Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ransom virus


  • This topic is locked This topic is locked
38 replies to this topic

#1 Jen&Rob

Jen&Rob

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:03:45 AM

Posted 11 December 2013 - 12:48 PM

Hi

 

Please help!!!  I have the ransom virus.  I have tried a few things, but I'm not too good, so I'm hoping someone can help me.

 

As it stands at the moment.

 

I can get my pc to start up with "Safe Mode with command prompt".

 

I have the white screen with "Please connect to the internet".

 

If I just leave the pc on, it eventually goes to the screen saying we need to pay money to unlock (obviously I haven't done this).

 

I tried to do a system restore, but this had no effect.

 

I downloaded Emsisoft Emergency Kit onto a CD and put it in the infected pc.  This found 4 threats, it put 3 in quarantine, but left HKEY_LOCAL_MACHINE\SOFTOMATE.IETOOLBAR.I

 

It was suggested that I downloaded Kapinsky (not sure of spelling!).  I put it on a CD, put it in the infected machine, but I got absolutely nothing.

 

If anyone could help I would really appreciate it.  Any suggestions, please explain simply!!!!



BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:10:45 PM

Posted 11 December 2013 - 06:02 PM

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 Jen&Rob

Jen&Rob
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:03:45 AM

Posted 12 December 2013 - 03:16 AM

Thanks for your reply.  Before I start, can I download this to a CD on my laptop and then put it in the infected pc as I have no internet on the infected one.  Also, how will I be able to copy and paste the report?



#4 Jen&Rob

Jen&Rob
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:03:45 AM

Posted 12 December 2013 - 08:16 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-12-2013
Ran by Administrator (administrator) on MAINPC on 12-12-2013 13:39:45
Running from C:\
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Safe Mode (minimal)

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\WINDOWS\system32\cmd.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [866584 2006-11-03] (Microsoft Corporation)
HKLM\...\Run: [TkBellExe] - C:\Program Files\Common Files\Real\Update_OB\realsched.exe [198160 2009-09-22] (RealNetworks, Inc.)
HKLM\...\Run: [SSBkgdUpdate] - C:\Program Files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe [185896 2006-09-28] (Nuance Communications, Inc.)
HKLM\...\Run: [SigmatelSysTrayApp] - C:\WINDOWS\stsystra.exe [282624 2006-07-24] (SigmaTel, Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\qttask.exe [98304 2006-12-28] (Apple Computer, Inc.)
HKLM\...\Run: [OpwareSE4] - C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe [75304 2006-10-11] (ScanSoft, Inc.)
HKLM\...\Run: [LVCOMSX] - C:\WINDOWS\system32\LVCOMSX.EXE [221184 2005-09-01] (Logitech Inc.)
HKLM\...\Run: [LogitechVideo[inspector]] - C:\Program Files\Logitech\Video\InstallHelper.exe [73728 2005-09-07] (Logitech Inc.)
HKLM\...\Run: [LogitechCameraService(E)] - C:\WINDOWS\system32\ElkCtrl.exe [262144 2004-11-01] (Logitech Inc.)
HKLM\...\Run: [LogitechCameraAssistant] - C:\Program Files\Logitech\Video\CameraAssistant.exe [434176 2005-09-07] (Logitech Inc.)
HKLM\...\Run: [ISUSScheduler] - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-02-16] (InstallShield Software Corporation)
HKLM\...\Run: [ISUSPM Startup] - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2004-07-27] (InstallShield Software Corporation)
HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe [151552 2006-07-06] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] - C:\WINDOWS\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [ehTray] - C:\WINDOWS\ehome\ehtray.exe [67584 2005-09-29] (Microsoft Corporation)
HKLM\...\Run: [DMXLauncher] - C:\Program Files\Dell\Media Experience\DMXLauncher.exe [94208 2005-10-05] ()
HKLM\...\Run: [DLA] - C:\WINDOWS\system32\DLA\DLACTRLW.EXE [127036 2006-09-21] (Sonic Solutions)
HKLM\...\Run: [ArcSoft Connection Service] - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [AVG_UI] - C:\Program Files\AVG\AVG2014\avgui.exe [4956176 2013-11-07] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-09-17] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - "C:\Program Files\Java\jre7\bin\jusched.exe"
HKLM\...\Run: [KB5100804] - C:\Documents and Settings\Jen\Local Settings\Application Data\KB5100804\KB5100804.exe [98852 2013-12-08] ()
HKLM\...\Winlogon: [Shell] Explorer.exe, "C:\Documents and Settings\Jen\Local Settings\Application Data\KB5100804\KB5100804.exe" [x ] ()
Winlogon\Notify\__c00F7FAE: C:\WINDOWS\system32\__c00F7FAE.dat [X]
HKLM\...\Policies\Explorer\Run: [KB5100804] - C:\Documents and Settings\Jen\Local Settings\Application Data\KB5100804\KB5100804.exe [98852 2013-12-08] ( ())
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKCU\...\Run: [DellSupport] - C:\Program Files\Dell Support\DSAgnt.exe [395776 2006-08-28] (Gteko Ltd.)
HKCU\...\Run: [KB5100804] - C:\Documents and Settings\Jen\Local Settings\Application Data\KB5100804\KB5100804.exe [98852 2013-12-08] ()
HKCU\...\Policies\Explorer\Run: [KB5100804] - C:\Documents and Settings\Jen\Local Settings\Application Data\KB5100804\KB5100804.exe [98852 2013-12-08] ( ())
HKCU\...\Policies\system: [DisableTaskMgr] 1
HKCU\...\Policies\system: [DisableRegistryTools] 1
MountPoints2: {361ac05d-0e0d-11da-9aa9-806d6172696f} - E:\setup.exe
HKU\Default User\...\Run: [DellSupport] - C:\Program Files\Dell Support\DSAgnt.exe [ 2006-08-28] (Gteko Ltd.)
HKU\Jen\...\Run: [LogitechSoftwareUpdate] - C:\Program Files\Logitech\Video\ManifestEngine.exe [ 2005-01-18] (Logitech Inc.)
HKU\Jen\...\Run: [Google Update] - C:\Documents and Settings\Jen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [ 2011-10-21] (Google Inc.)
HKU\Jen\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [ 2013-06-03] (Skype Technologies S.A.)
HKU\Jen\...\Run: [KB5100804] - C:\Documents and Settings\Jen\Local Settings\Application Data\KB5100804\KB5100804.exe [ 2013-12-08] ()
HKU\Jen\...\Policies\Explorer\Run: [KB5100804] - C:\Documents and Settings\Jen\Local Settings\Application Data\KB5100804\KB5100804.exe [ 2013-12-08] ()
HKU\Jen\...\Policies\system: [DisableTaskMgr] 1
HKU\Jen\...\Policies\system: [DisableRegistryTools] 1
HKU\Rob\...\Run: [DellSupport] - C:\Program Files\Dell Support\DSAgnt.exe [ 2006-08-28] (Gteko Ltd.)
HKU\Rob\...\Run: [KB5100804] - C:\Documents and Settings\Jen\Local Settings\Application Data\KB5100804\KB5100804.exe [ 2013-12-08] ()
HKU\Rob\...\Policies\Explorer\Run: [KB5100804] - C:\Documents and Settings\Jen\Local Settings\Application Data\KB5100804\KB5100804.exe [ 2013-12-08] ()
HKU\Rob\...\Policies\system: [DisableTaskMgr] 1
HKU\Rob\...\Policies\system: [DisableRegistryTools] 1
AppInit_DLLs: c:\docume~1\alluse~1\applic~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll  [ ] ()
Lsa: [Notification Packages]  :\WINDOWS\syste
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Philips GoGear SA1VBExxA Device Manager.lnk
ShortcutTarget: Philips GoGear SA1VBExxA Device Manager.lnk -> C:\Program Files\Philips\GoGear SA1VBExxA Device Manager\GoGear_SA1VBExxA_DeviceManager.exe (Philips)
Startup: C:\Documents and Settings\Jen\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe (No File)
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2014\avgrsx.exe /sync /restart

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co.uk/hws/sb/dell-usuk/en/side.html?channel=uk
HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www1.euro.dell.com/content/default.aspx?c=uk&l=en&s=gen
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.co.uk/hws/sb/dell-usuk/en/side.html?channel=uk
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: IEPlugin Class - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\Program Files\ArcSoft\Media Converter for Philips\Internet Video Downloader\ArcURLRecord.dll (ArcSoft, Inc.)
BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {4982D40A-C53B-4615-B15B-B5B5E98D167C} -  No File
Toolbar: HKLM - Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {CA47E69B-B484-44C1-8E29-19B6B2694810} http://games.bigfishgames.com/en_candy-ball-game/online/axcontrol.cab
DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: Microsoft AntiMalware ShellExecuteHook - {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll [83224 2006-11-03] (Microsoft Corporation)

========================== Services (Whitelisted) =================

S2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3478544 2013-11-11] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
S2 CSHelper; C:\WINDOWS\system32\CSHelper.exe [266240 2009-09-27] ()
S2 LVPrcSrv; c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe [81920 2005-09-01] (Logitech Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [235216 2013-09-06] (McAfee, Inc.)
S2 McrdSvc; C:\WINDOWS\ehome\mcrdsvc.exe [99328 2005-08-05] (Microsoft Corporation)
S3 ServiceLayer; C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe [651776 2009-09-17] (Nokia)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [13592 2006-11-03] (Microsoft Corporation)
S2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf"

==================== Drivers (Whitelisted) ====================

S1 A2DDA; C:\EEK\RUN\a2ddax86.sys [22056 2013-12-09] (Emsisoft GmbH)
S4 abp480n5; C:\Windows\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
S1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [120600 2013-11-05] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [209176 2013-11-04] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [147768 2013-10-24] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22840 2013-09-17] (AVG Technologies CZ, s.r.o.)
S1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [176952 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [222520 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [102712 2013-10-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27448 2013-09-10] (AVG Technologies CZ, s.r.o.)
S1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [193848 2013-08-01] (AVG Technologies CZ, s.r.o.)
S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S3 cleanhlp; C:\EEK\Run\cleanhlp32.sys [50200 2013-12-09] (Emsisoft GmbH)
S2 DLABOIOM; C:\Windows\System32\DLA\DLABOIOM.SYS [26044 2006-09-21] (Sonic Solutions)
R1 DLACDBHM; C:\Windows\System32\Drivers\DLACDBHM.SYS [5660 2006-03-17] (Sonic Solutions)
S2 DLADResN; C:\Windows\System32\DLA\DLADResN.SYS [2496 2006-09-21] (Sonic Solutions)
S2 DLAIFS_M; C:\Windows\System32\DLA\DLAIFS_M.SYS [87004 2006-09-21] (Sonic Solutions)
S2 DLAOPIOM; C:\Windows\System32\DLA\DLAOPIOM.SYS [15068 2006-09-21] (Sonic Solutions)
S2 DLAPoolM; C:\Windows\System32\DLA\DLAPoolM.SYS [6364 2006-09-21] (Sonic Solutions)
R1 DLARTL_N; C:\Windows\System32\Drivers\DLARTL_N.SYS [22684 2006-03-17] (Sonic Solutions)
S2 DLAUDFAM; C:\Windows\System32\DLA\DLAUDFAM.SYS [94460 2006-09-21] (Sonic Solutions)
S2 DLAUDF_M; C:\Windows\System32\DLA\DLAUDF_M.SYS [88476 2006-09-21] (Sonic Solutions)
S2 DRVNDDM; C:\Windows\System32\Drivers\DRVNDDM.SYS [40544 2006-03-17] (Sonic Solutions)
S3 DSproct; C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys [4864 2006-01-10] (GTek Technologies Ltd.)
R3 FilterService; C:\Windows\System32\DRIVERS\lvuvcflt.sys [22560 2007-05-11] (Logitech Inc.)
S3 GT680x; C:\Windows\System32\Drivers\gt680x.sys [18120 2001-11-08] (   )
S2 hnmwrlspkt; C:\Windows\System32\DRIVERS\hnm_wrls_pkt.sys [13824 2006-07-14] (SingleClick Systems)
S3 Lvckap; C:\WINDOWS\system32\drivers\Lvckap.sys [2169984 2005-09-01] ()
S3 lvmvdrv; C:\WINDOWS\system32\drivers\lvmvdrv.sys [1912064 2005-09-01] ()
S3 LVPrcMon; C:\WINDOWS\system32\drivers\LVPrcMon.sys [16768 2005-09-01] ()
S3 LVUSBSta; C:\Windows\System32\drivers\LVUSBSta.sys [41888 2007-05-11] (Logitech Inc.)
S3 NAL; C:\WINDOWS\system32\Drivers\iqvw32.sys [24064 2006-06-05] (Intel Corporation )
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S2 Packet; C:\Windows\System32\DRIVERS\packet.sys [11136 2006-10-15] (SingleClick Systems)
S3 SONYPVU1; C:\Windows\System32\DRIVERS\SONYPVU1.SYS [7552 2001-08-17] (Sony Corporation)
S1 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [5632 2006-07-24] ()
S3 STHDA; C:\Windows\System32\drivers\sthda.sys [1156648 2006-07-24] (SigmaTel, Inc.)
S3 wanatw; C:\Windows\System32\DRIVERS\wanatw4.sys [33588 2003-01-10] (America Online, Inc.)
S2 wsppkt; C:\Windows\System32\DRIVERS\wsp_pkt.sys [13696 2006-07-14] (SingleClick Systems)
U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U5 Tcpip6; C:\Windows\System32\Drivers\Tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
U1 WS2IFSL;

==================== NetSvcs (Whitelisted) ===================

NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation)

==================== One Month Created Files and Folders ========

2013-12-12 13:39 - 2013-12-12 13:39 - 00015829 _____ C:\FRST.txt
2013-12-12 13:39 - 2013-12-12 12:58 - 01060373 _____ (Farbar) C:\FRST.exe
2013-12-12 13:32 - 2013-12-12 13:32 - 00000000 ____D C:\FRST
2013-12-11 09:43 - 2013-12-11 09:30 - 392259584 _____ C:\kav_rescue_10.iso
2013-12-09 17:01 - 2013-12-09 17:01 - 00000462 _____ C:\Documents and Settings\Administrator\Desktop\Emsisoft Emergency Kit.lnk
2013-12-09 17:00 - 2013-12-09 17:01 - 00000000 ____D C:\EEK
2013-12-09 16:49 - 2013-12-09 16:49 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Ulead Systems
2013-12-09 14:22 - 2013-12-09 14:22 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\AVG2014
2013-12-09 14:19 - 2013-12-09 16:04 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Avg2014
2013-12-09 12:43 - 2013-12-09 12:43 - 00000803 _____ C:\Documents and Settings\Rob\Start Menu\Programs\Internet Explorer.lnk
2013-12-09 12:43 - 2013-12-09 12:43 - 00000000 ____D C:\Documents and Settings\Rob\Local Settings\Application Data\Scansoft
2013-12-09 12:43 - 2013-12-09 12:43 - 00000000 ____D C:\Documents and Settings\Rob\Local Settings\Application Data\Avg2014
2013-12-09 12:43 - 2013-12-09 12:43 - 00000000 ____D C:\Documents and Settings\Rob\Local Settings\Application Data\ArcSoft
2013-12-09 12:43 - 2013-12-09 12:43 - 00000000 ____D C:\Documents and Settings\Rob\Application Data\Real
2013-12-09 12:43 - 2013-12-09 12:43 - 00000000 ____D C:\Documents and Settings\Rob\Application Data\AVG2014
2013-12-09 12:43 - 2013-12-09 12:43 - 00000000 ____D C:\Documents and Settings\Rob\Application Data\ArcSoft
2013-12-09 12:43 - 2013-12-09 12:43 - 00000000 ____D C:\Documents and Settings\Rob\Application Data\Apple Computer
2013-12-09 12:42 - 2013-12-09 12:43 - 00000738 _____ C:\Documents and Settings\Rob\Start Menu\Programs\Outlook Express.lnk
2013-12-09 12:42 - 2013-12-09 12:43 - 00000000 ___RD C:\Documents and Settings\Rob\Start Menu\Programs\Accessories
2013-12-09 12:42 - 2013-12-09 12:42 - 00000788 _____ C:\Documents and Settings\Rob\Start Menu\Programs\Windows Media Player.lnk
2013-12-09 12:42 - 2013-12-09 12:42 - 00000782 _____ C:\Documents and Settings\Rob\Desktop\Windows Media Player.lnk
2013-12-09 12:42 - 2013-12-09 12:42 - 00000000 __SHD C:\Documents and Settings\Rob\IETldCache
2013-12-09 12:42 - 2013-12-09 12:42 - 00000000 ____D C:\Documents and Settings\Rob
2013-12-09 12:42 - 2012-12-12 09:34 - 00000000 ____D C:\Documents and Settings\Rob\Application Data\TuneUp Software
2013-12-09 12:42 - 2010-06-28 11:19 - 00000000 ____D C:\Documents and Settings\Rob\Local Settings\Application Data\Adobe
2013-12-09 12:42 - 2010-06-28 11:13 - 00000000 ____D C:\Documents and Settings\Rob\Application Data\Macromedia
2013-12-09 12:42 - 2007-01-03 21:23 - 00000000 ____D C:\Documents and Settings\Rob\Application Data\AOL
2013-12-09 12:42 - 2006-12-28 16:43 - 00037280 _____ C:\Documents and Settings\Rob\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2013-12-09 12:42 - 2006-12-28 16:43 - 00000000 ____D C:\Documents and Settings\Rob\My Documents\My Google Gadgets
2013-12-09 12:42 - 2006-12-28 16:42 - 00000178 ___SH C:\Documents and Settings\Rob\ntuser.ini
2013-12-09 12:42 - 2006-12-28 16:40 - 00000000 ___HD C:\Documents and Settings\Rob\Application Data\Gtek
2013-12-09 12:42 - 2006-12-28 16:39 - 00000000 ____D C:\Documents and Settings\Rob\Local Settings\Application Data\Google
2013-12-09 12:42 - 2006-12-28 16:34 - 00000000 ____D C:\Documents and Settings\Rob\Application Data\You've Got Pictures Screensaver
2013-12-09 12:42 - 2006-12-28 16:34 - 00000000 ____D C:\Documents and Settings\Rob\Application Data\Symantec
2013-12-09 12:42 - 2006-12-28 16:31 - 00493214 _____ C:\Documents and Settings\Rob\TRANSFORMS=1033.mst
2013-12-09 12:42 - 2006-12-28 16:25 - 00000000 ____D C:\Documents and Settings\Rob\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150060}
2013-12-09 12:42 - 2006-12-28 16:14 - 00000000 ____D C:\Documents and Settings\Rob\Start Menu\Programs\Dell
2013-12-09 12:42 - 2005-08-16 20:52 - 00000136 _____ C:\Documents and Settings\Rob\Local Settings\Application Data\fusioncache.dat
2013-12-09 12:42 - 2005-08-16 04:52 - 00001298 _____ C:\Documents and Settings\Rob\Desktop\Media Center.lnk
2013-12-09 12:42 - 2005-08-16 04:43 - 00001503 _____ C:\Documents and Settings\Rob\Start Menu\Programs\Remote Assistance.lnk
2013-12-08 19:47 - 2013-12-08 19:47 - 00000000 __SHD C:\Documents and Settings\Administrator\PrivacIE
2013-12-08 19:47 - 2013-12-08 19:47 - 00000000 __SHD C:\Documents and Settings\Administrator\IECompatCache
2013-12-08 19:47 - 2013-12-08 19:47 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Macromedia
2013-12-08 19:47 - 2013-12-08 19:47 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Adobe
2013-12-08 19:05 - 2013-12-08 19:05 - 00000000 ____D C:\Documents and Settings\Jen\Local Settings\Application Data\KB5100804
2013-12-08 19:03 - 2013-12-08 19:03 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2013-12-08 18:37 - 2013-12-08 18:37 - 00000000 __SHD C:\WINDOWS\CSC
2013-11-14 22:51 - 2013-11-14 22:51 - 00010294 _____ C:\WINDOWS\KB2900986.log
2013-11-14 22:51 - 2013-11-14 22:51 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2900986$
2013-11-14 22:51 - 2013-11-14 22:51 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876331$
2013-11-14 22:51 - 2013-11-14 22:51 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868626$
2013-11-14 22:51 - 2013-11-14 22:51 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862152$
2013-11-14 22:49 - 2013-11-14 22:51 - 00012517 _____ C:\WINDOWS\KB2888505-IE8.log
2013-11-14 11:18 - 2013-11-14 22:51 - 00017346 _____ C:\WINDOWS\KB2868626.log
2013-11-14 11:17 - 2013-11-14 22:51 - 00016294 _____ C:\WINDOWS\KB2862152.log
2013-11-14 11:15 - 2013-11-14 22:51 - 00015769 _____ C:\WINDOWS\KB2876331.log
2013-11-13 12:28 - 2013-11-13 12:28 - 00001777 _____ C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk
2013-11-13 12:28 - 2013-11-13 12:28 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\McAfee Security Scan Plus

==================== One Month Modified Files and Folders =======

2013-12-12 13:39 - 2013-12-12 13:39 - 00015829 _____ C:\FRST.txt
2013-12-12 13:32 - 2013-12-12 13:32 - 00000000 ____D C:\FRST
2013-12-12 12:58 - 2013-12-12 13:39 - 01060373 _____ (Farbar) C:\FRST.exe
2013-12-11 15:50 - 2007-01-03 11:33 - 00000178 ___SH C:\Documents and Settings\Jen\ntuser.ini
2013-12-11 15:50 - 2005-08-16 04:49 - 00032512 _____ C:\WINDOWS\SchedLgU.Txt
2013-12-11 15:50 - 2005-08-16 04:49 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-12-11 15:50 - 2005-08-16 04:40 - 02004830 _____ C:\WINDOWS\WindowsUpdate.log
2013-12-11 15:50 - 2005-08-16 04:35 - 00000275 _____ C:\WINDOWS\wiadebug.log
2013-12-11 15:50 - 2005-08-16 04:35 - 00000050 _____ C:\WINDOWS\wiaservc.log
2013-12-11 15:50 - 2005-08-16 04:18 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2013-12-11 15:49 - 2010-01-20 20:05 - 00000876 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-11 15:49 - 2005-08-16 04:38 - 00000000 ____D C:\WINDOWS\Registration
2013-12-11 15:47 - 2007-01-04 18:10 - 00000000 _____ C:\WINDOWS\system32\Drivers\lvuvc.hs
2013-12-11 12:10 - 2012-07-10 09:31 - 00000000 ____D C:\Documents and Settings\Jen\Application Data\Dropbox
2013-12-11 12:06 - 2005-08-16 04:50 - 00000178 __SHC C:\Documents and Settings\Administrator\ntuser.ini
2013-12-11 09:30 - 2013-12-11 09:43 - 392259584 _____ C:\kav_rescue_10.iso
2013-12-09 17:01 - 2013-12-09 17:01 - 00000462 _____ C:\Documents and Settings\Administrator\Desktop\Emsisoft Emergency Kit.lnk
2013-12-09 17:01 - 2013-12-09 17:00 - 00000000 ____D C:\EEK
2013-12-09 16:50 - 2007-01-23 16:39 - 00000071 ____C C:\WINDOWS\pex.INI
2013-12-09 16:49 - 2013-12-09 16:49 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Ulead Systems
2013-12-09 16:05 - 2010-10-14 08:40 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MFAData
2013-12-09 16:04 - 2013-12-09 14:19 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Avg2014
2013-12-09 14:22 - 2013-12-09 14:22 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\AVG2014
2013-12-09 13:46 - 2012-07-10 09:33 - 00000000 ___RD C:\Documents and Settings\Jen\My Documents\Dropbox
2013-12-09 12:43 - 2013-12-09 12:43 - 00000803 _____ C:\Documents and Settings\Rob\Start Menu\Programs\Internet Explorer.lnk
2013-12-09 12:43 - 2013-12-09 12:43 - 00000000 ____D C:\Documents and Settings\Rob\Local Settings\Application Data\Scansoft
2013-12-09 12:43 - 2013-12-09 12:43 - 00000000 ____D C:\Documents and Settings\Rob\Local Settings\Application Data\Avg2014
2013-12-09 12:43 - 2013-12-09 12:43 - 00000000 ____D C:\Documents and Settings\Rob\Local Settings\Application Data\ArcSoft
2013-12-09 12:43 - 2013-12-09 12:43 - 00000000 ____D C:\Documents and Settings\Rob\Application Data\Real
2013-12-09 12:43 - 2013-12-09 12:43 - 00000000 ____D C:\Documents and Settings\Rob\Application Data\AVG2014
2013-12-09 12:43 - 2013-12-09 12:43 - 00000000 ____D C:\Documents and Settings\Rob\Application Data\ArcSoft
2013-12-09 12:43 - 2013-12-09 12:43 - 00000000 ____D C:\Documents and Settings\Rob\Application Data\Apple Computer
2013-12-09 12:43 - 2013-12-09 12:42 - 00000738 _____ C:\Documents and Settings\Rob\Start Menu\Programs\Outlook Express.lnk
2013-12-09 12:43 - 2013-12-09 12:42 - 00000000 ___RD C:\Documents and Settings\Rob\Start Menu\Programs\Accessories
2013-12-09 12:42 - 2013-12-09 12:42 - 00000788 _____ C:\Documents and Settings\Rob\Start Menu\Programs\Windows Media Player.lnk
2013-12-09 12:42 - 2013-12-09 12:42 - 00000782 _____ C:\Documents and Settings\Rob\Desktop\Windows Media Player.lnk
2013-12-09 12:42 - 2013-12-09 12:42 - 00000000 __SHD C:\Documents and Settings\Rob\IETldCache
2013-12-09 12:42 - 2013-12-09 12:42 - 00000000 ____D C:\Documents and Settings\Rob
2013-12-09 12:42 - 2013-07-29 10:04 - 00001629 ____C C:\WINDOWS\wmsetup.log
2013-12-08 19:47 - 2013-12-08 19:47 - 00000000 __SHD C:\Documents and Settings\Administrator\PrivacIE
2013-12-08 19:47 - 2013-12-08 19:47 - 00000000 __SHD C:\Documents and Settings\Administrator\IECompatCache
2013-12-08 19:47 - 2013-12-08 19:47 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Macromedia
2013-12-08 19:47 - 2013-12-08 19:47 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Adobe
2013-12-08 19:47 - 2005-08-16 04:50 - 00000000 ____D C:\Documents and Settings\Administrator
2013-12-08 19:05 - 2013-12-08 19:05 - 00000000 ____D C:\Documents and Settings\Jen\Local Settings\Application Data\KB5100804
2013-12-08 19:03 - 2013-12-08 19:03 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2013-12-08 18:37 - 2013-12-08 18:37 - 00000000 __SHD C:\WINDOWS\CSC
2013-12-08 00:02 - 2013-08-05 07:14 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-12-08 00:01 - 2010-01-20 20:05 - 00000880 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-07 23:59 - 2011-12-22 14:00 - 00000970 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3235562508-184085167-3839994087-1005UA.job
2013-12-07 12:59 - 2011-12-22 14:00 - 00000918 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3235562508-184085167-3839994087-1005Core.job
2013-12-07 09:10 - 2013-05-01 08:09 - 00000000 ____D C:\Documents and Settings\Jen\Application Data\Skype
2013-12-06 14:27 - 2007-06-15 13:08 - 00000000 ____D C:\Program Files\GENIE
2013-12-06 14:20 - 2007-01-23 16:38 - 00000104 _____ C:\WINDOWS\ulead32.ini
2013-12-05 12:21 - 2013-05-26 12:46 - 00000284 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2013-12-04 12:30 - 2013-09-11 12:50 - 00054156 ____H C:\WINDOWS\QTFont.qfn
2013-12-03 16:38 - 2007-01-03 12:32 - 00041186 _____ C:\Documents and Settings\Jen\Application Data\wklnhst.dat
2013-12-02 13:43 - 2008-03-23 21:25 - 00000000 ____D C:\valdrev
2013-11-30 19:54 - 2008-01-31 09:43 - 00000000 ____D C:\Documents and Settings\Jen\My Documents\Katie
2013-11-28 17:43 - 2007-12-12 14:49 - 00000000 ____D C:\Documents and Settings\Jen\Application Data\Canon
2013-11-27 10:00 - 2013-07-10 07:22 - 00147759 _____ C:\WINDOWS\setupapi.log
2013-11-14 22:51 - 2013-11-14 22:51 - 00010294 _____ C:\WINDOWS\KB2900986.log
2013-11-14 22:51 - 2013-11-14 22:51 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2900986$
2013-11-14 22:51 - 2013-11-14 22:51 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876331$
2013-11-14 22:51 - 2013-11-14 22:51 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868626$
2013-11-14 22:51 - 2013-11-14 22:51 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862152$
2013-11-14 22:51 - 2013-11-14 22:49 - 00012517 _____ C:\WINDOWS\KB2888505-IE8.log
2013-11-14 22:51 - 2013-11-14 11:18 - 00017346 _____ C:\WINDOWS\KB2868626.log
2013-11-14 22:51 - 2013-11-14 11:17 - 00016294 _____ C:\WINDOWS\KB2862152.log
2013-11-14 22:51 - 2013-11-14 11:15 - 00015769 _____ C:\WINDOWS\KB2876331.log
2013-11-14 22:51 - 2013-07-10 07:29 - 00016856 _____ C:\WINDOWS\updspapi.log
2013-11-14 22:51 - 2013-07-10 07:25 - 00180030 _____ C:\WINDOWS\iis6.log
2013-11-14 22:51 - 2013-07-10 07:25 - 00166298 _____ C:\WINDOWS\FaxSetup.log
2013-11-14 22:51 - 2013-07-10 07:25 - 00079812 _____ C:\WINDOWS\ocgen.log
2013-11-14 22:51 - 2013-07-10 07:25 - 00076176 _____ C:\WINDOWS\tsoc.log
2013-11-14 22:51 - 2013-07-10 07:25 - 00054880 _____ C:\WINDOWS\comsetup.log
2013-11-14 22:51 - 2013-07-10 07:25 - 00050872 _____ C:\WINDOWS\msmqinst.log
2013-11-14 22:51 - 2013-07-10 07:25 - 00033686 _____ C:\WINDOWS\ntdtcsetup.log
2013-11-14 22:51 - 2013-07-10 07:25 - 00029241 _____ C:\WINDOWS\netfxocm.log
2013-11-14 22:51 - 2013-07-10 07:25 - 00018603 _____ C:\WINDOWS\plusoc.log
2013-11-14 22:51 - 2013-07-10 07:25 - 00011610 _____ C:\WINDOWS\MedCtrOC.log
2013-11-14 22:51 - 2013-07-10 07:25 - 00009234 _____ C:\WINDOWS\ocmsn.log
2013-11-14 22:51 - 2013-07-10 07:25 - 00009126 _____ C:\WINDOWS\ehOCGen.log
2013-11-14 22:51 - 2013-07-10 07:25 - 00008397 _____ C:\WINDOWS\tabletoc.log
2013-11-14 22:51 - 2013-07-10 07:25 - 00008343 _____ C:\WINDOWS\msgsocm.log
2013-11-14 22:51 - 2013-07-10 07:25 - 00001393 _____ C:\WINDOWS\imsins.log
2013-11-14 22:51 - 2013-07-10 07:25 - 00001393 _____ C:\WINDOWS\imsins.BAK
2013-11-14 22:50 - 2009-06-30 13:55 - 00000000 ____D C:\WINDOWS\ie8updates
2013-11-14 22:49 - 2013-08-27 13:33 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-11-14 22:44 - 2007-01-03 15:01 - 80340640 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-11-13 12:28 - 2013-11-13 12:28 - 00001777 _____ C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk
2013-11-13 12:28 - 2013-11-13 12:28 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\McAfee Security Scan Plus
2013-11-13 12:27 - 2012-09-17 07:45 - 00000000 ____D C:\Program Files\McAfee Security Scan

Files to move or delete:
====================
C:\Documents and Settings\Jen\runparm.dat

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================


Edited by Jen&Rob, 12 December 2013 - 08:58 AM.


#5 Jen&Rob

Jen&Rob
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:03:45 AM

Posted 12 December 2013 - 08:47 AM

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-12-2013
Ran by Administrator at 2013-12-12 13:40:39
Running from C:\
Boot Mode: Safe Mode (minimal)
==========================================================

==================== Security Center ========================

AV: AVG AntiVirus Free Edition 2014 (Disabled - Up to date) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

==================== Installed Programs ======================

7.2MP DigitalCAM
Acrobat.com (Version: 2.3.0)
Acrobat.com (Version: 2.3.0.0)
Adobe Acrobat 4.0
Adobe AIR (Version: 2.0.2.12610)
Adobe Flash Player 10 Plugin (Version: 10.0.22.87)
Adobe Flash Player 11 ActiveX (Version: 11.9.900.117)
Adobe Reader X (10.1.8) (Version: 10.1.8)
Adobe Shockwave Player 12.0 (Version: 12.0.2.122)
Apple Application Support (Version: 2.3.6)
Apple Mobile Device Support (Version: 7.0.0.117)
Apple Software Update (Version: 2.1.3.127)
ARTEuro (Version: 1.00.0000)
AVG 2014 (Version: 14.0.3658)
AVG 2014 (Version: 14.0.4259)
AVG 2014 (Version: 2014.0.4259)
BrowserProtect <==== ATTENTION
Canon MP Navigator 3.0
Canon MP510 User Registration
Canon Utilities Easy-PhotoPrint
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Critical Update for Windows Media Player 11 (KB959772)
Dell CinePlayer (Version: 3.0)
Dell Driver Reset Tool (Version: 1.02.0000)
Dell Network Assistant (Version: 3.0.0.0)
Dell Support 3.2.1 (Version: 5.5.2087)
Dell System Restore (Version: 2.00.0000)
Easy-WebPrint
GENIE
GoGear SA1VBExxA Device Manager (Version: 01.00)
Google Update Helper (Version: 1.3.22.3)
High Definition Audio Driver Package - KB835221 (Version: 20040219.000000)
Intel® Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
Intel® PRO Network Connections (Version: )
IrfanView (remove only) (Version: 4.36)
iTunes (Version: 11.1.0.126)
Java 7 Update 21 (Version: 7.0.210)
Java Auto Updater (Version: 2.1.9.5)
Junk Mail filter update (Version: 14.0.8117.416)
LiveUpdate 2.6 (Symantec Corporation) (Version: 2.6.14.0)
LizardTech DjVu Control
Logitech Camera Driver
Logitech QuickCam Software (Version: 9.02.0000)
McAfee Security Scan Plus (Version: 3.8.130.10)
MCU (Version: 1.00.0000)
Media Converter for Philips (Version: 2.5.2.231)
Microsoft .NET Framework 1.0 Hotfix (KB2572066)
Microsoft .NET Framework 1.0 Hotfix (KB2604042)
Microsoft .NET Framework 1.0 Hotfix (KB2656378)
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.0 Security Update (KB2698035)
Microsoft .NET Framework 1.0 Security Update (KB2742607)
Microsoft .NET Framework 1.0 Security Update (KB2833951)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Word Viewer 2003 (Version: 11.0.8173.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Works (Version: 08.05.0818)
MSN
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6.0 Parser (KB933579) (Version: 6.10.1200.0)
Otto
PC Connectivity Solution (Version: 9.39.0.0)
QuickTime
RealPlayer
Roxio DLA (Version: 5.2.0)
Roxio MyDVD LE (Version: 6.1.6)
Roxio RecordNow Audio (Version: 2.0.4)
Roxio RecordNow Copy (Version: 2.0.4)
Roxio RecordNow Data (Version: 2.0.4)
SAMSUNG CDMA Modem Driver Set
SAMSUNG Mobile Composite Device Software
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
ScanSoft OmniPage SE 4.0 (Version: 15.00.0020)
Segoe UI (Version: 14.0.4327.805)
Skype™ 6.5 (Version: 6.5.158)
Sonic Activation Module (Version: 1.0)
Sonic Encoders (Version: 1.00)
Sonic Update Manager (Version: 3.0.0)
Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0)
swMSM (Version: 12.0.0.1)
Ulead Photo Explorer 8.0 SE Basic (Version: 8.0)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 8 (KB971930) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows Internet Explorer 8 (KB976749) (Version: 1)
Update for Windows Internet Explorer 8 (KB980182) (Version: 1)
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB2863058) (Version: 1)
Update for Windows XP (KB951072-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB961503) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Update Rollup 2 for Windows XP Media Center Edition 2005
URL Assistant
VC 9.0 Runtime (Version: 1.0.0)
Viewpoint Media Player
Visual Studio 2012 x86 Redistributables (Version: 14.0.0.1)
WebFldrs XP (Version: 9.50.7523)
Windows Defender (Version: 1.1.1593.21)
Windows Driver Package - Nokia pccsmcfd  (08/22/2008 7.0.0.0) (Version: 08/22/2008 7.0.0.0)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.7.0018.5)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7 (Version: 20061107.210142)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live Call (Version: 14.0.8117.0416)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live Mail (Version: 14.0.8117.0416)
Windows Live Messenger (Version: 14.0.8117.0416)
Windows Live Sign-in Assistant (Version: 5.000.818.6)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Media Format 11 runtime
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB2619340
Windows XP Media Center Edition 2005 KB2628259
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3 (Version: 20080414.031525)
WinREG for Windows (Version: 2.1.40)
XML Paper Specification Shared Components Pack 1.0

==================== Restore Points  =========================

07-11-2013 16:24:05 System Checkpoint
08-11-2013 21:40:04 System Checkpoint
10-11-2013 11:14:31 System Checkpoint
12-11-2013 13:04:20 System Checkpoint
13-11-2013 16:51:44 System Checkpoint
14-11-2013 22:43:57 Software Distribution Service 3.0
17-11-2013 17:11:48 System Checkpoint
19-11-2013 09:25:38 System Checkpoint
21-11-2013 14:58:52 System Checkpoint
22-11-2013 18:09:39 System Checkpoint
25-11-2013 09:56:09 System Checkpoint
28-11-2013 12:06:38 System Checkpoint
30-11-2013 07:54:47 System Checkpoint
01-12-2013 15:41:35 System Checkpoint
07-12-2013 19:47:56 System Checkpoint
08-12-2013 19:00:51 Restore Operation

==================== Hosts content: ==========================

2005-08-16 04:18 - 2004-08-10 05:00 - 00000709 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3235562508-184085167-3839994087-1005Core.job => C:\Documents and Settings\Jen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3235562508-184085167-3839994087-1005UA.job => C:\Documents and Settings\Jen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="1"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "UseAlternateShell"="1"

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (12/11/2013 00:09:50 PM) (Source: Application Error) (User: )
Description: Faulting application acdaemon.exe, version 1.1.0.49, faulting module acdaemon.exe, version 1.1.0.49, fault address 0x0001af76.
Processing media-specific event for [acdaemon.exe!ws!]

Error: (12/09/2013 07:05:38 PM) (Source: Application Error) (User: )
Description: Faulting application acdaemon.exe, version 1.1.0.49, faulting module acdaemon.exe, version 1.1.0.49, fault address 0x0001af76.
Processing media-specific event for [acdaemon.exe!ws!]

Error: (12/09/2013 02:55:56 PM) (Source: Application Error) (User: )
Description: Faulting application avgscanx.exe, version 14.0.0.4110, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x00019af2.
Processing media-specific event for [avgscanx.exe!ws!]

Error: (12/09/2013 02:21:52 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (12/09/2013 02:21:50 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (12/09/2013 02:21:50 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (12/09/2013 02:21:49 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The server name or address could not be resolved

Error: (12/09/2013 01:45:55 PM) (Source: Application Error) (User: )
Description: Faulting application acdaemon.exe, version 1.1.0.49, faulting module acdaemon.exe, version 1.1.0.49, fault address 0x0001af76.
Processing media-specific event for [acdaemon.exe!ws!]

Error: (12/09/2013 01:33:02 PM) (Source: Application Error) (User: )
Description: Faulting application acdaemon.exe, version 1.1.0.49, faulting module acdaemon.exe, version 1.1.0.49, fault address 0x0001af76.
Processing media-specific event for [acdaemon.exe!ws!]

Error: (12/08/2013 07:07:45 PM) (Source: EventSystem) (User: )
Description: The COM+ Event System detected an inconsistency in its internal state.  The assertion "GetLastError() == 122L" failed at line 162 of d:\comxp_sp3\com\com1x\src\events\shared\sectools.cpp.  Please contact Microsoft Product Support Services to report this error.

System errors:
=============
Error: (12/12/2013 01:17:00 PM) (Source: 0) (User: )
Description: \Device\CdRom0

Error: (12/12/2013 01:16:56 PM) (Source: 0) (User: )
Description: \Device\CdRom0

Error: (12/12/2013 01:14:35 PM) (Source: 0) (User: )
Description: \Device\CdRom0

Error: (12/12/2013 01:14:32 PM) (Source: 0) (User: )
Description: \Device\CdRom0

Error: (12/12/2013 01:13:33 PM) (Source: 0) (User: )
Description: \Device\CdRom0

Error: (12/12/2013 01:13:30 PM) (Source: 0) (User: )
Description: \Device\CdRom0

Error: (12/12/2013 01:07:57 PM) (Source: 0) (User: )
Description: \Device\CdRom0

Error: (12/12/2013 01:07:53 PM) (Source: 0) (User: )
Description: \Device\CdRom0

Error: (12/12/2013 00:50:26 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
AFD
Avgdiskx
AVGIDSDriver
AVGIDSShim
Avgldx86
Avgtdix
Fips
intelppm
IPSec
MRxSmb
NetBIOS
NetBT
RasAcd
Rdbss
StarOpen
Tcpip

Error: (12/12/2013 00:50:26 PM) (Source: Service Control Manager) (User: )
Description: The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error:
%%31

Microsoft Office Sessions:
=========================
Error: (12/11/2013 00:09:50 PM) (Source: Application Error)(User: )
Description: acdaemon.exe1.1.0.49acdaemon.exe1.1.0.490001af76

Error: (12/09/2013 07:05:38 PM) (Source: Application Error)(User: )
Description: acdaemon.exe1.1.0.49acdaemon.exe1.1.0.490001af76

Error: (12/09/2013 02:55:56 PM) (Source: Application Error)(User: )
Description: avgscanx.exe14.0.0.4110ntdll.dll5.1.2600.605500019af2

Error: (12/09/2013 02:21:52 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.

Error: (12/09/2013 02:21:50 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.

Error: (12/09/2013 02:21:50 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.

Error: (12/09/2013 02:21:49 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThe server name or address could not be resolved

Error: (12/09/2013 01:45:55 PM) (Source: Application Error)(User: )
Description: acdaemon.exe1.1.0.49acdaemon.exe1.1.0.490001af76

Error: (12/09/2013 01:33:02 PM) (Source: Application Error)(User: )
Description: acdaemon.exe1.1.0.49acdaemon.exe1.1.0.490001af76

Error: (12/08/2013 07:07:45 PM) (Source: EventSystem)(User: )
Description: d:\comxp_sp3\com\com1x\src\events\shared\sectools.cpp162GetLastError() == 122L

==================== Memory info ===========================

Percentage of memory in use: 20%
Total physical RAM: 1013.84 MB
Available physical RAM: 809.55 MB
Total Pagefile: 2444.61 MB
Available Pagefile: 2379.15 MB
Total Virtual: 2047.88 MB
Available Virtual: 1968.12 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:51.19 GB) (Free:0.17 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (Backup) (Fixed) (Total:18.61 GB) (Free:18.5 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 75 GB) (Disk ID: E686F016)
Partition 1: (Not Active) - (Size=47 MB) - (Type=DE)
Partition 2: (Active) - (Size=51 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=19 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=5 GB) - (Type=DB)

==================== End Of Log ============================


Edited by Jen&Rob, 12 December 2013 - 08:59 AM.


#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:10:45 PM

Posted 12 December 2013 - 09:33 PM

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

[attachment=144897:fixlixt.txt]

 

 

 

Will the machine start in Normal mode now?

 

 

 

 

 


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 Jen&Rob

Jen&Rob
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:03:45 AM

Posted 13 December 2013 - 10:06 AM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 13-12-2013 01
Ran by Jen at 2013-12-13 15:11:26 Run:1
Running from C:\Documents and Settings\Jen\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKLM\...\Run: [KB5100804] - C:\Documents and Settings\Jen\Local Settings\Application Data\KB5100804\KB5100804.exe [98852 2013-12-08] ()
HKLM\...\Winlogon: [Shell] Explorer.exe, "C:\Documents and Settings\Jen\Local Settings\Application Data\KB5100804\KB5100804.exe" [x ] ()
Winlogon\Notify\__c00F7FAE: C:\WINDOWS\system32\__c00F7FAE.dat [X]
HKLM\...\Policies\Explorer\Run: [KB5100804] - C:\Documents and Settings\Jen\Local Settings\Application Data\KB5100804\KB5100804.exe [98852 2013-12-08] ( ())
HKCU\...\Run: [KB5100804] - C:\Documents and Settings\Jen\Local Settings\Application Data\KB5100804\KB5100804.exe [98852 2013-12-08] ()
HKCU\...\Policies\Explorer\Run: [KB5100804] - C:\Documents and Settings\Jen\Local Settings\Application Data\KB5100804\KB5100804.exe [98852 2013-12-08] ( ())
HKCU\...\Policies\system: [DisableTaskMgr] 1
HKCU\...\Policies\system: [DisableRegistryTools] 1
HKU\Jen\...\Run: [KB5100804] - C:\Documents and Settings\Jen\Local Settings\Application Data\KB5100804\KB5100804.exe [ 2013-12-08] ()
HKU\Jen\...\Policies\Explorer\Run: [KB5100804] - C:\Documents and Settings\Jen\Local Settings\Application Data\KB5100804\KB5100804.exe [ 2013-12-08] ()
HKU\Jen\...\Policies\system: [DisableTaskMgr] 1
HKU\Jen\...\Policies\system: [DisableRegistryTools] 1
HKU\Rob\...\Run: [KB5100804] - C:\Documents and Settings\Jen\Local Settings\Application Data\KB5100804\KB5100804.exe [ 2013-12-08] ()
HKU\Rob\...\Policies\Explorer\Run: [KB5100804] - C:\Documents and Settings\Jen\Local Settings\Application Data\KB5100804\KB5100804.exe [ 2013-12-08] ()
HKU\Rob\...\Policies\system: [DisableTaskMgr] 1
HKU\Rob\...\Policies\system: [DisableRegistryTools] 1
Lsa: [Notification Packages]  :\WINDOWS\syste
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKLM - No Name - {4982D40A-C53B-4615-B15B-B5B5E98D167C} -  No File
Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
C:\Documents and Settings\Jen\runparm.dat
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\KB5100804 => Value not found.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value was restored successfully.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00F7FAE => Key deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\KB5100804 => Value not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\KB5100804 => Value not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\KB5100804 => Value not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableTaskMgr => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableRegistryTools => Value deleted successfully.
HKU\Jen\Software\Microsoft\Windows\CurrentVersion\Run\\KB5100804 => Value not found.
HKU\HKU\Jen\...\Policies\Explorer\Run: [KB5100804] - C:\Documents and Settings\Jen\Local Settings\Application Data\KB5100804\KB5100804.exe [ 2013-12-08] ()\Software\Microsoft\Windows\CurrentVersion\Run\\KB5100804 => Value not found.
HKU\Jen\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\\KB5100804 => Value not found.
HKU\Jen\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableTaskMgr => Value not found.
HKU\Jen\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableRegistryTools => Value not found.
HKU\Rob\Software\Microsoft\Windows\CurrentVersion\Run\\KB5100804 => Value deleted successfully.
HKU\HKU\Rob\...\Policies\Explorer\Run: [KB5100804] - C:\Documents and Settings\Jen\Local Settings\Application Data\KB5100804\KB5100804.exe [ 2013-12-08] ()\Software\Microsoft\Windows\CurrentVersion\Run\\KB5100804 => Value not found.
HKU\Rob\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\\KB5100804 => Value deleted successfully.
HKU\Rob\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableTaskMgr => Value deleted successfully.
HKU\Rob\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableRegistryTools => Value deleted successfully.
HKLM\System\CurrentControlSet\Control\Lsa\\Notification Packages => Value was restored successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} => Value deleted successfully.
HKCR\CLSID\{4982D40A-C53B-4615-B15B-B5B5E98D167C} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => Value deleted successfully.
HKCR\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} => Value deleted successfully.
HKCR\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113} => Key deleted successfully.
C:\Documents and Settings\Jen\runparm.dat => Moved successfully.

==== End of Fixlog ====


Edited by Jen&Rob, 13 December 2013 - 10:42 AM.


#8 Jen&Rob

Jen&Rob
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:03:45 AM

Posted 13 December 2013 - 10:48 AM

It starts up in normal mode.  But there's a message:

 

Arcsoft Connect Daemon has encountered a problem and needs to close.  We are sorry for the inconvenience.

 

If you were in the middle of something, the information you were working on might be lost.

 

Please tell Microsoft about this problem.

 

We have created an error report that you can send to us.  We will treat this report as confidential and anonymous.

 

To see what data this error report contains, click here.

 

Then there's two buttons "Send Error Report" or "Don't Send"



#9 Jen&Rob

Jen&Rob
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:03:45 AM

Posted 13 December 2013 - 10:50 AM

It also wants to do a Microsoft Update.

 

I didn't want to interfere with anything, so I haven't let it download the updates.



#10 Jen&Rob

Jen&Rob
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:03:45 AM

Posted 13 December 2013 - 10:58 AM

If you want me to do anything else, could you let me know if it's safe to use the infected pc.  It looks to be working normally, but I haven't gone on the internet with it, I wanted to wait for your instructions :wink:



#11 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:10:45 PM

Posted 13 December 2013 - 12:39 PM

We need to go ahead and run a couple other scans to make sure there is nothing left over on the machine. Go ahead and let it do the Microsoft updates then do the following.

 

 

Arcsoft Connect Daemon has encountered a problem and needs to close.  We are sorry for the inconvenience.

 

If you were in the middle of something, the information you were working on might be lost.

 

 

Quick and dirty workaround...
 Go to Start> Run> (type in) msconfig > Startup tab> uncheck the ArcSoft program> Restart. The error message should be gone.

 

 

1.

Download AdwCleaner

  • Double click on AdwCleaner.exe to run the tool.
    ***Note: Windows Vista and Windows 7 users:
    Right click in the adwCleaner.exe and select
    "Run as administrator"
  • Click the Scan button.

     

     

  • Once it has finished Click the Clean button and let it clean
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your next reply.
  • Or you can find the logfile at C:\AdwCleaner[S1].txt.

 

 

2.

I'd like us to scan your machine with ESET OnlineScan

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png  button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetsmartinstaller_enu.png
       icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

 

 

 

 

Things to include in your next reply::

AdwCleaner log

Eset log

How is your machine running now?


Edited by fireman4it, 13 December 2013 - 12:53 PM.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#12 Jen&Rob

Jen&Rob
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:03:45 AM

Posted 14 December 2013 - 02:03 PM

# AdwCleaner v3.015 - Report created 14/12/2013 at 13:25:08
# Updated 10/12/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Jen - MAINPC
# Running from : F:\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Ask
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\All Users\Application Data\BrowserProtect
Folder Deleted : C:\Documents and Settings\All Users\Application Data\quickclick
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Tarma Installer
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Trymedia
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Alawar Stargaze
Folder Deleted : C:\Documents and Settings\All Users\Application Data\BigFishSavedGames
Folder Deleted : C:\Program Files\Trymedia
Folder Deleted : C:\Program Files\Viewpoint
Folder Deleted : C:\WINDOWS\system32\BrowserProtect
Folder Deleted : C:\Documents and Settings\Jen\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\Jen\Application Data\file scout
Folder Deleted : C:\Documents and Settings\Jen\Application Data\pccustubinstaller
Folder Deleted : C:\Documents and Settings\Jen\Application Data\quickclick
Folder Deleted : C:\Documents and Settings\Jen\Application Data\Viewpoint
File Deleted : C:\END
File Deleted : C:\Documents and Settings\Jen\Local Settings\Application Data\Google\Chrome\User Data\Default\bprotectorpreferences

***** [ Shortcuts ] *****

***** [ Registry ] *****

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\BrowserProtect
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKLM\SOFTWARE\Classes\*\shell\filescout
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\Software\Classes\popcaploader.popcaploaderctrl2.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\toolband.eb_explorerbar
Key Deleted : HKLM\SOFTWARE\Classes\toolband.eb_explorerbar.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.fh_hookeventsink
Key Deleted : HKLM\SOFTWARE\Classes\toolband.fh_hookeventsink.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.ipm_printlistitem
Key Deleted : HKLM\SOFTWARE\Classes\toolband.ipm_printlistitem.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_dialogeventshandler
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_dialogeventshandler.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_launcher
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_launcher.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_printmanager
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_printmanager.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_bindstatuscallback
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_bindstatuscallback.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_cancelbuttoneventhandler
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_cancelbuttoneventhandler.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_printdialogcallback
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_printdialogcallback.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.tbtoolband
Key Deleted : HKLM\SOFTWARE\Classes\toolband.tbtoolband.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.useroptions
Key Deleted : HKLM\SOFTWARE\Classes\toolband.useroptions.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs [bProtectTabs]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKCU\Software\586d6d1b53bed40
Key Deleted : HKLM\SOFTWARE\586d6d1b53bed40
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2438727
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{327C2873-E90D-4C37-AA9D-10AC9BABA46C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E4E3E0F8-CD30-4380-8CE9-B96904BDEFCA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE8A736F-4124-4D9C-B4B1-3B12381EFABE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C9C5DEAF-0A1F-4660-8279-9EDFAD6FEFE1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{327C2873-E90D-4C37-AA9D-10AC9BABA46C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{327C2873-E90D-4C37-AA9D-10AC9BABA46C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{327C2873-E90D-4C37-AA9D-10AC9BABA46C}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
Key Deleted : HKCU\Software\BabSolution
Key Deleted : HKCU\Software\BabylonToolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DataMngr
[#] Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\filescout
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\MetaStream
Key Deleted : HKLM\Software\ResearchNow
Key Deleted : HKLM\Software\Tarma Installer
Key Deleted : HKLM\Software\Viewpoint
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\docume~1\alluse~1\applic~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

-\\ Google Chrome v

[ File : C:\Documents and Settings\Jen\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [10709 octets] - [14/12/2013 13:23:27]
AdwCleaner[S0].txt - [10827 octets] - [14/12/2013 13:25:08]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10888 octets] ##########



#13 Jen&Rob

Jen&Rob
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:03:45 AM

Posted 14 December 2013 - 02:05 PM

C:\AdwCleaner\Quarantine\C\Documents and Settings\Jen\Application Data\file scout\filescout.exe.vir a variant of Win32/FileScout.A application

 

 

The pc seems to be working ok, it is very slow though.

 

The System Configuration Utility keeps coming up because we stopped the ACDaemon in Startup.

 

It also keeps saying I am low on disk space ..... I'm sure I'm not though
 



#14 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:10:45 PM

Posted 15 December 2013 - 12:31 AM

  • Please download and save HardwareInfo to you desktop.
  • Double click HardwareInfo it will produce a log named HardwareInfo.txt.
  • Copy and paste that log in your next reply.

 

 

Download Security Check by screen317 from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#15 Jen&Rob

Jen&Rob
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:03:45 AM

Posted 15 December 2013 - 05:49 AM

Logfile of Aommaster's HardwareInfo v.1.0.0 
###############
Computer information
###############
Manufacturer: Dell Inc.                
Model: Dell DM061                   
Type: Mini Tower
 
##############
Disk Drive information
##############
--------------
Drive \\.\PHYSICALDRIVE0
--------------
Manufacturer:(Standard disk drives)
Model:ST3808110AS
Interface Type:SCSI
Media Type:Fixed hard disk media
Partitions: 4
Total Space: 74.5 GB
 
 
##############
Partition information
##############
--------------
Drive C:
--------------
Media Type: Fixed
File System: NTFS
Total Space: 51.19 GB
Free Space: 0.8 GB
Used Space: 50.38 GB
 
--------------
Drive D:
--------------
Media Type: Fixed
File System: NTFS
Total Space: 18.6 GB
Free Space: 18.5 GB
Used Space: 0.1 GB
 
###########
OS information
###########
----------------------------
Operating System: Microsoft Windows XP Professional
----------------------------
Version: 5.1.2600
Service Pack: SP3
Total Virtual Memory: 1.99 GB
Free Virtual Memory: 1.95 GB
RAM Available to OS: 1013.83 MB
Free RAM: 249.76 MB
Pagefile Initial Size: 1524 MB
Pagefile Maximum Size: 3048 MB
 
 
###########
RAM information
###########
----------------------------
Name: Physical Memory 0
----------------------------
RAM: 512 MB
Speed: 533 MHz
Type: Unknown
 
----------------------------
Name: Physical Memory 2
----------------------------
RAM: 512 MB
Speed: 533 MHz
Type: Unknown
 
 
###########
Motherboard information
###########
----------------------------
Name: Base Board
----------------------------
Description: Dell Inc.          
Product: 0WG864
 
 
###########
BIOS information
###########
----------------------------
Name: Phoenix ROM BIOS PLUS Version 1.10 2.3.2 
----------------------------
Description: Dell Inc.                
BIOS Version: 2.3.2 
 
 
###########
CPU information
###########
----------------------------
Name:               Intel® Pentium® D CPU 2.80GHz
----------------------------
Type: 64-bit
Cores: 2
Maximum Clock Speed: 2.7 GHz
Current Clock Speed: 2.7 GHz
 
 
###########
GPU information
###########
----------------------------
Name: Intel®  G965 Express Chipset Family
----------------------------
Card Memory: 256 MB
----------------------------
Name: Intel®  G965 Express Chipset Family
----------------------------
Card Memory: 256 MB
 
 
~~~EOF~~~





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users