Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rkill shows ZeroAccess Root Kit


  • This topic is locked This topic is locked
25 replies to this topic

#1 eclark53

eclark53

  • Members
  • 96 posts
  • OFFLINE
  •  
  • Local time:12:04 PM

Posted 07 December 2013 - 06:11 AM

DDS hangs, will not produce reports.  However, I have several other logs from other programs.  Combofix just hangs as well.  But this issue with Combofix has been going on for eons.  I have no idea why it will not run on ther Win 7 Computer.  It works fabulously on the XP machines.

 

Back at the ranch,  I have not desktop icons, no task bar.  Explorer.exe will not run more than about 3 seconds then it crashes.  Access to files onlyh though Task manager, New task, browse.

 

I installed Avast AV but it would not run at all.  I tried Kaspersky Rescue Disk, No Avail, I performed online Scans with, Kaspersky, Trend Micro House Call. and McAfee. 

Also internet access on the affected computer is intermittent.  Attached File  GMER Log 12-06-2013.txt   7.74KB   1 downloadsAttached File  GMER Log 12-06-2013.txt   7.74KB   1 downloads

Attached are the logs from other programs:

 

Other logs can be found here and   here

Attached Files


Edited by eclark53, 07 December 2013 - 12:33 PM.


BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:01:04 PM

Posted 07 December 2013 - 12:52 PM

Hello eclark53,
  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

  • Finally, please reply using the Post button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
1.
Install Recovery Console and Run ComboFix

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • RcAuto1.gif
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    whatnext.png
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 eclark53

eclark53
  • Topic Starter

  • Members
  • 96 posts
  • OFFLINE
  •  
  • Local time:12:04 PM

Posted 07 December 2013 - 02:30 PM

Well first off, Combofix will not run on my computer.  It never has.  It starts and goes to the screen that says this scan will take 10 minutes, but for badly infected systems it could easily double.  It will stay on that screen hours.  The nouse pointer will freeze and a reboot is necessary.

This has always been the case with this machine and Combofix.  It runs fine on my other WinXP machines.  But it hangs indefinitely on this Win 7 Machine.

 

BTW I do not have any desktop icons, no start menue, no task bar,  Just a blank screen.  The only way I can launch any program is through the Task Manager > Run New Task > Browse.  Then I navigate to Program Files  and ultimately to the program install directory, highlight the exe program, right click and run as administrator.  Them the program will launch.

 

 

The  last good boot I had displayed these errors:  Windows cannot find the following files in the C:\Windows/INF/  msnetmtg.inf / msmgs.inf wmpll.inf / fxocm.inf.  Then the screen went blank and my worries began.  I tried to extract these files from the Win7 DVD, but could not find them in the inf folder.



 


Edited by eclark53, 07 December 2013 - 02:40 PM.


#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:01:04 PM

Posted 07 December 2013 - 02:32 PM

Have you tried to run it while in Safemode? Do you have a USb Flash Drive?


Edited by fireman4it, 07 December 2013 - 02:32 PM.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 eclark53

eclark53
  • Topic Starter

  • Members
  • 96 posts
  • OFFLINE
  •  
  • Local time:12:04 PM

Posted 07 December 2013 - 02:41 PM

Have you tried to run it while in Safemode? Do you have a USb Flash Drive?

 

 

I tried to run Combofix in the safe mode, but got the same results.  I have many flash drives.  BTW I have 4 computers networked on a LAN.  I am only using 3 as we speak so I can basically see explorer on each computer.


Edited by eclark53, 07 December 2013 - 03:22 PM.


#6 eclark53

eclark53
  • Topic Starter

  • Members
  • 96 posts
  • OFFLINE
  •  
  • Local time:12:04 PM

Posted 08 December 2013 - 10:54 AM

Are you still helping me?



#7 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:01:04 PM

Posted 08 December 2013 - 07:32 PM

 

Are you still helping me?

 

Yes, Im still helping you. We are all volunteers here and have families and real lifethat comes first.

 

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#8 eclark53

eclark53
  • Topic Starter

  • Members
  • 96 posts
  • OFFLINE
  •  
  • Local time:12:04 PM

Posted 08 December 2013 - 09:04 PM

It did not create an Addition.txt file.  I found an old one.  Apparently I ran this program back in August.  So I am attaching that file.

 

 

 

Estelle

Attached Files



#9 eclark53

eclark53
  • Topic Starter

  • Members
  • 96 posts
  • OFFLINE
  •  
  • Local time:12:04 PM

Posted 08 December 2013 - 09:13 PM

I ran a new version of addition.txt.

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 08-12-2013 03
Ran by Estelle Clark at 2013-12-08 20:09:23
Running from C:\Users\Estelle Clark\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Microsoft Security Essentials (Disabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Disabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
 
==================== Installed Programs ======================
 
 Updater (HKCU Version: 1.2.5.36191)
µTorrent (HKCU Version: 3.3.2.30303)
32 Bit HP CIO Components Installer (Version: 7.1.8)
4500_G510nz_Help (Version: 000.0.439.000)
4500G510nz (Version: 000.0.439.000)
4500G510nz_Software_Min (Version: 000.0.423.000)
7-Zip 9.20
Adobe Acrobat XI Pro (Version: 11.0.00)
Adobe AIR (Version: 3.7.0.2090)
Adobe Creative Suite 6 Master Collection (Version: 6)
Adobe Flash Player 11 ActiveX (Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (Version: 11.9.900.117)
Adobe Help Manager (Version: 4.0.244)
Adobe Reader X (10.1.4) (Version: 10.1.4)
Adobe SendNow for Microsoft Outlook (Version: 1.0.1.20667)
Adobe Shockwave Player 12.0 (Version: 12.0.2.122)
Adobe Widget Browser (Version: 2.0 Build 230)
Adobe Widget Browser (Version: 2.0.230)
Advanced Renamer (Version: 3.60)
AIO_Scan (Version: 130.0.365.000)
Alipay security control 3.6.0.0 (Version: 3.6.0.0)
AlipayDHC 1.1.0.0 (Version: 1.1.0.0)
Amazon Kindle
AoA Audio Extractor
A-PDF To Excel
Apple Application Support (Version: 2.3)
Apple Software Update (Version: 2.1.3.127)
Audacity 2.0.3 (Version: 2.0.3)
avast! Free Antivirus (Version: 9.0.2008)
BitTorrent (HKCU Version: 7.8.2.30265)
BlogHatter Pro 2010 v3.3
BufferChm (Version: 130.0.331.000)
Bulk Rename Utility 2.7.1.2
BurnAware Free 6.7
C4200 (Version: 130.0.365.000)
c4200_Help (Version: 82.0.210.000)
calibre (Version: 0.9.24)
CCleaner (Version: 3.25)
Citrix Online Launcher (Version: 1.0.109)
Common Desktop Agent (Version: 1.62.0)
CoPilot Health Management System (Version: 4.2.584)
Copy (Version: 130.0.428.000)
Core Temp 1.0 RC5 (Version: 1.0)
Crochet Charts (Version: 1.1.4)
CyberLink PowerDVD 10 (Version: 10.0.1830)
D3DX10 (Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2013 (KB2760587) 32-Bit Edition
Destinations (Version: 130.0.0.0)
DeviceDiscovery (Version: 130.0.465.000)
DocMgr (Version: 130.0.000.000)
DocProc (Version: 13.0.0.0)
Dragon NaturallySpeaking 11 (Version: 11.50.100)
Dropbox (HKCU Version: 2.0.26)
DVD Audio Extractor 6.3.0
DVD Audio Ripper 4 (Version: 4.0.53.0804)
DVD43 v4.6.0
DYMO Stamps (Version: 3.3)
EaseUS Data Recovery Wizard 5.6.1
Fax (Version: 130.0.418.000)
File Renamer - Basic (Version: 6.3)
File Type Assistant (Version: 2013.4.8.0)
FileZilla Client 3.7.1 (Version: 3.7.1)
FinalTorrent 2012 (Version: 2012.12.09.27)
Free AVI to VOB Converter 1.0.1 (Version: 1.0.1)
Freemake Audio Converter version 1.1.0 (Version: 1.1.0)
Freemake Video Downloader (Version: 3.5.1)
Full Uninstall version 2.12 (Version: 2.12)
GnuWin32: Wget-1.11.4-1 (Version: 1.11.4-1)
Google Chrome (Version: 31.0.1650.57)
Google Update Helper (Version: 1.3.21.165)
GoToMeeting 5.5.0.1132 (HKCU Version: 5.5.0.1132)
GPBaseService2 (Version: 130.0.371.000)
HitmanPro 3.7 (Version: 3.7.8.208)
HP Customer Participation Program 13.0 (Version: 13.0)
HP Document Manager 2.0 (Version: 2.0)
HP Imaging Device Functions 13.0 (Version: 13.0)
HP Officejet 4500 G510n-z (Version: 13.0)
HP Photosmart C4200 All-In-One Driver Software 13.0 Rel. 1 (Version: 13.0)
HP Photosmart Essential 3.5 (Version: 3.5)
HP Product Detection (Version: 11.14.0006)
HP Smart Web Printing 4.51 (Version: 4.51)
HP Solution Center 13.0 (Version: 13.0)
HP Update (Version: 5.005.000.002)
HPDiagnosticAlert (Version: 1.00.0000)
HPPhotoGadget (Version: 130.0.282.000)
HPPhotoSmartDiscLabelContent1 (Version: 2.04.0000)
HPPhotosmartEssential (Version: 2.04.0000)
HPProductAssistant (Version: 130.0.371.000)
HPSSupply (Version: 130.0.371.000)
HSH Home Buyer's Calculator Suite, 2.2.05 (Version: 2.2.05)
ImagXpress (Version: 7.0.74.0)
Inpaint 4.3
Intel® Active Management Technology Device Software
Intel® Graphics Media Accelerator Driver (Version: 8.15.10.1930)
IsoBuster 3.0 (Version: 3.0)
iTube Player(Build 1.0.0) (Version: 1.0.0.6)
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
Kindle Azw Drm Removal (Version: 6.0.1)
Kindle DRM Removal (Version: 1.4.1)
LSI Digger (Version: 1.9.3)
LSI Digger (Version: v1.9.3)
Magic ISO Maker v5.5 (build 0272)
magicJack (HKCU Version: 2.0.6073.4413)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
MarketResearch (Version: 130.0.374.000)
McAfee Security Scan Plus (Version: 3.8.130.10)
Micro Niche Finder 5.0 (Version: 5.7.19.0)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Access database engine 2010 (English) (Version: 14.0.6029.1000)
Microsoft Access MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Access Setup Metadata MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft DCF MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Excel MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Groove MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft InfoPath MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Lync MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Office OSM MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Office OSM UX MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Office Outlook Connector (Version: 14.0.6123.5001)
Microsoft Office Professional Plus 2013 (Version: 15.0.4420.1017)
Microsoft Office Proofing (English) 2013 (Version: 15.0.4420.1017)
Microsoft Office Proofing Tools 2013 - English (Version: 15.0.4420.1017)
Microsoft Office Proofing Tools 2013 - Español (Version: 15.0.4420.1017)
Microsoft Office Shared MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Office Shared Setup Metadata MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft OneNote MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Outlook MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft PowerPoint MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Publisher MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Security Client (Version: 4.3.0219.0)
Microsoft Security Essentials (Version: 4.3.219.0)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft Streets & Trips 2013 (Version: 19.0.18.1100)
Microsoft VC9 runtime libraries (Version: 2.0.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Word MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86 (Version: 1.00.0000)
mIRC (Version: 7.29)
Mobipocket Converter (Version: )
Mozilla Firefox 25.0.1 (x86 en-US) (Version: 25.0.1)
Mozilla Maintenance Service (Version: 25.0.1)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT110 (Version: 16.4.1108.0727)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Nero 12 (Version: 12.0.02000)
neroxml (Version: 1.0.0)
Network (Version: 130.0.374.000)
Norton Utilities 16 (Version: 16.0)
Ö§¸¶±¦°²È«¿Ø¼þ 3.16.0.0 (Version: 3.16.0.0)
OCR Software by I.R.I.S. 13.0 (Version: 13.0)
Octoshape add-in for Adobe Flash Player
Open DVD ripper 2.50 Build 439 (Version: 2.50.0.439)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4420.1017)
Pamela Pro 4.7 (Version: 4.7)
PDF OCR 4.3.1
PDF Password Remover (Version: 1.0.6)
PDF Settings CS6 (Version: 11.0)
Photo Editor
Photo Stamp Remover 5.2 (Version: 5.2)
PLRExtractor v1.0
PowerISO (Version: 4.8)
PS_AIO_Software_min (Version: 130.0.365.000)
PSPad editor (Version: 4.5.7.2450)
QuickPar 0.9 (Version: 0.9)
QuickTime (Version: 7.73.80.64)
RAR Password Recovery v1.1 RC16 (remove only)
Revo Uninstaller Pro 2.5.8 (Version: 2.5.8)
SafeTransaction 5.8.0.0 (Version: 5.8.0.0)
Samsung Easy Printer Manager (Version: 1.02.49.01(5/23/2012))
Samsung ML-331x Series (Version: 1.31 (1/16/2013))
Samsung Printer Live Update (Version: 1.01.00:04(2013-04-22))
Scan (Version: 13.0.0.0)
Screencast-O-Matic
Shop for HP Supplies (Version: 13.0)
Skype Click to Call (Version: 6.10.13089)
Skype™ 6.1 (Version: 6.1.129)
SmartWebPrinting (Version: 130.0.457.000)
SolutionCenter (Version: 130.0.373.000)
SQL-Splitter 1.2.0.1
Status (Version: 130.0.469.000)
SUPERAntiSpyware (Version: 5.6.1042)
swMSM (Version: 12.0.0.1)
System Requirements Lab for Intel (Version: 4.5.13.0)
SysTools PDF Watermark Remover v1.0
Toolbox (Version: 130.0.648.000)
TradeManager 2012
TrayApp (Version: 130.0.422.000)
Trojan Remover 6.8.3 (Version: 6.8.3)
TuneUp Utilities Language Pack (de-DE) (Version: 13.0.3020.2)
Tweaking.com - Windows Repair (All in One) (Version: 1.9.15)
UnloadSupport (Version: 11.0.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (Version: 1)
Update for Microsoft Access 2013 (KB2760350) 32-Bit Edition
Update for Microsoft Excel 2013 (KB2760339) 32-Bit Edition
Update for Microsoft Lync 2013 (KB2817621) 32-Bit Edition
Update for Microsoft Office 2013 (KB2726954) 32-Bit Edition
Update for Microsoft Office 2013 (KB2726996) 32-Bit Edition
Update for Microsoft Office 2013 (KB2727096) 32-Bit Edition
Update for Microsoft Office 2013 (KB2737954) 32-Bit Edition
Update for Microsoft Office 2013 (KB2752025) 32-Bit Edition
Update for Microsoft Office 2013 (KB2752094) 32-Bit Edition
Update for Microsoft Office 2013 (KB2760224) 32-Bit Edition
Update for Microsoft Office 2013 (KB2760538) 32-Bit Edition
Update for Microsoft Office 2013 (KB2760553) 32-Bit Edition
Update for Microsoft Office 2013 (KB2760610) 32-Bit Edition
Update for Microsoft Office 2013 (KB2767845) 32-Bit Edition
Update for Microsoft Office 2013 (KB2767851) 32-Bit Edition
Update for Microsoft Office 2013 (KB2767860) 32-Bit Edition
Update for Microsoft Office 2013 (KB2768016) 32-Bit Edition
Update for Microsoft Office 2013 (KB2810010) 32-Bit Edition
Update for Microsoft Office 2013 (KB2817320) 32-Bit Edition
Update for Microsoft Office 2013 (KB2817482) 32-Bit Edition
Update for Microsoft Office 2013 (KB2817489) 32-Bit Edition
Update for Microsoft Office 2013 (KB2817492) 32-Bit Edition
Update for Microsoft OneNote 2013 (KB2817467) 32-Bit Edition
Update for Microsoft Outlook 2013 (KB2817629) 32-Bit Edition
Update for Microsoft PowerPoint 2013 (KB2726947) 32-Bit Edition
Update for Microsoft PowerPoint 2013 (KB2810006) 32-Bit Edition
Update for Microsoft SkyDrive Pro (KB2817622) 32-Bit Edition
Update for Microsoft Visio 2013 (KB2810008) 32-Bit Edition
Update for Microsoft Visio Viewer 2013 (KB2768338) 32-Bit Edition
Update for Microsoft Word 2013 (KB2767863) 32-Bit Edition
Update for Microsoft Word 2013 (KB2810086) 32-Bit Edition
Visual C++ 9.0 CRT (x86) WinSXS MSM (Version: 9.0)
Visual C++ 9.0 OpenMP (x86) WinSXS MSM (Version: 9.0)
Visual C++ 9.0 Runtime for Dragon NaturallySpeaking (Version: 11.0.0)
Visual Studio Tools for the Office system 3.0 Runtime
Visual Studio Tools for the Office system 3.0 Runtime (Version: 9.0.21022)
VLC media player 2.1.1 (Version: 2.1.1)
WebReg (Version: 130.0.132.017)
WinAVI Video Converter (Version: 11.0.0.3995)
Windows Live Communications Platform (Version: 16.4.3508.0205)
Windows Live Essentials (Version: 16.4.3508.0205)
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0)
Windows Live Installer (Version: 16.4.3508.0205)
Windows Live PIMT Platform (Version: 16.4.3508.0205)
Windows Live SOXE (Version: 16.4.3508.0205)
Windows Live SOXE Definitions (Version: 16.4.3508.0205)
Windows Live UX Platform (Version: 16.4.3508.0205)
Windows Live UX Platform Language Pack (Version: 16.4.3508.0205)
Windows Live Writer (Version: 16.4.3508.0205)
Windows Live Writer Resources (Version: 16.4.3508.0205)
WinPcap 4.1.2 (Version: 4.1.0.2001)
WinRAR archiver
WinZip 17.5 (Version: 17.5.10480)
xPollinate (Version: 1.0.5)
 
==================== Restore Points  =========================
 
Could not list Restore Points. Check WMI.
 
 
==================== Hosts content: ==========================
 
2009-07-13 20:04 - 2013-12-05 08:02 - 00000741 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {001B2D68-F12E-40F3-85E6-218A242CE45A} - System32\Tasks\NUAutoUpdate => C:\Program Files\Symantec\Norton Utilities 16\SULauncher.exe [2012-09-29] (Symantec)
Task: {01BBA817-81F2-4100-BDE0-778C8CEAFE14} - System32\Tasks\{BD05F41B-1CA7-4370-97CB-46CFB85277E3} => D:\setup.exe [2009-07-14] (Microsoft Corporation)
Task: {0D02205A-5BEF-4549-A5FE-86E80D46B976} - \LaunchApp No Task File
Task: {196B3588-1276-4E13-8F1C-F7ECBC6DD2C6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-01] (Adobe Systems Incorporated)
Task: {1CE42F9D-690D-4C9F-A1D2-988480FF2EC5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-09-09] (Google Inc.)
Task: {27C675F9-7A8D-4157-ABCB-56FBC25B43E8} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Lenovo-Estelle Clark Lenovo => C:\Program Files\Microsoft Office\Office15\MSOSYNC.EXE [2012-10-01] (Microsoft Corporation)
Task: {2EB5E3B9-D2B0-4E50-B8A8-38B702EC6357} - System32\Tasks\Google Updater and Installer => C:\Users\Estelle Clark\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {3B57FA9C-E373-43FB-8630-EFE9DAF57A5B} - System32\Tasks\AdobeAAMUpdater-1.0-Lenovo-Estelle Clark => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2012-09-20] (Adobe Systems Incorporated)
Task: {483B059C-9139-4501-A7C9-A5BB3E1D8241} - System32\Tasks\SUPERAntiSpyware Scheduled Task 08c2e828-4233-4437-963d-1df71e3b0fb1 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-10-10] (SUPERAdBlocker.com)
Task: {5246E59F-29AB-4350-960E-E09A502B705C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {58D4A93B-809D-4E8B-B347-05040772E64F} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\microsoft shared\OFFICE15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {5D87711C-77AF-47C8-AD89-85E9873C3ADA} - System32\Tasks\FinalTorrent Update Checker => C:\Program Files\FinalTorrent\FTCheckForUpdates.exe [2013-03-25] (Bitberry Software)
Task: {770064B3-8AD6-4E69-8DDA-E851055878B4} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-12-04] (AVAST Software)
Task: {77A69473-AD1B-49CC-9452-30A6CE0A6662} - System32\Tasks\SUPERAntiSpyware Scheduled Task 3619ef5e-7589-4b4d-b6c6-2f5f0e0ea6f4 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-10-10] (SUPERAdBlocker.com)
Task: {781514A3-7F33-4EF2-A10C-ADFBADA37AE0} - System32\Tasks\YourFile DownloaderUpdate => C:\Program Files\YourFileDownloader\YourFileUpdater.exe
Task: {80127F54-132F-4F42-8677-DEEC39A6B81F} - \GoforFilesUpdate No Task File
Task: {86F386A4-6545-4438-BE81-C65326343D42} - System32\Tasks\BuzzSocialPoints_DNS_Checker => C:\Windows\BuzzSocialPointsChecker\BSP_li.exe
Task: {881D154E-ABBC-45A4-B360-622372FDDB76} - System32\Tasks\Express FilesUpdate => C:\Program Files\ExpressFiles\EFUpdater.exe
Task: {9B3AB9E1-ECE0-4EDC-90E6-00C7EB98E43A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-09-09] (Google Inc.)
Task: {9E22E1D3-1D26-4D3D-B49C-B85712FDEDD3} - System32\Tasks\ProgramRefresh-ATFST => C:\Program Files\File Type Assistant\TSASetup.exe [2013-04-11] (                                                            )
Task: {AC8A2CF5-0BF4-4608-B3A1-6EE05531C8A5} - System32\Tasks\NUSchedule => C:\Program Files\Symantec\Norton Utilities 16\nu.exe [2012-09-29] (Symantec)
Task: {B32E7249-4539-4852-955C-4E6CF5BA0DBD} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-11-23] (Piriform Ltd)
Task: {B7713C31-494B-4FC5-B1A2-37D25097620C} - System32\Tasks\Go for FilesUpdate => C:\Program Files\GoforFiles\GFFUpdater.exe
Task: {C621530C-637E-41BA-885F-17EA8A51D79F} - \EPUpdater No Task File
Task: {D3320902-9B44-48CE-BBD1-3246D27F7642} - System32\Tasks\AutoKMS => C:\WINDOWS\AutoKMS\AutoKMS.exe
Task: {D7561766-F080-4CED-931E-A6D324C438B6} - System32\Tasks\{2971A337-33F4-4ED5-BC41-ED5A7B6AC20F} => S:\Roxio Creator NXT Pro\setup.exe
Task: {EAF8C46D-FE97-4A01-BDA6-B583076D57BB} - System32\Tasks\ProgramUpdateCheck => C:\Program Files\File Type Assistant\tsassist.exe [2013-04-08] (Trusted Software ApS)
Task: {F99B8582-E903-4400-BD41-45F2AF44841C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {FA9B51BC-7209-4765-9785-C66DC30AE824} - System32\Tasks\YourFile Update => C:\Program Files\YourFileDownloader\YourFileUpdater.exe
Task: {FB944D98-0E43-4819-AEAD-95254AF51755} - System32\Tasks\SpeedDiskSchedule => C:\Program Files\Symantec\Norton Utilities 16\Tools\SpeedDisk\ScheduledDefrag.exe [2012-09-29] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FinalTorrent Update Checker.job => C:\Program Files\FinalTorrent\FTCheckForUpdates.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\NUAutoUpdate.job => C:\Program Files\Symantec\Norton Utilities 16\SULauncher.exe
Task: C:\Windows\Tasks\NUSchedule.job => C:\Program Files\Symantec\Norton Utilities 16\nu.exe
Task: C:\Windows\Tasks\SpeedDiskSchedule.job => C:\Program Files\Symantec\Norton Utilities 16\Tools\SpeedDisk\ScheduledDefrag.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 08c2e828-4233-4437-963d-1df71e3b0fb1.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 3619ef5e-7589-4b4d-b6c6-2f5f0e0ea6f4.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
 
==================== Loaded Modules (whitelisted) =============
 
2012-04-05 05:59 - 2012-04-05 05:59 - 00024064 _____ () C:\Windows\System32\ssi1mlm.dll
2011-06-22 06:41 - 2011-06-22 06:41 - 00024064 _____ () C:\Windows\System32\ssp4ml3.dll
2013-07-10 18:31 - 2013-07-10 18:31 - 08865448 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2012-09-15 05:23 - 2009-08-16 16:06 - 00141312 _____ () C:\Program Files\WinRAR\rarext.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\ProgramData\TEMP:03DBFDCF
AlternateDataStreams: C:\ProgramData\TEMP:0FF263E8
AlternateDataStreams: C:\ProgramData\TEMP:792D4CF1
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\05370337.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\09193069.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\05370337.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\09193069.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
 
==================== Faulty Device Manager Devices =============
 
Name: MpKsld4ce5593
Description: MpKsld4ce5593
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: MpKsld4ce5593
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: Officejet 4500 G510n-z
Description: Officejet 4500 G510n-z
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/08/2013 08:09:23 PM) (Source: MsiInstaller) (User: Lenovo)
Description: Windows Installer proxy information not correctly registered
 
Error: (12/08/2013 08:02:23 PM) (Source: MsiInstaller) (User: Lenovo)
Description: Windows Installer proxy information not correctly registered
 
Error: (12/08/2013 07:56:34 PM) (Source: MsiInstaller) (User: Lenovo)
Description: Windows Installer proxy information not correctly registered
 
Error: (12/08/2013 07:49:22 PM) (Source: MsiInstaller) (User: Lenovo)
Description: Windows Installer proxy information not correctly registered
 
Error: (12/08/2013 07:47:50 PM) (Source: MsiInstaller) (User: Lenovo)
Description: Windows Installer proxy information not correctly registered
 
Error: (12/08/2013 07:47:15 PM) (Source: MsiInstaller) (User: Lenovo)
Description: Windows Installer proxy information not correctly registered
 
Error: (12/08/2013 04:37:24 PM) (Source: MsiInstaller) (User: Lenovo)
Description: Windows Installer proxy information not correctly registered
 
Error: (12/08/2013 04:34:46 PM) (Source: MsiInstaller) (User: Lenovo)
Description: Windows Installer proxy information not correctly registered
 
Error: (12/08/2013 04:33:35 PM) (Source: MsiInstaller) (User: Lenovo)
Description: Windows Installer proxy information not correctly registered
 
Error: (12/08/2013 03:45:55 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe_defragsvc, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: ntdll.dll, version: 6.1.7601.18205, time stamp: 0x51db96c5
Exception code: 0xc0000005
Fault offset: 0x0008b05f
Faulting process id: 0x1cc
Faulting application start time: 0xsvchost.exe_defragsvc0
Faulting application path: svchost.exe_defragsvc1
Faulting module path: svchost.exe_defragsvc2
Report Id: svchost.exe_defragsvc3
 
 
System errors:
=============
Error: (12/08/2013 08:06:27 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (12/08/2013 07:56:27 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (12/08/2013 07:46:27 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (12/08/2013 07:36:27 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (12/08/2013 07:26:27 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (12/08/2013 07:16:27 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (12/08/2013 07:06:27 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (12/08/2013 06:56:27 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (12/08/2013 06:46:27 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (12/08/2013 06:36:27 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
 
Microsoft Office Sessions:
=========================
Error: (12/08/2013 08:09:23 PM) (Source: MsiInstaller)(User: Lenovo)
Description: (NULL)(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (12/08/2013 08:02:23 PM) (Source: MsiInstaller)(User: Lenovo)
Description: (NULL)(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (12/08/2013 07:56:34 PM) (Source: MsiInstaller)(User: Lenovo)
Description: (NULL)(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (12/08/2013 07:49:22 PM) (Source: MsiInstaller)(User: Lenovo)
Description: (NULL)(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (12/08/2013 07:47:50 PM) (Source: MsiInstaller)(User: Lenovo)
Description: (NULL)(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (12/08/2013 07:47:15 PM) (Source: MsiInstaller)(User: Lenovo)
Description: (NULL)(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (12/08/2013 04:37:24 PM) (Source: MsiInstaller)(User: Lenovo)
Description: (NULL)(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (12/08/2013 04:34:46 PM) (Source: MsiInstaller)(User: Lenovo)
Description: (NULL)(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (12/08/2013 04:33:35 PM) (Source: MsiInstaller)(User: Lenovo)
Description: (NULL)(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (12/08/2013 03:45:55 PM) (Source: Application Error)(User: )
Description: svchost.exe_defragsvc6.1.7600.163854a5bc100ntdll.dll6.1.7601.1820551db96c5c00000050008b05f1cc01cef45e1fb5f780C:\Windows\system32\svchost.exeC:\Windows\SYSTEM32\ntdll.dll1d03851a-6052-11e3-a9af-001a6b49283c
 
 
CodeIntegrity Errors:
===================================
  Date: 2013-08-28 13:13:30.777
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\HitmanPro.exe because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 50%
Total physical RAM: 2542.3 MB
Available physical RAM: 1268.4 MB
Total Pagefile: 5082.88 MB
Available Pagefile: 3876.43 MB
Total Virtual: 2047.88 MB
Available Virtual: 1886.09 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:74.54 GB) (Free:5.67 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Win_7) (CDROM) (Total:3.59 GB) (Free:0 GB) UDF
Drive o: (RAM) (Removable) (Total:3.73 GB) (Free:0 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 75 GB) (Disk ID: 59A8604F)
Partition 1: (Active) - (Size=75 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 4 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=4 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#10 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:01:04 PM

Posted 09 December 2013 - 12:32 AM

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

 

 

 

 


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#11 eclark53

eclark53
  • Topic Starter

  • Members
  • 96 posts
  • OFFLINE
  •  
  • Local time:12:04 PM

Posted 09 December 2013 - 01:34 AM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 08-12-2013 03
Ran by Estelle Clark at 2013-12-09 00:32:48 Run:1
Running from \\GATEWAY5200XL\Estelle Clark\My Documents\Downloads
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
URLSearchHook: HKLM - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
URLSearchHook: HKCU - (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} -  No File
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - Backup.Old.DefaultScope {8FB0E3C4-F744-41B3-8730-F590DC9A2D7F}
SearchScopes: HKCU - {AC854C18-2A1E-43f1-8513-0D2F26C796ED} URL = http://home.cloyim.com/search.php?q={searchTerms}
BHO: No Name - {3049C3E9-B461-4BC5-8870-4C09146192CA} -  No File
BHO: No Name - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -  No File
BHO: No Name - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -  No File
BHO: No Name - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -  No File
BHO: No Name - {AA58ED58-01DD-4d91-8333-CF10577473F7} -  No File
BHO: No Name - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -  No File
BHO: No Name - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} -  No File
BHO: No Name - {DBC80044-A445-435b-BC74-9C25C1C588A9} -  No File
Toolbar: HKLM - No Name - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -  No File
Toolbar: HKLM - No Name - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -  No File
Toolbar: HKLM - No Name - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} -  No File
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
FF SearchEngineOrder.user_pref("browser.search.order.1,S", "");: user_pref("browser.search.order.1,S", "");
FF SearchEngineOrder.2: Ask.com
S2 HitmanPro37CrusaderBoot; "Q:\HitmanPro.exe" /crusader:boot [x]
S3 catchme; \??\C:\Users\ESTELL~1\AppData\Local\Temp\catchme.sys [x]
S3 MFE_RR; \??\C:\Users\ESTELL~1\AppData\Local\Temp\mfe_rr.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
S1 zqrlyodq; \??\C:\Windows\system32\drivers\zqrlyodq.sys [x]
C:\Program Files\Google\Desktop\Install
C:\Users\Estelle Clark\AppData\Local\Temp\catchme.dll
C:\Users\Estelle Clark\AppData\Local\Temp\ntdll_dump.dll
C:\Users\Estelle Clark\AppData\Local\Temp\SHSetup.exe
HKLM\...\Run: [] - [x]
HKCU\...\Policies\Explorer: [NoInstrumentation] 1

*****************

HKLM\Software\Microsoft\Internet Explorer\URLSearchHooks\\ => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} => Value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\Backup.Old.DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AC854C18-2A1E-43f1-8513-0D2F26C796ED} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{AC854C18-2A1E-43f1-8513-0D2F26C796ED} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA} => Key deleted successfully.
HKCR\CLSID\{3049C3E9-B461-4BC5-8870-4C09146192CA} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{551A852F-39A6-44A7-9C13-AFBEC9185A9D} => Key deleted successfully.
HKCR\CLSID\{551A852F-39A6-44A7-9C13-AFBEC9185A9D} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E} => Key deleted successfully.
HKCR\CLSID\{72853161-30C5-4D22-B7F9-0BBC1D38A37E} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key deleted successfully.
HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7} => Key deleted successfully.
HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} => Key deleted successfully.
HKCR\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} => Key deleted successfully.
HKCR\CLSID\{DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key deleted successfully.
HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} => Value deleted successfully.
HKCR\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} => Value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{E3286BF1-E654-42FF-B4A6-5E111731DF6B} => Value deleted successfully.
HKCR\CLSID\{E3286BF1-E654-42FF-B4A6-5E111731DF6B} => Key not found.
Winsock: Catalog5 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll
Winsock: Catalog5 entry 000000000005\\LibraryPath  was set successfully to %SystemRoot%\System32\mswsock.dll
Firefox SearchEngineOrder.2 deleted successfully.
HitmanPro37CrusaderBoot => Service deleted successfully.
catchme => Service deleted successfully.
MFE_RR => Service deleted successfully.
VGPU => Service deleted successfully.
zqrlyodq => Service deleted successfully.
C:\Program Files\Google\Desktop\Install => Moved successfully.
C:\Users\Estelle Clark\AppData\Local\Temp\catchme.dll => Moved successfully.
C:\Users\Estelle Clark\AppData\Local\Temp\ntdll_dump.dll => Moved successfully.
C:\Users\Estelle Clark\AppData\Local\Temp\SHSetup.exe => Moved successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoInstrumentation => Value deleted successfully.

==== End of Fixlog ====



#12 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:01:04 PM

Posted 09 December 2013 - 02:52 PM

how is your machine running now?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#13 eclark53

eclark53
  • Topic Starter

  • Members
  • 96 posts
  • OFFLINE
  •  
  • Local time:12:04 PM

Posted 10 December 2013 - 04:14 AM

The same, I still have no desktop no icons.  But we are getting there.  Rkill no longer shows ZeroAccess.  But Combofix still will not run.  It hangs on the page where it talks about  This scan takes only about 10 minutes, However it could easily double for a badly infested machine.

Note, that Combofix never ran on this machine from day one!  If I can getr that fixed, I will be good to go.  Combofix removes a lot of stuff from your machine.  I usually try to run it at least once a week to keep my machines running well.  If we can fix that, I would be most appreciative.

 

 

And explorer.exe will not run.  Crashes immediately.


Edited by eclark53, 10 December 2013 - 02:08 PM.


#14 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:01:04 PM

Posted 10 December 2013 - 02:35 PM

1.

Download Windows Repair (all in one) from this site

Install the program then run it.

Go to Step 2 and allow it to run CheckDisk by clicking on Do It button:

p22001645.gif



Once that is done then go to Step 3 and allow it to run System File Check by clicking on Do It button:

p22001646.gif


Go to Step 4 and under "System Restore" click on Create button:

p22001644.gif


Go to Start Repairs tab and click Start button.

p22001166.gif


Please ensure that ONLY items seen in the image below are ticked as indicated (they're all checked by default):

p22001647.gif

Click on box next to the Restart System when Finished. Then click on Start.

 

 

 

2.

Please download  Listparts
Run the tool, click Scan and post the log (Result.txt) it makes.
 


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#15 eclark53

eclark53
  • Topic Starter

  • Members
  • 96 posts
  • OFFLINE
  •  
  • Local time:12:04 PM

Posted 10 December 2013 - 06:16 PM

I get this error when trying to run sfc  "Windowws Resource Protection Could Not Perform Requested Operation."






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users