Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Gringo......where are you?????


  • This topic is locked This topic is locked
35 replies to this topic

#1 Gone gray

Gone gray

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:07:19 PM

Posted 08 June 2013 - 05:45 PM

Hey my Freind,
I need help with that old laptop. I'm sure it's polluted with all kinds of things.
What do you want me to do first.

Lou

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:19 PM

Posted 08 June 2013 - 08:56 PM

Hello Lou




I need to get some reports to get a base to start from so I need you to run these programs first.



-Download DDS-
  • Please download DDS from one of the links below and save it to your desktop:

    dds_scr.gif
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3
    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
      • DDS.txt
      • Attach.txt
    • A window will open instructing you save & post the logs
    • Save the logs to a convenient place such as your desktop
    • Copy the contents of both logs & post in your next reply
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Gone gray

Gone gray
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:07:19 PM

Posted 09 June 2013 - 07:09 AM

Hi Gringo,

Sorry, no luck with the DDS.

First attemptusing the desktop icon put a small gray background windowbox on thescreen that said" two logs or txt will be put to desktop or created......sorry i missed the excact phrase. It never did......I had to power down

 

Second time i rt clicked on the desktop icon and hit install, it started but stalled, I had to power down

 

Third time I rt clicked and clicked another opption....it started but stalled. I waited over 10 min and had to power down.



#4 Gone gray

Gone gray
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:07:19 PM

Posted 09 June 2013 - 07:15 AM

also when i first d/clicked on icon, the gray window said dds is running in silent mode, then it said two logs will be created to Desk top.

i ran it a 4th time d/click and selected test and got the same message as the first time.

I will let it run for a while and see what happens.



#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:19 PM

Posted 09 June 2013 - 12:36 PM


Hello Gone gray



Please download Farbar Recovery Scan Tool and save it to your desktop.


Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 Gone gray

Gone gray
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:07:19 PM

Posted 09 June 2013 - 01:40 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-06-2013<br />Ran by donna (administrator) on 09-06-2013 14:34:14<br />Running from C:\Documents and Settings\donna\Desktop<br />Microsoft Windows XP Service Pack 3 (X86) OS Language: English(US)<br />Internet Explorer Version 8<br />Boot Mode: Normal<br /><br />==================== Processes (Whitelisted) ===================<br /><br />(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe<br />(ATI Technologies, Inc.) C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe<br />(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe<br />(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe<br />(Conexant Systems) C:\WINDOWS\system32\carpserv.exe<br />(AOL LLC) C:\Program Files\Common Files\AOL\1251229502\ee\AOLSoftware.exe<br />(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe<br />(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe<br />(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe<br />(AOL, LLC.) C:\Program Files\AOL 9.1\waol.exe<br />(CANON INC.) C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPM5LAK.EXE<br />(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE<br />(AOL LLC) C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe<br />() C:\WINDOWS\system32\Ati2evxx.exe<br />(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe<br />(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe<br />(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe<br />(McAfee, Inc.) C:\WINDOWS\system32\mfevtps.exe<br />(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe<br />(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe<br />(Canon Inc.) C:\Program Files\Canon\CAL\CALMAIN.exe<br />(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe<br />(AOL, LLC.) C:\Program Files\AOL 9.1\shellmon.exe<br />(AOL LLC) C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe<br />(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MpCmdRun.exe<br /><br />==================== Registry (Whitelisted) ==================<br /><br />HKLM\...\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [290816 2002-09-20] (ATI Technologies, Inc.)<br />HKLM\...\Run: [ATIModeChange] Ati2mdxx.exe [x]<br />HKLM\...\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [126976 2002-08-01] (Synaptics, Inc.)<br />HKLM\...\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [557056 2002-08-01] (Synaptics, Inc.)<br />HKLM\...\Run: [CARPService] carpserv.exe [x]<br />HKLM\...\Run: [HostManager] C:\Program Files\Common Files\AOL\1251229502\ee\AOLSoftware.exe [41824 2008-06-24] (AOL LLC)<br />HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [417792 2009-11-11] (Apple Inc.)<br />HKLM\...\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming [1387288 2011-10-07] (Logitech, Inc.)<br />HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [947152 2013-01-27] (Microsoft Corporation)<br />HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-18] (Adobe Systems Incorporated)<br />Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [X]<br />HKCU\...\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background [1695232 2008-04-13] (Microsoft Corporation)<br />HKCU\...\Run: [AOL Fast Start] "C:\Program Files\AOL 9.1\AOL.EXE" -b [50472 2008-11-06] (AOL, LLC.)<br /><br />==================== Internet (Whitelisted) ====================<br /><br />HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/<br />HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&amp;ar=iesearch<br />HKLM SearchScopes: DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&amp;appid=139&amp;systemid=406&amp;sr=0&amp;q={searchTerms}<br />SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&amp;src={referrer:source?}<br />SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&amp;appid=139&amp;systemid=406&amp;sr=0&amp;q={searchTerms}<br />HKCU SearchScopes: DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&amp;appid=139&amp;systemid=406&amp;sr=0&amp;q={searchTerms}<br />SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&amp;src=IE-SearchBox&amp;Form=IE8SRC<br />SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&amp;appid=139&amp;systemid=406&amp;sr=0&amp;q={searchTerms}<br />SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&amp;SearchSource=4&amp;ctid=CT3018509<br />SearchScopes: HKCU - {C173D237-2268-4449-988E-F4D7D672EDE3} URL = http://search.yahoo.com/search?p={searchterms}&amp;ei=UTF-8&amp;fr=w3i&amp;type=W3i_DS,136,0_0,Search,20120312,6901,0,8,0<br />BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)<br />BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)<br />BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120904190019.dll (McAfee, Inc.)<br />BHO: BrowserHelper Class - {8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6} - C:\Program Files\SGPSA\SearchAssistant.dll (Make The Web Better, LLC)<br />BHO: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\SEARCH~3\Datamngr\ToolBar\searchqudtx.dll No File<br />BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)<br />BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)<br />Toolbar: HKLM - Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\SEARCH~3\Datamngr\ToolBar\searchqudtx.dll No File<br />Toolbar: HKCU -No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File<br />DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab<br />DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} http://ak.imgag.com/imgag/cp/install/Crusher.cab<br />DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab<br />DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab<br />DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab<br />Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)<br />Handler: ipp - No CLSID Value -<br />Handler: msdaipp - No CLSID Value -<br />Tcpip\Parameters: [DhcpNameServer] 198.153.192.60 198.153.194.60 192.168.1.1<br /><br />========================== Services (Whitelisted) =================<br /><br />R2 AOL ACS; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [46640 2006-10-23] (AOL LLC)<br />R2 Ati HotKey Poller; C:\Windows\system32\Ati2evxx.exe [147456 2002-09-26] ()<br />R2 CCALib8; C:\Program Files\Canon\CAL\CALMAIN.exe [96370 2007-01-31] (Canon Inc.)<br />R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)<br />R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)<br />R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [166320 2012-05-25] (McAfee, Inc.)<br />R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [161664 2012-05-25] (McAfee, Inc.)<br />R2 mfevtp; C:\WINDOWS\system32\mfevtps.exe [151912 2012-05-25] (McAfee, Inc.)<br />R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [20456 2013-01-27] (Microsoft Corporation)<br />S3 AppMgmt; %SystemRoot%\System32\appmgmts.dll [x]<br />S4 HidServ; %SystemRoot%\System32\hidserv.dll [x]<br />R2 JavaQuickStarterService; "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" [x]<br /><br />==================== Drivers (Whitelisted) ====================<br /><br />S3 ac97intc; C:\Windows\System32\drivers\ac97intc.sys [96256 2001-08-17] (Intel Corporation)<br />R3 ati2mtag; C:\Windows\System32\DRIVERS\ati2mtag.sys [483456 2002-09-26] (ATI Technologies Inc.)<br />S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [57600 2012-02-22] (McAfee, Inc.)<br />R3 cs429x; C:\Windows\System32\drivers\cwawdm.sys [89088 2002-08-08] (Cirrus Logic, Inc.)<br />R3 EL90XBC; C:\Windows\System32\DRIVERS\el90xbc5.sys [71744 2001-10-30] (3Com Corporation)<br />R3 HSFHWICH; C:\Windows\System32\DRIVERS\HSFHWICH.sys [159652 2002-09-26] (Conexant Systems)<br />R2 LBeepKE; C:\Windows\System32\Drivers\LBeepKE.sys [12184 2011-09-02] (Logitech, Inc.)<br />S3 LMouFilt; C:\Windows\System32\DRIVERS\LMouFilt.Sys [39192 2011-09-02] (Logitech, Inc.)<br />R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)<br />R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [121544 2012-02-22] (McAfee, Inc.)<br />R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [180848 2012-02-22] (McAfee, Inc.)<br />R3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [59456 2012-02-22] (McAfee, Inc.)<br />R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [340920 2012-02-22] (McAfee, Inc.)<br />R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [464304 2012-02-22] (McAfee, Inc.)<br />S3 mfendisk; C:\Windows\System32\DRIVERS\mfendisk.sys [83856 2012-02-22] (McAfee, Inc.)<br />R3 mfendiskmp; C:\Windows\System32\DRIVERS\mfendisk.sys [83856 2012-02-22] (McAfee, Inc.)<br />S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [87656 2012-02-22] (McAfee, Inc.)<br />R1 mfetdi2k; C:\Windows\System32\drivers\mfetdi2k.sys [89792 2012-02-22] (McAfee, Inc.)<br />R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [195296 2013-01-20] (Microsoft Corporation)<br />R2 StreamDispatcher; C:\Windows\System32\DRIVERS\strmdisp.sys [36348 2002-09-26] (Conexant Systems)<br />R3 wanatw; C:\Windows\System32\DRIVERS\wanatw4.sys [33588 2003-01-10] (America Online, Inc.)<br />S4 Abiosdsk; No ImagePath<br />S4 abp480n5; No ImagePath<br />S4 adpu160m; No ImagePath<br />S4 Aha154x; No ImagePath<br />S4 aic78u2; No ImagePath<br />S4 aic78xx; No ImagePath<br />S4 AliIde; No ImagePath<br />S4 amsint; No ImagePath<br />S4 asc; No ImagePath<br />S4 asc3350p; No ImagePath<br />S4 asc3550; No ImagePath<br />S4 Atdisk; No ImagePath<br />S4 cd20xrnt; No ImagePath<br />S1 Changer; No ImagePath<br />S4 CmdIde; No ImagePath<br />S4 Cpqarray; No ImagePath<br />U4 dac2w2k; No ImagePath<br />S4 dac960nt; No ImagePath<br />S4 dpti2o; No ImagePath<br />S4 hpn; No ImagePath<br />S1 i2omgmt; No ImagePath<br />S4 i2omp; No ImagePath<br />S4 ini910u; No ImagePath<br />S1 lbrtfdc; No ImagePath<br />S4 mraid35x; No ImagePath<br />S1 PCIDump; No ImagePath<br />S4 PCIIde; No ImagePath<br />S3 PDCOMP; No ImagePath<br />S3 PDFRAME; No ImagePath<br />S3 PDRELI; No ImagePath<br />S3 PDRFRAME; No ImagePath<br />S4 perc2; No ImagePath<br />S4 perc2hib; No ImagePath<br />S4 ql1080; No ImagePath<br />S4 Ql10wnt; No ImagePath<br />S4 ql12160; No ImagePath<br />S4 ql1240; No ImagePath<br />S4 ql1280; No ImagePath<br />S4 Simbad; No ImagePath<br />S4 Sparrow; No ImagePath<br />S4 symc810; No ImagePath<br />S4 symc8xx; No ImagePath<br />S4 sym_hi; No ImagePath<br />S4 sym_u3; No ImagePath<br />S4 TosIde; No ImagePath<br />S4 ultra; No ImagePath<br />S4 ViaIde; No ImagePath<br />S3 WDICA; No ImagePath<br />U1 WS2IFSL;<br /><br />==================== NetSvcs (Whitelisted) ===================<br /><br /><br />==================== One Month Created Files and Folders ========<br /><br />2013-06-09 14:33 - 2013-06-09 14:33 - 00000000 ____D C:\FRST<br />2013-06-09 09:37 - 2013-06-09 09:38 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware<br />2013-06-09 09:37 - 2013-04-04 14:50 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys<br />2013-06-09 06:47 - 2013-06-09 06:49 - 00000000 ____D C:\Program Files\Common Files\Adobe<br />2013-06-09 06:04 - 2013-06-09 14:32 - 00000366 ___AH C:\Windows\Tasks\MpIdleTask.job<br />2013-06-09 06:00 - 2013-06-09 09:38 - 00000384 ___AH C:\Windows\Tasks\Microsoft Antimalware Scheduled Scan.job<br />2013-06-09 05:55 - 2013-05-02 11:28 - 00238872 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe<br />2013-06-09 05:48 - 2013-06-09 05:50 - 00000000 ____D C:\Program Files\Microsoft Security Client<br />2013-06-09 05:40 - 2013-06-09 05:40 - 00000000 __HDC C:\Windows\$NtUninstallKB2661254-v2$<br />2013-06-09 05:39 - 2013-06-09 05:41 - 00002805 ____A C:\Windows\setupapi.log<br />2013-06-09 05:38 - 2013-06-09 05:38 - 00000000 __HDC C:\Windows\$NtUninstallKB2813345$<br />2013-06-09 05:34 - 2013-06-09 05:34 - 00000000 __HDC C:\Windows\$NtUninstallKB2813170$<br />2013-06-09 05:30 - 2013-06-09 05:30 - 00000000 __HDC C:\Windows\$NtUninstallKB2829361$<br />2013-06-09 05:12 - 2013-06-09 05:12 - 00000000 ____D C:\Program Files\VS Revo Group<br />2013-06-09 05:12 - 2009-12-30 11:20 - 00027064 ____A (VS Revo Group) C:\Windows\System32\Drivers\revoflt.sys<br />2013-06-08 19:59 - 2013-06-09 05:50 - 00001945 ____A C:\Windows\epplauncher.mif<br />2013-06-08 19:37 - 2013-06-08 19:42 - 00004484 ____A C:\Windows\KB2758857.log<br />2013-06-08 19:36 - 2013-06-08 19:42 - 00004346 ____A C:\Windows\KB2802968.log<br />2013-06-08 19:36 - 2013-06-08 19:42 - 00004264 ____A C:\Windows\KB2780091.log<br />2013-06-08 19:35 - 2013-06-08 19:42 - 00004094 ____A C:\Windows\KB2820917.log<br />2013-06-08 19:35 - 2013-06-08 19:42 - 00004015 ____A C:\Windows\KB2757638.log<br />2013-06-08 19:35 - 2013-06-08 19:42 - 00003927 ____A C:\Windows\KB2749655.log<br />2013-06-08 19:34 - 2013-06-09 05:41 - 00040592 ____A C:\Windows\KB2661254-v2.log<br />2013-06-08 19:34 - 2013-06-09 05:39 - 00024658 ____A C:\Windows\KB2813345.log<br />2013-06-08 19:34 - 2013-06-08 19:41 - 00003839 ____A C:\Windows\KB2727528.log<br />2013-06-08 19:28 - 2013-06-09 05:31 - 00010717 ____A C:\Windows\KB2829361.log<br /><br />==================== One Month Modified Files and Folders ========<br /><br />2013-06-09 14:33 - 2013-06-09 14:33 - 00000000 ____D C:\FRST<br />2013-06-09 14:32 - 2013-06-09 06:04 - 00000366 ___AH C:\Windows\Tasks\MpIdleTask.job<br />2013-06-09 14:26 - 2004-08-04 06:00 - 00000678 ____A C:\Windows\win.ini<br />2013-06-09 14:25 - 2009-08-25 14:54 - 01616352 ____A C:\Windows\WindowsUpdate.log<br />2013-06-09 14:23 - 2003-01-27 01:00 - 00000157 ____A C:\Windows\wiadebug.log<br />2013-06-09 14:23 - 2003-01-27 01:00 - 00000048 ____A C:\Windows\wiaservc.log<br />2013-06-09 14:22 - 2009-08-25 15:02 - 00000006 ___AH C:\Windows\Tasks\SA.DAT<br />2013-06-09 11:37 - 2009-08-25 15:02 - 00032500 ____A C:\Windows\SchedLgU.Txt<br />2013-06-09 11:28 - 2009-12-12 18:00 - 00000422 ___AH C:\Windows\Tasks\User_Feed_Synchronization-{8D413FB7-B89C-403E-91DC-7E34096880E9}.job<br />2013-06-09 10:26 - 2011-10-08 12:54 - 00000000 __HDC C:\Windows\$NtUninstallKB971486$<br />2013-06-09 10:22 - 2012-09-04 20:36 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job<br />2013-06-09 09:38 - 2013-06-09 09:37 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware<br />2013-06-09 09:38 - 2013-06-09 06:00 - 00000384 ___AH C:\Windows\Tasks\Microsoft Antimalware Scheduled Scan.job<br />2013-06-09 06:49 - 2013-06-09 06:47 - 00000000 ____D C:\Program Files\Common Files\Adobe<br />2013-06-09 06:47 - 2011-10-11 06:29 - 00000000 ____D C:\Program Files\Adobe<br />2013-06-09 06:42 - 2009-08-25 16:11 - 00000000 ____D C:\Program Files\McAfee<br />2013-06-09 06:41 - 2003-01-27 00:56 - 00240736 ____A C:\Windows\System32\FNTCACHE.DAT<br />2013-06-09 06:36 - 2009-12-17 21:45 - 00000000 ____D C:\Program Files\SGPSA<br />2013-06-09 06:26 - 2009-08-28 07:29 - 00000000 ____D C:\Windows\Microsoft.NET<br />2013-06-09 05:50 - 2013-06-09 05:48 - 00000000 ____D C:\Program Files\Microsoft Security Client<br />2013-06-09 05:50 - 2013-06-08 19:59 - 00001945 ____A C:\Windows\epplauncher.mif<br />2013-06-09 05:41 - 2013-06-09 05:39 - 00002805 ____A C:\Windows\setupapi.log<br />2013-06-09 05:41 - 2013-06-08 19:34 - 00040592 ____A C:\Windows\KB2661254-v2.log<br />2013-06-09 05:41 - 2003-01-27 00:57 - 01718692 ____A C:\Windows\FaxSetup.log<br />2013-06-09 05:41 - 2003-01-27 00:57 - 00829063 ____A C:\Windows\ocgen.log<br />2013-06-09 05:41 - 2003-01-27 00:57 - 00660033 ____A C:\Windows\tsoc.log<br />2013-06-09 05:41 - 2003-01-27 00:57 - 00431618 ____A C:\Windows\comsetup.log<br />2013-06-09 05:41 - 2003-01-27 00:57 - 00271904 ____A C:\Windows\iis6.log<br />2013-06-09 05:41 - 2003-01-27 00:57 - 00260256 ____A C:\Windows\ntdtcsetup.log<br />2013-06-09 05:41 - 2003-01-27 00:57 - 00086169 ____A C:\Windows\msgsocm.log<br />2013-06-09 05:41 - 2003-01-27 00:57 - 00070257 ____A C:\Windows\ocmsn.log<br />2013-06-09 05:41 - 2003-01-27 00:57 - 00001355 ____A C:\Windows\imsins.log<br />2013-06-09 05:40 - 2013-06-09 05:40 - 00000000 __HDC C:\Windows\$NtUninstallKB2661254-v2$<br />2013-06-09 05:40 - 2009-08-26 16:13 - 00195750 ____A C:\Windows\updspapi.log<br />2013-06-09 05:39 - 2013-06-08 19:34 - 00024658 ____A C:\Windows\KB2813345.log<br />2013-06-09 05:39 - 2003-01-27 00:57 - 00001355 ____A C:\Windows\imsins.BAK<br />2013-06-09 05:38 - 2013-06-09 05:38 - 00000000 __HDC C:\Windows\$NtUninstallKB2813345$<br />2013-06-09 05:36 - 2003-01-27 00:56 - 01024098 ____A C:\Windows\setupapi.log.0.old<br />2013-06-09 05:34 - 2013-06-09 05:34 - 00000000 __HDC C:\Windows\$NtUninstallKB2813170$<br />2013-06-09 05:31 - 2013-06-08 19:28 - 00010717 ____A C:\Windows\KB2829361.log<br />2013-06-09 05:30 - 2013-06-09 05:30 - 00000000 __HDC C:\Windows\$NtUninstallKB2829361$<br />2013-06-09 05:24 - 2003-01-27 00:57 - 00489766 ____A C:\Windows\System32\PerfStringBackup.INI<br />2013-06-09 05:12 - 2013-06-09 05:12 - 00000000 ____D C:\Program Files\VS Revo Group<br />2013-06-09 05:01 - 2004-08-04 06:00 - 00002206 ____A C:\Windows\System32\wpa.dbl<br />2013-06-08 19:42 - 2013-06-08 19:37 - 00004484 ____A C:\Windows\KB2758857.log<br />2013-06-08 19:42 - 2013-06-08 19:36 - 00004346 ____A C:\Windows\KB2802968.log<br />2013-06-08 19:42 - 2013-06-08 19:36 - 00004264 ____A C:\Windows\KB2780091.log<br />2013-06-08 19:42 - 2013-06-08 19:35 - 00004094 ____A C:\Windows\KB2820917.log<br />2013-06-08 19:42 - 2013-06-08 19:35 - 00004015 ____A C:\Windows\KB2757638.log<br />2013-06-08 19:42 - 2013-06-08 19:35 - 00003927 ____A C:\Windows\KB2749655.log<br />2013-06-08 19:41 - 2013-06-08 19:34 - 00003839 ____A C:\Windows\KB2727528.log<br />2013-06-08 19:37 - 2009-08-25 14:56 - 00000000 ___HD C:\Windows\$hf_mig$<br />2013-06-08 19:22 - 2012-09-04 20:35 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe<br />2013-06-08 19:22 - 2012-09-04 20:35 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl<br /><br />Files to move or delete:<br />====================<br />C:\Users\public\MyWebTattoo.exe<br /><br />==================== Bamital &amp; volsnap Check =================<br /><br />C:\Windows\explorer.exe =&gt; MD5 is legit<br />C:\Windows\System32\winlogon.exe =&gt; MD5 is legit<br />C:\Windows\System32\svchost.exe =&gt; MD5 is legit<br />C:\Windows\System32\services.exe =&gt; MD5 is legit<br />C:\Windows\System32\User32.dll =&gt; MD5 is legit<br />C:\Windows\System32\userinit.exe =&gt; MD5 is legit<br />C:\Windows\System32\Drivers\volsnap.sys =&gt; MD5 is legit<br /><br />==================== End Of Log ============================<br /><br /><br /><br /><br /><br />Additional scan result of Farbar Recovery Scan Tool (x86) Version: 09-06-2013<br />Ran by donna at 2013-06-09 14:35:34 Run:<br />Running from C:\Documents and Settings\donna\Desktop<br />Boot Mode: Normal<br />==========================================================<br /><br /><br />==================== Installed Programs =======================<br /><br />Adobe Flash Player 11 ActiveX (Version: 11.7.700.202)<br />Adobe Reader XI (11.0.02) (Version: 11.0.02)<br />AOL Uninstaller (Choose which Products to Remove)<br />Apple Application Support (Version: 1.1.0)<br />Apple Software Update (Version: 2.1.1.116)<br />ATI Control Panel<br />ATI Display Driver<br />Canon Camera Access Library (Version: 8.4.0.1)<br />Canon Camera Support Core Library (Version: 7.3.1.6)<br />Canon G.726 WMP-Decoder (Version: 1.1.0.4)<br />Canon iC D800<br />Canon MovieEdit Task for ZoomBrowser EX (Version: 2.6.0.4)<br />Canon RAW Image Task for ZoomBrowser EX (Version: 0.9.3.9)<br />Canon Utilities CameraWindow (Version: 7.1.0.2)<br />Canon Utilities CameraWindow DC (Version: 7.1.0.7)<br />Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX (Version: 5.4.5.17)<br />Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX (Version: 6.4.2.16)<br />Canon Utilities EOS Utility (Version: 1.1.0.8)<br />Canon Utilities MyCamera (Version: 6.4.0.5)<br />Canon Utilities MyCamera DC (Version: 7.0.1.8)<br />Canon Utilities PhotoStitch (Version: 3.1.21.45)<br />Canon Utilities RemoteCapture Task for ZoomBrowser EX (Version: 1.7.1.9)<br />Canon Utilities ZoomBrowser EX (Version: 6.1.0.20)<br />Canon ZoomBrowser EX Memory Card Utility (Version: 1.1.0.8)<br />Conexant D480 MDC V.92 Modem<br />Dell ResourceCD<br />Download Updater (AOL LLC)<br />eReg (Version: 1.20.138.34)<br />Fast Browser Search (My Face LOL) (Version: 2.0)<br />Java Auto Updater (Version: 2.0.7.1)<br />Java™ 6 Update 35 (Version: 6.0.350)<br />Logitech SetPoint 6.32 (Version: 6.32.20)<br />Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)<br />McAfee SecurityCenter<br />Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)<br />Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)<br />Microsoft .NET Framework 3.5 SP1<br />Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)<br />Microsoft Application Error Reporting (Version: 12.0.6012.5000)<br />Microsoft Kernel-Mode Driver Framework Feature Pack 1.9<br />Microsoft Office XP Media Content (Version: 10.0.2619.0)<br />Microsoft Office XP Small Business (Version: 10.0.2627.01)<br />Microsoft Security Client (Version: 4.2.0223.1)<br />Microsoft Security Essentials (Version: 4.2.223.1)<br />Microsoft VC9 runtime libraries (Version: 1.0.0)<br />Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)<br />MSXML 6 Service Pack 2 (KB973686) (Version: 6.20.2003.0)<br />QuickTime (Version: 7.65.17.80)<br />Revo Uninstaller Pro 3.0.5 (Version: 3.0.5)<br />Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0)<br />Synaptics TouchPad<br />Uninstall AOL Emergency Connect Utility 1.0<br />Unity Web Player (Version: 2.5.1f5_24931)<br />Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)<br />Update for Windows Internet Explorer 8 (KB975364) (Version: 1)<br />Update for Windows Internet Explorer 8 (KB976662) (Version: 1)<br />Update for Windows XP (KB2345886) (Version: 1)<br />Update for Windows XP (KB2541763) (Version: 1)<br />Update for Windows XP (KB2616676-v2) (Version: 2)<br />Update for Windows XP (KB2641690) (Version: 1)<br />Update for Windows XP (KB2661254-v2) (Version: 2)<br />Update for Windows XP (KB2718704) (Version: 1)<br />Update for Windows XP (KB951978) (Version: 1)<br />Update for Windows XP (KB955759) (Version: 1)<br />Update for Windows XP (KB967715) (Version: 1)<br />Update for Windows XP (KB968389) (Version: 1)<br />Update for Windows XP (KB971029) (Version: 1)<br />Update for Windows XP (KB971737) (Version: 1)<br />Update for Windows XP (KB973687) (Version: 1)<br />Update for Windows XP (KB973815) (Version: 1)<br />Update for Windows XP (KB976749) (Version: 1)<br />Viewpoint Media Player<br />WebFldrs XP (Version: 9.50.7523)<br />Windows Imaging Component (Version: 3.0.0.0)<br />Windows Internet Explorer 8 (Version: 20090308.140743)<br />Windows XP Service Pack 3 (Version: 20080414.031525)<br /><br />==================== Restore Points =========================<br /><br />08-06-2013 23:38:12 Revo Uninstaller's restore point - Java™ 6 Update 35<br />08-06-2013 23:49:51 Removed Java™ 6 Update 35<br />08-06-2013 23:59:30 Revo Uninstaller's restore point - Java™ 6 Update 35<br />08-06-2013 23:41:45 System Checkpoint<br />09-06-2013 08:49:57 Software Distribution Service 3.0<br />09-06-2013 09:54:56 Software Distribution Service 3.0<br /><br />==================== Faulty Device Manager Devices =============<br /><br /><br />==================== Event log errors: =========================<br /><br />Application errors:<br />==================<br />Error: (06/09/2013 05:57:37 AM) (Source: Application Error) (User: )<br />Description: Faulting application mcshield.exe, version 14.4.0.387, faulting module mytilus3_worker.dll, version 14.4.0.387, fault address 0x0000ad5d.<br />Processing media-specific event for [mcshield.exe!ws!]<br /><br />Error: (06/09/2013 05:55:59 AM) (Source: McLogEvent) (User: NT AUTHORITY)<br />Description: Exception in McShield.Exe!<br /><br />Exception details follow :<br /><br />VSCORE.14.4.0.387<br />Exception Code : 0XC0000005<br />Exception Address : 0X1471AD5D<br />Exception Parameters : 2<br />Param 1 = 00000000<br />Param 2 = 0X01AB618C<br /><br />More information :<br /><br />Error: (06/09/2013 05:50:03 AM) (Source: MPSampleSubmission) (User: )<br />Description: EventType mptelemetry, P1 0x80070003, P2 moac, P3 cachereset, P4 4.2.223.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.<br /><br />Error: (06/08/2013 07:51:00 PM) (Source: Application Hang) (User: )<br />Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.<br /><br />Error: (06/08/2013 08:10:46 PM) (Source: McLogEvent) (User: NT AUTHORITY)<br />Description: Exception in McShield.Exe!<br /><br />Exception details follow :<br /><br />VSCORE.14.4.0.387<br />Exception Code : 0XC0000005<br />Exception Address : 0X1472D485<br />Exception Parameters : 2<br />Param 1 = 00000000<br />Param 2 = 0X0149C298<br /><br />More information :<br /><br />Error: (06/08/2013 07:23:02 PM) (Source: crypt32) (User: )<br />Description: Failed extract of third-party root list from auto update cab at: &lt;http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab&gt; with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.<br /><br />Error: (06/08/2013 07:23:02 PM) (Source: crypt32) (User: )<br />Description: Failed auto update retrieval of third-party root list sequence number from: &lt;http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt&gt; with error: This network connection does not exist.<br /><br />Error: (06/08/2013 07:23:02 PM) (Source: crypt32) (User: )<br />Description: Failed extract of third-party root list from auto update cab at: &lt;http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab&gt; with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.<br /><br />Error: (06/08/2013 07:23:02 PM) (Source: crypt32) (User: )<br />Description: Failed auto update retrieval of third-party root list sequence number from: &lt;http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt&gt; with error: This network connection does not exist.<br /><br />Error: (06/08/2013 07:23:02 PM) (Source: crypt32) (User: )<br />Description: Failed extract of third-party root list from auto update cab at: &lt;http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab&gt; with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.<br /><br /><br />System errors:<br />=============<br />Error: (06/09/2013 02:25:26 PM) (Source: Service Control Manager) (User: )<br />Description: The Application Layer Gateway Service service failed to start due to the following error:<br />%%1053<br /><br />Error: (06/09/2013 02:25:26 PM) (Source: Service Control Manager) (User: )<br />Description: Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.<br /><br />Error: (06/09/2013 02:24:06 PM) (Source: Service Control Manager) (User: )<br />Description: The IMAPI CD-Burning COM Service service failed to start due to the following error:<br />%%1053<br /><br />Error: (06/09/2013 02:24:06 PM) (Source: Service Control Manager) (User: )<br />Description: Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.<br /><br />Error: (06/09/2013 11:39:51 AM) (Source: Service Control Manager) (User: )<br />Description: The following boot-start or system-start driver(s) failed to load:<br />Fips<br />intelppm<br />MpFilter<br />OMCI<br /><br />Error: (06/09/2013 11:39:11 AM) (Source: DCOM) (User: NT AUTHORITY)<br />Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""<br />in order to run the server:<br />{1BE1F766-5536-11D1-B726-00C04FB926AF}<br /><br />Error: (06/09/2013 10:56:15 AM) (Source: Service Control Manager) (User: )<br />Description: The Application Layer Gateway Service service failed to start due to the following error:<br />%%1053<br /><br />Error: (06/09/2013 10:56:15 AM) (Source: Service Control Manager) (User: )<br />Description: Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.<br /><br />Error: (06/09/2013 10:27:54 AM) (Source: 0) (User: )<br />Description: 0xC0000001HarddiskVolume1<br /><br />Error: (06/09/2013 05:58:30 AM) (Source: Service Control Manager) (User: )<br />Description: The McAfee McShield service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.<br /><br /><br />Microsoft Office Sessions:<br />=========================<br />Error: (06/09/2013 05:57:37 AM) (Source: Application Error)(User: )<br />Description: mcshield.exe14.4.0.387mytilus3_worker.dll14.4.0.3870000ad5d<br /><br />Error: (06/09/2013 05:55:59 AM) (Source: McLogEvent)(User: NT AUTHORITY)<br />Description: VSCORE.14.4.0.387<br />Exception Code : 0XC0000005<br />Exception Address : 0X1471AD5D<br />Exception Parameters : 2<br />Param 1 = 00000000<br />Param 2 = 0X01AB618C<br /><br />More information :<br /><br />Error: (06/09/2013 05:50:03 AM) (Source: MPSampleSubmission)(User: )<br />Description: mptelemetry0x80070003moaccachereset4.2.223.0unspecifiedunspecifiedunspecifiedNILNILNIL<br /><br />Error: (06/08/2013 07:51:00 PM) (Source: Application Hang)(User: )<br />Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000<br /><br />Error: (06/08/2013 08:10:46 PM) (Source: McLogEvent)(User: NT AUTHORITY)<br />Description: VSCORE.14.4.0.387<br />Exception Code : 0XC0000005<br />Exception Address : 0X1472D485<br />Exception Parameters : 2<br />Param 1 = 00000000<br />Param 2 = 0X0149C298<br /><br />More information :<br /><br />Error: (06/08/2013 07:23:02 PM) (Source: crypt32)(User: )<br />Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.<br /><br />Error: (06/08/2013 07:23:02 PM) (Source: crypt32)(User: )<br />Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.<br /><br />Error: (06/08/2013 07:23:02 PM) (Source: crypt32)(User: )<br />Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.<br /><br />Error: (06/08/2013 07:23:02 PM) (Source: crypt32)(User: )<br />Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.<br /><br />Error: (06/08/2013 07:23:02 PM) (Source: crypt32)(User: )<br />Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.<br /><br /><br />==================== Memory info ===========================<br /><br />Percentage of memory in use: 66%<br />Total physical RAM: 511.43 MB<br />Available physical RAM: 170.59 MB<br />Total Pagefile: 1248.08 MB<br />Available Pagefile: 655.97 MB<br />Total Virtual: 2047.88 MB<br />Available Virtual: 1938.38 MB<br /><br />==================== Drives ================================<br /><br />Drive c: () (Fixed) (Total:37.26 GB) (Free:26.33 GB) NTFS ==&gt;[Drive with boot components (Windows XP)]<br /><br />==================== MBR &amp; Partition Table ==================<br /><br />========================================================<br />Disk: 0 (MBR Code: Windows XP) (Size: 37 GB) (Disk ID: 9DC96E9E)<br />Partition 1: (Active) - (Size=37 GB) - (Type=07 NTFS)<br /><br />==================== End Of Log ============================<br /><br />

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:19 PM

Posted 09 June 2013 - 04:37 PM

Hello

I need you to resend the report - the forum software messed things up and i cannot read it




gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 Gone gray

Gone gray
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:07:19 PM

Posted 09 June 2013 - 06:17 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-06-2013<br />Ran by donna (administrator) on 09-06-2013 14:34:14<br />Running from C:\Documents and Settings\donna\Desktop<br />Microsoft Windows XP Service Pack 3 (X86) OS Language: English(US)<br />Internet Explorer Version 8<br />Boot Mode: Normal<br /><br />==================== Processes (Whitelisted) ===================<br /><br />(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe<br />(ATI Technologies, Inc.) C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe<br />(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe<br />(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe<br />(Conexant Systems) C:\WINDOWS\system32\carpserv.exe<br />(AOL LLC) C:\Program Files\Common Files\AOL\1251229502\ee\AOLSoftware.exe<br />(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe<br />(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe<br />(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe<br />(AOL, LLC.) C:\Program Files\AOL 9.1\waol.exe<br />(CANON INC.) C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPM5LAK.EXE<br />(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE<br />(AOL LLC) C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe<br />() C:\WINDOWS\system32\Ati2evxx.exe<br />(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe<br />(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe<br />(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe<br />(McAfee, Inc.) C:\WINDOWS\system32\mfevtps.exe<br />(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe<br />(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe<br />(Canon Inc.) C:\Program Files\Canon\CAL\CALMAIN.exe<br />(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe<br />(AOL, LLC.) C:\Program Files\AOL 9.1\shellmon.exe<br />(AOL LLC) C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe<br />(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MpCmdRun.exe<br /><br />==================== Registry (Whitelisted) ==================<br /><br />HKLM\...\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [290816 2002-09-20] (ATI Technologies, Inc.)<br />HKLM\...\Run: [ATIModeChange] Ati2mdxx.exe [x]<br />HKLM\...\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [126976 2002-08-01] (Synaptics, Inc.)<br />HKLM\...\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [557056 2002-08-01] (Synaptics, Inc.)<br />HKLM\...\Run: [CARPService] carpserv.exe [x]<br />HKLM\...\Run: [HostManager] C:\Program Files\Common Files\AOL\1251229502\ee\AOLSoftware.exe [41824 2008-06-24] (AOL LLC)<br />HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [417792 2009-11-11] (Apple Inc.)<br />HKLM\...\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming [1387288 2011-10-07] (Logitech, Inc.)<br />HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [947152 2013-01-27] (Microsoft Corporation)<br />HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-18] (Adobe Systems Incorporated)<br />Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [X]<br />HKCU\...\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background [1695232 2008-04-13] (Microsoft Corporation)<br />HKCU\...\Run: [AOL Fast Start] "C:\Program Files\AOL 9.1\AOL.EXE" -b [50472 2008-11-06] (AOL, LLC.)<br /><br />==================== Internet (Whitelisted) ====================<br /><br />HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/<br />HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&amp;ar=iesearch<br />HKLM SearchScopes: DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&amp;appid=139&amp;systemid=406&amp;sr=0&amp;q={searchTerms}<br />SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&amp;src={referrer:source?}<br />SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&amp;appid=139&amp;systemid=406&amp;sr=0&amp;q={searchTerms}<br />HKCU SearchScopes: DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&amp;appid=139&amp;systemid=406&amp;sr=0&amp;q={searchTerms}<br />SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&amp;src=IE-SearchBox&amp;Form=IE8SRC<br />SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&amp;appid=139&amp;systemid=406&amp;sr=0&amp;q={searchTerms}<br />SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&amp;SearchSource=4&amp;ctid=CT3018509<br />SearchScopes: HKCU - {C173D237-2268-4449-988E-F4D7D672EDE3} URL = http://search.yahoo.com/search?p={searchterms}&amp;ei=UTF-8&amp;fr=w3i&amp;type=W3i_DS,136,0_0,Search,20120312,6901,0,8,0<br />BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)<br />BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)<br />BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120904190019.dll (McAfee, Inc.)<br />BHO: BrowserHelper Class - {8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6} - C:\Program Files\SGPSA\SearchAssistant.dll (Make The Web Better, LLC)<br />BHO: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\SEARCH~3\Datamngr\ToolBar\searchqudtx.dll No File<br />BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)<br />BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)<br />Toolbar: HKLM - Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\SEARCH~3\Datamngr\ToolBar\searchqudtx.dll No File<br />Toolbar: HKCU -No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File<br />DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab<br />DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} http://ak.imgag.com/imgag/cp/install/Crusher.cab<br />DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab<br />DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab<br />DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab<br />Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)<br />Handler: ipp - No CLSID Value -<br />Handler: msdaipp - No CLSID Value -<br />Tcpip\Parameters: [DhcpNameServer] 198.153.192.60 198.153.194.60 192.168.1.1<br /><br />========================== Services (Whitelisted) =================<br /><br />R2 AOL ACS; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [46640 2006-10-23] (AOL LLC)<br />R2 Ati HotKey Poller; C:\Windows\system32\Ati2evxx.exe [147456 2002-09-26] ()<br />R2 CCALib8; C:\Program Files\Canon\CAL\CALMAIN.exe [96370 2007-01-31] (Canon Inc.)<br />R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)<br />R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)<br />R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [166320 2012-05-25] (McAfee, Inc.)<br />R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [161664 2012-05-25] (McAfee, Inc.)<br />R2 mfevtp; C:\WINDOWS\system32\mfevtps.exe [151912 2012-05-25] (McAfee, Inc.)<br />R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [20456 2013-01-27] (Microsoft Corporation)<br />S3 AppMgmt; %SystemRoot%\System32\appmgmts.dll [x]<br />S4 HidServ; %SystemRoot%\System32\hidserv.dll [x]<br />R2 JavaQuickStarterService; "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" [x]<br /><br />==================== Drivers (Whitelisted) ====================<br /><br />S3 ac97intc; C:\Windows\System32\drivers\ac97intc.sys [96256 2001-08-17] (Intel Corporation)<br />R3 ati2mtag; C:\Windows\System32\DRIVERS\ati2mtag.sys [483456 2002-09-26] (ATI Technologies Inc.)<br />S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [57600 2012-02-22] (McAfee, Inc.)<br />R3 cs429x; C:\Windows\System32\drivers\cwawdm.sys [89088 2002-08-08] (Cirrus Logic, Inc.)<br />R3 EL90XBC; C:\Windows\System32\DRIVERS\el90xbc5.sys [71744 2001-10-30] (3Com Corporation)<br />R3 HSFHWICH; C:\Windows\System32\DRIVERS\HSFHWICH.sys [159652 2002-09-26] (Conexant Systems)<br />R2 LBeepKE; C:\Windows\System32\Drivers\LBeepKE.sys [12184 2011-09-02] (Logitech, Inc.)<br />S3 LMouFilt; C:\Windows\System32\DRIVERS\LMouFilt.Sys [39192 2011-09-02] (Logitech, Inc.)<br />R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)<br />R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [121544 2012-02-22] (McAfee, Inc.)<br />R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [180848 2012-02-22] (McAfee, Inc.)<br />R3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [59456 2012-02-22] (McAfee, Inc.)<br />R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [340920 2012-02-22] (McAfee, Inc.)<br />R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [464304 2012-02-22] (McAfee, Inc.)<br />S3 mfendisk; C:\Windows\System32\DRIVERS\mfendisk.sys [83856 2012-02-22] (McAfee, Inc.)<br />R3 mfendiskmp; C:\Windows\System32\DRIVERS\mfendisk.sys [83856 2012-02-22] (McAfee, Inc.)<br />S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [87656 2012-02-22] (McAfee, Inc.)<br />R1 mfetdi2k; C:\Windows\System32\drivers\mfetdi2k.sys [89792 2012-02-22] (McAfee, Inc.)<br />R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [195296 2013-01-20] (Microsoft Corporation)<br />R2 StreamDispatcher; C:\Windows\System32\DRIVERS\strmdisp.sys [36348 2002-09-26] (Conexant Systems)<br />R3 wanatw; C:\Windows\System32\DRIVERS\wanatw4.sys [33588 2003-01-10] (America Online, Inc.)<br />S4 Abiosdsk; No ImagePath<br />S4 abp480n5; No ImagePath<br />S4 adpu160m; No ImagePath<br />S4 Aha154x; No ImagePath<br />S4 aic78u2; No ImagePath<br />S4 aic78xx; No ImagePath<br />S4 AliIde; No ImagePath<br />S4 amsint; No ImagePath<br />S4 asc; No ImagePath<br />S4 asc3350p; No ImagePath<br />S4 asc3550; No ImagePath<br />S4 Atdisk; No ImagePath<br />S4 cd20xrnt; No ImagePath<br />S1 Changer; No ImagePath<br />S4 CmdIde; No ImagePath<br />S4 Cpqarray; No ImagePath<br />U4 dac2w2k; No ImagePath<br />S4 dac960nt; No ImagePath<br />S4 dpti2o; No ImagePath<br />S4 hpn; No ImagePath<br />S1 i2omgmt; No ImagePath<br />S4 i2omp; No ImagePath<br />S4 ini910u; No ImagePath<br />S1 lbrtfdc; No ImagePath<br />S4 mraid35x; No ImagePath<br />S1 PCIDump; No ImagePath<br />S4 PCIIde; No ImagePath<br />S3 PDCOMP; No ImagePath<br />S3 PDFRAME; No ImagePath<br />S3 PDRELI; No ImagePath<br />S3 PDRFRAME; No ImagePath<br />S4 perc2; No ImagePath<br />S4 perc2hib; No ImagePath<br />S4 ql1080; No ImagePath<br />S4 Ql10wnt; No ImagePath<br />S4 ql12160; No ImagePath<br />S4 ql1240; No ImagePath<br />S4 ql1280; No ImagePath<br />S4 Simbad; No ImagePath<br />S4 Sparrow; No ImagePath<br />S4 symc810; No ImagePath<br />S4 symc8xx; No ImagePath<br />S4 sym_hi; No ImagePath<br />S4 sym_u3; No ImagePath<br />S4 TosIde; No ImagePath<br />S4 ultra; No ImagePath<br />S4 ViaIde; No ImagePath<br />S3 WDICA; No ImagePath<br />U1 WS2IFSL;<br /><br />==================== NetSvcs (Whitelisted) ===================<br /><br /><br />==================== One Month Created Files and Folders ========<br /><br />2013-06-09 14:33 - 2013-06-09 14:33 - 00000000 ____D C:\FRST<br />2013-06-09 09:37 - 2013-06-09 09:38 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware<br />2013-06-09 09:37 - 2013-04-04 14:50 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys<br />2013-06-09 06:47 - 2013-06-09 06:49 - 00000000 ____D C:\Program Files\Common Files\Adobe<br />2013-06-09 06:04 - 2013-06-09 14:32 - 00000366 ___AH C:\Windows\Tasks\MpIdleTask.job<br />2013-06-09 06:00 - 2013-06-09 09:38 - 00000384 ___AH C:\Windows\Tasks\Microsoft Antimalware Scheduled Scan.job<br />2013-06-09 05:55 - 2013-05-02 11:28 - 00238872 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe<br />2013-06-09 05:48 - 2013-06-09 05:50 - 00000000 ____D C:\Program Files\Microsoft Security Client<br />2013-06-09 05:40 - 2013-06-09 05:40 - 00000000 __HDC C:\Windows\$NtUninstallKB2661254-v2$<br />2013-06-09 05:39 - 2013-06-09 05:41 - 00002805 ____A C:\Windows\setupapi.log<br />2013-06-09 05:38 - 2013-06-09 05:38 - 00000000 __HDC C:\Windows\$NtUninstallKB2813345$<br />2013-06-09 05:34 - 2013-06-09 05:34 - 00000000 __HDC C:\Windows\$NtUninstallKB2813170$<br />2013-06-09 05:30 - 2013-06-09 05:30 - 00000000 __HDC C:\Windows\$NtUninstallKB2829361$<br />2013-06-09 05:12 - 2013-06-09 05:12 - 00000000 ____D C:\Program Files\VS Revo Group<br />2013-06-09 05:12 - 2009-12-30 11:20 - 00027064 ____A (VS Revo Group) C:\Windows\System32\Drivers\revoflt.sys<br />2013-06-08 19:59 - 2013-06-09 05:50 - 00001945 ____A C:\Windows\epplauncher.mif<br />2013-06-08 19:37 - 2013-06-08 19:42 - 00004484 ____A C:\Windows\KB2758857.log<br />2013-06-08 19:36 - 2013-06-08 19:42 - 00004346 ____A C:\Windows\KB2802968.log<br />2013-06-08 19:36 - 2013-06-08 19:42 - 00004264 ____A C:\Windows\KB2780091.log<br />2013-06-08 19:35 - 2013-06-08 19:42 - 00004094 ____A C:\Windows\KB2820917.log<br />2013-06-08 19:35 - 2013-06-08 19:42 - 00004015 ____A C:\Windows\KB2757638.log<br />2013-06-08 19:35 - 2013-06-08 19:42 - 00003927 ____A C:\Windows\KB2749655.log<br />2013-06-08 19:34 - 2013-06-09 05:41 - 00040592 ____A C:\Windows\KB2661254-v2.log<br />2013-06-08 19:34 - 2013-06-09 05:39 - 00024658 ____A C:\Windows\KB2813345.log<br />2013-06-08 19:34 - 2013-06-08 19:41 - 00003839 ____A C:\Windows\KB2727528.log<br />2013-06-08 19:28 - 2013-06-09 05:31 - 00010717 ____A C:\Windows\KB2829361.log<br /><br />==================== One Month Modified Files and Folders ========<br /><br />2013-06-09 14:33 - 2013-06-09 14:33 - 00000000 ____D C:\FRST<br />2013-06-09 14:32 - 2013-06-09 06:04 - 00000366 ___AH C:\Windows\Tasks\MpIdleTask.job<br />2013-06-09 14:26 - 2004-08-04 06:00 - 00000678 ____A C:\Windows\win.ini<br />2013-06-09 14:25 - 2009-08-25 14:54 - 01616352 ____A C:\Windows\WindowsUpdate.log<br />2013-06-09 14:23 - 2003-01-27 01:00 - 00000157 ____A C:\Windows\wiadebug.log<br />2013-06-09 14:23 - 2003-01-27 01:00 - 00000048 ____A C:\Windows\wiaservc.log<br />2013-06-09 14:22 - 2009-08-25 15:02 - 00000006 ___AH C:\Windows\Tasks\SA.DAT<br />2013-06-09 11:37 - 2009-08-25 15:02 - 00032500 ____A C:\Windows\SchedLgU.Txt<br />2013-06-09 11:28 - 2009-12-12 18:00 - 00000422 ___AH C:\Windows\Tasks\User_Feed_Synchronization-{8D413FB7-B89C-403E-91DC-7E34096880E9}.job<br />2013-06-09 10:26 - 2011-10-08 12:54 - 00000000 __HDC C:\Windows\$NtUninstallKB971486$<br />2013-06-09 10:22 - 2012-09-04 20:36 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job<br />2013-06-09 09:38 - 2013-06-09 09:37 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware<br />2013-06-09 09:38 - 2013-06-09 06:00 - 00000384 ___AH C:\Windows\Tasks\Microsoft Antimalware Scheduled Scan.job<br />2013-06-09 06:49 - 2013-06-09 06:47 - 00000000 ____D C:\Program Files\Common Files\Adobe<br />2013-06-09 06:47 - 2011-10-11 06:29 - 00000000 ____D C:\Program Files\Adobe<br />2013-06-09 06:42 - 2009-08-25 16:11 - 00000000 ____D C:\Program Files\McAfee<br />2013-06-09 06:41 - 2003-01-27 00:56 - 00240736 ____A C:\Windows\System32\FNTCACHE.DAT<br />2013-06-09 06:36 - 2009-12-17 21:45 - 00000000 ____D C:\Program Files\SGPSA<br />2013-06-09 06:26 - 2009-08-28 07:29 - 00000000 ____D C:\Windows\Microsoft.NET<br />2013-06-09 05:50 - 2013-06-09 05:48 - 00000000 ____D C:\Program Files\Microsoft Security Client<br />2013-06-09 05:50 - 2013-06-08 19:59 - 00001945 ____A C:\Windows\epplauncher.mif<br />2013-06-09 05:41 - 2013-06-09 05:39 - 00002805 ____A C:\Windows\setupapi.log<br />2013-06-09 05:41 - 2013-06-08 19:34 - 00040592 ____A C:\Windows\KB2661254-v2.log<br />2013-06-09 05:41 - 2003-01-27 00:57 - 01718692 ____A C:\Windows\FaxSetup.log<br />2013-06-09 05:41 - 2003-01-27 00:57 - 00829063 ____A C:\Windows\ocgen.log<br />2013-06-09 05:41 - 2003-01-27 00:57 - 00660033 ____A C:\Windows\tsoc.log<br />2013-06-09 05:41 - 2003-01-27 00:57 - 00431618 ____A C:\Windows\comsetup.log<br />2013-06-09 05:41 - 2003-01-27 00:57 - 00271904 ____A C:\Windows\iis6.log<br />2013-06-09 05:41 - 2003-01-27 00:57 - 00260256 ____A C:\Windows\ntdtcsetup.log<br />2013-06-09 05:41 - 2003-01-27 00:57 - 00086169 ____A C:\Windows\msgsocm.log<br />2013-06-09 05:41 - 2003-01-27 00:57 - 00070257 ____A C:\Windows\ocmsn.log<br />2013-06-09 05:41 - 2003-01-27 00:57 - 00001355 ____A C:\Windows\imsins.log<br />2013-06-09 05:40 - 2013-06-09 05:40 - 00000000 __HDC C:\Windows\$NtUninstallKB2661254-v2$<br />2013-06-09 05:40 - 2009-08-26 16:13 - 00195750 ____A C:\Windows\updspapi.log<br />2013-06-09 05:39 - 2013-06-08 19:34 - 00024658 ____A C:\Windows\KB2813345.log<br />2013-06-09 05:39 - 2003-01-27 00:57 - 00001355 ____A C:\Windows\imsins.BAK<br />2013-06-09 05:38 - 2013-06-09 05:38 - 00000000 __HDC C:\Windows\$NtUninstallKB2813345$<br />2013-06-09 05:36 - 2003-01-27 00:56 - 01024098 ____A C:\Windows\setupapi.log.0.old<br />2013-06-09 05:34 - 2013-06-09 05:34 - 00000000 __HDC C:\Windows\$NtUninstallKB2813170$<br />2013-06-09 05:31 - 2013-06-08 19:28 - 00010717 ____A C:\Windows\KB2829361.log<br />2013-06-09 05:30 - 2013-06-09 05:30 - 00000000 __HDC C:\Windows\$NtUninstallKB2829361$<br />2013-06-09 05:24 - 2003-01-27 00:57 - 00489766 ____A C:\Windows\System32\PerfStringBackup.INI<br />2013-06-09 05:12 - 2013-06-09 05:12 - 00000000 ____D C:\Program Files\VS Revo Group<br />2013-06-09 05:01 - 2004-08-04 06:00 - 00002206 ____A C:\Windows\System32\wpa.dbl<br />2013-06-08 19:42 - 2013-06-08 19:37 - 00004484 ____A C:\Windows\KB2758857.log<br />2013-06-08 19:42 - 2013-06-08 19:36 - 00004346 ____A C:\Windows\KB2802968.log<br />2013-06-08 19:42 - 2013-06-08 19:36 - 00004264 ____A C:\Windows\KB2780091.log<br />2013-06-08 19:42 - 2013-06-08 19:35 - 00004094 ____A C:\Windows\KB2820917.log<br />2013-06-08 19:42 - 2013-06-08 19:35 - 00004015 ____A C:\Windows\KB2757638.log<br />2013-06-08 19:42 - 2013-06-08 19:35 - 00003927 ____A C:\Windows\KB2749655.log<br />2013-06-08 19:41 - 2013-06-08 19:34 - 00003839 ____A C:\Windows\KB2727528.log<br />2013-06-08 19:37 - 2009-08-25 14:56 - 00000000 ___HD C:\Windows\$hf_mig$<br />2013-06-08 19:22 - 2012-09-04 20:35 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe<br />2013-06-08 19:22 - 2012-09-04 20:35 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl<br /><br />Files to move or delete:<br />====================<br />C:\Users\public\MyWebTattoo.exe<br /><br />==================== Bamital &amp; volsnap Check =================<br /><br />C:\Windows\explorer.exe =&gt; MD5 is legit<br />C:\Windows\System32\winlogon.exe =&gt; MD5 is legit<br />C:\Windows\System32\svchost.exe =&gt; MD5 is legit<br />C:\Windows\System32\services.exe =&gt; MD5 is legit<br />C:\Windows\System32\User32.dll =&gt; MD5 is legit<br />C:\Windows\System32\userinit.exe =&gt; MD5 is legit<br />C:\Windows\System32\Drivers\volsnap.sys =&gt; MD5 is legit<br /><br />==================== End Of Log ============================<br /><br /><br /><br /><br />Additional scan result of Farbar Recovery Scan Tool (x86) Version: 09-06-2013<br />Ran by donna at 2013-06-09 14:35:34 Run:<br />Running from C:\Documents and Settings\donna\Desktop<br />Boot Mode: Normal<br />==========================================================<br /><br /><br />==================== Installed Programs =======================<br /><br />Adobe Flash Player 11 ActiveX (Version: 11.7.700.202)<br />Adobe Reader XI (11.0.02) (Version: 11.0.02)<br />AOL Uninstaller (Choose which Products to Remove)<br />Apple Application Support (Version: 1.1.0)<br />Apple Software Update (Version: 2.1.1.116)<br />ATI Control Panel<br />ATI Display Driver<br />Canon Camera Access Library (Version: 8.4.0.1)<br />Canon Camera Support Core Library (Version: 7.3.1.6)<br />Canon G.726 WMP-Decoder (Version: 1.1.0.4)<br />Canon iC D800<br />Canon MovieEdit Task for ZoomBrowser EX (Version: 2.6.0.4)<br />Canon RAW Image Task for ZoomBrowser EX (Version: 0.9.3.9)<br />Canon Utilities CameraWindow (Version: 7.1.0.2)<br />Canon Utilities CameraWindow DC (Version: 7.1.0.7)<br />Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX (Version: 5.4.5.17)<br />Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX (Version: 6.4.2.16)<br />Canon Utilities EOS Utility (Version: 1.1.0.8)<br />Canon Utilities MyCamera (Version: 6.4.0.5)<br />Canon Utilities MyCamera DC (Version: 7.0.1.8)<br />Canon Utilities PhotoStitch (Version: 3.1.21.45)<br />Canon Utilities RemoteCapture Task for ZoomBrowser EX (Version: 1.7.1.9)<br />Canon Utilities ZoomBrowser EX (Version: 6.1.0.20)<br />Canon ZoomBrowser EX Memory Card Utility (Version: 1.1.0.8)<br />Conexant D480 MDC V.92 Modem<br />Dell ResourceCD<br />Download Updater (AOL LLC)<br />eReg (Version: 1.20.138.34)<br />Fast Browser Search (My Face LOL) (Version: 2.0)<br />Java Auto Updater (Version: 2.0.7.1)<br />Java™ 6 Update 35 (Version: 6.0.350)<br />Logitech SetPoint 6.32 (Version: 6.32.20)<br />Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)<br />McAfee SecurityCenter<br />Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)<br />Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)<br />Microsoft .NET Framework 3.5 SP1<br />Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)<br />Microsoft Application Error Reporting (Version: 12.0.6012.5000)<br />Microsoft Kernel-Mode Driver Framework Feature Pack 1.9<br />Microsoft Office XP Media Content (Version: 10.0.2619.0)<br />Microsoft Office XP Small Business (Version: 10.0.2627.01)<br />Microsoft Security Client (Version: 4.2.0223.1)<br />Microsoft Security Essentials (Version: 4.2.223.1)<br />Microsoft VC9 runtime libraries (Version: 1.0.0)<br />Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)<br />MSXML 6 Service Pack 2 (KB973686) (Version: 6.20.2003.0)<br />QuickTime (Version: 7.65.17.80)<br />Revo Uninstaller Pro 3.0.5 (Version: 3.0.5)<br />Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0)<br />Synaptics TouchPad<br />Uninstall AOL Emergency Connect Utility 1.0<br />Unity Web Player (Version: 2.5.1f5_24931)<br />Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)<br />Update for Windows Internet Explorer 8 (KB975364) (Version: 1)<br />Update for Windows Internet Explorer 8 (KB976662) (Version: 1)<br />Update for Windows XP (KB2345886) (Version: 1)<br />Update for Windows XP (KB2541763) (Version: 1)<br />Update for Windows XP (KB2616676-v2) (Version: 2)<br />Update for Windows XP (KB2641690) (Version: 1)<br />Update for Windows XP (KB2661254-v2) (Version: 2)<br />Update for Windows XP (KB2718704) (Version: 1)<br />Update for Windows XP (KB951978) (Version: 1)<br />Update for Windows XP (KB955759) (Version: 1)<br />Update for Windows XP (KB967715) (Version: 1)<br />Update for Windows XP (KB968389) (Version: 1)<br />Update for Windows XP (KB971029) (Version: 1)<br />Update for Windows XP (KB971737) (Version: 1)<br />Update for Windows XP (KB973687) (Version: 1)<br />Update for Windows XP (KB973815) (Version: 1)<br />Update for Windows XP (KB976749) (Version: 1)<br />Viewpoint Media Player<br />WebFldrs XP (Version: 9.50.7523)<br />Windows Imaging Component (Version: 3.0.0.0)<br />Windows Internet Explorer 8 (Version: 20090308.140743)<br />Windows XP Service Pack 3 (Version: 20080414.031525)<br /><br />==================== Restore Points =========================<br /><br />08-06-2013 23:38:12 Revo Uninstaller's restore point - Java™ 6 Update 35<br />08-06-2013 23:49:51 Removed Java™ 6 Update 35<br />08-06-2013 23:59:30 Revo Uninstaller's restore point - Java™ 6 Update 35<br />08-06-2013 23:41:45 System Checkpoint<br />09-06-2013 08:49:57 Software Distribution Service 3.0<br />09-06-2013 09:54:56 Software Distribution Service 3.0<br /><br />==================== Faulty Device Manager Devices =============<br /><br /><br />==================== Event log errors: =========================<br /><br />Application errors:<br />==================<br />Error: (06/09/2013 05:57:37 AM) (Source: Application Error) (User: )<br />Description: Faulting application mcshield.exe, version 14.4.0.387, faulting module mytilus3_worker.dll, version 14.4.0.387, fault address 0x0000ad5d.<br />Processing media-specific event for [mcshield.exe!ws!]<br /><br />Error: (06/09/2013 05:55:59 AM) (Source: McLogEvent) (User: NT AUTHORITY)<br />Description: Exception in McShield.Exe!<br /><br />Exception details follow :<br /><br />VSCORE.14.4.0.387<br />Exception Code : 0XC0000005<br />Exception Address : 0X1471AD5D<br />Exception Parameters : 2<br />Param 1 = 00000000<br />Param 2 = 0X01AB618C<br /><br />More information :<br /><br />Error: (06/09/2013 05:50:03 AM) (Source: MPSampleSubmission) (User: )<br />Description: EventType mptelemetry, P1 0x80070003, P2 moac, P3 cachereset, P4 4.2.223.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.<br /><br />Error: (06/08/2013 07:51:00 PM) (Source: Application Hang) (User: )<br />Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.<br /><br />Error: (06/08/2013 08:10:46 PM) (Source: McLogEvent) (User: NT AUTHORITY)<br />Description: Exception in McShield.Exe!<br /><br />Exception details follow :<br /><br />VSCORE.14.4.0.387<br />Exception Code : 0XC0000005<br />Exception Address : 0X1472D485<br />Exception Parameters : 2<br />Param 1 = 00000000<br />Param 2 = 0X0149C298<br /><br />More information :<br /><br />Error: (06/08/2013 07:23:02 PM) (Source: crypt32) (User: )<br />Description: Failed extract of third-party root list from auto update cab at: &lt;http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab&gt; with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.<br /><br />Error: (06/08/2013 07:23:02 PM) (Source: crypt32) (User: )<br />Description: Failed auto update retrieval of third-party root list sequence number from: &lt;http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt&gt; with error: This network connection does not exist.<br /><br />Error: (06/08/2013 07:23:02 PM) (Source: crypt32) (User: )<br />Description: Failed extract of third-party root list from auto update cab at: &lt;http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab&gt; with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.<br /><br />Error: (06/08/2013 07:23:02 PM) (Source: crypt32) (User: )<br />Description: Failed auto update retrieval of third-party root list sequence number from: &lt;http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt&gt; with error: This network connection does not exist.<br /><br />Error: (06/08/2013 07:23:02 PM) (Source: crypt32) (User: )<br />Description: Failed extract of third-party root list from auto update cab at: &lt;http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab&gt; with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.<br /><br /><br />System errors:<br />=============<br />Error: (06/09/2013 02:25:26 PM) (Source: Service Control Manager) (User: )<br />Description: The Application Layer Gateway Service service failed to start due to the following error:<br />%%1053<br /><br />Error: (06/09/2013 02:25:26 PM) (Source: Service Control Manager) (User: )<br />Description: Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.<br /><br />Error: (06/09/2013 02:24:06 PM) (Source: Service Control Manager) (User: )<br />Description: The IMAPI CD-Burning COM Service service failed to start due to the following error:<br />%%1053<br /><br />Error: (06/09/2013 02:24:06 PM) (Source: Service Control Manager) (User: )<br />Description: Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.<br /><br />Error: (06/09/2013 11:39:51 AM) (Source: Service Control Manager) (User: )<br />Description: The following boot-start or system-start driver(s) failed to load:<br />Fips<br />intelppm<br />MpFilter<br />OMCI<br /><br />Error: (06/09/2013 11:39:11 AM) (Source: DCOM) (User: NT AUTHORITY)<br />Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""<br />in order to run the server:<br />{1BE1F766-5536-11D1-B726-00C04FB926AF}<br /><br />Error: (06/09/2013 10:56:15 AM) (Source: Service Control Manager) (User: )<br />Description: The Application Layer Gateway Service service failed to start due to the following error:<br />%%1053<br /><br />Error: (06/09/2013 10:56:15 AM) (Source: Service Control Manager) (User: )<br />Description: Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.<br /><br />Error: (06/09/2013 10:27:54 AM) (Source: 0) (User: )<br />Description: 0xC0000001HarddiskVolume1<br /><br />Error: (06/09/2013 05:58:30 AM) (Source: Service Control Manager) (User: )<br />Description: The McAfee McShield service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.<br /><br /><br />Microsoft Office Sessions:<br />=========================<br />Error: (06/09/2013 05:57:37 AM) (Source: Application Error)(User: )<br />Description: mcshield.exe14.4.0.387mytilus3_worker.dll14.4.0.3870000ad5d<br /><br />Error: (06/09/2013 05:55:59 AM) (Source: McLogEvent)(User: NT AUTHORITY)<br />Description: VSCORE.14.4.0.387<br />Exception Code : 0XC0000005<br />Exception Address : 0X1471AD5D<br />Exception Parameters : 2<br />Param 1 = 00000000<br />Param 2 = 0X01AB618C<br /><br />More information :<br /><br />Error: (06/09/2013 05:50:03 AM) (Source: MPSampleSubmission)(User: )<br />Description: mptelemetry0x80070003moaccachereset4.2.223.0unspecifiedunspecifiedunspecifiedNILNILNIL<br /><br />Error: (06/08/2013 07:51:00 PM) (Source: Application Hang)(User: )<br />Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000<br /><br />Error: (06/08/2013 08:10:46 PM) (Source: McLogEvent)(User: NT AUTHORITY)<br />Description: VSCORE.14.4.0.387<br />Exception Code : 0XC0000005<br />Exception Address : 0X1472D485<br />Exception Parameters : 2<br />Param 1 = 00000000<br />Param 2 = 0X0149C298<br /><br />More information :<br /><br />Error: (06/08/2013 07:23:02 PM) (Source: crypt32)(User: )<br />Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.<br /><br />Error: (06/08/2013 07:23:02 PM) (Source: crypt32)(User: )<br />Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.<br /><br />Error: (06/08/2013 07:23:02 PM) (Source: crypt32)(User: )<br />Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.<br /><br />Error: (06/08/2013 07:23:02 PM) (Source: crypt32)(User: )<br />Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.<br /><br />Error: (06/08/2013 07:23:02 PM) (Source: crypt32)(User: )<br />Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.<br /><br /><br />==================== Memory info ===========================<br /><br />Percentage of memory in use: 66%<br />Total physical RAM: 511.43 MB<br />Available physical RAM: 170.59 MB<br />Total Pagefile: 1248.08 MB<br />Available Pagefile: 655.97 MB<br />Total Virtual: 2047.88 MB<br />Available Virtual: 1938.38 MB<br /><br />==================== Drives ================================<br /><br />Drive c: () (Fixed) (Total:37.26 GB) (Free:26.33 GB) NTFS ==&gt;[Drive with boot components (Windows XP)]<br /><br />==================== MBR &amp; Partition Table ==================<br /><br />========================================================<br />Disk: 0 (MBR Code: Windows XP) (Size: 37 GB) (Disk ID: 9DC96E9E)<br />Partition 1: (Active) - (Size=37 GB) - (Type=07 NTFS)<br /><br />==================== End Of Log ============================

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:19 PM

Posted 09 June 2013 - 08:26 PM

Hello Gone gray


Sorry to say it came out the same way - I want you to attach it for me - you can find where to attach under "more reply Options"


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 Gone gray

Gone gray
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:07:19 PM

Posted 10 June 2013 - 06:15 AM

Sorry Gringo, i dont know what i did wrong.....
here are the attachments,

Attached Files



#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:19 PM

Posted 10 June 2013 - 12:26 PM


Hello Gone gray

It was not you it is the forum software that caused it. I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 Gone gray

Gone gray
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:07:19 PM

Posted 10 June 2013 - 04:59 PM

Downloaded combo fix,
It installed another program first.
After that I disabled all sec progs,
Ran combo fix but it froze on the auto scan screen.
I rebooted in safe mode and ran Combe fix again.
And again the system froze ...
No blinking, no mouse movement, even the clock stop.....
I will reboot via power down and await to here from you.

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:19 PM

Posted 10 June 2013 - 08:09 PM


Hello Gone gray

I would like you to try and run these next.

TDSSKiller

Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Put a checkmark beside loaded modules.
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
  • Click the Start Scan button.
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
  • If malicious objects are found, they will show in the Scan results
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • more than one report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". The one that I need is the larger one. Please copy and paste the contents of that file here.

    Note** this report can be very long - so if the website gives you an error saying it is to long you may attache it

    If the forum still complains about it being to long send me everything that is at the end of the report after where it says

    ==================
    Scan finished
    ==================
and I will see if I want to see the whole report

--RogueKiller--

Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
  • Quit all programs that you may have started.
  • Please disconnect any external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • the scan will make two reports the one I would like to see is called RKreport[2].txt on your Desktop
  • Exit/Close RogueKiller+
send me the reports made from TDSSKiller and Roguekiller and also let me know how the computer is doing at this time.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 Gone gray

Gone gray
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:07:19 PM

Posted 11 June 2013 - 09:38 AM

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : donna [Admin rights]
Mode : Remove -- Date : 06/11/2013 10:27:33
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[SCREENSV][SUSP PATH] HKCU\[...]\Desktop (C:\Documents and Settings\donna\Desktop\dds.scr) [x] -> REPLACED (C:\WINDOWS\system32\logon.scr)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: IC25N040ATCS05-0 +++++
--- User ---
[MBR] b99911a5b86b35bdf282d515b936a1f7
[BSP] f0531316a6163d16f4ba254ab3fe3bf4 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 38154 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_06112013_02d1027.txt >>
RKreport[1]_S_06112013_02d1026.txt ; RKreport[2]_D_06112013_02d1027.txt

Attached Files



#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:19 PM

Posted 11 June 2013 - 10:54 AM


Hello Gone gray

Ok lets try this, I want you to run combofix in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.
after combofix has finished its scan please post the report back here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users