Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I have a virus computer shuts down very slow


  • This topic is locked This topic is locked
56 replies to this topic

#1 chugg

chugg

  • Members
  • 627 posts
  • OFFLINE
  •  
  • Local time:11:51 AM

Posted 19 December 2013 - 11:51 PM

My computer has been shutting down very slow for a few months so I posted in the malware section.Quietman told me that I might have a serious virus and post here after he saw my results from RKill and Adwcleaner.  You can see this topic here http://www.bleepingcomputer.com/forums/t/516771/i-tried-downloading-what-i-thought-was-spybot-s-d-and-i-got-138-viruses/.  I would appreciate any help that I can get.  The logs follow.  
 
DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.17.2
Run by User at 23:37:24 on 2013-12-19
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3318.2274 [GMT -5:00]
.
FW: COMODO Firewall *Enabled* 
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Panasonic\Hotkey Appendix\HKEYAPP.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k bthsvcs
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uProxyServer = 217.96.70.150:8080
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SoundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray
mRun: [Panasonic Hotkey Manager] c:\program files\panasonic\hotkey appendix\HKEYAPP.EXE
mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1312260714312
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1312261769906
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://akamaicdn.webex.com/client/WBXclient-T27L10NSP32EP5-14362/support/ieatgpc.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{C16B9AD0-C657-4ABB-9B39-D4C67E295DCD} : DHCPNameServer = 192.168.2.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs= c:\windows\system32\guard32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\user\application data\mozilla\firefox\profiles\oelxnw06.default\
FF - plugin: c:\documents and settings\user\application data\mozilla\firefox\profiles\oelxnw06.default\extensions\{9eb34849-81d3-4841-939d-666d522b889a}\plugins\npSlingPlayer.dll
FF - plugin: c:\documents and settings\user\application data\mozilla\firefox\profiles\oelxnw06.default\extensions\widevinemediatransformer@widevine\plugins\npwidevinemediatransformer.dll
FF - plugin: c:\documents and settings\user\local settings\application data\google\update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_117.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
.
============= SERVICES / DRIVERS ===============
.
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2011-6-30 497952]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2011-6-30 32640]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2011-6-30 1990464]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2011-8-2 36352]
R3 NewMisc;Panasonic Misc Driver;c:\windows\system32\drivers\newmisc.sys [2007-3-2 42624]
S1 MpKsle003af5f;MpKsle003af5f;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e9c347e2-caed-4639-9794-c03da486e296}\mpksle003af5f.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e9c347e2-caed-4639-9794-c03da486e296}\MpKsle003af5f.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 rimvndis;BlackBerry Virtual Private Network;c:\windows\system32\drivers\rimvndis.sys [2013-9-12 12800]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
.
=============== File Associations ===============
.
ShellExec: DDPB.exe: open=c:\program files\dauden.vn\ddpb\DDPB.exe
.
=============== Created Last 30 ================
.
2013-12-18 06:03:38 -------- d-----w- c:\windows\ERUNT
2013-12-18 05:52:59 -------- d-----w- C:\AdwCleaner
2013-12-03 00:04:45 -------- d-----w- C:\LGMobileUpgrade
2013-11-27 02:12:40 -------- d-----w- c:\documents and settings\user\application data\Dropbox
2013-11-21 03:24:27 -------- d-----w- c:\windows\SxsCaPendDel
.
==================== Find3M  ====================
.
2013-12-10 20:55:21 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-10 20:55:21 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-11-13 02:59:42 150528 ----a-w- c:\windows\system32\imagehlp.dll
2013-11-07 05:38:51 591360 ----a-w- c:\windows\system32\rpcrt4.dll
2013-11-06 01:03:31 7168 ----a-w- c:\windows\system32\xpsp4res.dll
2013-10-30 02:26:17 1879040 ----a-w- c:\windows\system32\win32k.sys
2013-10-29 07:57:34 920064 ----a-w- c:\windows\system32\wininet.dll
2013-10-29 07:57:33 43520 ------w- c:\windows\system32\licmgr10.dll
2013-10-29 07:57:33 18944 ----a-w- c:\windows\system32\corpol.dll
2013-10-29 07:57:33 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-10-29 00:45:02 385024 ------w- c:\windows\system32\html.iec
2013-10-23 23:45:49 172032 ----a-w- c:\windows\system32\scrrun.dll
2013-10-12 15:56:19 278528 ----a-w- c:\windows\system32\oakley.dll
2013-10-09 13:12:48 287744 ----a-w- c:\windows\system32\gdi32.dll
2013-10-07 10:59:21 603136 ----a-w- c:\windows\system32\crypt32.dll
.
============= FINISH: 23:40:33.23 ===============
 


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,761 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:51 AM

Posted 24 December 2013 - 11:55 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/518022 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 chugg

chugg
  • Topic Starter

  • Members
  • 627 posts
  • OFFLINE
  •  
  • Local time:11:51 AM

Posted 26 December 2013 - 02:14 PM

My computer has been shutting down very slow for a few months so I posted in the malware section.Quietman told me that I might have a serious virus and post here after he saw my results from RKill and Adwcleaner.  You can see this topic here http://www.bleepingcomputer.com/forums/t/516771/i-tried-downloading-what-i-thought-was-spybot-s-d-and-i-got-138-viruses/.  I would appreciate any help that I can get.  The new log follows and the new attachment is attached. .  
 
DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.17.2
Run by User at 14:09:47 on 2013-12-26
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3318.2426 [GMT -5:00]
.
FW: COMODO Firewall *Enabled* 
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Panasonic\Hotkey Appendix\HKEYAPP.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Documents and Settings\User\Application Data\VERIZON\UA_ar\UA.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k bthsvcs
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uProxyServer = 217.96.70.150:8080
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SoundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray
mRun: [Panasonic Hotkey Manager] c:\program files\panasonic\hotkey appendix\HKEYAPP.EXE
StartupFolder: c:\docume~1\user\startm~1\programs\startup\verizo~1.lnk - c:\documents and settings\user\application data\verizon\ua_ar\UA.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1312260714312
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1312261769906
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://akamaicdn.webex.com/client/WBXclient-T27L10NSP32EP5-14362/support/ieatgpc.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{C16B9AD0-C657-4ABB-9B39-D4C67E295DCD} : DHCPNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs= c:\windows\system32\guard32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\user\application data\mozilla\firefox\profiles\oelxnw06.default\
FF - plugin: c:\documents and settings\user\application data\mozilla\firefox\profiles\oelxnw06.default\extensions\{9eb34849-81d3-4841-939d-666d522b889a}\plugins\npSlingPlayer.dll
FF - plugin: c:\documents and settings\user\application data\mozilla\firefox\profiles\oelxnw06.default\extensions\widevinemediatransformer@widevine\plugins\npwidevinemediatransformer.dll
FF - plugin: c:\documents and settings\user\local settings\application data\google\update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_117.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
.
============= SERVICES / DRIVERS ===============
.
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2011-6-30 497952]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2011-6-30 32640]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2011-6-30 1990464]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2011-8-2 36352]
R3 NewMisc;Panasonic Misc Driver;c:\windows\system32\drivers\newmisc.sys [2007-3-2 42624]
S1 MpKsle003af5f;MpKsle003af5f;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e9c347e2-caed-4639-9794-c03da486e296}\mpksle003af5f.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e9c347e2-caed-4639-9794-c03da486e296}\MpKsle003af5f.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2013-12-22 83864]
S3 rimvndis;BlackBerry Virtual Private Network;c:\windows\system32\drivers\rimvndis.sys [2013-9-12 12800]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2013-12-22 181912]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
.
=============== File Associations ===============
.
ShellExec: DDPB.exe: open=c:\program files\dauden.vn\ddpb\DDPB.exe
.
=============== Created Last 30 ================
.
2013-12-23 03:52:06 -------- d-----w- c:\documents and settings\user\application data\Verizon_AR
2013-12-23 03:47:39 57344 ----a-r- c:\documents and settings\user\application data\microsoft\installer\{2e6fa5ca-1597-4219-af62-d9b061e7c448}\NewShortcut11_98798AFA4B0B41FAA9B8FF8835A64952.exe
2013-12-23 03:47:39 57344 ----a-r- c:\documents and settings\user\application data\microsoft\installer\{2e6fa5ca-1597-4219-af62-d9b061e7c448}\NewShortcut1_3F3768693B314C7692F69858832BE52C.exe
2013-12-23 03:47:39 53248 ----a-r- c:\documents and settings\user\application data\microsoft\installer\{2e6fa5ca-1597-4219-af62-d9b061e7c448}\ARPPRODUCTICON.exe
2013-12-23 03:46:38 83864 ----a-w- c:\windows\system32\drivers\ssudbus.sys
2013-12-23 03:46:38 181912 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
2013-12-22 06:54:08 -------- d-----w- c:\documents and settings\all users\application data\Samsung
2013-12-22 06:47:59 -------- d-----w- c:\documents and settings\user\application data\VERIZON
2013-12-20 22:58:33 -------- d-----w- c:\documents and settings\user\application data\Samsung
2013-12-20 21:29:28 -------- d-----w- c:\program files\Samsung
2013-12-18 06:03:38 -------- d-----w- c:\windows\ERUNT
2013-12-18 05:52:59 -------- d-----w- C:\AdwCleaner
2013-12-03 00:04:45 -------- d-----w- C:\LGMobileUpgrade
2013-11-27 02:12:40 -------- d-----w- c:\documents and settings\user\application data\Dropbox
.
==================== Find3M  ====================
.
2013-12-10 20:55:21 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-10 20:55:21 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-11-13 02:59:42 150528 ----a-w- c:\windows\system32\imagehlp.dll
2013-11-07 05:38:51 591360 ----a-w- c:\windows\system32\rpcrt4.dll
2013-11-06 01:03:31 7168 ----a-w- c:\windows\system32\xpsp4res.dll
2013-10-30 02:26:17 1879040 ----a-w- c:\windows\system32\win32k.sys
2013-10-29 07:57:34 920064 ----a-w- c:\windows\system32\wininet.dll
2013-10-29 07:57:33 43520 ------w- c:\windows\system32\licmgr10.dll
2013-10-29 07:57:33 18944 ----a-w- c:\windows\system32\corpol.dll
2013-10-29 07:57:33 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-10-29 00:45:02 385024 ------w- c:\windows\system32\html.iec
2013-10-23 23:45:49 172032 ----a-w- c:\windows\system32\scrrun.dll
2013-10-12 15:56:19 278528 ----a-w- c:\windows\system32\oakley.dll
2013-10-09 13:12:48 287744 ----a-w- c:\windows\system32\gdi32.dll
2013-10-07 10:59:21 603136 ----a-w- c:\windows\system32\crypt32.dll
.
============= FINISH: 14:12:14.96 ===============

Attached Files



#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:10:51 AM

Posted 28 December 2013 - 02:04 PM

Hello chugg,

  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
      
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
      
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

      
  • Finally, please reply using the Post  button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.

 

 

1.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 chugg

chugg
  • Topic Starter

  • Members
  • 627 posts
  • OFFLINE
  •  
  • Local time:11:51 AM

Posted 28 December 2013 - 09:33 PM

Hi Fireman.  Thank you in advance for your help. It is greatly appreciated.  The requested logs are below. 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-12-2013
Ran by User (administrator) on USER-3D7C2733C7 on 28-12-2013 21:25:21
Running from C:\Documents and Settings\User\Desktop\virus
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal
 
==================== Processes (Whitelisted) ===================
 
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(Microsoft Corporation) C:\WINDOWS\system32\scardsvr.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\SoundMAX\SMax4.exe
(Matsubleepa Electric Industrial Co., Ltd.) C:\Program Files\Panasonic\Hotkey Appendix\hkeyapp.exe
(Microsoft Corporation) C:\Program Files\Windows Desktop Search\WindowsSearch.exe
(SAMSUNG Electornics Co., Ltd.) C:\Documents and Settings\User\Application Data\VERIZON\UA_ar\UA.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Google Inc.) C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [COMODO Internet Security] - C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [6756048 2012-11-07] (COMODO)
HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [SoundMAXPnP] - C:\Program Files\Analog Devices\Core\smax4pnp.exe [868352 2007-03-16] (Analog Devices, Inc.)
HKLM\...\Run: [SoundMAX] - C:\Program Files\Analog Devices\SoundMAX\SMax4.exe [839680 2007-05-15] (Analog Devices, Inc.)
HKLM\...\Run: [Panasonic Hotkey Manager] - C:\Program Files\Panasonic\Hotkey Appendix\hkeyapp.exe [976528 2006-12-15] (Matsubleepa Electric Industrial Co., Ltd.)
MountPoints2: E - E:\LaunchU3.exe
MountPoints2: {0558d178-2898-11e3-acce-0013e86de003} - E:\LaunchU3.exe
MountPoints2: {dc824dd8-532e-11e3-ad55-0013e86de003} - F:\VerizonSWUpgradeAssistantLauncher.exe
MountPoints2: {f2069a5f-3672-11e3-acf0-0013e86de003} - G:\LaunchU3.exe
MountPoints2: {fbc8b976-6ad4-11e3-adae-0013e86de003} - E:\VZW_Software_upgrade_assistant.exe
HKU\Guest\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [ 2010-11-29] (Apple Inc.)
AppInit_DLLs: C:\WINDOWS\system32\guard32.dll [ 2012-11-07] (COMODO)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
ShortcutTarget: Windows Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
Startup: C:\Documents and Settings\User\Start Menu\Programs\Startup\Verizon Wireless Software Utility Application for Android – Samsung.lnk
ShortcutTarget: Verizon Wireless Software Utility Application for Android – Samsung.lnk -> C:\Documents and Settings\User\Application Data\VERIZON\UA_ar\UA.exe (SAMSUNG Electornics Co., Ltd.)
 
==================== Internet (Whitelisted) ====================
 
ProxyServer: 217.96.70.150:8080
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll [304128 2009-05-25] (Microsoft Corporation)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 
FireFox:
========
FF ProfilePath: C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\oelxnw06.default
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Extension: Widevine Media Transformer Plugin - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\oelxnw06.default\Extensions\widevinemediatransformer@widevine
FF Extension: WebSlingPlayer - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\oelxnw06.default\Extensions\{9EB34849-81D3-4841-939D-666D522B889A}
FF Extension: Sothink Web Video Downloader for Firefox - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\oelxnw06.default\Extensions\{FCAB6FDD-5585-425b-95C1-5ED856F3FD08}.xpi
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKCU\...\Firefox\Extensions: [{c8132b3c-175e-4219-856c-5f987b783926}] - C:\Program Files\ViewPassword\136.xpi
FF HKCU\...\Firefox\Extensions: [{B21F5E31-B8E8-41CD-B74C-168A71A10E49}] - C:\Documents and Settings\User\Local Settings\Application Data\GreatArcadeHits\gahff.xpi
 
Chrome: 
=======
CHR HomePage: hxxp://www.espn.com/
CHR RestoreOnStartup: "hxxp://www.espn.com/"
CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Slingbox) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kaehjmdfbkfoaikbpdcdailkakkidipi\1.5.7.158_0\plugins/npSlingPlayerChrome.dll (Sling Media Inc.)
CHR Plugin: (ActiveTouch General Plugin Container) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\plugins\npatgpc.dll (Cisco WebEx LLC)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (downloadUpdater) - C:\Program Files\Mozilla Firefox\plugins\npdnu.dll No File
CHR Plugin: (downloadUpdater2) - C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Facebook Video Calling Plugin) - C:\Documents and Settings\User\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
CHR Plugin: (Google Update) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (RIM Handheld Application Loader) - C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll No File
CHR Plugin: (Java™ Platform SE 7 U7) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll No File
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.70.11) - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (YouTube) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (SlingPlayer for DishAnywhere-WindowsXP) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\deckdflcghdcicipigecdmcbdjnbbaem\1.5.15.770_0
CHR Extension: (WebSlingPlayer) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kaehjmdfbkfoaikbpdcdailkakkidipi\1.5.7.158_0
CHR Extension: (Google Wallet) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0
CHR Extension: (Gmail) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM\...\Chrome\Extension: [jmojojliiicbbihpjmiepllaiflnjobc] - C:\Program Files\ViewPassword\136.crx
CHR StartMenuInternet: Google Chrome - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
 
========================== Services (Whitelisted) =================
 
R2 6to4; C:\Windows\System32\6to4svc.dll [100864 2010-02-11] (Microsoft Corporation)
R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [1990464 2012-11-07] (COMODO)
R2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf"
 
==================== Drivers (Whitelisted) ====================
 
S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [497952 2012-11-07] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [32640 2012-11-07] (COMODO)
R3 HOTKEY; C:\Windows\System32\DRIVERS\hotkey.sys [19840 2006-11-14] (Matsubleepa Electric Industrial Co., Ltd.)
R3 HSFHWAZL; C:\Windows\System32\DRIVERS\HSFHWAZL.sys [209664 2006-12-22] (Conexant Systems, Inc.)
R3 HSF_DPV; C:\Windows\System32\DRIVERS\HSF_DPV.sys [988800 2006-12-22] (Conexant Systems, Inc.)
R3 IFXTPM; C:\Windows\System32\DRIVERS\IFXTPM.SYS [36352 2005-10-21] (Infineon Technologies AG)
R0 Inspect; C:\Windows\System32\DRIVERS\inspect.sys [99080 2012-11-07] (COMODO)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R3 NETw5x32; C:\Windows\System32\DRIVERS\NETw5x32.sys [4203392 2009-07-13] (Intel Corporation)
R3 NewMisc; C:\Windows\System32\DRIVERS\newmisc.sys [42624 2007-03-02] (Matsubleepa Electric Industrial Co., Ltd.)
S3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [14736 2009-05-09] (Microsoft Corporation)
S3 rimvndis; C:\Windows\System32\Drivers\rimvndis.sys [12800 2013-09-12] (Research in Motion Limited)
R1 Tcpip6; C:\Windows\System32\DRIVERS\tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
S4 IntelIde; No ImagePath
S1 MpKsle003af5f; \??\c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E9C347E2-CAED-4639-9794-C03DA486E296}\MpKsle003af5f.sys [x]
S3 USBAAPL; System32\Drivers\usbaapl.sys [x]
U1 WS2IFSL; 
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-12-28 21:24 - 2013-12-28 21:24 - 00000000 ____D C:\FRST
2013-12-26 14:13 - 2013-12-26 14:13 - 00024182 _____ C:\Documents and Settings\User\Desktop\attach.txt
2013-12-26 14:13 - 2013-12-26 14:12 - 00010764 _____ C:\Documents and Settings\User\Desktop\dds.txt
2013-12-24 18:24 - 2013-12-24 18:24 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Google Apps Sync
2013-12-24 18:18 - 2013-12-28 20:29 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-24 18:18 - 2013-12-28 18:29 - 00000878 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-24 18:18 - 2013-12-24 18:22 - 00000000 ____D C:\Program Files\Google
2013-12-24 18:18 - 2013-12-24 18:18 - 00819328 _____ (Google Inc.) C:\Documents and Settings\User\Desktop\googleappssyncsetup.exe
2013-12-24 01:23 - 2013-12-24 01:23 - 00106496 _____ C:\WINDOWS\Minidump\Mini122413-01.dmp
2013-12-23 13:45 - 2013-12-23 13:45 - 00000000 ____D C:\Documents and Settings\All Users\Documents\CrashDump
2013-12-23 11:29 - 2013-12-23 11:29 - 00059904 _____ C:\Documents and Settings\User\Desktop\12 23 13 Andreas List of contacts.xls
2013-12-22 22:52 - 2013-12-22 22:52 - 00000000 ____D C:\Documents and Settings\User\Application Data\Verizon_AR
2013-12-22 22:50 - 2013-12-22 22:50 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Verizon
2013-12-22 22:47 - 2013-12-22 22:47 - 00000000 ____D C:\Documents and Settings\User\Start Menu\Programs\Verizon
2013-12-22 22:46 - 2013-05-28 19:24 - 00181912 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudmdm.sys
2013-12-22 22:46 - 2013-05-28 19:24 - 00083864 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudbus.sys
2013-12-22 01:54 - 2013-12-22 22:50 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Samsung
2013-12-22 01:47 - 2013-12-23 17:44 - 00000000 ____D C:\Documents and Settings\User\Application Data\VERIZON
2013-12-20 18:12 - 2013-12-20 18:12 - 00098304 _____ C:\WINDOWS\Minidump\Mini122013-01.dmp
2013-12-20 17:58 - 2013-12-22 23:38 - 00000000 ____D C:\Documents and Settings\User\My Documents\samsung
2013-12-20 17:58 - 2013-12-20 17:58 - 00000000 ____D C:\Documents and Settings\User\My Documents\SelfMV
2013-12-20 17:58 - 2013-12-20 17:58 - 00000000 ____D C:\Documents and Settings\User\Application Data\Samsung
2013-12-20 17:58 - 2013-12-20 17:58 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Samsung
2013-12-20 17:58 - 2013-12-20 17:58 - 00000000 ____D C:\Documents and Settings\All Users\Documents\NativeFus_Log
2013-12-20 16:29 - 2013-12-22 22:50 - 00000000 ____D C:\Program Files\Samsung
2013-12-20 16:27 - 2013-12-20 16:27 - 38825784 _____ (Samsung Electronics Co., Ltd.                                ) C:\Documents and Settings\User\Desktop\Kies3Setup.exe
2013-12-19 23:31 - 2013-12-28 21:25 - 00000000 ____D C:\Documents and Settings\User\Desktop\virus
2013-12-19 22:52 - 2013-12-19 22:51 - 00106496 _____ C:\WINDOWS\Minidump\Mini121913-01.dmp
2013-12-18 03:35 - 2013-12-18 03:35 - 00018295 _____ C:\Documents and Settings\User\Desktop\Michael Thiemann Commission Sheet_updated 12.16.13.xlsx
2013-12-18 03:28 - 2013-12-18 03:28 - 00050176 _____ C:\Documents and Settings\User\Desktop\12 18 Andreas List of contacts.xls
2013-12-18 01:03 - 2013-12-18 01:03 - 00000000 ____D C:\WINDOWS\ERUNT
2013-12-18 00:52 - 2013-12-18 00:56 - 00000000 ____D C:\AdwCleaner
2013-12-12 01:21 - 2013-12-12 01:21 - 00012527 _____ C:\WINDOWS\KB2898785-IE8.log
2013-12-12 01:21 - 2013-12-12 01:21 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2904266$
2013-12-12 01:21 - 2013-12-12 01:21 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2898715$
2013-12-12 01:20 - 2013-12-12 01:21 - 00004807 _____ C:\WINDOWS\KB2904266.log
2013-12-12 01:18 - 2013-12-12 01:18 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893984$
2013-12-12 01:18 - 2013-12-12 01:18 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893294$
2013-12-12 01:18 - 2013-12-12 01:18 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2892075$
2013-12-11 11:41 - 2013-12-12 01:21 - 00009962 _____ C:\WINDOWS\KB2898715.log
2013-12-11 11:41 - 2013-12-12 01:18 - 00009492 _____ C:\WINDOWS\KB2893984.log
2013-12-11 11:41 - 2013-12-12 01:18 - 00008797 _____ C:\WINDOWS\KB2893294.log
2013-12-11 11:41 - 2013-12-12 01:18 - 00007998 _____ C:\WINDOWS\KB2892075.log
2013-12-10 22:06 - 2013-12-11 18:45 - 00000000 ____D C:\Documents and Settings\User\Desktop\NMS Allison
2013-12-09 23:41 - 2013-12-09 23:41 - 00013678 _____ C:\Documents and Settings\User\Desktop\Job Orders11-26-13.xlsx
2013-12-03 09:04 - 2013-12-03 09:04 - 00000070 _____ C:\Documents and Settings\User\CLX.Log
2013-12-02 19:10 - 2013-12-02 19:10 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\VZW Utility Application - LG
2013-12-02 19:04 - 2013-12-02 19:04 - 00000000 ____D C:\LGMobileUpgrade
2013-12-02 02:02 - 2013-12-02 12:13 - 00000000 ____D C:\Program Files\Mozilla Firefox
 
==================== One Month Modified Files and Folders =======
 
2013-12-28 21:25 - 2013-12-19 23:31 - 00000000 ____D C:\Documents and Settings\User\Desktop\virus
2013-12-28 21:24 - 2013-12-28 21:24 - 00000000 ____D C:\FRST
2013-12-28 20:55 - 2012-09-09 22:13 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-12-28 20:54 - 2011-08-12 21:48 - 00000974 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-1450960922-1801674531-1003UA.job
2013-12-28 20:29 - 2013-12-24 18:18 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-28 18:29 - 2013-12-24 18:18 - 00000878 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-28 13:08 - 2011-08-01 08:43 - 01149914 _____ C:\WINDOWS\WindowsUpdate.log
2013-12-28 13:05 - 2013-10-19 16:38 - 00000440 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2013-12-28 13:05 - 2008-04-14 07:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2013-12-28 13:04 - 2011-08-01 09:09 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-12-28 13:04 - 2011-08-01 01:39 - 00000159 _____ C:\WINDOWS\wiadebug.log
2013-12-28 13:04 - 2011-08-01 01:39 - 00000050 _____ C:\WINDOWS\wiaservc.log
2013-12-28 07:02 - 2011-08-01 09:10 - 00000178 ___SH C:\Documents and Settings\User\ntuser.ini
2013-12-28 07:02 - 2011-08-01 09:09 - 00032554 _____ C:\WINDOWS\SchedLgU.Txt
2013-12-28 00:42 - 2011-08-12 13:08 - 00083968 _____ C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-12-27 12:54 - 2011-08-12 21:48 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-1450960922-1801674531-1003Core.job
2013-12-27 11:46 - 2011-08-01 01:37 - 01023195 _____ C:\WINDOWS\setupapi.log
2013-12-27 11:46 - 2011-08-01 01:36 - 00231391 _____ C:\WINDOWS\setupact.log
2013-12-26 21:13 - 2011-08-20 23:11 - 00000000 ____D C:\Documents and Settings\User\Desktop\Rarely Used
2013-12-26 14:13 - 2013-12-26 14:13 - 00024182 _____ C:\Documents and Settings\User\Desktop\attach.txt
2013-12-26 14:12 - 2013-12-26 14:13 - 00010764 _____ C:\Documents and Settings\User\Desktop\dds.txt
2013-12-24 21:47 - 2013-10-24 00:37 - 00072775 _____ C:\Documents and Settings\User\Desktop\DBD COMPANIES.xlsx
2013-12-24 18:28 - 2012-01-14 00:13 - 00313344 ___SH C:\Documents and Settings\User\Desktop\Thumbs.db
2013-12-24 18:24 - 2013-12-24 18:24 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Google Apps Sync
2013-12-24 18:24 - 2011-08-12 21:48 - 00000000 ____D C:\Documents and Settings\User\Local Settings\Application Data\Google
2013-12-24 18:22 - 2013-12-24 18:18 - 00000000 ____D C:\Program Files\Google
2013-12-24 18:18 - 2013-12-24 18:18 - 00819328 _____ (Google Inc.) C:\Documents and Settings\User\Desktop\googleappssyncsetup.exe
2013-12-24 01:23 - 2013-12-24 01:23 - 00106496 _____ C:\WINDOWS\Minidump\Mini122413-01.dmp
2013-12-24 01:23 - 2012-07-21 20:41 - 00000000 ____D C:\WINDOWS\Minidump
2013-12-23 17:44 - 2013-12-22 01:47 - 00000000 ____D C:\Documents and Settings\User\Application Data\VERIZON
2013-12-23 16:11 - 2013-10-15 01:02 - 00016155 _____ C:\Documents and Settings\User\Desktop\DBD Candidates.xlsx
2013-12-23 13:45 - 2013-12-23 13:45 - 00000000 ____D C:\Documents and Settings\All Users\Documents\CrashDump
2013-12-23 11:29 - 2013-12-23 11:29 - 00059904 _____ C:\Documents and Settings\User\Desktop\12 23 13 Andreas List of contacts.xls
2013-12-22 23:38 - 2013-12-20 17:58 - 00000000 ____D C:\Documents and Settings\User\My Documents\samsung
2013-12-22 22:52 - 2013-12-22 22:52 - 00000000 ____D C:\Documents and Settings\User\Application Data\Verizon_AR
2013-12-22 22:52 - 2011-08-02 00:40 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2013-12-22 22:50 - 2013-12-22 22:50 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Verizon
2013-12-22 22:50 - 2013-12-22 01:54 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Samsung
2013-12-22 22:50 - 2013-12-20 16:29 - 00000000 ____D C:\Program Files\Samsung
2013-12-22 22:50 - 2011-08-02 08:11 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-12-22 22:47 - 2013-12-22 22:47 - 00000000 ____D C:\Documents and Settings\User\Start Menu\Programs\Verizon
2013-12-20 18:12 - 2013-12-20 18:12 - 00098304 _____ C:\WINDOWS\Minidump\Mini122013-01.dmp
2013-12-20 17:58 - 2013-12-20 17:58 - 00000000 ____D C:\Documents and Settings\User\My Documents\SelfMV
2013-12-20 17:58 - 2013-12-20 17:58 - 00000000 ____D C:\Documents and Settings\User\Application Data\Samsung
2013-12-20 17:58 - 2013-12-20 17:58 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Samsung
2013-12-20 17:58 - 2013-12-20 17:58 - 00000000 ____D C:\Documents and Settings\All Users\Documents\NativeFus_Log
2013-12-20 16:28 - 2012-03-08 14:13 - 00000000 ____D C:\Documents and Settings\User\Local Settings\Application Data\Downloaded Installations
2013-12-20 16:27 - 2013-12-20 16:27 - 38825784 _____ (Samsung Electronics Co., Ltd.                                ) C:\Documents and Settings\User\Desktop\Kies3Setup.exe
2013-12-20 13:54 - 2013-09-06 10:54 - 00000000 ____D C:\Documents and Settings\User\Desktop\Credit Union Staffing
2013-12-19 22:51 - 2013-12-19 22:52 - 00106496 _____ C:\WINDOWS\Minidump\Mini121913-01.dmp
2013-12-19 19:33 - 2011-11-07 22:21 - 00000000 ____D C:\Documents and Settings\User\Application Data\dvdcss
2013-12-18 06:53 - 2013-10-07 16:07 - 00000000 ____D C:\Documents and Settings\User\Desktop\DBD Job Orders
2013-12-18 06:53 - 2013-09-30 15:01 - 00000000 ____D C:\Documents and Settings\User\Desktop\Drill Baby Drill
2013-12-18 03:56 - 2013-08-13 07:35 - 00180035 _____ C:\Documents and Settings\User\Desktop\Lenders Database.xlsx
2013-12-18 03:46 - 2011-12-01 16:02 - 00000000 ____D C:\Documents and Settings\User\Desktop\Lenders
2013-12-18 03:35 - 2013-12-18 03:35 - 00018295 _____ C:\Documents and Settings\User\Desktop\Michael Thiemann Commission Sheet_updated 12.16.13.xlsx
2013-12-18 03:28 - 2013-12-18 03:28 - 00050176 _____ C:\Documents and Settings\User\Desktop\12 18 Andreas List of contacts.xls
2013-12-18 01:03 - 2013-12-18 01:03 - 00000000 ____D C:\WINDOWS\ERUNT
2013-12-18 00:56 - 2013-12-18 00:52 - 00000000 ____D C:\AdwCleaner
2013-12-18 00:45 - 2013-11-05 20:08 - 00000000 ____D C:\Program Files\CompanionLink
2013-12-17 15:22 - 2013-10-09 18:22 - 00000000 ____D C:\Documents and Settings\User\Desktop\DBD Candidates
2013-12-12 08:48 - 2011-08-01 01:36 - 00267800 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-12-12 01:21 - 2013-12-12 01:21 - 00012527 _____ C:\WINDOWS\KB2898785-IE8.log
2013-12-12 01:21 - 2013-12-12 01:21 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2904266$
2013-12-12 01:21 - 2013-12-12 01:21 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2898715$
2013-12-12 01:21 - 2013-12-12 01:20 - 00004807 _____ C:\WINDOWS\KB2904266.log
2013-12-12 01:21 - 2013-12-11 11:41 - 00009962 _____ C:\WINDOWS\KB2898715.log
2013-12-12 01:21 - 2011-08-13 01:22 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Microsoft Help
2013-12-12 01:21 - 2011-08-02 08:04 - 00038838 _____ C:\WINDOWS\system32\TZLog.log
2013-12-12 01:21 - 2011-08-02 08:01 - 00000000 ____D C:\WINDOWS\ie8updates
2013-12-12 01:21 - 2011-08-02 00:42 - 00127256 _____ C:\WINDOWS\updspapi.log
2013-12-12 01:21 - 2011-08-01 01:37 - 01673309 _____ C:\WINDOWS\iis6.log
2013-12-12 01:21 - 2011-08-01 01:37 - 01544929 _____ C:\WINDOWS\FaxSetup.log
2013-12-12 01:21 - 2011-08-01 01:37 - 00747860 _____ C:\WINDOWS\ocgen.log
2013-12-12 01:21 - 2011-08-01 01:37 - 00711560 _____ C:\WINDOWS\tsoc.log
2013-12-12 01:21 - 2011-08-01 01:37 - 00521270 _____ C:\WINDOWS\comsetup.log
2013-12-12 01:21 - 2011-08-01 01:37 - 00467778 _____ C:\WINDOWS\msmqinst.log
2013-12-12 01:21 - 2011-08-01 01:37 - 00314393 _____ C:\WINDOWS\ntdtcsetup.log
2013-12-12 01:21 - 2011-08-01 01:37 - 00271374 _____ C:\WINDOWS\netfxocm.log
2013-12-12 01:21 - 2011-08-01 01:37 - 00106887 _____ C:\WINDOWS\MedCtrOC.log
2013-12-12 01:21 - 2011-08-01 01:37 - 00085701 _____ C:\WINDOWS\ocmsn.log
2013-12-12 01:21 - 2011-08-01 01:37 - 00078380 _____ C:\WINDOWS\tabletoc.log
2013-12-12 01:21 - 2011-08-01 01:37 - 00077503 _____ C:\WINDOWS\msgsocm.log
2013-12-12 01:21 - 2011-08-01 01:37 - 00001393 _____ C:\WINDOWS\imsins.log
2013-12-12 01:21 - 2011-08-01 01:37 - 00001393 _____ C:\WINDOWS\imsins.BAK
2013-12-12 01:20 - 2013-07-24 02:00 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-12-12 01:18 - 2013-12-12 01:18 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893984$
2013-12-12 01:18 - 2013-12-12 01:18 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893294$
2013-12-12 01:18 - 2013-12-12 01:18 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2892075$
2013-12-12 01:18 - 2013-12-11 11:41 - 00009492 _____ C:\WINDOWS\KB2893984.log
2013-12-12 01:18 - 2013-12-11 11:41 - 00008797 _____ C:\WINDOWS\KB2893294.log
2013-12-12 01:18 - 2013-12-11 11:41 - 00007998 _____ C:\WINDOWS\KB2892075.log
2013-12-12 01:18 - 2011-08-02 07:59 - 88123800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-12-11 19:24 - 2012-01-31 01:29 - 00000000 ____D C:\Documents and Settings\User\Desktop\NMS Candidates
2013-12-11 18:45 - 2013-12-10 22:06 - 00000000 ____D C:\Documents and Settings\User\Desktop\NMS Allison
2013-12-10 15:55 - 2012-09-09 22:13 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2013-12-10 15:55 - 2011-08-08 20:57 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-12-09 23:41 - 2013-12-09 23:41 - 00013678 _____ C:\Documents and Settings\User\Desktop\Job Orders11-26-13.xlsx
2013-12-09 23:39 - 2012-06-26 13:05 - 00047716 _____ C:\Documents and Settings\User\Desktop\Candidates (Autosaved).xlsx
2013-12-09 16:00 - 2011-11-18 16:04 - 00000000 ____D C:\Documents and Settings\User\Desktop\National Mortgage Staffing
2013-12-09 02:00 - 2011-08-02 08:06 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2476490$
2013-12-08 23:01 - 2011-08-01 01:35 - 00000211 __RSH C:\boot.ini
2013-12-08 23:01 - 2008-04-14 07:00 - 00000759 _____ C:\WINDOWS\win.ini
2013-12-08 23:01 - 2008-04-14 07:00 - 00000227 _____ C:\WINDOWS\system.ini
2013-12-08 04:21 - 2011-08-01 01:29 - 00000000 ____D C:\WINDOWS\security
2013-12-08 00:38 - 2011-10-08 19:22 - 00000000 ____D C:\Documents and Settings\User\Application Data\vlc
2013-12-07 22:50 - 2011-08-01 01:37 - 00636944 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-12-07 19:48 - 2012-03-15 07:34 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2641653$
2013-12-07 18:50 - 2011-08-02 08:05 - 00068456 _____ C:\Documents and Settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2013-12-07 18:41 - 2013-11-26 21:12 - 00000000 ____D C:\Documents and Settings\User\Application Data\Dropbox
2013-12-03 09:04 - 2013-12-03 09:04 - 00000070 _____ C:\Documents and Settings\User\CLX.Log
2013-12-02 19:10 - 2013-12-02 19:10 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\VZW Utility Application - LG
2013-12-02 19:04 - 2013-12-02 19:04 - 00000000 ____D C:\LGMobileUpgrade
2013-12-02 14:29 - 2012-11-19 18:30 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-12-02 12:13 - 2013-12-02 02:02 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-11-29 02:09 - 2011-08-01 08:42 - 00019855 _____ C:\WINDOWS\wmsetup.log
 
ZeroAccess:
C:\RECYCLER\S-1-5-21-1659004503-1450960922-1801674531-1003\$e83741875bdca53d9d00a9bfad20e478
 
ZeroAccess:
C:\Documents and Settings\User\Local Settings\Application Data\{e8374187-5bdc-a53d-9d00-a9bfad20e478}
C:\Documents and Settings\User\Local Settings\Application Data\{e8374187-5bdc-a53d-9d00-a9bfad20e478}\@
 
Some content of TEMP:
====================
C:\Documents and Settings\User\Local Settings\Temp\aol-messaging_toolbar17F.exe
C:\Documents and Settings\User\Local Settings\Temp\AskSLib.dll
C:\Documents and Settings\User\Local Settings\Temp\converter.exe
C:\Documents and Settings\User\Local Settings\Temp\Dll32.dll
C:\Documents and Settings\User\Local Settings\Temp\Imp16d20.dll
C:\Documents and Settings\User\Local Settings\Temp\jre-6u33-windows-i586-iftw.exe
C:\Documents and Settings\User\Local Settings\Temp\jre-7u17-windows-i586-iftw.exe
C:\Documents and Settings\User\Local Settings\Temp\ose00000.exe
C:\Documents and Settings\User\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\User\Local Settings\Temp\RSPUpgradeInstaller.exe
C:\Documents and Settings\User\Local Settings\Temp\SkypeSetup.exe
C:\Documents and Settings\User\Local Settings\Temp\Ssdevm.dll
C:\Documents and Settings\User\Local Settings\Temp\Ssuiext.dll
C:\Documents and Settings\User\Local Settings\Temp\Ssusbpn.dll
C:\Documents and Settings\User\Local Settings\Temp\Sswiadrv.dll
C:\Documents and Settings\User\Local Settings\Temp\Tab16d20.dll
C:\Documents and Settings\User\Local Settings\Temp\WIAEH.dll
C:\Documents and Settings\User\Local Settings\Temp\WIAIPH.dll
C:\Documents and Settings\User\Local Settings\Temp\WIASTIIO.dll
C:\Documents and Settings\User\Local Settings\Temp\YontooSetup-Silent.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== End Of Log ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 29-12-2013
Ran by User at 2013-12-28 21:26:41
Running from C:\Documents and Settings\User\Desktop\virus
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
FW: COMODO Firewall (Disabled) {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
 
==================== Installed Programs ======================
 
Adobe AIR (Version: 2.7.1.19610)
Adobe Flash Player 11 ActiveX (Version: 11.9.900.170)
Adobe Flash Player 11 Plugin (Version: 11.9.900.170)
Adobe Reader X (10.1.5) (Version: 10.1.5)
AIM 7
Bonjour (Version: 3.0.0.10)
Cisco WebEx Meetings
COMODO Internet Security (Version: 5.5.64714.1383)
CutePDF Writer 2.8
DDPB (Version: 1.0.9)
Dell Laser MFP 1600n Software Uninstall
Driver Download Manager (HKCU Version: 2.0.0.56)
Gemplus Smart Card Reader Tools
Google Apps Migration For Microsoft Outlook® 2.3.14.36 (Version: 2.3.14.36)
Google Apps Sync™ for Microsoft Outlook® 3.5.365.980 (Version: 3.5.365.980)
Google Chrome (HKCU Version: 31.0.1650.63)
Google Update Helper (Version: 1.3.22.3)
Hotkey Appendix (Version: V7.00L12 M00)
Hotkey Settings (Version: V2.00L11 M00)
Intel® Graphics Media Accelerator Driver
Intel® PRO Network Connections Drivers
Java 7 Update 17 (Version: 7.0.170)
Java Auto Updater (Version: 2.1.9.0)
Java™ 6 Update 33 (Version: 6.0.330)
KCast (Version: 2.1.0)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.1
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft Software Update for Web Folders  (English) 12 (Version: 12.0.6612.1000)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries (Version: 2.0.0)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Mozilla Firefox 25.0.1 (x86 en-US) (Version: 25.0.1)
Mozilla Maintenance Service (Version: 25.0.1)
QuickTime (Version: 7.69.80.9)
Samsung Kies3 (Version: 3.2.13114.22)
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.24.999)
Sothink FLV Player (Version: 2.3)
SoundMAX (Version: 5.10.01.6260)
SUABnR (Version: 1.1.0.13103_1)
Synaptics Pointing Device Driver (Version: 8.1.2.0)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2447568) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB2863058) (Version: 1)
Update for Windows XP (KB2904266) (Version: 1)
Update for Windows XP (KB898461) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
Verizon Wireless Software Upgrade Assistant - Samsung(ar) (Version: 2.13.1103)
Verizon Wireless Software Utility Application for Android - Samsung (Version: 2.13.1101)
VLC media player 1.1.7 (Version: 1.1.7)
WebFldrs XP (Version: 9.50.7523)
WebSlingPlayer ActiveX (Version: 1.5.2125)
Windows Driver Package - Intel (NETw5x32) net  (05/28/2009 12.4.3.9) (Version: 05/28/2009 12.4.3.9)
Windows Driver Package - Intel (w29n51) net  (12/19/2007 9.0.4.39) (Version: 12/19/2007 9.0.4.39)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0 (Version: 04.00.6001.503)
WinRAR 4.00 (32-bit) (Version: 4.00.0)
 
==================== Restore Points  =========================
 
05-11-2013 01:14:52 System Checkpoint
06-11-2013 01:08:42 Installed CompanionLink.
07-11-2013 18:08:52 System Checkpoint
09-11-2013 01:05:20 System Checkpoint
09-11-2013 02:09:10 Installed Hotkey Settings
09-11-2013 02:09:35 Installed Hotkey Appendix
09-11-2013 18:36:34 Installed BlackBerry Link.
10-11-2013 22:46:35 System Checkpoint
11-11-2013 23:49:31 System Checkpoint
14-11-2013 06:58:27 Software Distribution Service 3.0
15-11-2013 16:30:18 System Checkpoint
16-11-2013 17:14:24 System Checkpoint
19-11-2013 04:28:33 System Checkpoint
20-11-2013 23:25:22 System Checkpoint
21-11-2013 03:19:23 Removed BlackBerry Desktop Software 7.1.
21-11-2013 03:20:48 Removed BlackBerry Device Manager 6.1.
21-11-2013 03:22:09 Removed BlackBerry Device Software Updater.
21-11-2013 03:23:04 Removed BlackBerry Link.
22-11-2013 20:11:49 System Checkpoint
24-11-2013 00:48:59 System Checkpoint
26-11-2013 00:14:24 System Checkpoint
29-11-2013 19:12:04 System Checkpoint
01-12-2013 06:15:35 System Checkpoint
02-12-2013 22:01:31 System Checkpoint
03-12-2013 00:03:21 Install LG UNITED Drivers
04-12-2013 05:04:00 System Checkpoint
06-12-2013 18:03:27 System Checkpoint
07-12-2013 19:14:11 System Checkpoint
07-12-2013 23:42:06 Removed LG VZW United Drivers.
09-12-2013 18:11:54 System Checkpoint
10-12-2013 21:11:56 System Checkpoint
12-12-2013 06:16:59 Software Distribution Service 3.0
13-12-2013 10:35:10 Software Distribution Service 3.0
14-12-2013 11:13:26 System Checkpoint
16-12-2013 01:21:17 System Checkpoint
18-12-2013 03:49:15 System Checkpoint
18-12-2013 05:44:52 Removed CompanionLink.
19-12-2013 16:07:03 System Checkpoint
20-12-2013 17:51:12 System Checkpoint
20-12-2013 21:29:24 Installed Samsung Kies3
22-12-2013 04:33:41 System Checkpoint
23-12-2013 03:47:37 Installed Verizon Wireless Software Utility Application for Android - Samsung.
23-12-2013 03:50:00 Installed Verizon Wireless Software Upgrade Assistant - Samsung(ar).
23-12-2013 03:50:16 Installed SUABnR
23-12-2013 05:09:10 Installed Samsung Kies3
23-12-2013 05:11:11 Installed Samsung Kies3
25-12-2013 01:14:45 System Checkpoint
26-12-2013 02:46:18 System Checkpoint
27-12-2013 02:51:03 System Checkpoint
28-12-2013 11:24:53 System Checkpoint
 
==================== Hosts content: ==========================
 
2008-04-14 07:00 - 2008-04-14 07:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-1450960922-1801674531-1003Core.job => C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-1450960922-1801674531-1003UA.job => C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2011-08-22 03:02 - 2009-11-05 10:39 - 00087552 _____ () C:\WINDOWS\system32\cpwmon2k.dll
2008-04-14 07:00 - 2013-06-04 02:23 - 00562688 _____ () C:\WINDOWS\system32\qedit.dll
2008-04-14 07:00 - 2008-04-14 07:00 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2008-04-14 07:00 - 2013-01-02 01:49 - 01292288 _____ () C:\WINDOWS\system32\quartz.dll
2008-04-14 07:00 - 2008-04-14 07:00 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2011-12-14 09:08 - 2011-03-02 12:40 - 00140288 _____ () C:\Program Files\WinRAR\rarext.dll
2013-12-10 15:55 - 2013-12-10 15:55 - 16242056 _____ () C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll
2009-02-26 12:46 - 2009-02-26 12:46 - 00064344 _____ () C:\Program Files\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
2011-06-22 10:46 - 2011-06-22 10:46 - 00434016 _____ () C:\Program Files\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
2013-07-10 17:07 - 2013-07-10 17:07 - 00756888 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
2013-12-04 19:55 - 2013-12-03 21:48 - 04055504 _____ () C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\31.0.1650.63\pdf.dll
2013-12-04 19:55 - 2013-12-03 21:48 - 00399312 _____ () C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
2013-12-04 19:55 - 2013-12-03 21:47 - 01619408 _____ () C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll
2013-12-04 19:55 - 2013-12-03 21:47 - 00702416 _____ () C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\31.0.1650.63\libglesv2.dll
2013-12-04 19:55 - 2013-12-03 21:47 - 00099792 _____ () C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\31.0.1650.63\libegl.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:D5FBE8F9
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/22/2013 09:09:51 PM) (Source: Windows Search Service) (User: )
Description: The entry <MAPI://{S-1-5-21-1659004503-1450960922-1801674531-1003}/PERSONAL FOLDERS($9CC67FBB)/0/OUTBOX/가가가가같곐걙걎걠곘갧걋검걄걚가겲걁걚겑걄곡갳가> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (12/22/2013 09:09:51 PM) (Source: Windows Search Service) (User: )
Description: The entry <MAPI://{S-1-5-21-1659004503-1450960922-1801674531-1003}/PERSONAL FOLDERS($9CC67FBB)/0/OUTBOX/가가가가같곐걙걎걠곘갧걋검걄걚가겲걁걚겑간곡갳가> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (12/22/2013 09:09:51 PM) (Source: Windows Search Service) (User: )
Description: The entry <MAPI://{S-1-5-21-1659004503-1450960922-1801674531-1003}/PERSONAL FOLDERS($9CC67FBB)/0/OUTBOX/가가가가같곐걙걎걠곘갧걋검걄걚가겲걁걚겑곤고갳가> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (12/22/2013 09:09:51 PM) (Source: Windows Search Service) (User: )
Description: The entry <MAPI://{S-1-5-21-1659004503-1450960922-1801674531-1003}/PERSONAL FOLDERS($9CC67FBB)/0/OUTBOX/가가가가같곐걙걎걠곘갧걋검걄걚가겲걁걚겑계고갳가/AT=곅곪값가:INTERNAL AUDIT OFFICER.DOCX> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (12/22/2013 09:09:51 PM) (Source: Windows Search Service) (User: )
Description: The entry <MAPI://{S-1-5-21-1659004503-1450960922-1801674531-1003}/PERSONAL FOLDERS($9CC67FBB)/0/OUTBOX/가가가가같곐걙걎걠곘갧걋검걄걚가겲걁걚겑계고갳가/AT=겥곪값가:SENIOR INTERNAL AUDIT OFFICER 11.13.DOCX> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (12/22/2013 09:09:51 PM) (Source: Windows Search Service) (User: )
Description: The entry <MAPI://{S-1-5-21-1659004503-1450960922-1801674531-1003}/PERSONAL FOLDERS($9CC67FBB)/0/OUTBOX/가가가가같곐걙걎걠곘갧걋검걄걚가겲걁걚겑계고갳가> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (12/22/2013 09:09:51 PM) (Source: Windows Search Service) (User: )
Description: The entry <MAPI://{S-1-5-21-1659004503-1450960922-1801674531-1003}/PERSONAL FOLDERS($9CC67FBB)/0/DRAFTS/가가가가같곐걙걎걠곘갧걋검걄걚가겲걁걚겑겤고갳가> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (12/22/2013 09:09:51 PM) (Source: Windows Search Service) (User: )
Description: The entry <MAPI://{S-1-5-21-1659004503-1450960922-1801674531-1003}/PERSONAL FOLDERS($9CC67FBB)/0/DRAFTS/가가가가같곐걙걎걠곘갧걋검걄걚가겲걁걚겑걤고갳가> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (12/22/2013 09:09:51 PM) (Source: Windows Search Service) (User: )
Description: The entry <MAPI://{S-1-5-21-1659004503-1450960922-1801674531-1003}/PERSONAL FOLDERS($9CC67FBB)/0/OUTBOX/가가가가같곐걙걎걠곘갧걋검걄걚가겲걁걚겑갤고갳가> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (12/22/2013 09:09:51 PM) (Source: Windows Search Service) (User: )
Description: The entry <MAPI://{S-1-5-21-1659004503-1450960922-1801674531-1003}/PERSONAL FOLDERS($9CC67FBB)/0/OUTBOX/가가가가같곐걙걎걠곘갧걋검걄걚가겲걁걚겑간고갳가> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
 
System errors:
=============
Error: (12/27/2013 11:01:47 PM) (Source: ipnathlp) (User: )
Description: The DHCP allocator has disabled itself on IP address 192.168.2.6,
since the IP address is outside the 192.168.0.0/255.255.255.0 scope
from which addresses are being allocated to DHCP clients.
To enable the DHCP allocator on this IP address,
please change the scope to include the IP address,
or change the IP address to fall within the scope.
 
Error: (12/27/2013 10:33:33 AM) (Source: ipnathlp) (User: )
Description: The DNS proxy agent was unable to read the local list of name-resolution
servers from the registry.
The data is the error code.
 
Error: (12/27/2013 10:32:33 AM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.2.5 for the Network Card with network address 0013E86DE003 has been
denied by the DHCP server 10.130.71.1 (The DHCP Server sent a DHCPNACK message).
 
Error: (12/27/2013 09:43:00 AM) (Source: ipnathlp) (User: )
Description: The DHCP allocator has disabled itself on IP address 192.168.2.6,
since the IP address is outside the 192.168.0.0/255.255.255.0 scope
from which addresses are being allocated to DHCP clients.
To enable the DHCP allocator on this IP address,
please change the scope to include the IP address,
or change the IP address to fall within the scope.
 
Error: (12/27/2013 02:06:40 AM) (Source: ipnathlp) (User: )
Description: The DHCP allocator has disabled itself on IP address 192.168.2.6,
since the IP address is outside the 192.168.0.0/255.255.255.0 scope
from which addresses are being allocated to DHCP clients.
To enable the DHCP allocator on this IP address,
please change the scope to include the IP address,
or change the IP address to fall within the scope.
 
Error: (12/26/2013 01:37:50 PM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.1.2 for the Network Card with network address 0013E86DE003 has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
 
Error: (12/26/2013 10:34:16 AM) (Source: ipnathlp) (User: )
Description: The DNS proxy agent was unable to read the local list of name-resolution
servers from the registry.
The data is the error code.
 
Error: (12/26/2013 09:10:46 AM) (Source: ipnathlp) (User: )
Description: The DNS proxy agent was unable to read the local list of name-resolution
servers from the registry.
The data is the error code.
 
Error: (12/26/2013 08:57:10 AM) (Source: ipnathlp) (User: )
Description: The DNS proxy agent was unable to read the local list of name-resolution
servers from the registry.
The data is the error code.
 
Error: (12/26/2013 08:08:05 AM) (Source: ipnathlp) (User: )
Description: The DNS proxy agent was unable to read the local list of name-resolution
servers from the registry.
The data is the error code.
 
 
Microsoft Office Sessions:
=========================
Error: (11/22/2013 03:46:14 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 16351 seconds with 5640 seconds of active time.  This session ended with a crash.
 
Error: (08/05/2013 06:29:51 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 27011 seconds with 5520 seconds of active time.  This session ended with a crash.
 
Error: (07/07/2013 02:14:57 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 21645 seconds with 3780 seconds of active time.  This session ended with a crash.
 
Error: (01/21/2013 09:23:54 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 36582 seconds with 1380 seconds of active time.  This session ended with a crash.
 
Error: (01/20/2013 06:42:27 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 7 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (08/13/2011 01:37:44 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 495 seconds with 0 seconds of active time.  This session ended with a crash.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 44%
Total physical RAM: 3318.29 MB
Available physical RAM: 1847.2 MB
Total Pagefile: 5201.5 MB
Available Pagefile: 3875.96 MB
Total Virtual: 2047.88 MB
Available Virtual: 1934.69 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:298.08 GB) (Free:69.27 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (DVD_VIDEO_RECORDER) (CDROM) (Total:2.17 GB) (Free:0 GB) UDF
Drive e: (VD EXTERNAL) (Fixed) (Total:698.46 GB) (Free:13.91 GB) FAT32
Drive f: (My Passport) (Fixed) (Total:232.83 GB) (Free:2.79 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 298 GB) (Disk ID: 531E2E2A)
Partition 1: (Active) - (Size=298 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 699 GB) (Disk ID: 465232C5)
Partition 1: (Not Active) - (Size=699 GB) - (Type=0C)
 
========================================================
Disk: 2 (Size: 233 GB) (Disk ID: 5B6AC646)
Partition 1: (Not Active) - (Size=233 GB) - (Type=0C)
 
==================== End Of Log ============================


#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:10:51 AM

Posted 28 December 2013 - 10:26 PM

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

 

Attached File  fixlist.txt   1.98KB   4 downloads

 

 

 

  •    
  • Download RogueKiller on the desktop
       
  • Close all the running processes
       
  • Under Vista/Seven, right click -> Run as Administrator
       
  • Otherwise just double-click on RogueKiller.exe
       
  • When prompted, Click Scan 
       
  • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
       
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again

 

 

 

 

 

 

 

 


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 chugg

chugg
  • Topic Starter

  • Members
  • 627 posts
  • OFFLINE
  •  
  • Local time:11:51 AM

Posted 28 December 2013 - 11:16 PM

Here is my Fixlog.  I am not sure what it means by give RK's contents to my helper"  I pasted the RK report below the fixlist.  It suggested I delete 4 thinsg so I did so.  You didnt mention this so I assume you wanted me to delete these items.    Today while I was online, my desktop background picture dissapeared and it was replaced with the generic blue desk top background.  I didnt do this.  Im not sure if this virus has anything to do with that or not but it was strange.  
 
 
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 29-12-2013
Ran by User at 2013-12-28 23:13:25 Run:1
Running from C:\Documents and Settings\User\Desktop
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
S4 IntelIde; No ImagePath
S1 MpKsle003af5f; \??\c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E9C347E2-CAED-4639-9794-C03DA486E296}\MpKsle003af5f.sys [x]
S3 USBAAPL; System32\Drivers\usbaapl.sys [x]
U1 WS2IFSL; 
C:\RECYCLER\S-1-5-21-1659004503-1450960922-1801674531-1003\$e83741875bdca53d9d00a9bfad20e478
C:\Documents and Settings\User\Local Settings\Application Data\{e8374187-5bdc-a53d-9d00-a9bfad20e478}
C:\Documents and Settings\User\Local Settings\Application Data\{e8374187-5bdc-a53d-9d00-a9bfad20e478}\@
C:\Documents and Settings\User\Local Settings\Temp\aol-messaging_toolbar17F.exe
C:\Documents and Settings\User\Local Settings\Temp\AskSLib.dll
C:\Documents and Settings\User\Local Settings\Temp\converter.exe
C:\Documents and Settings\User\Local Settings\Temp\Dll32.dll
C:\Documents and Settings\User\Local Settings\Temp\Imp16d20.dll
C:\Documents and Settings\User\Local Settings\Temp\jre-6u33-windows-i586-iftw.exe
C:\Documents and Settings\User\Local Settings\Temp\jre-7u17-windows-i586-iftw.exe
C:\Documents and Settings\User\Local Settings\Temp\ose00000.exe
C:\Documents and Settings\User\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\User\Local Settings\Temp\RSPUpgradeInstaller.exe
C:\Documents and Settings\User\Local Settings\Temp\SkypeSetup.exe
C:\Documents and Settings\User\Local Settings\Temp\Ssdevm.dll
C:\Documents and Settings\User\Local Settings\Temp\Ssuiext.dll
C:\Documents and Settings\User\Local Settings\Temp\Ssusbpn.dll
C:\Documents and Settings\User\Local Settings\Temp\Sswiadrv.dll
C:\Documents and Settings\User\Local Settings\Temp\Tab16d20.dll
C:\Documents and Settings\User\Local Settings\Temp\WIAEH.dll
C:\Documents and Settings\User\Local Settings\Temp\WIAIPH.dll
C:\Documents and Settings\User\Local Settings\Temp\WIASTIIO.dll
C:\Documents and Settings\User\Local Settings\Temp\YontooSetup-Silent.exe
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:D5FBE8F9
*****************
 
IntelIde => Service deleted successfully.
MpKsle003af5f => Service deleted successfully.
USBAAPL => Service deleted successfully.
WS2IFSL => Service deleted successfully.
C:\RECYCLER\S-1-5-21-1659004503-1450960922-1801674531-1003\$e83741875bdca53d9d00a9bfad20e478 => Moved successfully.
C:\Documents and Settings\User\Local Settings\Application Data\{e8374187-5bdc-a53d-9d00-a9bfad20e478} => Moved successfully.
"C:\Documents and Settings\User\Local Settings\Application Data\{e8374187-5bdc-a53d-9d00-a9bfad20e478}\@" => File/Directory not found.
C:\Documents and Settings\User\Local Settings\Temp\aol-messaging_toolbar17F.exe => Moved successfully.
C:\Documents and Settings\User\Local Settings\Temp\AskSLib.dll => Moved successfully.
C:\Documents and Settings\User\Local Settings\Temp\converter.exe => Moved successfully.
C:\Documents and Settings\User\Local Settings\Temp\Dll32.dll => Moved successfully.
C:\Documents and Settings\User\Local Settings\Temp\Imp16d20.dll => Moved successfully.
C:\Documents and Settings\User\Local Settings\Temp\jre-6u33-windows-i586-iftw.exe => Moved successfully.
C:\Documents and Settings\User\Local Settings\Temp\jre-7u17-windows-i586-iftw.exe => Moved successfully.
C:\Documents and Settings\User\Local Settings\Temp\ose00000.exe => Moved successfully.
C:\Documents and Settings\User\Local Settings\Temp\Quarantine.exe => Moved successfully.
C:\Documents and Settings\User\Local Settings\Temp\RSPUpgradeInstaller.exe => Moved successfully.
C:\Documents and Settings\User\Local Settings\Temp\SkypeSetup.exe => Moved successfully.
C:\Documents and Settings\User\Local Settings\Temp\Ssdevm.dll => Moved successfully.
C:\Documents and Settings\User\Local Settings\Temp\Ssuiext.dll => Moved successfully.
C:\Documents and Settings\User\Local Settings\Temp\Ssusbpn.dll => Moved successfully.
C:\Documents and Settings\User\Local Settings\Temp\Sswiadrv.dll => Moved successfully.
C:\Documents and Settings\User\Local Settings\Temp\Tab16d20.dll => Moved successfully.
C:\Documents and Settings\User\Local Settings\Temp\WIAEH.dll => Moved successfully.
C:\Documents and Settings\User\Local Settings\Temp\WIAIPH.dll => Moved successfully.
C:\Documents and Settings\User\Local Settings\Temp\WIASTIIO.dll => Moved successfully.
C:\Documents and Settings\User\Local Settings\Temp\YontooSetup-Silent.exe => Moved successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":D5FBE8F9" ADS removed successfully.
 
==== End of Fixlog ====
 
RogueKiller V8.8.0 [Dec 27 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : User [Admin rights]
Mode : Scan -- Date : 12/28/2013 23:26:58
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] UA.exe -- C:\Documents and Settings\User\Application Data\VERIZON\UA_ar\UA.exe [7] -> KILLED [TermProc]
 
¤¤¤ Registry Entries : 4 ¤¤¤
[PROXY IE][PUM] HKCU\[...]\Internet Settings : ProxyServer (217.96.70.150:8080 [Country: , City: ]) -> FOUND
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Startup Entries : 1 ¤¤¤
[User][SUSP UNIC] Verizon Wireless Software Utility Application for Android ?? Samsung.lnk : C:\Documents and Settings\User\Start Menu\Programs\Startup\Verizon Wireless Software Utility Application for Android ?? Samsung.lnk [-] -> FOUND
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Browser Addons : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [NOT LOADED 0xc0000033] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
127.0.0.1       localhost
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD3200BEKT-08PVMT1 +++++
--- User ---
[MBR] a1a5f2bc405d145d922da13fae78cc50
[BSP] 930245fa3d6afc6fdd1380a6afaf6a81 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 305234 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) WD 7500AAC External USB Device +++++
--- User ---
[MBR] e06ecf94678b1e34d8082f6e8cfabae0
[BSP] ddbc389f175a5247b159064e20d7b948 : Empty MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 63 | Size: 715402 Mo
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )
 
+++++ PhysicalDrive2: (\\.\PHYSICALDRIVE2 @ USB) WD 2500BEV External USB Device +++++
--- User ---
[MBR] 27046bfed13eaece99dd9ad462b0a665
[BSP] d0ec2211ba2260ee6d54a28c5292c11f : Windows XP MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 63 | Size: 238472 Mo
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )
 
Finished : << RKreport[0]_S_12282013_232658.txt >>
 
 
 
 

Edited by chugg, 28 December 2013 - 11:34 PM.


#8 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:10:51 AM

Posted 29 December 2013 - 02:19 AM

  •    
  • Re-Run RogueKiller
       
  • Close all the running processes
       
  • Under Vista/Seven, right click -> Run as Administrator
       
  • Otherwise just double-click on RogueKiller.exe
       
  • When prompted, Click Delete 
       
  • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
       
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again

 

 

How is the machine running now?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#9 chugg

chugg
  • Topic Starter

  • Members
  • 627 posts
  • OFFLINE
  •  
  • Local time:11:51 AM

Posted 29 December 2013 - 02:28 PM

I re ran RogueKiller and nothing came up.  My computer is still taking an extremely long time to shut down but I am however seeing a quicker browser.  Did RogueKiller find viruses earlier?



#10 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:10:51 AM

Posted 29 December 2013 - 03:53 PM

  •    
  • Re-Run RogueKiller
       
  • Close all the running processes
       
  • Under Vista/Seven, right click -> Run as Administrator
       
  • Otherwise just double-click on RogueKiller.exe
       
  • When prompted, Click Fix Proxy 
       
  • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
       
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again

  • 2.
    • Download Malwarebytes Anti-Rootkit from HERE

        
    • Unzip the contents to a folder in a convenient location.
        
    • Open the folder where the contents were unzipped and run mbar.exe
        
    • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
        
    • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
        
    • Wait while the system shuts down and the cleanup process is performed.
        
    • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
        
    • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and /color]
     
    3.
    I'd like us to scan your machine with ESET OnlineScan
    • Hold down Control and click on this link to open ESET OnlineScan in a new window.
    • Click the esetonlinebtn.png  button.
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
      • Double click on the esetsmartinstaller_enu.png
         icon on your desktop.
    • Check "YES, I accept the Terms of Use."
    • Click the Start button.
    • Accept any security warnings from your browser.
    • Under scan settings, check "Scan Archives" and "Remove found threats"
    • Click Advanced settings and select the following:
      • Scan potentially unwanted applications
      • Scan for potentially unsafe applications
      • [color=green]Enable Anti-Stealth technology
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click List Threats
    • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • Click the Back button.
    • Click the Finish button.
    Things to include in your next reply::
    Roguekiller log
    mbar-log.txt
    system-log.txt
    Eset log
    How is your machine running now?

Edited by fireman4it, 29 December 2013 - 03:59 PM.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#11 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:10:51 AM

Posted 02 January 2014 - 12:06 PM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 2-3 days the topic will need to be closed.

Thanks for understanding :)

With Regards,
fireman4it


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#12 chugg

chugg
  • Topic Starter

  • Members
  • 627 posts
  • OFFLINE
  •  
  • Local time:11:51 AM

Posted 02 January 2014 - 12:13 PM

I am still here and need your help.  Your instructions are not on point as far as what really happens in this process.  But I am doing my best and will get back to you shortly.  Thanks!



#13 chugg

chugg
  • Topic Starter

  • Members
  • 627 posts
  • OFFLINE
  •  
  • Local time:11:51 AM

Posted 02 January 2014 - 11:31 PM

Ok so here is the Logs.  I believe everything is below.  Malwarebytes found nothing.   Sorry for the delay.  There were some things that were outside the instructions that happened.  Thank you so much for your help Fireman.  My computer is still shutting down very slow and fairly slow overall.  

 

RogueKiller V8.8.0 [Dec 27 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : User [Admin rights]
Mode : Scan -- Date : 12/30/2013 20:23:40
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 1 ¤¤¤
[PROXY IE][PUM] HKCU\[...]\Internet Settings : ProxyServer (217.96.70.150:8080 [Country: POLAND (PL), City: Koszalin]) -> FOUND
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Browser Addons : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [NOT LOADED 0xc0000033] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
127.0.0.1       localhost
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD3200BEKT-08PVMT1 +++++
--- User ---
[MBR] a1a5f2bc405d145d922da13fae78cc50
[BSP] 930245fa3d6afc6fdd1380a6afaf6a81 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 305234 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) WD 7500AAC External USB Device +++++
--- User ---
[MBR] e06ecf94678b1e34d8082f6e8cfabae0
[BSP] ddbc389f175a5247b159064e20d7b948 : Empty MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 63 | Size: 715402 Mo
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )
 
+++++ PhysicalDrive2: (\\.\PHYSICALDRIVE2 @ USB) WD 2500BEV External USB Device +++++
--- User ---
[MBR] 27046bfed13eaece99dd9ad462b0a665
[BSP] d0ec2211ba2260ee6d54a28c5292c11f : Windows XP MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 63 | Size: 238472 Mo
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )
 
Finished : << RKreport[0]_S_12302013_202340.txt >>
RKreport[0]_D_12302013_114147.txt;RKreport[0]_S_12302013_113328.txt
 
 
Malwarebytes Anti-Rootkit BETA 1.07.0.1008
www.malwarebytes.org
 
Database version: v2013.12.30.09
 
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
User :: USER-3D7C2733C7 [administrator]
 
12/30/2013 9:26:40 PM
mbar-log-2013-12-30 (21-26-40).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 267189
Time elapsed: 1 hour(s), 50 minute(s), 17 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)
 
 
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1008
 
© Malwarebytes Corporation 2011-2012
 
OS version: 5.1.2600 Windows XP Service Pack 3 x86
 
Account is Administrative
 
Internet Explorer version: 8.0.6001.18702
 
Java version: 1.6.0_33
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED, F:\ DRIVE_FIXED
CPU speed: 1.795000 GHz
Memory total: 3479482368, free: 2528022528
 
Downloaded database version: v2013.12.30.09
Downloaded database version: v2013.12.18.01
=======================================
Initializing...
------------ Kernel report ------------
     12/30/2013 21:26:28
------------ Loaded modules -----------
\WINDOWS\system32\ntkrnlpa.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
ohci1394.sys
\WINDOWS\system32\DRIVERS\1394BUS.SYS
compbatt.sys
\WINDOWS\system32\DRIVERS\BATTC.SYS
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
pcmcia.sys
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
ACPIEC.sys
\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
VolSnap.sys
atapi.sys
iaStor.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltMgr.sys
sr.sys
KSecDD.sys
WudfPf.sys
Ntfs.sys
inspect.sys
\WINDOWS\System32\DRIVERS\NDIS.SYS
\WINDOWS\System32\DRIVERS\TDI.SYS
Mup.sys
\SystemRoot\system32\DRIVERS\nic1394.sys
\SystemRoot\system32\DRIVERS\tunmp.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\hotkey.sys
\SystemRoot\system32\DRIVERS\WDFLDR.SYS
\SystemRoot\system32\DRIVERS\Wdf01000.sys
\SystemRoot\system32\DRIVERS\newmisc.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\igxpmp32.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\e1e5132.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\NETw5x32.sys
\SystemRoot\system32\DRIVERS\sdbus.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\IFXTPM.SYS
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\rdpdr.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\drivers\ADIHdAud.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\AEAudio.sys
\SystemRoot\system32\DRIVERS\HSFHWAZL.sys
\SystemRoot\system32\DRIVERS\HSF_DPV.sys
\SystemRoot\system32\DRIVERS\HSF_CNXT.sys
\SystemRoot\System32\Drivers\Modem.SYS
\SystemRoot\System32\DRIVERS\cmdguard.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\System32\DRIVERS\cmdhlp.sys
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\tcpip6.sys
\SystemRoot\system32\DRIVERS\arp1394.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\Ip6Fw.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\System32\Drivers\Udfs.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\igxpgd32.dll
\SystemRoot\System32\igxprd32.dll
\SystemRoot\System32\igxpdv32.DLL
\SystemRoot\System32\igxpdx32.DLL
\SystemRoot\System32\Drivers\Fastfat.SYS
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\mrxdav.sys
\SystemRoot\system32\DRIVERS\mdmxsdk.sys
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\system32\drivers\kmixer.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR3
Upper Device Object: 0xffffffff8a0deab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000094\
Lower Device Object: 0xffffffff8a2a4030
Lower Device Driver Name: \Driver\usbstor\
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR2
Upper Device Object: 0xffffffff8a29d6a0
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000093\
Lower Device Object: 0xffffffff8a195030
Lower Device Driver Name: \Driver\usbstor\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8ae0cab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-0\
Lower Device Object: 0xffffffff8ade3030
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8ae0cab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8ade8958, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8ae0cab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8ade9a18, DeviceName: \Device\00000084\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff8ade3030, DeviceName: \Device\Ide\IAAStorageDevice-0\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 531E2E2A
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63  Numsec = 625121217
    Partition file system is NTFS
    Partition is bootable
 
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 320072933376 bytes
Sector size: 512 bytes
 
Scanning physical sectors of unpartitioned space on drive 0 (1-62-625122448-625142448)...
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffffff8a29d6a0, DeviceName: \Device\Harddisk1\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a2a0538, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a29d6a0, DeviceName: \Device\Harddisk1\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a195030, DeviceName: \Device\00000093\, DriverName: \Driver\usbstor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR2\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 465232C5
 
Partition information:
 
    Partition 0 type is Other (0xc)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63  Numsec = 1465144002
 
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 750156374016 bytes
Sector size: 512 bytes
 
Done!
Physical Sector Size: 512
Drive: 2, DevicePointer: 0xffffffff8a0deab8, DeviceName: \Device\Harddisk2\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a0c7020, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a0deab8, DeviceName: \Device\Harddisk2\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a2a4030, DeviceName: \Device\00000094\, DriverName: \Driver\usbstor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk2\DR3\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 2
Scanning MBR on drive 2...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 5B6AC646
 
Partition information:
 
    Partition 0 type is Other (0xc)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63  Numsec = 488392002
 
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 250059350016 bytes
Sector size: 512 bytes
 
Done!
Read File: File "C:\Documents and Settings\LocalService\Cookies\index.dat" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NetworkService\Cookies\index.dat" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\User\Cookies\index.dat" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\User\Local Settings\History\History.IE5\index.dat" is compressed (flags = 1)
Scan finished
=======================================
 
 
Removal queue found; removal started
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_63_i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR_1_i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR_1_r.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR_2_i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR_2_r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1008
 
© Malwarebytes Corporation 2011-2012
 
OS version: 5.1.2600 Windows XP Service Pack 3 x86
 
Account is Administrative
 
Internet Explorer version: 8.0.6001.18702
 
Java version: 1.6.0_33
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED, F:\ DRIVE_FIXED
CPU speed: 1.795000 GHz
Memory total: 3479482368, free: 3042516992
 
=======================================
 
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CDEJ4TY7\upgrade[1].cab a variant of Win32/Adware.OneStep.AT application deleted - quarantined
C:\Documents and Settings\User\Application Data\Sun\Java\Deployment\cache\6.0\15\3ea77acf-6add4f9b Java/Exploit.Agent.NBS trojan cleaned by deleting - quarantined
C:\Documents and Settings\User\Application Data\Sun\Java\Deployment\cache\6.0\19\59339ad3-2581dde4 multiple threats cleaned by deleting - quarantined
C:\Documents and Settings\User\Application Data\Sun\Java\Deployment\cache\6.0\28\73a121c-27418a92 Java/Exploit.Agent.NBS trojan cleaned by deleting - quarantined
C:\Documents and Settings\User\Application Data\Sun\Java\Deployment\cache\6.0\35\34d98ea3-1c8762b4 Java/Exploit.CVE-2012-1723.CB trojan cleaned by deleting - quarantined
C:\Documents and Settings\User\Application Data\Sun\Java\Deployment\cache\6.0\5\1376fac5-5658d603 multiple threats cleaned by deleting - quarantined
C:\Documents and Settings\User\Application Data\Sun\Java\Deployment\cache\6.0\60\5161cc3c-27483dc6 multiple threats cleaned by deleting - quarantined
C:\Documents and Settings\User\Desktop\Rarely Used\Ultimate_Toolbox\Bruteforce Tools\Access Driver v4.402\ad4.402.installer.exe a variant of Win32/NetTool.AccessDiver.AA application cleaned by deleting - quarantined
C:\Documents and Settings\User\Desktop\Rarely Used\Ultimate_Toolbox\Decrypting Tools\John the Ripper 1.7.0.1.zip Win32/HackTool.John application deleted - quarantined
C:\Documents and Settings\User\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\45\552e626d-40e835fa a variant of Java/Exploit.CVE-2012-5076.A trojan cleaned by deleting - quarantined
C:\Documents and Settings\User\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\50\216c5eb2-5554fb1f multiple threats cleaned by deleting - quarantined
C:\Documents and Settings\User\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\9\1b9ddc9-7c862b4d a variant of Java/Exploit.CVE-2012-1723.IM trojan cleaned by deleting - quarantined
C:\Documents and Settings\User\Local Settings\Temp\jar_cache6705376336072974900.tmp multiple threats cleaned by deleting - quarantined
C:\Documents and Settings\User\Local Settings\Temp\jar_cache8017040794243003118.tmp a variant of Java/TrojanDownloader.Agent.NDJ trojan cleaned by deleting - quarantined
C:\Documents and Settings\User\Local Settings\Temp\Offercast2802_WBV5_.exe a variant of Win32/Bundled.Toolbar.Ask.D application cleaned by deleting - quarantined
C:\FRST\Quarantine\AskSLib.dll a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\FRST\Quarantine\YontooSetup-Silent.exe multiple threats cleaned by deleting - quarantined
C:\WINDOWS\Installer\11d92b.msi a variant of Win32/Bundled.Toolbar.Ask.D application deleted - quarantined
F:\System Volume Information\_restore{075E3FCB-CC9D-40B6-980D-E1451D91FCA0}\RP710\A0133132.exe a variant of Win32/NetTool.AccessDiver.AA application cleaned by deleting - quarantined
F:\rarely used\MUSIC 2\make love in this club dirty .mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined
 


#14 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:10:51 AM

Posted 02 January 2014 - 11:55 PM

1.

  •    
  • Re-Run RogueKiller
       
  • Close all the running processes
       
  • Under Vista/Seven, right click -> Run as Administrator
       
  • Otherwise just double-click on RogueKiller.exe
       
  • When prompted, Click Fix Proxy 
       
  • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
       
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again

 

 

2.

We need to download Temp File Cleaner (TFC) by OldTimer:

  • Please download TFC.exe by Oldtimer at one of the two links: Link 1 Link 2
  • Save and close all running applications
  • Double-click on TFC.exe to run the program
  • Click on Start to begin the cleaning process
    note: this program may close running applications, make your screen disappear temporarily, or require a reboot of your PC - this is normal and part of the cleanup
  • When the scan is complete, if you were not asked to reboot the computer, please do so now


More Information can be found about the tool here: http://www.geekstogo.com/forum/files/file/187-tfc-temp-file-cleaner-by-oldtimer/

 

3.

ownload Security Check by screen317 from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

 

4.

  • Please download and save HardwareInfo to you desktop.
  • Double click HardwareInfo it will produce a log named HardwareInfo.txt.
  • Copy and paste that log in your next reply.

 

 

5.

Download Windows Repair (all in one) from this site

Install the program then run it.

Go to Step 2 and allow it to run CheckDisk by clicking on Do It button:

p22001645.gif



Once that is done then go to Step 3 and allow it to run System File Check by clicking on Do It button:

p22001646.gif


Go to Step 4 and under "System Restore" click on Create button:

p22001644.gif


Go to Start Repairs tab and click Start button.

p22001166.gif


Please ensure that ONLY items seen in the image below are ticked as indicated (they're all checked by default):

p22001647.gif

Click on box next to the Restart System when Finished. Then click on Start.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#15 chugg

chugg
  • Topic Starter

  • Members
  • 627 posts
  • OFFLINE
  •  
  • Local time:11:51 AM

Posted 05 January 2014 - 06:04 PM

I am having a problem.  I got to this step "Once that is done then go to Step 3 and allow it to run System File Check by clicking on Do It button:" and it wants me to insert my windows disk and I dont have one.  It says now windows may ask me to do so later.  I hope it doesnt.  I am now stuck.  I am stuck at step 3 on windows repair. 


Edited by chugg, 05 January 2014 - 06:18 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users