Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware or torjan (.Ink)


  • This topic is locked This topic is locked
8 replies to this topic

#1 curiousmech

curiousmech

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:11 AM

Posted 04 January 2014 - 07:53 AM

Greetings,

The problem that i ve been facing for 1 month is that everytime i connect any portable device may it be a cellphone or a usb, their creates the shortcuts of all the folder present in the device and is termed as .Ink
the folder doesnt open directly but have to explore it by right clicking the mouse button.
Please anybody help me to get rid of this problem also Avast antivirus currently installed in my PC canno detect it.

Regards



BC AdBot (Login to Remove)

 


#2 curiousmech

curiousmech
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:11 AM

Posted 06 January 2014 - 03:16 PM

ok so i did the following steps

i formatted my usb, connected it to friend's pc then after transferring files i ejected it out, plugged the usnb into my PC and scanned it and then opened the folder then also again all the files turned into shortcuts that is .lnk extension
Please tell me how to solve this problem?



#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,658 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:11 PM

Posted 09 January 2014 - 07:55 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/519600 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,658 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:11 PM

Posted 14 January 2014 - 07:55 AM

Hello again!

I haven't heard from you in 5 days. Therefore, I am going to assume that you no longer need our help, and close this topic.

If you do still need help, please send a Private Message to any Moderator within the next five days. Be sure to include a link to your topic in your Private Message.

Thank you for using Bleeping Computer, and have a great day!

#5 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:11 PM

Posted 04 February 2014 - 04:31 PM

Hi,
 
don't open any of these shortcuts that get created anymore. This always leads to a reinfection of your computer that the flash drive is plugged in.
We'll clean your computer first and afterwards your flash drives.


Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)

  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.


#6 curiousmech

curiousmech
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:11 AM

Posted 09 February 2014 - 02:53 PM

 

Hi,
 
don't open any of these shortcuts that get created anymore. This always leads to a reinfection of your computer that the flash drive is plugged in.
We'll clean your computer first and afterwards your flash drives.


Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)

  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.

 

Thnaks , Please see the following logs and kindly tell me what to do next?

 

FRST.TXT

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-02-2014 02
Ran by cm (administrator) on CM-PC on 10-02-2014 00:49:48
Running from C:\Users\cm\Downloads
Microsoft Windows 7 Ultimate  (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5074384 2012-11-26] (ESET)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] - rmdir /s /q "\SearchProtect"
HKU\S-1-5-21-3323180671-3586117616-3383498440-1000\...\Run: [NextLive] - C:\Windows\system32\rundll32.exe "C:\Users\cm\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
HKU\S-1-5-21-3323180671-3586117616-3383498440-1000\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [354304 2009-07-13] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com/?ctid=CT3282698&octid=CT3282698&SearchSource=61&CUI=UN42146394113035228&UM=4&UP=SPD3227741-475D-4F52-9B3F-D6E6F0EDDDF4&SSPV=
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xD7BA5005601DCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
SearchScopes: HKLM - DefaultScope {D59CB26D-445D-4CE8-A623-2E5B852F2C24} URL =
SearchScopes: HKCU - DefaultScope {D59CB26D-445D-4CE8-A623-2E5B852F2C24} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3282698&CUI=UN42146394113035228&UM=4
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
SearchScopes: HKCU - {D59CB26D-445D-4CE8-A623-2E5B852F2C24} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3282698&CUI=UN42146394113035228&UM=4
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\cm\AppData\Roaming\Mozilla\Firefox\Profiles\q42opiag.default
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.4 - C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\sweettunes_search.xml
FF Extension: SweetTunes1  - C:\Users\cm\AppData\Roaming\Mozilla\Firefox\Profiles\q42opiag.default\Extensions\{f9d1c08c-2031-4e6c-ab51-50330ac2d988} [2014-01-29]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2014-02-05]

========================== Services (Whitelisted) =================

R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [1329304 2012-11-26] (ESET)

==================== Drivers (Whitelisted) ====================

R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [170656 2012-10-23] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [121216 2012-10-23] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [104712 2012-10-23] (ESET)
S3 catchme; \??\C:\Users\cm\AppData\Local\Temp\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-10 00:49 - 2014-02-10 00:50 - 00005788 _____ () C:\Users\cm\Downloads\FRST.txt
2014-02-10 00:49 - 2014-02-10 00:49 - 00000000 ____D () C:\FRST
2014-02-10 00:48 - 2014-02-10 00:49 - 01138688 _____ (Farbar) C:\Users\cm\Downloads\FRST.exe
2014-02-10 00:45 - 2014-02-10 00:49 - 24677393 _____ () C:\Users\cm\Downloads\vlc-2.1.3-win32.exe
2014-02-10 00:38 - 2014-02-10 00:41 - 1519863650 _____ () C:\Users\cm\Downloads\Bad Grandpa 2013 HDRIP x264 AC3 TiTAN-muxed.mkv
2014-02-08 13:41 - 2014-02-08 13:49 - 90200747 _____ () C:\Users\cm\Downloads\sloc241c.zip
2014-02-08 12:48 - 2014-02-10 00:26 - 00000000 ____D () C:\Users\cm\Documents\test c++
2014-02-08 12:44 - 2014-02-08 13:39 - 00000000 ____D () C:\Users\cm\AppData\Roaming\Dev-Cpp
2014-02-08 12:44 - 2014-02-08 12:44 - 00000000 ____D () C:\Dev-Cpp
2014-02-07 23:28 - 2014-02-07 23:28 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-02-07 23:28 - 2014-02-07 23:28 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-02-07 23:28 - 2014-02-07 23:28 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-02-07 23:28 - 2014-02-07 23:28 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-02-07 23:28 - 2014-02-07 23:28 - 00000000 ____D () C:\ProgramData\Sun
2014-02-07 23:28 - 2014-02-07 23:28 - 00000000 ____D () C:\ProgramData\Oracle
2014-02-07 23:28 - 2014-02-07 23:28 - 00000000 ____D () C:\Program Files\Java
2014-02-07 23:28 - 2014-02-07 23:28 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-02-07 19:54 - 2014-02-08 00:11 - 00000000 ____D () C:\Users\cm\Documents\New folder
2014-02-07 19:29 - 2014-02-07 19:29 - 00000000 ____D () C:\Users\Public\Documents\Downloaded Data Sheets
2014-02-07 19:29 - 2014-02-07 19:29 - 00000000 ____D () C:\Users\cm\AppData\Local\Labcenter Electronics
2014-02-07 19:26 - 2014-02-07 19:27 - 00000000 ____D () C:\Program Files\Common Files\Labcenter Electronics
2014-02-07 19:26 - 2014-02-07 19:26 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-02-07 19:26 - 2014-02-07 19:26 - 00000000 ____D () C:\Program Files\Labcenter Electronics
2014-02-07 19:26 - 2007-06-24 12:19 - 01048576 _____ (Blue Sky Software Corporation.) C:\Windows\system32\ROBOEX32.DLL
2014-02-07 19:26 - 2007-06-24 12:19 - 00054784 _____ (Blue Sky Software Corporation.) C:\Windows\system32\INETWH32.DLL
2014-02-07 19:25 - 2014-02-07 19:25 - 00000000 ____D () C:\Users\cm\AppData\Roaming\InstallShield
2014-02-06 18:22 - 2014-02-06 18:23 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-05 00:48 - 2014-02-05 00:48 - 00000000 ____D () C:\Users\cm\AppData\Local\ESET
2014-02-05 00:40 - 2014-02-05 00:40 - 00000000 ____D () C:\ProgramData\ESET
2014-02-05 00:40 - 2014-02-05 00:40 - 00000000 ____D () C:\Program Files\ESET
2014-02-05 00:39 - 2014-02-10 00:26 - 01013864 ____N () C:\Windows\WindowsUpdate.log
2014-02-05 00:35 - 2014-02-05 00:36 - 00014982 _____ () C:\Users\cm\Documents\cc_20140205_003555.reg
2014-02-05 00:33 - 2014-02-05 00:33 - 00006564 _____ () C:\ComboFix.txt
2014-02-05 00:24 - 2014-02-05 00:24 - 00000000 ____D () C:\Program Files\CCleaner
2014-02-05 00:23 - 2014-02-05 00:24 - 04721920 _____ (Piriform Ltd) C:\Users\cm\Downloads\ccsetup410.exe
2014-02-05 00:10 - 2011-06-25 22:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-02-05 00:10 - 2010-11-07 09:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-02-05 00:10 - 2009-04-19 20:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-02-05 00:10 - 2000-08-30 16:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-02-05 00:10 - 2000-08-30 16:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-02-05 00:10 - 2000-08-30 16:00 - 00098816 _____ () C:\Windows\sed.exe
2014-02-05 00:10 - 2000-08-30 16:00 - 00080412 _____ () C:\Windows\grep.exe
2014-02-05 00:10 - 2000-08-30 16:00 - 00068096 _____ () C:\Windows\zip.exe
2014-02-05 00:09 - 2014-02-05 00:33 - 00000000 ____D () C:\Qoobox
2014-02-05 00:08 - 2014-02-05 00:15 - 00000000 ____D () C:\Windows\erdnt
2014-02-04 23:58 - 2014-02-08 12:45 - 00000000 ____D () C:\Users\cm\Downloads\pdf
2014-02-04 22:54 - 2014-02-10 00:44 - 00000000 ____D () C:\Users\cm\AppData\Roaming\uTorrent
2014-02-02 17:53 - 2014-02-02 18:23 - 00000000 ____D () C:\Users\cm\Desktop\poster
2014-02-01 14:11 - 2014-02-02 01:50 - 00000000 ____D () C:\Users\cm\AppData\Roaming\Skype
2014-02-01 14:10 - 2014-02-01 14:10 - 00002503 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-02-01 14:10 - 2014-02-01 14:10 - 00000000 ___RD () C:\Program Files\Skype
2014-02-01 14:10 - 2014-02-01 14:10 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-02-01 14:09 - 2014-02-01 14:10 - 00000000 ____D () C:\ProgramData\Skype
2014-02-01 13:18 - 2014-02-01 13:18 - 00000000 ____D () C:\Users\cm\AppData\Roaming\TuneUp Software
2014-02-01 13:17 - 2014-02-01 13:19 - 00000000 ____D () C:\ProgramData\TuneUp Software
2014-02-01 13:17 - 2014-02-01 13:17 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-02-01 13:05 - 2014-02-01 13:09 - 00000000 ____D () C:\Users\cm\AppData\Roaming\rmi
2014-01-29 18:27 - 2014-02-10 00:25 - 00000000 ____D () C:\Users\cm\AppData\Roaming\newnext.me
2014-01-29 18:27 - 2014-01-29 18:38 - 00000000 ____D () C:\Users\cm\AppData\Local\Mobogenie
2014-01-29 18:27 - 2014-01-29 18:32 - 00000000 ____D () C:\Users\cm\AppData\Local\cache
2014-01-29 18:27 - 2014-01-29 18:27 - 00000000 ____D () C:\Users\cm\AppData\Local\genienext
2014-01-29 18:27 - 2014-01-29 18:27 - 00000000 ____D () C:\Users\cm\.android
2014-01-29 18:27 - 2014-01-29 18:27 - 00000000 _____ () C:\Users\cm\daemonprocess.txt
2014-01-29 18:19 - 2014-01-29 18:19 - 00000000 ____D () C:\Windows\system32\SearchProtect
2014-01-29 18:16 - 2014-01-30 21:21 - 00000000 ____D () C:\Users\cm\AppData\Local\Conduit
2014-01-29 18:16 - 2014-01-29 18:16 - 00000000 ____D () C:\ProgramData\Conduit
2014-01-29 18:16 - 2014-01-29 18:16 - 00000000 ____D () C:\Program Files\Conduit
2014-01-29 18:06 - 2014-02-01 13:09 - 00000000 ____D () C:\Users\cm\AppData\Roaming\OpenCandy
2014-01-28 19:19 - 2014-02-01 14:20 - 00049566 _____ () C:\Users\cm\Documents\INDUS WATER TREATY.pptx
2014-01-28 19:19 - 2014-01-28 19:19 - 00000165 ____H () C:\Users\cm\Documents\~$INDUS WATER TREATY.pptx
2014-01-22 00:15 - 2014-01-22 22:42 - 00001328 _____ () C:\Users\cm\Downloads\chaser.ASM
2014-01-19 14:15 - 2014-01-19 14:15 - 00001068 _____ () C:\Users\Public\Desktop\Picasa 3.lnk
2014-01-19 14:14 - 2014-01-19 14:15 - 00000000 ____D () C:\Users\cm\AppData\Local\Google
2014-01-19 14:13 - 2014-01-19 14:14 - 00000000 ____D () C:\Program Files\Google
2014-01-17 22:28 - 2014-01-17 22:28 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2014-01-16 23:04 - 2014-01-16 23:04 - 00114176 _____ () C:\Users\cm\Downloads\20131119_Schedule_SP14.xls
2014-01-15 22:39 - 2014-01-15 23:32 - 00000000 ____D () C:\Users\cm\Downloads\ESET Smart Security 5 & ESET NOD32 AntiVirus 5 + Crack (English)(32 and 64 Bit) - PSYKO666
2014-01-15 22:38 - 2014-01-15 22:38 - 01390624 _____ () C:\Users\cm\Downloads\box, mara-fix v1.6.rar
2014-01-15 22:37 - 2014-01-15 23:11 - 140403609 _____ () C:\Users\cm\Downloads\ESET NOD32 Antivirus 6.0.306.0 + ESET PureFix 2.03.rar
2014-01-15 01:14 - 2014-01-15 01:14 - 00000600 _____ () C:\Users\cm\PUTTY.RND
2014-01-14 23:37 - 2014-01-14 23:37 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2014-01-14 16:21 - 2014-01-14 16:24 - 00000000 ____D () C:\Users\cm\Downloads\Sherlock.S03E03.HDTV.x264-ChameE
2014-01-14 16:16 - 2014-02-08 12:45 - 00000000 ____D () C:\Users\cm\Downloads\Movies

==================== One Month Modified Files and Folders =======

2014-02-10 00:50 - 2014-02-10 00:49 - 00005788 _____ () C:\Users\cm\Downloads\FRST.txt
2014-02-10 00:49 - 2014-02-10 00:49 - 00000000 ____D () C:\FRST
2014-02-10 00:49 - 2014-02-10 00:48 - 01138688 _____ (Farbar) C:\Users\cm\Downloads\FRST.exe
2014-02-10 00:49 - 2014-02-10 00:45 - 24677393 _____ () C:\Users\cm\Downloads\vlc-2.1.3-win32.exe
2014-02-10 00:44 - 2014-02-04 22:54 - 00000000 ____D () C:\Users\cm\AppData\Roaming\uTorrent
2014-02-10 00:43 - 2014-01-08 00:00 - 00000000 ____D () C:\Program Files\VideoLAN
2014-02-10 00:41 - 2014-02-10 00:38 - 1519863650 _____ () C:\Users\cm\Downloads\Bad Grandpa 2013 HDRIP x264 AC3 TiTAN-muxed.mkv
2014-02-10 00:32 - 2009-07-13 20:34 - 00016944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-10 00:32 - 2009-07-13 20:34 - 00016944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-10 00:29 - 2014-01-07 23:52 - 00713888 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-10 00:26 - 2014-02-08 12:48 - 00000000 ____D () C:\Users\cm\Documents\test c++
2014-02-10 00:26 - 2014-02-05 00:39 - 01013864 ____N () C:\Windows\WindowsUpdate.log
2014-02-10 00:25 - 2014-01-29 18:27 - 00000000 ____D () C:\Users\cm\AppData\Roaming\newnext.me
2014-02-10 00:25 - 2009-07-13 20:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-08 13:49 - 2014-02-08 13:41 - 90200747 _____ () C:\Users\cm\Downloads\sloc241c.zip
2014-02-08 13:39 - 2014-02-08 12:44 - 00000000 ____D () C:\Users\cm\AppData\Roaming\Dev-Cpp
2014-02-08 12:45 - 2014-02-04 23:58 - 00000000 ____D () C:\Users\cm\Downloads\pdf
2014-02-08 12:45 - 2014-01-14 16:16 - 00000000 ____D () C:\Users\cm\Downloads\Movies
2014-02-08 12:44 - 2014-02-08 12:44 - 00000000 ____D () C:\Dev-Cpp
2014-02-08 01:53 - 2014-01-08 00:01 - 00000000 ____D () C:\Users\cm\AppData\Roaming\vlc
2014-02-08 00:11 - 2014-02-07 19:54 - 00000000 ____D () C:\Users\cm\Documents\New folder
2014-02-07 23:28 - 2014-02-07 23:28 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-02-07 23:28 - 2014-02-07 23:28 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-02-07 23:28 - 2014-02-07 23:28 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-02-07 23:28 - 2014-02-07 23:28 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-02-07 23:28 - 2014-02-07 23:28 - 00000000 ____D () C:\ProgramData\Sun
2014-02-07 23:28 - 2014-02-07 23:28 - 00000000 ____D () C:\ProgramData\Oracle
2014-02-07 23:28 - 2014-02-07 23:28 - 00000000 ____D () C:\Program Files\Java
2014-02-07 23:28 - 2014-02-07 23:28 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-02-07 19:29 - 2014-02-07 19:29 - 00000000 ____D () C:\Users\Public\Documents\Downloaded Data Sheets
2014-02-07 19:29 - 2014-02-07 19:29 - 00000000 ____D () C:\Users\cm\AppData\Local\Labcenter Electronics
2014-02-07 19:27 - 2014-02-07 19:26 - 00000000 ____D () C:\Program Files\Common Files\Labcenter Electronics
2014-02-07 19:26 - 2014-02-07 19:26 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-02-07 19:26 - 2014-02-07 19:26 - 00000000 ____D () C:\Program Files\Labcenter Electronics
2014-02-07 19:25 - 2014-02-07 19:25 - 00000000 ____D () C:\Users\cm\AppData\Roaming\InstallShield
2014-02-07 19:23 - 2014-01-08 00:00 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-02-06 18:23 - 2014-02-06 18:22 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-05 00:48 - 2014-02-05 00:48 - 00000000 ____D () C:\Users\cm\AppData\Local\ESET
2014-02-05 00:40 - 2014-02-05 00:40 - 00000000 ____D () C:\ProgramData\ESET
2014-02-05 00:40 - 2014-02-05 00:40 - 00000000 ____D () C:\Program Files\ESET
2014-02-05 00:36 - 2014-02-05 00:35 - 00014982 _____ () C:\Users\cm\Documents\cc_20140205_003555.reg
2014-02-05 00:35 - 2014-01-07 23:38 - 00000000 ____D () C:\Windows\Panther
2014-02-05 00:33 - 2014-02-05 00:33 - 00006564 _____ () C:\ComboFix.txt
2014-02-05 00:33 - 2014-02-05 00:09 - 00000000 ____D () C:\Qoobox
2014-02-05 00:32 - 2009-07-13 18:04 - 00000215 _____ () C:\Windows\system.ini
2014-02-05 00:26 - 2014-01-07 23:48 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-02-05 00:24 - 2014-02-05 00:24 - 00000000 ____D () C:\Program Files\CCleaner
2014-02-05 00:24 - 2014-02-05 00:23 - 04721920 _____ (Piriform Ltd) C:\Users\cm\Downloads\ccsetup410.exe
2014-02-05 00:16 - 2009-07-13 18:37 - 00000000 ___RD () C:\Users\Public
2014-02-05 00:15 - 2014-02-05 00:08 - 00000000 ____D () C:\Windows\erdnt
2014-02-04 22:31 - 2014-01-08 00:01 - 00000000 ____D () C:\Program Files\uTorrent
2014-02-03 20:13 - 2009-07-13 18:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-02-02 18:23 - 2014-02-02 17:53 - 00000000 ____D () C:\Users\cm\Desktop\poster
2014-02-02 01:50 - 2014-02-01 14:11 - 00000000 ____D () C:\Users\cm\AppData\Roaming\Skype
2014-02-01 14:20 - 2014-01-28 19:19 - 00049566 _____ () C:\Users\cm\Documents\INDUS WATER TREATY.pptx
2014-02-01 14:10 - 2014-02-01 14:10 - 00002503 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-02-01 14:10 - 2014-02-01 14:10 - 00000000 ___RD () C:\Program Files\Skype
2014-02-01 14:10 - 2014-02-01 14:10 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-02-01 14:10 - 2014-02-01 14:09 - 00000000 ____D () C:\ProgramData\Skype
2014-02-01 13:26 - 2014-01-08 00:41 - 00000000 ____D () C:\Users\cm\AppData\Roaming\Adobe
2014-02-01 13:26 - 2014-01-08 00:37 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-02-01 13:26 - 2014-01-08 00:37 - 00000000 ____D () C:\Program Files\Adobe
2014-02-01 13:19 - 2014-02-01 13:17 - 00000000 ____D () C:\ProgramData\TuneUp Software
2014-02-01 13:18 - 2014-02-01 13:18 - 00000000 ____D () C:\Users\cm\AppData\Roaming\TuneUp Software
2014-02-01 13:17 - 2014-02-01 13:17 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-02-01 13:09 - 2014-02-01 13:05 - 00000000 ____D () C:\Users\cm\AppData\Roaming\rmi
2014-02-01 13:09 - 2014-01-29 18:06 - 00000000 ____D () C:\Users\cm\AppData\Roaming\OpenCandy
2014-01-30 21:21 - 2014-01-29 18:16 - 00000000 ____D () C:\Users\cm\AppData\Local\Conduit
2014-01-29 18:38 - 2014-01-29 18:27 - 00000000 ____D () C:\Users\cm\AppData\Local\Mobogenie
2014-01-29 18:32 - 2014-01-29 18:27 - 00000000 ____D () C:\Users\cm\AppData\Local\cache
2014-01-29 18:27 - 2014-01-29 18:27 - 00000000 ____D () C:\Users\cm\AppData\Local\genienext
2014-01-29 18:27 - 2014-01-29 18:27 - 00000000 ____D () C:\Users\cm\.android
2014-01-29 18:27 - 2014-01-29 18:27 - 00000000 _____ () C:\Users\cm\daemonprocess.txt
2014-01-29 18:27 - 2014-01-07 23:46 - 00000000 ____D () C:\Users\cm
2014-01-29 18:19 - 2014-01-29 18:19 - 00000000 ____D () C:\Windows\system32\SearchProtect
2014-01-29 18:16 - 2014-01-29 18:16 - 00000000 ____D () C:\ProgramData\Conduit
2014-01-29 18:16 - 2014-01-29 18:16 - 00000000 ____D () C:\Program Files\Conduit
2014-01-29 18:07 - 2014-01-08 00:22 - 00000000 ____D () C:\Users\cm\AppData\Local\Adobe
2014-01-28 19:19 - 2014-01-28 19:19 - 00000165 ____H () C:\Users\cm\Documents\~$INDUS WATER TREATY.pptx
2014-01-22 22:42 - 2014-01-22 00:15 - 00001328 _____ () C:\Users\cm\Downloads\chaser.ASM
2014-01-22 00:32 - 2014-01-08 00:42 - 00000000 ____D () C:\Users\cm\Downloads\pickit2
2014-01-19 14:15 - 2014-01-19 14:15 - 00001068 _____ () C:\Users\Public\Desktop\Picasa 3.lnk
2014-01-19 14:15 - 2014-01-19 14:14 - 00000000 ____D () C:\Users\cm\AppData\Local\Google
2014-01-19 14:14 - 2014-01-19 14:13 - 00000000 ____D () C:\Program Files\Google
2014-01-17 22:28 - 2014-01-17 22:28 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2014-01-16 23:04 - 2014-01-16 23:04 - 00114176 _____ () C:\Users\cm\Downloads\20131119_Schedule_SP14.xls
2014-01-15 23:32 - 2014-01-15 22:39 - 00000000 ____D () C:\Users\cm\Downloads\ESET Smart Security 5 & ESET NOD32 AntiVirus 5 + Crack (English)(32 and 64 Bit) - PSYKO666
2014-01-15 23:11 - 2014-01-15 22:37 - 140403609 _____ () C:\Users\cm\Downloads\ESET NOD32 Antivirus 6.0.306.0 + ESET PureFix 2.03.rar
2014-01-15 22:38 - 2014-01-15 22:38 - 01390624 _____ () C:\Users\cm\Downloads\box, mara-fix v1.6.rar
2014-01-15 01:14 - 2014-01-15 01:14 - 00000600 _____ () C:\Users\cm\PUTTY.RND
2014-01-14 23:37 - 2014-01-14 23:37 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2014-01-14 16:24 - 2014-01-14 16:21 - 00000000 ____D () C:\Users\cm\Downloads\Sherlock.S03E03.HDTV.x264-ChameE

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-09 08:44

==================== End Of Log ============================

 

ADDITION.TXT

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 09-02-2014 02
Ran by cm at 2014-02-10 00:50:15
Running from C:\Users\cm\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: ESET NOD32 Antivirus 6.0 (Enabled - Up to date) {77DEAFED-8149-104B-25A1-21771CA47CD1}
AS: ESET NOD32 Antivirus 6.0 (Enabled - Up to date) {CCBF4E09-A773-1FC5-1F11-1A056723366C}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

µTorrent (HKCU Version: 3.3.2.30488 - BitTorrent Inc.)
2007 Microsoft Office Suite Service Pack 2 (SP2) (Version:  - Microsoft) Hidden
Adobe Flash Player 11 Plugin (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader 9.1 (Version: 9.1.0 - Adobe Systems Incorporated)
CCleaner (Version: 4.10 - Piriform)
Dev-C++ 5 beta 9 release (4.9.9.2) (Version:  - )
doPDF 7.2 printer (Version:  - Softland)
EAGLE 6.5.0 (Version: 6.5.0 - CadSoft Computer GmbH)
ESET NOD32 Antivirus (Version: 6.0.306.0 - ESET, spol s r. o.)
Java 7 Update 51 (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (Version: 12.0.6425.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 27.0 (x86 en-US) (Version: 27.0 - Mozilla)
Mozilla Maintenance Service (Version: 27.0 - Mozilla)
Picasa 3 (Version: 3.9 - Google, Inc.)
Proteus 7 Professional (Version: 7.06.0006 - Labcenter Electronics)
Skype™ 6.0 (Version: 6.0.126 - Skype Technologies S.A.)
WinRAR 4.20 (32-bit) (Version: 4.20.0 - win.rar GmbH)

==================== Restore Points  =========================

09-02-2014 16:52:02 Scheduled Checkpoint

==================== Hosts content: ==========================

2009-07-13 18:04 - 2014-02-05 00:14 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {27DA1042-0263-4B7D-8C16-E8E21AD159D8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-01-21] (Piriform Ltd)
Task: {E6FDF83A-01AA-4161-84B8-3D448ACA52B2} - \BackgroundContainer Startup Task No Task File

==================== Loaded Modules (whitelisted) =============

2014-02-06 18:22 - 2014-02-06 18:23 - 03583600 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name: PCI Serial Port
Description: PCI Serial Port
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/09/2014 10:21:33 AM) (Source: EventSystem) (User: )
Description: 80070005EventSystem.EventSubscription{60042969-6CCA-46CD-81D4-22A056C989F3}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}HB_StartScreenSaver

Error: (02/08/2014 06:27:46 PM) (Source: EventSystem) (User: )
Description: 80070005EventSystem.EventSubscription{5C70CD3A-8913-4D93-94F7-79182EF1B930}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}HB_StopScreenSaver

Error: (02/08/2014 10:57:25 AM) (Source: EventSystem) (User: )
Description: 80070005EventSystem.EventSubscription{5C70CD3A-8913-4D93-94F7-79182EF1B930}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}HB_StopScreenSaver

Error: (02/07/2014 07:54:34 PM) (Source: EventSystem) (User: )
Description: 80070005EventSystem.EventSubscription{60042969-6CCA-46CD-81D4-22A056C989F3}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}HB_StartScreenSaver

Error: (02/07/2014 07:26:02 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {6aca946c-611b-4383-b5e9-268558954015}

Error: (02/07/2014 06:50:01 PM) (Source: EventSystem) (User: )
Description: 80070005EventSystem.EventSubscription{5C70CD3A-8913-4D93-94F7-79182EF1B930}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}HB_StopScreenSaver

Error: (02/07/2014 01:20:53 AM) (Source: EventSystem) (User: )
Description: 80070005EventSystem.EventSubscription{5C70CD3A-8913-4D93-94F7-79182EF1B930}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}HB_StopScreenSaver

Error: (02/05/2014 03:43:13 PM) (Source: EventSystem) (User: )
Description: 80070005EventSystem.EventSubscription{60042969-6CCA-46CD-81D4-22A056C989F3}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}HB_StartScreenSaver

Error: (02/05/2014 00:45:50 AM) (Source: EventSystem) (User: )
Description: 80070005EventSystem.EventSubscription{60042969-6CCA-46CD-81D4-22A056C989F3}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}HB_StartScreenSaver

Error: (02/05/2014 00:37:10 AM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)


System errors:
=============
Error: (02/10/2014 00:25:19 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 8:32:15 PM on ‎2/‎9/‎2014 was unexpected.

Error: (02/08/2014 06:08:50 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 4:03:06 PM on ‎2/‎8/‎2014 was unexpected.

Error: (02/08/2014 01:35:20 AM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (02/06/2014 05:43:22 PM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (02/05/2014 02:33:39 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 11:41:59 AM on ‎2/‎5/‎2014 was unexpected.

Error: (02/05/2014 11:23:04 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 2:18:51 AM on ‎2/‎5/‎2014 was unexpected.

Error: (02/05/2014 00:46:54 AM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (02/05/2014 00:46:54 AM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (02/05/2014 00:46:54 AM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (02/05/2014 00:46:54 AM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 96%
Total physical RAM: 980.61 MB
Available physical RAM: 33.92 MB
Total Pagefile: 2004.61 MB
Available Pagefile: 880.92 MB
Total Virtual: 2047.88 MB
Available Virtual: 1899.97 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:39.06 GB) (Free:16.64 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:39.06 GB) (Free:3.32 GB) NTFS
Drive e: () (Fixed) (Total:39.06 GB) (Free:20.68 GB) NTFS
Drive f: (LocaL) (Fixed) (Total:31.82 GB) (Free:1.75 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: 93939393)
Partition 1: (Active) - (Size=39 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=110 GB) - (Type=OF Extended)

==================== End Of Log ============================



#7 curiousmech

curiousmech
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:11 AM

Posted 19 February 2014 - 05:00 AM

 

Hi,
 
don't open any of these shortcuts that get created anymore. This always leads to a reinfection of your computer that the flash drive is plugged in.
We'll clean your computer first and afterwards your flash drives.


Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)

  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.

 

i have posted the required text u have said, please tell me what to do further?



#8 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:11 PM

Posted 19 February 2014 - 08:07 AM

So right now you still have the problem that shortcuts get created when you plug in an usb-stick to this computer?


Step 1

Please download AdwCleaner (by Xplode) and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select "Run As Administrator"
  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a log file (that is saved in C:\AdwCleaner[S#].txt) will open automatically.
    Copy and paste the contents of that logfile in your next reply.

 

 

Step 2

Start FRST with administator privileges.

  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste this log in your next reply.


#9 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:11 PM

Posted 12 March 2014 - 11:58 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users