Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer infected with JS/TrojanDownloader.Pegel.AP.trojan


  • This topic is locked This topic is locked
6 replies to this topic

#1 djab90

djab90

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:58 AM

Posted 09 May 2013 - 06:16 PM

It seems like several computers at our office are infected with the same virus/spyware.  We are now unable to browse some websites and AIM doesn't work.  Here is the log from ESET (which now also won't update itself).  Please help and thank you in advance. 

 

Column Name    Value
Threat Id    Threat 7369
Client Name    Pc-XXXXXXX
Computer Name    Pc-XXXXXX
MAC Address    90b11c742925
Primary Server    XXXXXXX
Date Received    2013-05-06 16:24:56
Date Occurred    2013-05-06 16:20:12
Level    Warning
Scanner    HTTP filter
Object    archive
Name    http://www.aim.com/static/2.30.1.35/js/aim.client.js
Threat    JS/TrojanDownloader.Pegel.AP trojan
Action    connection terminated - quarantined
User    xxxxxx\xxxxxx
Information    Threat was detected upon access to web by the application: C:\Users\XXXXX\AppData\Local\AOL\AIM\aim.exe.
Details    Ready
 

Dave


Edited by djab90, 09 May 2013 - 06:17 PM.


BC AdBot (Login to Remove)

 


#2 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:58 PM

Posted 11 May 2013 - 09:14 AM

Hello and welcome.  Please follow these guidelines while we work on your PC:

  • Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I’ve given you the “All clear.”  Absence of symptoms does not mean your machine is clean!
  • Please do not run any scans or install/uninstall any applications without being directed to do so.
  • Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.

icon11.gif   Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#3 djab90

djab90
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:58 AM

Posted 12 May 2013 - 12:34 PM

Hi

Here are the logs:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-05-2013 01
Ran by pccadmin (administrator) on 12-05-2013 10:31:22
Running from C:\Users\pccadmin\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\system32\LogonUI.exe
(AMD) C:\Windows\system32\atieclxx.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\system32\IProsetMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
(LabTech Software) C:\Windows\LTSvc\LTSVC.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(LabTech Software) C:\Windows\LTsvc\LTSvcMon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\system32\rdpclip.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\Audio\HDA\RtDCpl64.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(LabTech Software) C:\Windows\LTSvc\LTTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Advanced Micro Devices Inc.) c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\system32\rdpclip.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\Audio\HDA\RtDCpl64.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(LabTech Software) C:\Windows\LTSvc\LTTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Advanced Micro Devices Inc.) c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\sysWOW64\wbem\wmiprvse.exe
(Microsoft Corporation) C:\Windows\system32\PrintIsolationHost.exe
(Farbar) C:\Users\pccadmin\Desktop\FRST64.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtDCpl64.exe [2907240 2011-07-20] (Realtek Semiconductor Corp.)
HKLM\...\Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" [57928 2012-10-10] (LogMeIn, Inc.)
HKLM\...\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice [2918656 2011-01-12] (ESET)
HKCU\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [1475584 2010-11-20] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60 [284480 2012-05-30] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [291648 2012-05-20] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [343168 2011-12-07] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: []  [x]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [36760 2010-10-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [821144 2010-10-25] (Adobe Systems Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Network Monitoring Tray.lnk
ShortcutTarget: Network Monitoring Tray.lnk -> C:\Windows\LTSvc\LTTray.exe (LabTech Software)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13-comm.msn.com
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
HKCU SearchScopes: DefaultScope {04ECDB32-B315-4576-8408-C5BB092CA595} URL =
SearchScopes: HKCU - {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = http://slirsredirect.search.aol.com/redirector/sredir?sredir=843&q={searchTerms}&s_it=aimright-ie&s_qt=sb&tb_uuid=20121210161149355&tb_oid=10-12-2012
&tb_mrud=28-02-2013
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: AOL Messaging Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - AOL Messaging Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKCU - No Name - {61539ECD-CC67-4437-A03C-9AACCBD14326} -  No File
PDF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://correspondent.webex.com/client/WBXclient-T27L10NSP32EP15-15155/training/ieatgpc1.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.20.9

==================== Services (Whitelisted) =================

S3 EhttpSrv; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [42360 2011-01-12] (ESET)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [810144 2011-01-12] (ESET)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-28] (Intel Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [375728 2012-10-19] (LogMeIn, Inc.)
R2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [147888 2012-10-19] (LogMeIn, Inc.)
R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2012-08-24] (LogMeIn, Inc.)
R2 LTService; C:\Windows\LTSvc\LTSVC.exe [13219328 2013-04-02] (LabTech Software)
R2 LTSvcMon; C:\Windows\LTsvc\LTSvcMon.exe [97792 2013-04-19] (LabTech Software)

==================== Drivers (Whitelisted) ====================

R2 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [170640 2010-12-21] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [141264 2010-12-21] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [125296 2010-12-21] (ESET)
R3 IntcAzAudAddService; C:\Windows\System32\drivers\RTDVHD64.sys [3708776 2012-02-07] (Realtek Semiconductor Corp.)
R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [15928 2012-08-24] (LogMeIn, Inc.)
S3 NAL; C:\Windows\system32\Drivers\iqvw64e.sys [32936 2011-11-09] (Intel Corporation )
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
R3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [x]
S4 LMIRfsClientNP; No ImagePath

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-05-12 10:31 - 2013-05-12 10:31 - 00000000 ____D C:\FRST
2013-05-12 10:31 - 2013-05-12 08:23 - 01875978 ____A (Farbar) C:\Users\pccadmin\Desktop\FRST64.exe
2013-05-11 12:12 - 2013-05-11 12:12 - 00000000 ____D C:\Users\pccadmin\AppData\Roaming\Macromedia
2013-05-11 11:39 - 2013-05-11 11:39 - 00000000 ____D C:\Users\pccadmin\AppData\Local\AIM Toolbar
2013-05-11 08:35 - 2013-05-11 08:35 - 00086944 ____A C:\Users\pccadmin\AppData\Local\GDIPFONTCACHEV1.DAT
2013-05-11 08:35 - 2013-05-11 08:35 - 00000000 ____D C:\Users\pccadmin\AppData\Roaming\Intel Corporation
2013-05-11 08:34 - 2013-05-11 12:12 - 00000000 ____D C:\Users\pccadmin\AppData\Roaming\Adobe
2013-05-11 08:34 - 2013-05-11 08:34 - 00000000 ____D C:\Users\pccadmin\AppData\Roaming\ATI
2013-05-11 08:34 - 2013-05-11 08:34 - 00000000 ____D C:\Users\pccadmin\AppData\Roaming\Apple Computer
2013-05-11 08:34 - 2013-05-11 08:34 - 00000000 ____D C:\Users\pccadmin\AppData\Local\LogMeIn
2013-05-11 08:34 - 2013-05-11 08:34 - 00000000 ____D C:\Users\pccadmin\AppData\Local\ATI
2013-05-11 08:34 - 2013-05-11 08:34 - 00000000 ____D C:\Users\pccadmin\AppData\Local\Adobe
2013-05-11 08:33 - 2013-05-11 08:34 - 00000000 ___RD C:\Users\pccadmin\Virtual Machines
2013-05-11 08:33 - 2013-05-11 08:33 - 00001394 _RASH C:\Users\pccadmin\ntuser.pol
2013-05-11 08:33 - 2013-05-11 08:33 - 00000020 ___SH C:\Users\pccadmin\ntuser.ini
2013-05-11 08:33 - 2013-05-11 08:33 - 00000000 ____D C:\Users\pccadmin\AppData\Roaming\Windows Small Business Server
2013-05-11 08:33 - 2013-05-11 08:33 - 00000000 ____D C:\users\pccadmin
2013-05-11 08:33 - 2012-12-09 03:30 - 00000000 ____D C:\Users\pccadmin\AppData\Local\Microsoft Help
2013-05-08 21:27 - 2013-05-08 21:27 - 00311200 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-05-08 21:27 - 2013-05-08 21:27 - 00188832 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-05-08 21:27 - 2013-05-08 21:27 - 00188320 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2013-05-08 21:27 - 2013-05-08 21:27 - 00108448 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge-64.dll
2013-05-08 21:27 - 2013-05-08 21:27 - 00000000 ____D C:\Program Files\Java
2013-05-08 21:26 - 2013-05-08 21:26 - 00263584 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-05-08 21:26 - 2013-05-08 21:26 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-05-08 21:26 - 2013-05-08 21:26 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-05-08 21:26 - 2013-05-08 21:26 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-05-08 21:26 - 2013-05-08 21:26 - 00000000 ____D C:\ProgramData\Sun
2013-05-08 21:26 - 2013-05-08 21:26 - 00000000 ____D C:\Program Files (x86)\Java
2013-05-08 20:50 - 2013-05-08 20:50 - 00014524 ____A C:\ComboFix.txt
2013-05-08 20:40 - 2013-05-08 20:41 - 00000807 ____A C:\AdwCleaner[R2].txt
2013-05-08 20:34 - 2011-06-25 23:45 - 00256000 ____A C:\Windows\PEV.exe
2013-05-08 20:34 - 2010-11-07 10:20 - 00208896 ____A C:\Windows\MBR.exe
2013-05-08 20:34 - 2009-04-19 21:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-05-08 20:34 - 2000-08-30 17:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-05-08 20:34 - 2000-08-30 17:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-05-08 20:34 - 2000-08-30 17:00 - 00098816 ____A C:\Windows\sed.exe
2013-05-08 20:34 - 2000-08-30 17:00 - 00080412 ____A C:\Windows\grep.exe
2013-05-08 20:34 - 2000-08-30 17:00 - 00068096 ____A C:\Windows\zip.exe
2013-05-08 20:33 - 2013-05-08 20:50 - 00000000 ____D C:\Qoobox
2013-05-08 20:33 - 2013-05-08 20:37 - 00000000 ____D C:\Windows\erdnt
2013-05-08 20:30 - 2013-05-08 20:32 - 00000000 ____D C:\ProgramData\HitmanPro
2013-05-08 20:26 - 2013-05-08 20:26 - 00002620 ____A C:\AdwCleaner[S1].txt
2013-05-08 20:25 - 2013-05-08 20:25 - 00002668 ____A C:\AdwCleaner[R1].txt

==================== One Month Modified Files and Folders =======

2013-05-12 10:31 - 2013-05-12 10:31 - 00000000 ____D C:\FRST
2013-05-12 10:30 - 2009-07-13 22:32 - 00000000 ____D C:\Windows\System32\FxsTmp
2013-05-12 10:08 - 2012-12-18 01:56 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-05-12 10:04 - 2012-12-06 14:00 - 00000000 ____D C:\ProgramData\LogMeIn
2013-05-12 09:11 - 2012-12-06 12:39 - 00000128 ____A C:\Windows\System32\config\netlogon.ftl
2013-05-12 09:05 - 2012-11-30 23:40 - 01860822 ____A C:\Windows\WindowsUpdate.log
2013-05-12 08:23 - 2013-05-12 10:31 - 01875978 ____A (Farbar) C:\Users\pccadmin\Desktop\FRST64.exe
2013-05-12 00:12 - 2012-12-08 15:04 - 00001679 ____A C:\Windows\winpoint.ini
2013-05-11 19:06 - 2012-12-06 13:56 - 00000000 ____D C:\Users\kitty\AppData\Local\Deployment
2013-05-11 17:15 - 2012-12-06 11:00 - 00001394 _RASH C:\Users\kitty\ntuser.pol
2013-05-11 17:15 - 2012-12-06 11:00 - 00000000 ____D C:\users\kitty
2013-05-11 12:12 - 2013-05-11 12:12 - 00000000 ____D C:\Users\pccadmin\AppData\Roaming\Macromedia
2013-05-11 12:12 - 2013-05-11 08:34 - 00000000 ____D C:\Users\pccadmin\AppData\Roaming\Adobe
2013-05-11 11:39 - 2013-05-11 11:39 - 00000000 ____D C:\Users\pccadmin\AppData\Local\AIM Toolbar
2013-05-11 08:48 - 2009-07-13 21:45 - 00021312 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-05-11 08:48 - 2009-07-13 21:45 - 00021312 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-05-11 08:45 - 2009-07-13 22:13 - 00779100 ____A C:\Windows\System32\PerfStringBackup.INI
2013-05-11 08:41 - 2012-12-06 13:56 - 00000000 ____D C:\Windows\LTSvc
2013-05-11 08:41 - 2009-07-13 22:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-05-11 08:41 - 2009-07-13 21:51 - 00043904 ____A C:\Windows\setupact.log
2013-05-11 08:35 - 2013-05-11 08:35 - 00086944 ____A C:\Users\pccadmin\AppData\Local\GDIPFONTCACHEV1.DAT
2013-05-11 08:35 - 2013-05-11 08:35 - 00000000 ____D C:\Users\pccadmin\AppData\Roaming\Intel Corporation
2013-05-11 08:34 - 2013-05-11 08:34 - 00000000 ____D C:\Users\pccadmin\AppData\Roaming\ATI
2013-05-11 08:34 - 2013-05-11 08:34 - 00000000 ____D C:\Users\pccadmin\AppData\Roaming\Apple Computer
2013-05-11 08:34 - 2013-05-11 08:34 - 00000000 ____D C:\Users\pccadmin\AppData\Local\LogMeIn
2013-05-11 08:34 - 2013-05-11 08:34 - 00000000 ____D C:\Users\pccadmin\AppData\Local\ATI
2013-05-11 08:34 - 2013-05-11 08:34 - 00000000 ____D C:\Users\pccadmin\AppData\Local\Adobe
2013-05-11 08:34 - 2013-05-11 08:33 - 00000000 ___RD C:\Users\pccadmin\Virtual Machines
2013-05-11 08:33 - 2013-05-11 08:33 - 00001394 _RASH C:\Users\pccadmin\ntuser.pol
2013-05-11 08:33 - 2013-05-11 08:33 - 00000020 ___SH C:\Users\pccadmin\ntuser.ini
2013-05-11 08:33 - 2013-05-11 08:33 - 00000000 ____D C:\Users\pccadmin\AppData\Roaming\Windows Small Business Server
2013-05-11 08:33 - 2013-05-11 08:33 - 00000000 ____D C:\users\pccadmin
2013-05-08 21:27 - 2013-05-08 21:27 - 00311200 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-05-08 21:27 - 2013-05-08 21:27 - 00188832 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-05-08 21:27 - 2013-05-08 21:27 - 00188320 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2013-05-08 21:27 - 2013-05-08 21:27 - 00108448 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge-64.dll
2013-05-08 21:27 - 2013-05-08 21:27 - 00000000 ____D C:\Program Files\Java
2013-05-08 21:27 - 2012-12-08 18:12 - 01092512 ____A (Oracle Corporation) C:\Windows\System32\npdeployJava1.dll
2013-05-08 21:27 - 2012-12-08 18:12 - 00971680 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2013-05-08 21:26 - 2013-05-08 21:26 - 00263584 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-05-08 21:26 - 2013-05-08 21:26 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-05-08 21:26 - 2013-05-08 21:26 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-05-08 21:26 - 2013-05-08 21:26 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-05-08 21:26 - 2013-05-08 21:26 - 00000000 ____D C:\ProgramData\Sun
2013-05-08 21:26 - 2013-05-08 21:26 - 00000000 ____D C:\Program Files (x86)\Java
2013-05-08 21:26 - 2012-12-08 18:11 - 00866720 ____A (Oracle Corporation) C:\Windows\SysWOW64\npdeployJava1.dll
2013-05-08 21:26 - 2012-12-08 18:11 - 00788896 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-05-08 21:19 - 2012-12-06 13:56 - 00000000 ____D C:\Users\kitty\AppData\Local\Apps\2.0
2013-05-08 21:17 - 2010-11-20 20:47 - 00055262 ____A C:\Windows\PFRO.log
2013-05-08 20:50 - 2013-05-08 20:50 - 00014524 ____A C:\ComboFix.txt
2013-05-08 20:50 - 2013-05-08 20:33 - 00000000 ____D C:\Qoobox
2013-05-08 20:49 - 2009-07-13 19:34 - 00000215 ____A C:\Windows\system.ini
2013-05-08 20:41 - 2013-05-08 20:40 - 00000807 ____A C:\AdwCleaner[R2].txt
2013-05-08 20:37 - 2013-05-08 20:33 - 00000000 ____D C:\Windows\erdnt
2013-05-08 20:32 - 2013-05-08 20:30 - 00000000 ____D C:\ProgramData\HitmanPro
2013-05-08 20:26 - 2013-05-08 20:26 - 00002620 ____A C:\AdwCleaner[S1].txt
2013-05-08 20:25 - 2013-05-08 20:25 - 00002668 ____A C:\AdwCleaner[R1].txt
2013-04-15 13:06 - 2012-12-06 13:54 - 00000000 ____D C:\ProgramData\Microsoft Help

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


Last Boot: 2013-05-04 00:52

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-05-2013 01
Ran by pccadmin at 2013-05-12 10:31:33 Run:
Running from C:\Users\pccadmin\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

1.0 (Version: 1.7.15.4)
Adobe Acrobat X Standard - English, Français, Deutsch (Version: 10.0.0)
Adobe Flash Player 11 ActiveX (Version: 11.5.502.135)
Adobe Shockwave Player 11.6 (Version: 11.6.8.638)
AMD APP SDK Runtime (Version: 10.0.831.4)
AMD Catalyst Install Manager (Version: 3.0.855.0)
AOL Messaging Toolbar
Apple Application Support (Version: 2.3.2)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center (Version: 2011.1207.217.3953)
Catalyst Control Center Graphics Previews Common (Version: 2011.1207.217.3953)
Catalyst Control Center InstallProxy (Version: 2011.1207.217.3953)
Catalyst Control Center Localization All (Version: 2011.1207.217.3953)
Catalyst Control Center Profiles Desktop (Version: 2011.1207.217.3953)
CCC Help Chinese Standard (Version: 2011.1207.0216.3953)
CCC Help Chinese Traditional (Version: 2011.1207.0216.3953)
CCC Help Czech (Version: 2011.1207.0216.3953)
CCC Help Danish (Version: 2011.1207.0216.3953)
CCC Help Dutch (Version: 2011.1207.0216.3953)
CCC Help English (Version: 2011.1207.0216.3953)
CCC Help Finnish (Version: 2011.1207.0216.3953)
CCC Help French (Version: 2011.1207.0216.3953)
CCC Help German (Version: 2011.1207.0216.3953)
CCC Help Greek (Version: 2011.1207.0216.3953)
CCC Help Hungarian (Version: 2011.1207.0216.3953)
CCC Help Italian (Version: 2011.1207.0216.3953)
CCC Help Japanese (Version: 2011.1207.0216.3953)
CCC Help Korean (Version: 2011.1207.0216.3953)
CCC Help Norwegian (Version: 2011.1207.0216.3953)
CCC Help Polish (Version: 2011.1207.0216.3953)
CCC Help Portuguese (Version: 2011.1207.0216.3953)
CCC Help Russian (Version: 2011.1207.0216.3953)
CCC Help Spanish (Version: 2011.1207.0216.3953)
CCC Help Swedish (Version: 2011.1207.0216.3953)
CCC Help Thai (Version: 2011.1207.0216.3953)
CCC Help Turkish (Version: 2011.1207.0216.3953)
ccc-utility64 (Version: 2011.1207.217.3953)
Cisco WebEx Meetings
D3DX10 (Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell Edoc Viewer (Version: 1.0.0)
ESET NOD32 Antivirus (Version: 4.2.71.2)
Intel® Control Center (Version: 1.2.1.1008)
Intel® Management Engine Components (Version: 8.0.3.1427)
Intel® Network Connections 16.8.45.00 (Version: 16.8.45.00)
Intel® Rapid Storage Technology (Version: 11.2.0.1006)
Intel® USB 3.0 eXtensible Host Controller Driver (Version: 1.0.5.235)
Intel® Trusted Connect Service Client (Version: 1.23.605.1)
Java 7 Update 21 (64-bit) (Version: 7.0.210)
Java 7 Update 21 (Version: 7.0.210)
Java Auto Updater (Version: 2.1.9.5)
Junk Mail filter update (Version: 15.4.3502.0922)
LogMeIn (Version: 4.1.2600)
Mesh Runtime (Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Home and Business 2010 (Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft VC9 runtime libraries (Version: 2.0.0)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Point 8.0 SP1 (Version: 8.0.1472)
QuickTime (Version: 7.73.80.64)
Realtek High Definition Audio Driver (Version: 6.0.1.5907)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3508.1109)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3508.1109)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Windows Small Business Server 2011 Standard ClientAgent (Version: 6.1.7900.1)
Windows Small Business Server 2011 Standard WMI Provider (Version: 6.1.7900.1)

==================== Restore Points  =========================

06-03-2013 08:00:03 Scheduled Checkpoint
13-03-2013 21:01:29 Scheduled Checkpoint
21-03-2013 01:15:06 Scheduled Checkpoint
27-03-2013 09:56:44 Windows Update
04-04-2013 01:19:08 Scheduled Checkpoint
11-04-2013 07:00:03 Scheduled Checkpoint
19-04-2013 07:00:03 Scheduled Checkpoint
26-04-2013 18:33:14 Scheduled Checkpoint
04-05-2013 01:12:01 Scheduled Checkpoint
09-05-2013 03:17:10 Removed Java™ 6 Update 38
09-05-2013 03:17:42 Removed Java™ 6 Update 38 (64-bit)
09-05-2013 04:26:11 Installed Java 7 Update 21
09-05-2013 04:27:03 Installed Java 7 Update 21 (64-bit)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/12/2013 00:30:59 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (05/11/2013 08:42:52 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/11/2013 00:30:11 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (05/10/2013 08:56:30 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/10/2013 00:30:09 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (05/09/2013 04:36:18 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/09/2013 03:58:02 PM) (Source: Application Error) (User: )
Description: Faulting application name: Acrobat.exe, version: 10.0.0.396, time stamp: 0x4cc5ebc0
Faulting module name: Acrobat.dll, version: 10.0.0.396, time stamp: 0x4cc5f7e2
Exception code: 0xc0000005
Fault offset: 0x001c6116
Faulting process id: 0x167c
Faulting application start time: 0xAcrobat.exe0
Faulting application path: Acrobat.exe1
Faulting module path: Acrobat.exe2
Report Id: Acrobat.exe3

Error: (05/09/2013 01:59:59 PM) (Source: Application Error) (User: )
Description: Faulting application name: Acrobat.exe, version: 10.0.0.396, time stamp: 0x4cc5ebc0
Faulting module name: Acrobat.dll, version: 10.0.0.396, time stamp: 0x4cc5f7e2
Exception code: 0xc0000005
Fault offset: 0x001c6116
Faulting process id: 0x1940
Faulting application start time: 0xAcrobat.exe0
Faulting application path: Acrobat.exe1
Faulting module path: Acrobat.exe2
Report Id: Acrobat.exe3

Error: (05/09/2013 00:30:18 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (05/08/2013 09:31:35 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (05/12/2013 10:30:28 AM) (Source: UmrdpService) (User: )
Description: Driver Send To Microsoft OneNote 2010 Driver required for printer Send To OneNote 2010 is unknown. Contact the administrator to install the driver before you log in again.

Error: (05/12/2013 10:30:26 AM) (Source: UmrdpService) (User: )
Description: Driver HP Universal Printing PCL 6 required for printer HP Universal Printing PCL 6 is unknown. Contact the administrator to install the driver before you log in again.

Error: (05/12/2013 10:30:23 AM) (Source: UmrdpService) (User: )
Description: Driver HP LaserJet 4200 PCL 5 required for printer HP LaserJet 4200 Back PCL 5 is unknown. Contact the administrator to install the driver before you log in again.

Error: (05/12/2013 10:30:21 AM) (Source: UmrdpService) (User: )
Description: Driver HP Color LaserJet 4500 PCL6 required for printer HP Color LaserJet 4500 PCL6 is unknown. Contact the administrator to install the driver before you log in again.

Error: (05/12/2013 10:30:21 AM) (Source: UmrdpService) (User: )
Description: Driver Dell 2130cn Color Laser PCL6 required for printer Dell 2130cn Color Laser PCL6 is unknown. Contact the administrator to install the driver before you log in again.

Error: (05/12/2013 10:30:18 AM) (Source: UmrdpService) (User: )
Description: Driver Canon iR5075 PCL5e required for printer Canon iR5075 PCL5e is unknown. Contact the administrator to install the driver before you log in again.

Error: (05/12/2013 10:30:15 AM) (Source: UmrdpService) (User: )
Description: Driver Amyuni Document Converter 400 required for printer ABS PDF Driver v400 is unknown. Contact the administrator to install the driver before you log in again.

Error: (05/12/2013 07:05:01 AM) (Source: Kerberos) (User: )
Description: The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server pc-reception$. The target name used was cifs/PC-RECEPTION.spinner.local. This indicates that the target server failed to decrypt the ticket provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Please ensure that the target SPN is registered on, and only registered on, the account used by the server. This error can also happen when the target service is using a different password for the target service account than what the Kerberos Key Distribution Center (KDC) has for the target service account. Please ensure that the service on the server and the KDC are both updated to use the current password. If the server name is not fully qualified, and the target domain (SPINNER.LOCAL) is different from the client domain (SPINNER.LOCAL), check if there are identically named server accounts in these two domains, or use the fully-qualified name to identify the server.

Error: (05/11/2013 00:31:18 PM) (Source: UmrdpService) (User: )
Description: Driver Send To Microsoft OneNote 2010 Driver required for printer Send To OneNote 2010 is unknown. Contact the administrator to install the driver before you log in again.

Error: (05/11/2013 00:31:13 PM) (Source: UmrdpService) (User: )
Description: Driver HP LaserJet 4200 PCL 5 required for printer HP LaserJet 4200 Back PCL 5 is unknown. Contact the administrator to install the driver before you log in again.


Microsoft Office Sessions:
=========================
Error: (05/12/2013 00:30:59 AM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"c:\Program Files\ATI\CIM\Bin64\SetACL64.exe

Error: (05/11/2013 08:42:52 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/11/2013 00:30:11 AM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"c:\Program Files\ATI\CIM\Bin64\SetACL64.exe

Error: (05/10/2013 08:56:30 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/10/2013 00:30:09 AM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"c:\Program Files\ATI\CIM\Bin64\SetACL64.exe

Error: (05/09/2013 04:36:18 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/09/2013 03:58:02 PM) (Source: Application Error)(User: )
Description: Acrobat.exe10.0.0.3964cc5ebc0Acrobat.dll10.0.0.3964cc5f7e2c0000005001c6116167c01ce4d07f3cb43beC:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat.exeC:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat.dlle6316a5c-b8fb-11e2-a132-90b11c7475f9

Error: (05/09/2013 01:59:59 PM) (Source: Application Error)(User: )
Description: Acrobat.exe10.0.0.3964cc5ebc0Acrobat.dll10.0.0.3964cc5f7e2c0000005001c6116194001ce4cf81f75d120C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat.exeC:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat.dll68734ee4-b8eb-11e2-a132-90b11c7475f9

Error: (05/09/2013 00:30:18 AM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"c:\Program Files\ATI\CIM\Bin64\SetACL64.exe

Error: (05/08/2013 09:31:35 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
  Date: 2013-05-12 10:30:15.229
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2013-05-11 19:10:49.975
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2013-05-11 18:56:28.781
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2013-05-11 18:27:07.264
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2013-05-11 18:17:51.214
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2013-05-11 18:08:12.124
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2013-05-11 17:34:59.444
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2013-05-11 17:27:40.081
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2013-05-11 17:15:29.785
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2013-05-11 15:21:44.987
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 15%
Total physical RAM: 16338.5 MB
Available physical RAM: 13731.83 MB
Total Pagefile: 40843.69 MB
Available Pagefile: 38144.04 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:447.05 GB) (Free:362.65 GB) NTFS (Disk=0 Partition=3)
Drive z: (DATA) (Network) (Total:1471.4 GB) (Free:1080.69 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows Vista) (Size: 466 GB) (Disk ID: 992ECD72)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=19 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=447 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#4 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:58 PM

Posted 12 May 2013 - 03:45 PM

Please do this next:

icon11.gif  Go to this page and download Malwarebytes Anti-Rootkit (MBAR)

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • MBAR will create logs that you will find in the same folder you found MBAR.exe.  Please post those for me to review.

Please include the following in your next post:
  • MBAR log


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#5 djab90

djab90
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:58 AM

Posted 12 May 2013 - 03:56 PM

Here you go.  I resolved the ESET update issue...related to Geo IP blocking on the firewall.  Still would like to make sure nothing on the systems.  Whatever infiection it it is, it crippled AIM/AOL functionality. 

 

Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org

Database version: v2013.05.12.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
pccadmin :: PC-KITTY [administrator]

5/12/2013 1:53:15 PM
mbar-log-2013-05-12 (13-53-15).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 27740
Time elapsed: 3 minute(s), 46 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Delete on reboot.

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 

 



#6 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:58 PM

Posted 12 May 2013 - 09:13 PM

Hi,

 

The log you posted from ESET in your first post shows that it quarantined the executable for AIM (which explains why it stopped working on all of your systems). Seeing no other concerns in your logs,  I'd recommend that you notify ESET's support of the possible false positive and check on how to go about unquarantining that file. 


Edited by RPMcMurphy, 12 May 2013 - 09:14 PM.
Spelling error

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#7 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:58 PM

Posted 24 May 2013 - 10:04 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users