Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Machine Infected


  • Please log in to reply
3 replies to this topic

#1 Siveun

Siveun

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:18 PM

Posted 22 April 2013 - 11:47 PM

Mod Edit~~ boopme

Split from http://www.bleepingcomputer.com/forums/t/492089/infected/#entry3033015

 

 

 

Security Check

 

Results of screen317's Security Check version 0.99.62 

 Windows 7 Service Pack 1 x86 (UAC is disabled!)

 Internet Explorer 9 

``````````````Antivirus/Firewall Check:``````````````

 Windows Firewall Enabled! 

avast! Antivirus  

 Antivirus up to date!  

`````````Anti-malware/Other Utilities Check:`````````

 CCleaner    

 Java™ 7   

 Java™ SE Runtime Environment 6 Update 1

 Java version out of Date!

 Adobe Flash Player            11.6.602.180 

 Adobe Reader XI 

 Mozilla Firefox 19.0.2 Firefox out of Date!

 Mozilla Thunderbird 16.0.2 Thunderbird out of Date!

 Google Chrome 26.0.1410.43 

 Google Chrome 26.0.1410.64 

````````Process Check: objlist.exe by Laurent````````

 AVAST Software Avast AvastSvc.exe 

 AVAST Software Avast AvastUI.exe 

`````````````````System Health check`````````````````

 Total Fragmentation on Drive C: 22% Defragment your hard drive soon! (Do NOT defrag if SSD!)

````````````````````End of Log``````````````````````

 

 

 

Farbar

Farbar Service Scanner Version: 14-04-2013

Ran by SIVEUNFAO (administrator) on 23-04-2013 at 10:21:08

Running from "C:\Users\SIVEUNFAO\Downloads\Programs"

Windows 7 Ultimate Service Pack 1 (X86)

Boot Mode: Normal

****************************************************************

 

Internet Services:

============

 

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Google.com is accessible.

Attempt to access Yahoo IP returned error. Yahoo IP is offline

Yahoo.com is accessible.

 

 

Windows Firewall:

=============

 

Firewall Disabled Policy:

==================

 

 

System Restore:

============

 

System Restore Disabled Policy:

========================

 

 

Action Center:

============

 

Windows Update:

============

 

Windows Autoupdate Disabled Policy:

============================

 

 

Windows Defender:

==============

 

Other Services:

==============

 

 

File Check:

========

C:\Windows\system32\nsisvc.dll => MD5 is legit

C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit

C:\Windows\system32\dhcpcore.dll => MD5 is legit

C:\Windows\system32\Drivers\afd.sys => MD5 is legit

C:\Windows\system32\Drivers\tdx.sys => MD5 is legit

C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit

C:\Windows\system32\dnsrslvr.dll

[2010-11-21 04:29] - [2010-11-21 04:29] - 0132608 ____A (Microsoft Corporation) 2FE30D71919C51131405797620E0A714

 

C:\Windows\system32\mpssvc.dll => MD5 is legit

C:\Windows\system32\bfe.dll => MD5 is legit

C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit

C:\Windows\system32\SDRSVC.dll => MD5 is legit

C:\Windows\system32\vssvc.exe => MD5 is legit

C:\Windows\system32\wscsvc.dll => MD5 is legit

C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit

C:\Windows\system32\wuaueng.dll => MD5 is legit

C:\Windows\system32\qmgr.dll => MD5 is legit

C:\Windows\system32\es.dll => MD5 is legit

C:\Windows\system32\cryptsvc.dll => MD5 is legit

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit

C:\Windows\system32\svchost.exe => MD5 is legit

C:\Windows\system32\rpcss.dll => MD5 is legit

 

 

**** End of log ****

 

 

 

 

 

MiniToolBox by Farbar  Version:21-04-2013

Ran by SIVEUNFAO (administrator) on 23-04-2013 at 10:29:01

Running from "C:\Users\SIVEUNFAO\Downloads\Programs"

Windows 7 Ultimate Service Pack 1 (X86)

Boot Mode: Normal

***************************************************************************

 

========================= IE Proxy Settings: ==============================

 

Proxy is not enabled.

No Proxy Server is set.

 

========================= FF Proxy Settings: ==============================

 

========================= Hosts content: =================================

 

 

 

========================= IP Configuration: ================================

 

Atheros AR9285 Wireless Network Adapter = Wireless Network Connection (Connected)

JMicron PCI Express Gigabit Ethernet Adapter = Local Area Connection (Media disconnected)

 

 

# ----------------------------------

# IPv4 Configuration

# ----------------------------------

pushd interface ipv4

 

reset

set global icmpredirects=enabled

 

 

popd

# End of IPv4 configuration

 

 

 

Windows IP Configuration

 

   Host Name . . . . . . . . . . . . : SIVEUNFAO-PC

   Primary Dns Suffix  . . . . . . . :

   Node Type . . . . . . . . . . . . : Hybrid

   IP Routing Enabled. . . . . . . . : No

   WINS Proxy Enabled. . . . . . . . : No

 

Ethernet adapter Local Area Connection:

 

   Media State . . . . . . . . . . . : Media disconnected

   Connection-specific DNS Suffix  . : 203.113.131.1

   Description . . . . . . . . . . . : JMicron PCI Express Gigabit Ethernet Adapter

   Physical Address. . . . . . . . . : 20-CF-30-6B-B9-C8

   DHCP Enabled. . . . . . . . . . . : Yes

   Autoconfiguration Enabled . . . . : Yes

 

Wireless LAN adapter Wireless Network Connection:

 

   Connection-specific DNS Suffix  . :

   Description . . . . . . . . . . . : Atheros AR9285 Wireless Network Adapter

   Physical Address. . . . . . . . . : 48-5D-60-3B-2D-3F

   DHCP Enabled. . . . . . . . . . . : Yes

   Autoconfiguration Enabled . . . . : Yes

   Link-local IPv6 Address . . . . . : fe80::5140:d099:ac87:7b4b%11(Preferred)

   IPv4 Address. . . . . . . . . . . : 192.168.1.103(Preferred)

   Subnet Mask . . . . . . . . . . . : 255.255.255.0

   Lease Obtained. . . . . . . . . . : Tuesday, April 23, 2013 7:54:24 AM

   Lease Expires . . . . . . . . . . : Wednesday, April 24, 2013 7:54:23 AM

   Default Gateway . . . . . . . . . : 192.168.1.1

   DHCP Server . . . . . . . . . . . : 192.168.1.1

   DHCPv6 IAID . . . . . . . . . . . : 189291872

   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-98-37-C9-48-5D-60-3B-2D-3F

   DNS Servers . . . . . . . . . . . : 192.168.1.1

   NetBIOS over Tcpip. . . . . . . . : Enabled

 

Tunnel adapter isatap.{872F1C9A-88F4-44B3-9649-03875E0C7AD4}:

 

   Media State . . . . . . . . . . . : Media disconnected

   Connection-specific DNS Suffix  . :

   Description . . . . . . . . . . . : Microsoft ISATAP Adapter

   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

   DHCP Enabled. . . . . . . . . . . : No

   Autoconfiguration Enabled . . . . : Yes

 

Tunnel adapter isatap.203.113.131.1:

 

   Media State . . . . . . . . . . . : Media disconnected

   Connection-specific DNS Suffix  . :

   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2

   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

   DHCP Enabled. . . . . . . . . . . : No

   Autoconfiguration Enabled . . . . : Yes

 

Tunnel adapter Teredo Tunneling Pseudo-Interface:

 

   Connection-specific DNS Suffix  . :

   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface

   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

   DHCP Enabled. . . . . . . . . . . : No

   Autoconfiguration Enabled . . . . : Yes

   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:953c:c49:ff8:3f57:fe98(Preferred)

   Link-local IPv6 Address . . . . . : fe80::c49:ff8:3f57:fe98%13(Preferred)

   Default Gateway . . . . . . . . . : ::

   NetBIOS over Tcpip. . . . . . . . : Disabled

DNS request timed out.

    timeout was 2 seconds.

Server:  UnKnown

Address:  192.168.1.1

 

DNS request timed out.

    timeout was 2 seconds.

DNS request timed out.

    timeout was 2 seconds.

DNS request timed out.

    timeout was 2 seconds.

DNS request timed out.

    timeout was 2 seconds.

Ping request could not find host google.com. Please check the name and try again.

DNS request timed out.

    timeout was 2 seconds.

Server:  UnKnown

Address:  192.168.1.1

 

DNS request timed out.

    timeout was 2 seconds.

DNS request timed out.

    timeout was 2 seconds.

DNS request timed out.

    timeout was 2 seconds.

DNS request timed out.

    timeout was 2 seconds.

 

Pinging yahoo.com [98.138.253.109] with 32 bytes of data:

Reply from 98.138.253.109: bytes=32 time=449ms TTL=43

Request timed out.

 

Ping statistics for 98.138.253.109:

    Packets: Sent = 2, Received = 1, Lost = 1 (50% loss),

Approximate round trip times in milli-seconds:

    Minimum = 449ms, Maximum = 449ms, Average = 449ms

 

Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

 

Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================

Interface List

 12...20 cf 30 6b b9 c8 ......JMicron PCI Express Gigabit Ethernet Adapter

 11...48 5d 60 3b 2d 3f ......Atheros AR9285 Wireless Network Adapter

  1...........................Software Loopback Interface 1

 15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter

 14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2

 13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface

===========================================================================

 

IPv4 Route Table

===========================================================================

Active Routes:

Network Destination        Netmask          Gateway       Interface  Metric

          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.103     25

        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306

        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306

  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306

      192.168.1.0    255.255.255.0         On-link     192.168.1.103    281

    192.168.1.103  255.255.255.255         On-link     192.168.1.103    281

    192.168.1.255  255.255.255.255         On-link     192.168.1.103    281

        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306

        224.0.0.0        240.0.0.0         On-link     192.168.1.103    281

  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306

  255.255.255.255  255.255.255.255         On-link     192.168.1.103    281

===========================================================================

Persistent Routes:

  None

 

IPv6 Route Table

===========================================================================

Active Routes:

 If Metric Network Destination      Gateway

 13     58 ::/0                     On-link

  1    306 ::1/128                  On-link

 13     58 2001::/32                On-link

 13    306 2001:0:9d38:953c:c49:ff8:3f57:fe98/128

                                    On-link

 11    281 fe80::/64                On-link

 13    306 fe80::/64                On-link

 13    306 fe80::c49:ff8:3f57:fe98/128

                                    On-link

 11    281 fe80::5140:d099:ac87:7b4b/128

                                    On-link

  1    306 ff00::/8                 On-link

 13    306 ff00::/8                 On-link

 11    281 ff00::/8                 On-link

===========================================================================

Persistent Routes:

  None

========================= Winsock entries =====================================

 

Catalog5 01 C:\Windows\system32\NLAapi.dll [52224] (Microsoft Corporation)

Catalog5 02 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation)

Catalog5 03 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)

Catalog5 04 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)

Catalog5 05 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)

Catalog5 06 C:\Windows\system32\winrnr.dll [20992] (Microsoft Corporation)

Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)

Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648] (Microsoft Corp.)

Catalog5 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648] (Microsoft Corp.)

Catalog9 01 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 02 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 03 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 04 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 05 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 06 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 07 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 08 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 09 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 10 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 11 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 12 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 13 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 14 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 15 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 16 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 17 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 18 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 19 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 20 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 21 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 22 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 23 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 24 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)

 

========================= Event log errors: ===============================

 

Application errors:

==================

Error: (04/23/2013 09:52:54 AM) (Source: Google Update) (User: SIVEUNFAO-PC)

Description: Network Request Error.

Error: 0x80072ee7. Http status code: 0.

Url=https://www.facebook.com/omaha/update.php

Trying config: source=FireFox, direct connection.

trying CUP:WinHTTP.

Send request returned 0x80072ee7. Http status code 0.

trying WinHTTP.

Send request returned 0x80072ee7. Http status code 0.

trying CUP:iexplore.

Send request returned 0x80004005. Http status code 0.

Trying config: source=auto, wpad=1, script=.

trying CUP:WinHTTP.

Send request returned 0x80072ee7. Http status code 0.

trying WinHTTP.

Send request returned 0x80072ee7. Http status code 0.

trying CUP:iexplore.

Send request returned 0x80004005. Http status code 0.

Trying config: source=FireFox, direct connection.

trying CUP:WinHTTP.

Send request returned 0x80072ee7. Http status code 0.

trying WinHTTP.

Send request returned 0x80072ee7. Http status code 0.

trying CUP:iexplore.

Send request returned 0x80004005. Http status code 0.

Trying config: source=auto, wpad=1, script=.

trying CUP:WinHTTP.

Send request returned

 

Error: (04/23/2013 07:54:26 AM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (04/22/2013 08:21:18 PM) (Source: Application Error) (User: )

Description: Faulting application name: vlc.exe, version: 2.0.5.0, time stamp: 0x50c91d8b

Faulting module name: vlc.exe, version: 2.0.5.0, time stamp: 0x50c91d8b

Exception code: 0xc0000005

Fault offset: 0x00001665

Faulting process id: 0x1288

Faulting application start time: 0xvlc.exe0

Faulting application path: vlc.exe1

Faulting module path: vlc.exe2

Report Id: vlc.exe3

 

Error: (04/22/2013 07:39:01 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (04/22/2013 07:34:48 PM) (Source: Application Error) (User: )

Description: Faulting application name: RpkOObKOSgofHwQ.exe, version: 3.7.0.0, time stamp: 0x51619cf6

Faulting module name: acaptuser32.dll_unloaded, version: 0.0.0.0, time stamp: 0x4850c392

Exception code: 0xc0000005

Fault offset: 0x10006695

Faulting process id: 0xcf8

Faulting application start time: 0xRpkOObKOSgofHwQ.exe0

Faulting application path: RpkOObKOSgofHwQ.exe1

Faulting module path: RpkOObKOSgofHwQ.exe2

Report Id: RpkOObKOSgofHwQ.exe3

 

Error: (04/22/2013 07:20:59 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (04/22/2013 05:50:13 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (04/22/2013 11:21:44 AM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 5101

 

Error: (04/22/2013 11:21:44 AM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 5101

 

Error: (04/22/2013 11:21:44 AM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

 

System errors:

=============

Error: (04/23/2013 09:44:04 AM) (Source: bowser) (User: )

Description: The master browser has received a server announcement from the computer DELL-PC

that believes that it is the master browser for the domain on transport NetBT_Tcpip_{872F1C9A-88F4-44B3-9649-03875E0C7A.

The master browser is stopping or an election is being forced.

 

Error: (04/22/2013 05:24:52 PM) (Source: DCOM) (User: )

Description: {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C}

 

Error: (04/22/2013 05:24:16 PM) (Source: DCOM) (User: )

Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

 

Error: (04/22/2013 05:21:27 PM) (Source: bowser) (User: )

Description: The master browser has received a server announcement from the computer LTC-PC

that believes that it is the master browser for the domain on transport NetBT_Tcpip_{872F1C9A-88F4-44B3-9649-03875E0C7AD.

The master browser is stopping or an election is being forced.

 

Error: (04/22/2013 05:09:14 PM) (Source: Microsoft-Windows-Firewall) (User: NT AUTHORITY)

Description: C:\Users\SIVEUNFAO\AppData\Roaming\9F55.exe35716

 

Error: (04/22/2013 04:20:49 PM) (Source: Microsoft-Windows-Firewall) (User: NT AUTHORITY)

Description: C:\Users\SIVEUNFAO\AppData\Roaming\5005.exe86204

 

Error: (04/22/2013 03:15:57 PM) (Source: bowser) (User: )

Description: The master browser has received a server announcement from the computer USER-PC

that believes that it is the master browser for the domain on transport NetBT_Tcpip_{872F1C9A-88F4-44B3-9649-03875E0C7A.

The master browser is stopping or an election is being forced.

 

Error: (04/22/2013 02:43:47 PM) (Source: Microsoft-Windows-Firewall) (User: NT AUTHORITY)

Description: C:\Users\SIVEUNFAO\AppData\Roaming\7B24.exe30584

 

Error: (04/22/2013 02:13:39 PM) (Source: bowser) (User: )

Description: The master browser has received a server announcement from the computer LTC-PC

that believes that it is the master browser for the domain on transport NetBT_Tcpip_{872F1C9A-88F4-44B3-9649-03875E0C7AD.

The master browser is stopping or an election is being forced.

 

Error: (04/22/2013 01:35:40 PM) (Source: Microsoft-Windows-Firewall) (User: NT AUTHORITY)

Description: C:\Users\SIVEUNFAO\AppData\Roaming\21E8.exe51584

 

 

Microsoft Office Sessions:

=========================

Error: (04/23/2013 09:52:54 AM) (Source: Google Update)(User: SIVEUNFAO-PC)

Description: Network Request Error.

Error: 0x80072ee7. Http status code: 0.

Url=https://www.facebook.com/omaha/update.php

Trying config: source=FireFox, direct connection.

trying CUP:WinHTTP.

Send request returned 0x80072ee7. Http status code 0.

trying WinHTTP.

Send request returned 0x80072ee7. Http status code 0.

trying CUP:iexplore.

Send request returned 0x80004005. Http status code 0.

Trying config: source=auto, wpad=1, script=.

trying CUP:WinHTTP.

Send request returned 0x80072ee7. Http status code 0.

trying WinHTTP.

Send request returned 0x80072ee7. Http status code 0.

trying CUP:iexplore.

Send request returned 0x80004005. Http status code 0.

Trying config: source=FireFox, direct connection.

trying CUP:WinHTTP.

Send request returned 0x80072ee7. Http status code 0.

trying WinHTTP.

Send request returned 0x80072ee7. Http status code 0.

trying CUP:iexplore.

Send request returned 0x80004005. Http status code 0.

Trying config: source=auto, wpad=1, script=.

trying CUP:WinHTTP.

Send request returned

 

Error: (04/23/2013 07:54:26 AM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (04/22/2013 08:21:18 PM) (Source: Application Error)(User: )

Description: vlc.exe2.0.5.050c91d8bvlc.exe2.0.5.050c91d8bc000000500001665128801ce3f5c44b428b8C:\Program Files\VideoLAN\VLC\vlc.exeC:\Program Files\VideoLAN\VLC\vlc.exe83b9efaf-ab4f-11e2-8fd9-20cf306bb9c8

 

Error: (04/22/2013 07:39:01 PM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (04/22/2013 07:34:48 PM) (Source: Application Error)(User: )

Description: RpkOObKOSgofHwQ.exe3.7.0.051619cf6acaptuser32.dll_unloaded0.0.0.04850c392c000000510006695cf801ce3f55c40fabdcF:\RpkOObKOSgofHwQ.exeacaptuser32.dll048de786-ab49-11e2-a4ee-20cf306bb9c8

 

Error: (04/22/2013 07:20:59 PM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (04/22/2013 05:50:13 PM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (04/22/2013 11:21:44 AM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 5101

 

Error: (04/22/2013 11:21:44 AM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: m->NextScheduledEvent 5101

 

Error: (04/22/2013 11:21:44 AM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

 

=========================== Installed Programs ============================

 

Adobe Acrobat 9 Pro Extended - English, Français, Deutsch (Version: 9.0.0)

Adobe AIR (Version: 3.2.0.2070)

Adobe Audition CS5.5 (Version: 4.0)

Adobe Community Help (Version: 3.4.980)

Adobe Flash Player 11 ActiveX (Version: 11.6.602.180)

Adobe Flash Player 11 Plugin (Version: 11.6.602.180)

Adobe Reader XI (Version: 11.0.00)

Apple Application Support (Version: 2.3.2)

Apple Mobile Device Support (Version: 6.0.1.3)

Apple Software Update (Version: 2.1.3.127)

avast! Free Antivirus (Version: 8.0.1483.0)

Bonjour (Version: 3.0.0.10)

Box for Office (Version: 3.7.6)

Bundled software uninstaller

Cambridge Advanced Learner's Dictionary - 3rd Edition

CCleaner (Version: 3.27)

Citrix Authentication Manager (Version: 3.0.0.47031)

Citrix Receiver (HDX Flash Redirection) (Version: 13.3.0.55)

Citrix Receiver (Version: 13.3.0.55)

Citrix Receiver Inside (Version: 3.3.0.17208)

Citrix Receiver Updater (Version: 3.3.0.17207)

Citrix Receiver(Aero) (Version: 13.3.0.55)

Citrix Receiver(DV) (Version: 13.3.0.55)

Citrix Receiver(USB) (Version: 13.3.0.55)

D3DX10 (Version: 15.4.2368.0902)

Facebook Video Calling 1.2.0.287 (Version: 1.2.287)

Free Windows Cleanup Tool

Google Chrome (Version: 26.0.1410.64)

Google Earth (Version: 7.0.2.8415)

Intel® Graphics Media Accelerator Driver (Version: 8.15.10.2555)

Internet Download Manager

iTunes (Version: 11.0.1.12)

Java Auto Updater (Version: 2.1.5.1)

Java™ 7 (Version: 7.0.0)

Java™ SE Runtime Environment 6 Update 1 (Version: 1.6.0.10)

JMicron Ethernet Adapter NDIS Driver (Version: 6.0.23.4)

JMicron Flash Media Controller Driver (Version: 1.0.50.2)

Juniper Networks Setup Client (Version: 2.2.5.9755)

Khmer Unicode 2.0.1

Khmer Unicode Keyboard (NIDA 1.0) (Version: 1.0.3.13)

K-Lite Codec Pack 9.3.0 (Full) (Version: 9.3.0)

MapsGalaxy Toolbar

MekongTV Desktop (Version: 0.1.68)

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)

Microsoft .NET Framework 4 Extended (Version: 4.0.30319)

Microsoft Application Error Reporting (Version: 12.0.6012.5000)

Microsoft Office Access MUI (English) 2010 (Version: 14.0.4734.1000)

Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000)

Microsoft Office Excel MUI (English) 2010 (Version: 14.0.4734.1000)

Microsoft Office Groove MUI (English) 2010 (Version: 14.0.4734.1000)

Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.4734.1000)

Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.4734.1000)

Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.4734.1000)

Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.4734.1000)

Microsoft Office Professional Plus 2010 (Version: 14.0.4734.1000)

Microsoft Office Proof (English) 2010 (Version: 14.0.4734.1000)

Microsoft Office Proof (French) 2010 (Version: 14.0.4734.1000)

Microsoft Office Proof (Spanish) 2010 (Version: 14.0.4734.1000)

Microsoft Office Proofing (English) 2010 (Version: 14.0.4734.1000)

Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.4734.1000)

Microsoft Office Shared MUI (English) 2010 (Version: 14.0.4734.1000)

Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000)

Microsoft Office Word MUI (English) 2010 (Version: 14.0.4734.1000)

Microsoft Silverlight (Version: 5.1.10411.0)

Microsoft SkyDrive (Version: 17.0.2006.0314)

Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)

Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (Version: 10.0.31119)

Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (Version: 10.0.31124)

Microsoft_VC100_CRT_SP1_x86 (Version: 10.0.40219.1)

Microsoft_VC90_ATL_x86 (Version: 1.00.0000)

Microsoft_VC90_CRT_x86 (Version: 1.00.0000)

Microsoft_VC90_MFC_x86 (Version: 1.00.0000)

Microsoft_VC90_MFCLOC_x86 (Version: 1.00.0000)

Mozilla Firefox 19.0.2 (x86 en-US) (Version: 19.0.2)

Mozilla Maintenance Service (Version: 19.0.2)

Mozilla Thunderbird 16.0.2 (x86 en-US) (Version: 16.0.2)

MSVC80_x86_v2 (Version: 1.0.3.0)

MSVC90_x86 (Version: 1.0.1.2)

MSVCRT (Version: 15.4.2862.0708)

MSVCRT110 (Version: 16.4.1108.0727)

New Khmer Dictionary

Nokia Connectivity Cable Driver (Version: 7.1.101.0)

Nokia Suite (Version: 3.7.22.0)

Online Plug-in (Version: 13.3.0.55)

PAN Localization Package 2.1 (Version: 2.1.0)

PC Connectivity Solution (Version: 12.0.76.0)

PCDJ DEX 2 2.5.2.0 (Version: 2.5.2.0)

Picasa 3 (Version: 3.8)

Realtek High Definition Audio Driver (Version: 6.0.1.6772)

RocketDock 1.3.5

Scan To (Version: 1.0.1)

Search Assistant WebSearch 1.74

Self-service Plug-in (Version: 3.3.0.27839)

Shopping buddy by Cubiez (Version: 1.0.2.1604)

SimilarWeb (Version: 0.0.0.1)

Skype™ 6.0 (Version: 6.0.126)

TeamViewer 8 (Version: 8.0.17396)

UberIcon 1.0.4

USB2.0 UVC VGA WebCam (Version: 5.8.55133.208)

VLC media player 2.0.5 (Version: 2.0.5)

Windows Driver Package - Nokia pccsmcfd “LegacyDriver”  (05/31/2012 7.1.2.0) (Version: 05/31/2012 7.1.2.0)

Windows Live Communications Platform (Version: 16.4.3505.0912)

Windows Live Essentials (Version: 16.4.3505.0912)

Windows Live ID Sign-in Assistant (Version: 7.250.4311.0)

Windows Live Installer (Version: 16.4.3505.0912)

Windows Live PIMT Platform (Version: 16.4.3505.0912)

Windows Live SOXE (Version: 16.4.3505.0912)

Windows Live SOXE Definitions (Version: 16.4.3505.0912)

Windows Live UX Platform (Version: 16.4.3505.0912)

Windows Live UX Platform Language Pack (Version: 16.4.3505.0912)

WinRAR archiver

 

========================= Devices: ================================

 

 

========================= Memory info: ===================================

 

Percentage of memory in use: 66%

Total physical RAM: 1901.63 MB

Available physical RAM: 634.98 MB

Total Pagefile: 3803.26 MB

Available Pagefile: 1683.47 MB

Total Virtual: 2047.88 MB

Available Virtual: 1934.47 MB

 

========================= Partitions: =====================================

 

1 Drive c: () (Fixed) (Total:78.04 GB) (Free:43.62 GB) NTFS

2 Drive d: (Local Disk) (Fixed) (Total:387.62 GB) (Free:174.69 GB) NTFS

 

========================= Users: ========================================

 

User accounts for \\SIVEUNFAO-PC

 

Administrator            Guest                    SIVEUNFAO               

 

 

**** End of log ****

 

Malwarebytes Anti-Malware (Trial) 1.75.0.1300

www.malwarebytes.org

 

Database version: v2013.04.23.01

 

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 10.0.9200.16521

SIVEUNFAO :: SIVEUNFAO-PC [administrator]

 

Protection: Enabled

 

4/23/2013 10:53:26 AM

MBAM-log-2013-04-23 (11-16-53).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 220891

Time elapsed: 23 minute(s), 3 second(s)

 

Memory Processes Detected: 1

C:\Windows\KMService.exe (RiskWare.Tool.CK) -> 2552 -> No action taken.

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 4

HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Shell (Worm.AutoRun) -> Data: C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-13259\proxzy129.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-15559\prxzy129.exe,explorer.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-15559\p444y129.exe -> No action taken.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|p4440229 (Trojan.SpyEyes) -> Data: C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-15559\p444y129.exe -> No action taken.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|przy0229 (Trojan.SpyEyes) -> Data: C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-15559\prxzy129.exe -> No action taken.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|proxzy0229 (Trojan.SpyEyes) -> Data: C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-13259\proxzy129.exe -> No action taken.

 

Registry Data Items Detected: 1

HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Shell (Hijack.Shell) -> Bad: (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-13259\proxzy129.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-15559\prxzy129.exe,explorer.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-15559\p444y129.exe) Good: (Explorer.exe) -> No action taken.

 

Folders Detected: 1

C:\ProgramData\IBUpdaterService (PUP.InstallBrain) -> No action taken.

 

Files Detected: 10

C:\Windows\KMService.exe (RiskWare.Tool.CK) -> No action taken.

C:\ProgramData\BBroowsee2save\515f8a14ee781.dll (Adware.MultiPlug) -> No action taken.

C:\ProgramData\BirowwsyE2savee\51528ec468131.dll (Adware.MultiPlug) -> No action taken.

C:\ProgramData\BrooWseu2savee\5156a04038613.dll (Adware.MultiPlug) -> No action taken.

C:\ProgramData\SEEaorcha-NewTTAeb\5156a1b38bc07.dll (Adware.MultiPlug) -> No action taken.

C:\ProgramData\Seearchh-NeWTab\51637da68fc12.dll (Adware.MultiPlug) -> No action taken.

C:\ProgramData\Seearrchh-NewuTab\515f8a989ca2f.dll (Adware.MultiPlug) -> No action taken.

C:\ProgramData\Syeuaorch-NewTaab\51529193134fa.dll (Adware.MultiPlug) -> No action taken.

C:\ProgramData\Browwse22saave\51637d512bde5.dll (Adware.MultiPlug) -> No action taken.

C:\ProgramData\IBUpdaterService\repository.xml (PUP.InstallBrain) -> No action taken.

 

(end)

 

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.05.0.1001

 

© Malwarebytes Corporation 2011-2012

 

OS version: 6.1.7601 Windows 7 Service Pack 1 x86

 

Account is Administrative

 

Internet Explorer version: 10.0.9200.16521

 

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED

CPU speed: 2.261000 GHz

Memory total: 1994002432, free: 413442048

 

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.05.0.1001

 

© Malwarebytes Corporation 2011-2012

 

OS version: 6.1.7601 Windows 7 Service Pack 1 x86

 

Account is Administrative

 

Internet Explorer version: 10.0.9200.16521

 

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED

CPU speed: 2.261000 GHz

Memory total: 1994002432, free: 395993088

 

DDA driver unhooking procedure failed

Initializing...

Done!

Can't access volume using primary device, the volume might be encrypted.

The system volume seems inaccessible or encrypted. Scan can't continue.

Can't access volume using primary device, the volume might be encrypted.

The system volume seems inaccessible or encrypted. Scan can't continue.

Can't access volume using primary device, the volume might be encrypted.

The system volume seems inaccessible or encrypted. Scan can't continue.

Downloaded database version: v2013.04.23.01

Downloaded database version: v2013.04.22.01

Initializing...

Done!

Can't access volume using primary device, the volume might be encrypted.

The system volume seems inaccessible or encrypted. Scan can't continue.

=======================================

 

 

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.05.0.1001

 

© Malwarebytes Corporation 2011-2012

 

OS version: 6.1.7601 Windows 7 Service Pack 1 x86

 

Account is Administrative

 

Internet Explorer version: 10.0.9200.16521

 

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED

CPU speed: 2.261000 GHz

Memory total: 1994002432, free: 785076224

 

============================


Edited by boopme, 23 April 2013 - 09:11 PM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:18 AM

Posted 23 April 2013 - 09:34 PM

Hello, your MBAM log shows No action taken. Did you click the Remove Selected button.
If not run again and do so.
 
Please download aswMBR ( 4.5MB ) to your desktop.
  • Double click the aswMBR.exe icon, and click Run.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Click the Scan button to start the scan.
  • On completion of the scan, click the  save log button, save it to your desktop, then copy and paste it in your next reply.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Siveun

Siveun
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:18 PM

Posted 02 May 2013 - 10:41 PM

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-05-03 10:00:00
-----------------------------
10:00:00.564    OS Version: Windows 6.1.7601 Service Pack 1
10:00:00.564    Number of processors: 4 586 0x2502
10:00:00.571    ComputerName: SIVEUNFAO-PC  UserName: SIVEUNFAO
10:00:03.775    Initialize success
10:00:04.254    AVAST engine defs: 13050201
10:00:26.314    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
10:00:26.322    Disk 0 Vendor: Hitachi_ GG2O Size: 476940MB BusType: 3
10:00:26.546    Disk 0 MBR read successfully
10:00:26.553    Disk 0 MBR scan
10:00:26.561    Disk 0 Windows 7 default MBR code
10:00:26.627    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
10:00:26.698    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        79911 MB offset 206848
10:00:26.833    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       396926 MB offset 163864576
10:00:26.908    Disk 0 scanning sectors +976769024
10:00:27.233    Disk 0 scanning C:\Windows\system32\drivers
10:00:44.151    Service scanning
10:01:26.279    Modules scanning
10:03:24.720    Disk 0 trace - called modules:
10:03:24.771    ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
10:03:24.781    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87fde340]
10:03:24.792    3 CLASSPNP.SYS[8960d59e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8607a028]
10:03:26.763    AVAST engine scan C:\Windows
10:03:29.984    AVAST engine scan C:\Windows\system32
10:07:30.246    AVAST engine scan C:\Windows\system32\drivers
10:07:56.768    AVAST engine scan C:\Users\SIVEUNFAO
10:30:51.150    AVAST engine scan C:\ProgramData
10:32:21.320    Scan finished successfully
10:32:41.562    Disk 0 MBR has been saved successfully to "C:\Users\SIVEUNFAO\Documents\MBR.dat"
10:32:41.578    The log file has been saved successfully to "C:\Users\SIVEUNFAO\Documents\aswMBR.txt"

 

 



#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:18 AM

Posted 03 May 2013 - 09:30 AM

Well it looks clean, are you still having issues.

 

You need to update your FireFox and Thunderbird apps.

 

Also go into Control Panel/Uninstall and remove

Java™ 7 (Version: 7.0.0)

Java™ SE Runtime Environment 6 Update 1 (Version: 1.6.0.10)

Reboot

Install... Version 7 Update 21


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users