-10-27 11:55 - 0414368 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2011-10-26 20:23 - 2011-10-26 20:23 - 0026624 ___AH C:\Users\Justin\Documents\Katie 4920 Reflection.doc
2011-10-24 11:29 - 2011-10-24 11:29 - 0094208 ____A (Apple Inc.) C:\Windows\SysWOW64\QuickTimeVR.qtx
2011-10-24 11:29 - 2011-10-24 11:29 - 0069632 ____A (Apple Inc.) C:\Windows\SysWOW64\QuickTime.qts
2011-10-15 16:09 - 2011-10-15 16:09 - 0000000 __SHD C:\Windows\System32\%APPDATA%
2011-10-12 00:25 - 2009-07-13 20:45 - 0327872 ____A C:\Windows\System32\FNTCACHE.DAT
2011-10-12 00:24 - 2009-11-08 17:39 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2011-10-11 22:05 - 2011-10-11 20:23 - 0321024 ___AH C:\Users\Justin\Documents\Employment_Application_10-10-1- Katie.doc
2011-10-11 21:04 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\NDF
2011-10-11 20:27 - 2011-10-11 20:27 - 0000000 ____D C:\Windows\System32\Macromed
2011-10-08 23:56 - 2010-03-19 11:04 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2011-09-25 09:22 - 2011-09-25 09:22 - 0277112 ____A C:\Windows\Minidump\092511-24757-01.dmp
2011-09-25 09:22 - 2010-05-23 23:31 - 451769223 ____A C:\Windows\MEMORY.DMP
2011-09-25 09:22 - 2010-05-23 23:31 - 0000000 ____D C:\Windows\Minidump
2011-09-15 14:26 - 2011-09-15 14:26 - 0163328 ___AH C:\Users\Justin\Downloads\MIT-SLII.JustinBurrell(2).xls
2011-09-15 14:25 - 2011-09-15 14:25 - 0163328 ___AH C:\Users\Justin\Downloads\MIT-SLII.JustinBurrell.xls
2011-09-15 14:23 - 2011-09-15 14:23 - 0151841 ___AH C:\Users\Justin\Downloads\SmarterMailSyncForSmartphone.exe
2011-09-10 16:17 - 2011-09-10 16:17 - 0000007 ___AH C:\Users\Public\Documents\att.txt
2011-09-09 19:51 - 2011-09-09 19:51 - 0000000 ___HD C:\Users\Justin\AppData\Roaming\Motive
2011-09-09 19:51 - 2011-09-09 19:51 - 0000000 ___HD C:\Program Files (x86)\ATT-HSI
2011-09-09 19:51 - 2011-09-09 19:51 - 0000000 ____D C:\Program Files\Common Files\Motive
2011-09-09 19:51 - 2011-09-09 19:51 - 0000000 ____D C:\Program Files\ATT-HSI
2011-09-09 19:50 - 2011-09-09 19:50 - 0000000 ___HD C:\Users\All Users\Motive
2011-09-09 19:50 - 2011-09-09 19:50 - 0000000 ___HD C:\ProgramData\Motive
2011-09-09 16:31 - 2011-09-09 16:12 - 0000000 ___HD C:\Netgear
2011-09-09 16:30 - 2011-09-09 16:30 - 0006184 ___AH C:\Users\Justin\Desktop\Router_Setup.html
2011-09-05 19:07 - 2011-10-11 21:47 - 3134976 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2011-09-05 16:57 - 2011-09-05 16:58 - 0118824 ___AH C:\Users\Justin\Desktop\284855_849034725752_31101042_40385574_1067071_n.jpg
2011-09-05 16:57 - 2011-09-05 16:57 - 0118824 ___AH C:\Users\Justin\Downloads\284855_849034725752_31101042_40385574_1067071_n.jpg
2011-09-05 16:56 - 2011-09-05 16:57 - 0104502 ___AH C:\Users\Justin\Desktop\251594_849034860482_31101042_40385577_7281861_n.jpg
2011-09-05 16:56 - 2011-09-05 16:56 - 0104502 ___AH C:\Users\Justin\Downloads\251594_849034860482_31101042_40385577_7281861_n.jpg
2011-09-05 16:38 - 2011-09-05 16:37 - 0379348 ___AH C:\Users\Justin\Desktop\download.htm
2011-09-03 14:50 - 2011-09-03 14:50 - 0277136 ____A C:\Windows\Minidump\090311-25240-01.dmp
2011-09-03 14:42 - 2011-09-03 14:42 - 0277144 ____A C:\Windows\Minidump\090311-22713-01.dmp
2011-08-31 21:34 - 2011-10-12 00:01 - 17781760 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2011-08-31 21:24 - 2011-10-12 00:01 - 2309120 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2011-08-31 21:24 - 2011-10-12 00:01 - 10886144 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2011-08-31 21:18 - 2011-10-12 00:01 - 1344512 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2011-08-31 21:17 - 2011-10-12 00:01 - 1389056 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2011-08-31 21:16 - 2011-10-12 00:01 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2011-08-31 21:15 - 2011-10-12 00:01 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2011-08-31 21:14 - 2011-10-12 00:01 - 0818176 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2011-08-31 21:12 - 2011-10-12 00:01 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2011-08-31 21:12 - 2011-10-12 00:01 - 2143744 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2011-08-31 21:12 - 2011-10-12 00:01 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2011-08-31 21:08 - 2011-10-12 00:01 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2011-08-31 18:36 - 2011-10-12 00:01 - 12275200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2011-08-31 18:35 - 2011-10-12 00:01 - 1798144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2011-08-31 18:33 - 2011-10-12 00:01 - 9704960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2011-08-31 18:28 - 2011-10-12 00:01 - 1126912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2011-08-31 18:28 - 2011-10-12 00:01 - 1102848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2011-08-31 18:27 - 2011-10-12 00:01 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2011-08-31 18:26 - 2011-10-12 00:01 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2011-08-31 18:24 - 2011-10-12 00:01 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2011-08-31 18:23 - 2011-10-12 00:01 - 1791488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2011-08-31 18:23 - 2011-10-12 00:01 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2011-08-31 18:22 - 2011-10-12 00:01 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2011-08-31 18:21 - 2011-10-12 00:01 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2011-08-30 20:05 - 2011-08-30 20:05 - 0096104 ____A (Apple Inc.) C:\Windows\System32\dns-sd.exe
2011-08-30 20:05 - 2011-08-30 20:05 - 0085864 ____A (Apple Inc.) C:\Windows\System32\dnssd.dll
2011-08-30 20:05 - 2011-08-30 20:05 - 0083816 ____A (Apple Inc.) C:\Windows\SysWOW64\dns-sd.exe
2011-08-30 20:05 - 2011-08-30 20:05 - 0073064 ____A (Apple Inc.) C:\Windows\SysWOW64\dnssd.dll
2011-08-30 12:48 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\rescache
2011-08-29 18:28 - 2009-12-25 08:56 - 0000000 ___HD C:\users\Justin
2011-08-29 18:26 - 2009-07-13 23:45 - 0000000 ____D C:\Program Files\Windows Journal
2011-08-29 18:26 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Sidebar
2011-08-29 18:26 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Photo Viewer
2011-08-29 18:26 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\DVD Maker
2011-08-29 18:26 - 2009-07-13 19:20 - 0000000 __RSD C:\Windows\Media
2011-08-29 18:26 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\zh-TW
2011-08-29 18:26 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\zh-HK
2011-08-29 18:26 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\zh-CN
2011-08-29 18:26 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\uk-UA
2011-08-29 18:26 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\tr-TR
2011-08-29 18:26 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\th-TH
2011-08-29 18:26 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\sv-SE
2011-08-29 18:26 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\sr-Latn-CS
2011-08-29 18:26 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\sl-SI
2011-08-29 18:26 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\sk-SK
2011-08-29 18:26 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\ru-RU
2011-08-29 18:26 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\ro-RO
2011-08-29 18:26 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\pt-PT
2011-08-29 18:26 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\pt-BR
2011-08-29 18:26 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\pl-PL
2011-08-29 18:26 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\nl-NL
2011-08-29 18:26 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\nb-NO
2011-08-29 18:26 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\migwiz
2011-08-29 18:26 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\lv-LV
2011-08-29 18:26 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\lt-LT
2011-08-29 18:26 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\ko-KR
2011-08-29 18:26 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\ja-JP
2011-08-29 18:26 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\it-IT
2011-08-29 18:26 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\hu-HU
2011-08-29 18:26 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\hr-HR
2011-08-29 18:26 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\he-IL
2011-08-29 18:26 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\fr-FR
2011-08-29 18:26 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\fi-FI
2011-08-29 18:26 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\et-EE
2011-08-29 18:26 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\es-ES
2011-08-29 18:26 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\el-GR
2011-08-29 18:26 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\de-DE
2011-08-29 18:26 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\da-DK
2011-08-29 18:26 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\cs-CZ
2011-08-29 18:26 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\bg-BG
2011-08-29 18:26 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\ar-SA
2011-08-29 18:26 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\zh-TW
2011-08-29 18:26 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\zh-HK
2011-08-29 18:26 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\zh-CN
2011-08-29 18:26 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\uk-UA
2011-08-29 18:26 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\tr-TR
2011-08-29 18:26 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\th-TH
2011-08-29 18:26 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\sv-SE
2011-08-29 18:26 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\sr-Latn-CS
2011-08-29 18:26 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\sl-SI
2011-08-29 18:26 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\sk-SK
2011-08-29 18:26 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\ru-RU
2011-08-29 18:26 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\ro-RO
2011-08-29 18:26 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\pt-PT
2011-08-29 18:26 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\pt-BR
2011-08-29 18:26 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\pl-PL
2011-08-29 18:26 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\nl-NL
2011-08-29 18:26 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\nb-NO
2011-08-29 18:26 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\migwiz
2011-08-29 18:26 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\lv-LV
2011-08-29 18:26 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\lt-LT
2011-08-29 18:26 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\ko-KR
2011-08-29 18:26 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\ja-JP
2011-08-29 18:26 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\it-IT
2011-08-29 18:26 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\hu-HU
2011-08-29 18:26 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\hr-HR
2011-08-29 18:26 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\he-IL
2011-08-29 18:26 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\fr-FR
2011-08-29 18:26 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\fi-FI
2011-08-29 18:26 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\et-EE
2011-08-29 18:26 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\es-ES
2011-08-29 18:26 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\el-GR
2011-08-29 18:26 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\de-DE
2011-08-29 18:26 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\da-DK
2011-08-29 18:26 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\cs-CZ
2011-08-29 18:26 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\config\TxR
2011-08-29 18:26 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\bg-BG
2011-08-29 18:26 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\ar-SA
2011-08-29 18:26 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Common Files\System
2011-08-29 18:25 - 2011-08-27 15:02 - 0000000 ___HD C:\Users\Justin\AppData\Roaming\Thunderbird
2011-08-29 18:25 - 2011-08-27 15:02 - 0000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2011-08-29 18:25 - 2010-11-22 18:10 - 0000000 ___HD C:\Users\All Users\ArcSoft
2011-08-29 18:25 - 2010-11-22 18:10 - 0000000 ___HD C:\ProgramData\ArcSoft
2011-08-29 18:25 - 2009-12-25 09:22 - 0000000 ____D C:\Program Files (x86)\LimeWire
2011-08-29 18:25 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\servicing
2011-08-29 18:25 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\AppCompat
2011-08-29 18:24 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\registration
2011-08-28 21:54 - 2011-08-28 12:47 - 0031232 ___AH C:\Users\Justin\Desktop\Fantasy Football 2011.xls
2011-08-27 15:03 - 2011-08-27 15:02 - 0000000 ___HD C:\Users\Justin\AppData\Local\Thunderbird
2011-08-26 21:40 - 2011-10-11 21:46 - 0861184 ____A (Microsoft Corporation) C:\Windows\System32\oleaut32.dll
2011-08-26 21:40 - 2011-10-11 21:46 - 0331776 ____A (Microsoft Corporation) C:\Windows\System32\oleacc.dll
2011-08-26 20:43 - 2011-10-11 21:46 - 0571904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2011-08-26 20:43 - 2011-10-11 21:46 - 0233472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\oleacc.dll
2011-08-25 18:00 - 2011-07-14 17:44 - 0000000 ___HD C:\Users\Justin\Desktop\New folder
2011-08-21 21:19 - 2011-08-21 21:19 - 0277136 ____A C:\Windows\Minidump\082211-20014-01.dmp
2011-08-16 21:32 - 2011-10-11 21:46 - 0613888 ____A (Microsoft Corporation) C:\Windows\System32\psisdecd.dll
2011-08-16 21:27 - 2011-10-11 21:46 - 0288256 ____A (Microsoft Corporation) C:\Windows\System32\MSNP.ax
2011-08-16 21:27 - 2011-10-11 21:46 - 0108032 ____A (Microsoft Corporation) C:\Windows\System32\psisrndr.ax
2011-08-16 21:27 - 2011-10-11 21:46 - 0104960 ____A (Microsoft Corporation) C:\Windows\System32\Mpeg2Data.ax
2011-08-16 21:27 - 2011-10-11 21:46 - 0075776 ____A (Microsoft Corporation) C:\Windows\System32\MSDvbNP.ax
2011-08-16 20:26 - 2011-10-11 21:46 - 0465408 ____A (Microsoft Corporation) C:\Windows\SysWOW64\psisdecd.dll
2011-08-16 20:22 - 2011-10-11 21:46 - 0204288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSNP.ax
2011-08-16 20:22 - 2011-10-11 21:46 - 0075776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\psisrndr.ax
2011-08-16 20:22 - 2011-10-11 21:46 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Mpeg2Data.ax
2011-08-16 20:22 - 2011-10-11 21:46 - 0059904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSDvbNP.ax

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 17%
Total physical RAM: 4056.36 MB
Available physical RAM: 3346.8 MB
Total Pagefile: 4054.51 MB
Available Pagefile: 3337.2 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:451.07 GB) (Free:409.04 GB) NTFS
2 Drive e: (Repair disc Windows 7 64-bit) (CDROM) (Total:0.25 GB) (Free:0 GB) UDF
4 Drive g: (KINGSTON) (Removable) (Total:0.94 GB) (Free:0.94 GB) FAT
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:10.17 GB) NTFS

==========================================================

Last Boot: 2011-11-01 14:32

======================= End Of Log ==========================

#6 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,311 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:11:17 AM

Posted 12 November 2011 - 11:18 PM

Download the enclosed file: [attachment=111364:fixlist.txt]

Save it in the USB drive.

Insert the USb drive in the ailing computer and the System Recovery Options.

Run FRST as you did before, except that this time around click on the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

If successful, boot in Normal Mode. If able to do so, run Combofix as follows:

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link or this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      If AVG or CA Internet Security Suite is installed, you must remove these programs before using Combofix. If any of these applications will not uninstall, it is first recommended to uninstall it with AppRemover by Opswat. http://www.appremover.com/supported-applications. Do not use AppRemover on Norton

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • Install the Recovery Console if prompted.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" .
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#7 jwhitake

jwhitake
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:17 AM

Posted 13 November 2011 - 01:34 AM

I successfully ran both scans and the logs are posted below. However, the Combofix log seems to be only partially complete. It hung for a while creating the report and I left the computer for a few hours and it was no longer there when I returned. Not sure what happened with that.

Here is Fixlog.txt:

Fix result of Farbars's Recovery Tool (FRST written by farbar Version 2.2.7)
Ran by SYSTEM at 2011-11-12 22:31:32 R:1
Running from G:\

==============================================

HKEY_USERS\Justin\Software\Microsoft\Windows\CurrentVersion\Run\\jLtWTsYoEQTTWyD.exe Value deleted successfully.
HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored.
C:\Users\All Users\~1kAlMiG2Kb7FzP moved successfully.
C:\ProgramData\~1kAlMiG2Kb7FzP not found.
C:\Users\All Users\~1kAlMiG2Kb7FzPr moved successfully.
C:\ProgramData\~1kAlMiG2Kb7FzPr not found.
C:\Users\Justin\Desktop\System Restore.lnk moved successfully.
C:\Users\All Users\1kAlMiG2Kb7FzP moved successfully.
C:\ProgramData\1kAlMiG2Kb7FzP not found.
C:\Users\All Users\1kAlMiG2Kb7FzP.exe moved successfully.
C:\ProgramData\1kAlMiG2Kb7FzP.exe not found.
C:\Users\All Users\jLtWTsYoEQTTWyD.exe moved successfully.
C:\ProgramData\jLtWTsYoEQTTWyD.exe not found.
C:\Users\All Users\~1kAlMiG2Kb7FzP not found.
C:\ProgramData\~1kAlMiG2Kb7FzP not found.
C:\Users\All Users\~1kAlMiG2Kb7FzPr not found.
C:\ProgramData\~1kAlMiG2Kb7FzPr not found.
C:\Users\All Users\1kAlMiG2Kb7FzP not found.
C:\ProgramData\1kAlMiG2Kb7FzP not found.
C:\Users\All Users\1kAlMiG2Kb7FzP.exe not found.
C:\ProgramData\1kAlMiG2Kb7FzP.exe not found.
C:\Users\All Users\jLtWTsYoEQTTWyD.exe not found.
C:\ProgramData\jLtWTsYoEQTTWyD.exe not found.

==== End of Fixlog ====


And ComboFix.txt:

ComboFix 11-11-12.04 - Justin 11/12/2011 23:26:53.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4056.2518 [GMT -6:00]
Running from: C:\Users\Justin\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
* Resident AV is active



((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore
C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore\System Restore.lnk
C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore\Uninstall System Restore.lnk
C:\Windows\assembly\tmp\U
C:\Windows\assembly\tmp\U\000000c0.@
C:\Windows\assembly\tmp\U\000000cb.@
C:\Windows\assembly\tmp\U\000000cf.@
C:\Windows\assembly\tmp\U\80000000.@
C:\Windows\assembly\tmp\U\800000c0.@
C:\Windows\assembly\tmp\U\800000cb.@
C:\Windows\assembly\tmp\U\800000cf.@


((((((((((((((((((((((((( Files Created from 2011-10-13 to 2011-11-13 )))))))))))))))))))))))))))))))


2011-11-13 06:04:39 . 2011-11-13 06:04:39 -------- d-----w- C:\Users\Default\AppData\Local\temp
2011-11-12 08:57:59 . 2011-11-12 08:58:57 -------- d-----w- C:\FRST
2011-11-04 03:24:42 . 2011-11-04 03:24:42 -------- d-----w- C:\Program Files\iPod
2011-11-04 03:24:41 . 2011-11-04 03:25:29 -------- d-----w- C:\Program Files\iTunes
2011-11-04 03:24:41 . 2011-11-04 03:25:28 -------- d-----w- C:\Program Files (x86)\iTunes
2011-11-04 03:22:28 . 2011-11-04 03:22:29 -------- d-----w- C:\Program Files (x86)\Bonjour
2011-11-04 03:22:28 . 2011-11-04 03:22:28 -------- d-----w- C:\Program Files\Bonjour
2011-11-04 03:14:38 . 2011-11-04 03:14:39 -------- d-----w- C:\Program Files (x86)\Apple Software Update
2011-10-27 19:55:24 . 2011-10-27 19:55:24 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-24 19:29:02 . 2011-10-24 19:29:02 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2011-10-24 19:29:02 . 2011-10-24 19:29:02 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2011-10-16 00:09:45 . 2011-10-16 00:09:45 -------- d-sh--w- C:\Windows\system32\%APPDATA%
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2011-11-02 23:47:49 . 2010-07-30 21:25:39 737072 ---ha-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2011-11-02 23:47:29 . 2010-05-20 08:09:42 4283672 ---ha-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2011-11-02 23:47:02 . 2010-05-20 08:09:32 42776 ---ha-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-11-02 23:46:59 . 2010-03-18 01:40:33 539968 ---ha-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-10-27 23:38:30 . 2010-03-18 01:41:10 737072 ---ha-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2011-10-27 23:38:13 . 2010-03-18 01:40:55 4283672 ---ha-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-10-27 23:37:51 . 2010-06-02 22:06:27 42776 ---ha-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-10-27 23:37:48 . 2010-04-01 08:21:18 539968 ---ha-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-09-06 03:07:02 . 2011-10-12 05:47:02 3134976 ----a-w- C:\Windows\system32\win32k.sys
2011-09-01 05:24:07 . 2011-10-12 08:01:46 2309120 ----a-w- C:\Windows\system32\jscript9.dll
2011-09-01 05:17:57 . 2011-10-12 08:01:51 1389056 ----a-w- C:\Windows\system32\wininet.dll
2011-09-01 05:12:04 . 2011-10-12 08:01:57 2382848 ----a-w- C:\Windows\system32\mshtml.tlb
2011-09-01 02:35:59 . 2011-10-12 08:01:44 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-09-01 02:28:15 . 2011-10-12 08:01:51 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-09-01 02:22:54 . 2011-10-12 08:01:57 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-08-31 04:05:32 . 2011-08-31 04:05:32 96104 ----a-w- C:\Windows\system32\dns-sd.exe
2011-08-31 04:05:32 . 2011-08-31 04:05:32 85864 ----a-w- C:\Windows\system32\dnssd.dll
2011-08-31 04:05:04 . 2011-08-31 04:05:04 83816 ----a-w- C:\Windows\SysWow64\dns-sd.exe
2011-08-31 04:05:04 . 2011-08-31 04:05:04 73064 ----a-w- C:\Windows\SysWow64\dnssd.dll
2011-08-27 05:40:28 . 2011-10-12 05:46:51 331776 ----a-w- C:\Windows\system32\oleacc.dll
2011-08-27 05:40:28 . 2011-10-12 05:46:50 861184 ----a-w- C:\Windows\system32\oleaut32.dll
2011-08-27 04:43:07 . 2011-10-12 05:46:51 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2011-08-27 04:43:06 . 2011-10-12 05:46:50 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
2011-08-17 05:32:24 . 2011-10-12 05:46:59 613888 ----a-w- C:\Windows\system32\psisdecd.dll
2011-08-17 05:27:46 . 2011-10-12 05:46:59 108032 ----a-w- C:\Windows\system32\psisrndr.ax
2011-08-17 05:27:46 . 2011-10-12 05:46:57 288256 ----a-w- C:\Windows\system32\MSNP.ax
2011-08-17 05:27:46 . 2011-10-12 05:46:57 104960 ----a-w- C:\Windows\system32\Mpeg2Data.ax
2011-08-17 05:27:46 . 2011-10-12 05:46:55 75776 ----a-w- C:\Windows\system32\MSDvbNP.ax
2011-08-17 04:26:02 . 2011-10-12 05:46:57 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll
2011-08-17 04:22:23 . 2011-10-12 05:46:58 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax
2011-08-17 04:22:23 . 2011-10-12 05:46:56 204288 ----a-w- C:\Windows\SysWow64\MSNP.ax
2011-08-17 04:22:23 . 2011-10-12 05:46:55 72704 ----a-w- C:\Windows\SysWow64\Mpeg2Data.ax
2011-08-17 04:22:23 . 2011-10-12 05:46:54 59904 ----a-w- C:\Windows\SysWow64\MSDvbNP.ax


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 22:44:34 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files (x86)\Java\jre6\bin\jusched.exe" [2009-11-09 01:24:29 148888]
"Adobe Reader Speed Launcher"="C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 23:10:28 35696]
"PDVDDXSrv"="C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 02:19:50 140520]
"Dell Webcam Central"="C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 22:21:38 409744]
"Desktop Disc Tool"="C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-06-19 03:46:24 494064]
"DellSupportCenter"="C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 14:59:08 206064]
"AppleSyncNotifier"="C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-17 02:58:34 47392]
"EKIJ5000StatusMonitor"="C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe" [2009-08-03 21:32:54 2023936]
"ArcSoft Connection Service"="C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 01:17:52 207424]
"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 12:22:28 59240]
"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe" [2011-10-09 23:06:40 421736]
"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe" [2011-10-24 19:28:52 421888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe" [2009-08-17 15:30:00 165104]

C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - C:\Program Files\Dell\DellDock\DellDock.exe [2009-6-30 1316192]
LimeWire On Startup.lnk - C:\Program Files (x86)\LimeWire\LimeWire.exe [2009-12-16 503808]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2010-1-27 323584]
Microsoft Office.lnk - C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - C:\Program Files\Dell\DellDock\DellDock.exe [2009-6-30 1316192]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

R2 0227151321160984mcinstcleanup;McAfee Application Installer Cleanup (0227151321160984);C:\Users\Justin\AppData\Local\Temp\022715~1.EXE [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 18:16:28 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 19:27:14 138576]
R3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-05-06 16:03:10 191752]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;C:\Windows\system32\drivers\BVRPMPR5a64.SYS [x]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys [x]
R3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;C:\Windows\System32\Drivers\PxHlpa64.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys [x]
S1 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys [x]
S2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 20:05:28 155648]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 23:28:20 249936]
S2 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2010-05-04 15:57:04 517632]
S2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-03-13 16:37:22 208272]
S2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\system32\mfevtps.exe [x]
S2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2009-08-17 15:29:00 656624]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys [x]



--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="C:\Program Files\IDT\WDM\sttray64.exe" [2009-06-29 04:44:38 444416]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2009-06-30 06:03:04 165912]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2009-06-30 06:02:50 385560]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2009-06-30 06:02:56 365080]
"Broadcom Wireless Manager UI"="C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 01:06:22 4968960]
"QuickSet"="C:\Program Files\Dell\QuickSet\QuickSet.exe" [2009-07-02 22:15:22 3180624]
"IAAnotif"="C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 01:03:32 186904]
"EKIJ5000StatusMonitor"="C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe" [2009-08-03 21:32:54 2023936]

#8 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,311 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:11:17 AM

Posted 13 November 2011 - 02:07 AM

Posted Image Please download Malwarebytes' Anti-Malware from Here. Never download Malwarebytes' Anti-Malware from other sources.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

You need an antivirus. I would recommend AVAST. Install the application, register and update the program, then perform a full scan.

Let me know the outcome.

Edited by JSntgRvr, 13 November 2011 - 02:09 AM.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#9 jwhitake

jwhitake
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:17 AM

Posted 13 November 2011 - 04:06 AM

I had issues with MBAM. Namely, it refused to update, citing a PROGRAM_ERROR_UPDATING(2,0,I/O). The scan (with a 73 day old database) completed with no malicious items found:


Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7622

Windows 6.1.7600
Internet Explorer 9.0.8112.16421

11/13/2011 3:03:39 AM
mbam-log-2011-11-13 (03-03-39).txt

Scan type: Quick scan
Objects scanned: 173326
Time elapsed: 2 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#10 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,311 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:11:17 AM

Posted 13 November 2011 - 01:24 PM

Remove Malwarebytes throughout the Control Panel. Then download and run mbam-clean.exe from here to clear all remnants.

It will ask to restart your computer, please allow it to do so, very important

After the computer restarts, temporarily disable your Anti-Virus and install the latest version of Malwarebytes' Anti-Malware as follows:

Posted Image Please download Malwarebytes' Anti-Malware from Here. Never download Malwarebytes' Anti-Malware from other sources.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#11 jwhitake

jwhitake
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:17 AM

Posted 13 November 2011 - 03:37 PM

Sorry that took so long. It turned out that some remnants of a previous McAfee installation were interfering with the update. Got that sorted out and ran a quick scan. The results are below:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8154

Windows 6.1.7600
Internet Explorer 9.0.8112.16421

11/13/2011 2:31:02 PM
mbam-log-2011-11-13 (14-31-02).txt

Scan type: Quick scan
Objects scanned: 169671
Time elapsed: 4 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


AVast scans came back dirty. Jorik-BY[Trj] had already been quarantined by FRST. Also found were Malware-gen and Karagany-CK[Trj] as well as about 20 java exploits.

#12 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,311 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:11:17 AM

Posted 13 November 2011 - 07:14 PM

I believe you are ready to go, congratulations.

Rename Combofix to uninstall and click on it. That should engage and remove the application. Remove the FRST folder form the computer.

Be safe. Posted Image

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#13 jwhitake

jwhitake
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:17 AM

Posted 13 November 2011 - 10:54 PM

Thank you very much for the help.

#14 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,311 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:11:17 AM

Posted 25 November 2011 - 08:28 AM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users