Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Spyware/Malware issue


  • This topic is locked This topic is locked
51 replies to this topic

#1 Inset irises

Inset irises

  • Members
  • 142 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:17 PM

Posted 17 April 2014 - 08:15 PM

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.45.2
Run by Owner at 18:02:17 on 2014-04-17
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.3574.2736 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\PFU\ScanSnap\Update\SsUWatcher.exe
C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MagicTune Premium\GammaTray.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\PFU\ScanSnap\Driver\PfuSsMon.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\PFU\ScanSnap\SSFolder\SSFolderTray.exe
C:\Documents and Settings\Owner\Application Data\U3\000015EBBA6133D1\LaunchPad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Adobe Acrobat Create PDF Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\wcieactivex\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: Adobe Acrobat Create PDF from Selection: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\wcieactivex\AcroIEFavClient.dll
TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\wcieactivex\AcroIEFavClient.dll
TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\wcieactivex\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [HDAudDeck] c:\program files\via\viaudioi\hdadeck\HDeck.exe 1
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [ScanSnap OnlineUpdate Watcher] "c:\program files\pfu\scansnap\update\SsUWatcher.exe" -StartOS
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 11.0\acrobat\Acrotray.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [MagicTuneLauncher] c:\program files\magictune premium\MagicTuneLauncher.exe
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\fujits~1.lnk - c:\program files\fujitsu\leadertech\fujitsuWebview-Release.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\cardmi~1.lnk - c:\program files\pfu\scansnap\cardminder\CardLauncher.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\conver~1.lnk - c:\program files\pfu\scansnap\organizer\PfuSsOrgOcrChk.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\gammat~1.lnk - c:\program files\magictune premium\GammaTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\nikonm~1.lnk - c:\program files\common files\nikon\monitor\NkMonitor.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\scansn~1.lnk - c:\program files\pfu\scansnap\driver\PfuSsMon.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Add to Evernote 4.0 - c:\program files\evernote\evernote\EvernoteIE.dll/204
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\wcieactivex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\wcieactivex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\wcieactivex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\wcieactivex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - c:\program files\evernote\evernote\EvernoteIE.dll/204
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1374097240297
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1374168002515
TCP: NameServer = 192.168.2.1 66.51.205.100
TCP: Interfaces\{DE98B89D-1A6B-40DB-BF35-7E31EE4B9AE0} : DHCPNameServer = 192.168.2.1 66.51.205.100
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
Hosts: 127.0.0.1    www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\9x1pupud.default\
FF - plugin: c:\program files\adobe\acrobat 11.0\acrobat\air\nppdf32.dll
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\adobe\oobe\pdapp\ccm\utilities\npAdobeAAMDetect32.dll
FF - plugin: c:\program files\common files\adobe\oobe\pdapp\ccm\utilities\npAdobeAAMDetect64.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1207148.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1210150.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_13_0_0_182.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-1-20 231960]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2013-7-17 1390976]
S2 IcRecUsb;IC Recorder Driver;c:\windows\system32\drivers\IcRecUsb.sys [2013-7-31 17432]
.
=============== Created Last 30 ================
.
2014-04-16 04:38:42    8049928    ----a-w-    c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a644dc3a-be45-4e48-b66e-4d3bee9791dc}\mpengine.dll
2014-04-15 03:55:37    7969936    ----a-w-    c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2014-03-29 23:36:52    --------    d-----w-    c:\windows\Performance
2014-03-29 23:36:44    --------    d-----w-    c:\documents and settings\owner\local settings\application data\Microsoft Corporation
2014-03-29 23:36:14    --------    d-----w-    c:\program files\Microsoft Windows 7 Upgrade Advisor
.
==================== Find3M  ====================
.
2014-04-12 18:00:12    70832    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-04-12 18:00:12    692400    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2014-03-06 17:59:23    920064    ----a-w-    c:\windows\system32\wininet.dll
2014-03-06 17:59:22    43520    ------w-    c:\windows\system32\licmgr10.dll
2014-03-06 17:59:22    18944    ----a-w-    c:\windows\system32\corpol.dll
2014-03-06 17:59:22    1469440    ------w-    c:\windows\system32\inetcpl.cpl
2014-03-06 00:46:54    385024    ------w-    c:\windows\system32\html.iec
2014-02-26 01:59:05    13312    ------w-    c:\windows\system32\xp_eos.exe

2014-02-07 02:01:37    1879040    ----a-w-    c:\windows\system32\win32k.sys
2014-02-05 08:55:04    562688    ----a-w-    c:\windows\system32\qedit.dll
2014-01-25 08:19:42    231960    ----a-w-    c:\windows\system32\drivers\MpFilter.sys
2014-01-19 07:32:23    231584    ------w-    c:\windows\system32\MpSigStub.exe
.
============= FINISH: 18:02:31.54 ===============
http://www.bleepingcomputer.com/forums/t/531329/cannot-get-to-safe-mode-with-f8-get-select-boot-device-menu/#entry3344569

Attached Files


Edited by Inset irises, 17 April 2014 - 11:58 PM.


BC AdBot (Login to Remove)

 


#2 Inset irises

Inset irises
  • Topic Starter

  • Members
  • 142 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:17 PM

Posted 17 April 2014 - 10:56 PM

Is there anything in this log that looks out of place?


Edited by Inset irises, 17 April 2014 - 10:58 PM.


#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,633 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:17 PM

Posted 22 April 2014 - 08:20 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/531461 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 Inset irises

Inset irises
  • Topic Starter

  • Members
  • 142 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:17 PM

Posted 22 April 2014 - 10:03 PM

I am still not sure if my pc is infected...it will start to either a boot screen with F8 (with no safe mode option) or to the sign in screen with a problem with driver i8042prt failing to load and a non operational mouse and keyboard. MSE is still in
place and sending error messages to Event viewer. i have a note about microsoft Antimalware config changing from a few weeks back.
It references Spynet.
I also saw something about an alternate boot sequence being selected, so am not sure if I somehow took the "boot to safe mode" option
out of startup, or if that was done by malware.
I do not have my original xp disk.

Edited by Inset irises, 22 April 2014 - 10:16 PM.


#5 whoabuddy

whoabuddy

    Bleepin' Verbose


  • Malware Response Instructor
  • 2,052 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cottonwood, AZ
  • Local time:07:17 PM

Posted 23 April 2014 - 09:02 AM

Hello Inset irises,

:welcome: to Bleeping Computer!

My name is whoabuddy and I will be assisting you today. Before we get started, please keep the following in mind while I am helping you to make things go easier and faster for both of us.


Please do not run any tools unless instructed to do so.

We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.

Please do not attach logs or use code boxes, just copy and paste the text.

Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.

Please read every post completely before doing anything.

Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process. Also watch for items italicized or in green, these entries are notes to help explain the process or common occurrences.

Please provide feedback about your experience as we go.

A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.

NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of headaches as we go along. For more information about backing up your system, please review the links in the first item of the Malware Removal Preparation Guide.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Please respond and acknowledge that you have read my introduction and I will begin reviewing your posts/logs so we can get started!

Best Regards,
whoabuddy
Meditate. Elevate. Appreciate. | "Life is a journey, love is the destination, happiness is the path!"
If I am helping you and have not responded within 48 hours, please send me a PM.
Vi Veri Universum Vivus Vici (VVVVV)
Excellent Security Advice
Proud member of UNITE

#6 Inset irises

Inset irises
  • Topic Starter

  • Members
  • 142 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:17 PM

Posted 23 April 2014 - 10:14 PM

Antimalware Service Executable has encountered a problem and needs to close.
My pc is not connected to the internet. Unplugged cable.
I have mbam, spybot, and MSE on my xp machine.

Error logs have much related to Antimalware.

Have read and copied your instructions.

standing by and on Vegas time as well.

Edited by Inset irises, 23 April 2014 - 10:20 PM.


#7 whoabuddy

whoabuddy

    Bleepin' Verbose


  • Malware Response Instructor
  • 2,052 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cottonwood, AZ
  • Local time:07:17 PM

Posted 24 April 2014 - 11:32 AM

Hello Inset irises,

I've finished reading over your logs, this topic, and your previous topic - thank you for the additional information and acknowledging my post. Since we are not sure if the PC is infected and you are having issues bringing it back on-line, are you posting from another clean PC? We can use a USB drive to download/transfer the required tools, perform the analysis, cleanup the PC, then troubleshoot the connection issues. Do you have a USB drive we can use for this?

it will start to either a boot screen with F8 (with no safe mode option)

I also saw something about an alternate boot sequence being selected, so am not sure if I somehow took the "boot to safe mode" option out of startup, or if that was done by malware.

Just to clarify, do you mean that when the PC is powered on, it loads a boot screen with options? Does it show a countdown and automatically select the options? Can you list the options you see since Safe Mode is not included? If we can identify this screen a little more we can try to find it's exact purpose. There are a few reasons Windows XP will display text before loading the OS.

or to the sign in screen with a problem with driver i8042prt failing to load and a non operational mouse and keyboard.

This error appears to be related to the PS/2 drivers, do you have a USB keyboard/mouse we can try? That may allow you to use the PC for now, but it also sounds like you were able to perform a few operations, did you find a way around these errors?

MSE is still in place and sending error messages to Event viewer. i have a note about microsoft Antimalware config changing from a few weeks back.

Antimalware Service Executable has encountered a problem and needs to close.

It sounds like there is an issue with the Microsoft Antimalware service and the Microsoft Security Essentials program. Normally we would reinstall it, but according to Microsoft they no longer host the download for Windows XP since it is out of support. I was able to find a list of antivirus vendors who will continue to support Windows XP for a limited amount of time through av-test.org but the best thing to do is to plan an upgrade or replacement for this PC. We need to have at least one antivirus program actively running and updated on your machine though, so after we apply our fixes and get the system stable again we will review this issue.

With that being said, if you do have a USB drive please follow the instructions below, otherwise we can work through the network issues first then run the tools we need.

We need to vaccinate the USB drive to prevent infection:

Please download USBVaccineSetup.exe from Panda Software to the desktop of your clean / working computer.
note: the download mirror is called MajorGeeks and the download should start automatically. please do not click any advertisements.
  • Insert your USB flash drive into the clean / working computer
  • Double-click on USBVaccineSetup.exe to install the program
  • Select your language, read and accept the agreement to continue
  • Choose if you would like the program to run at all times, and for all newly inserted USB drives
  • Click Next then Finish to complete the installation, the program will launch
  • Select your USB drive from the list, then click Vaccinate USB
    note: optionally you can click Vaccinate computer as well, this disables removable items from automatically running on the system entirely
  • A message should appear that your USB drive was vaccinated. If not please report the error in your next post
If you are able to vaccinate the USB, please download the tools below to the USB drive, then run them using the instructions on the sick computer. Otherwise please post back any issues/errors you encounter with the process and we can continue from there.

We need to run a scan with aswMBR:

Please download aswMBR ( 4.5MB ) to your desktop.
  • Double click the aswMBR.exe icon, and click Run.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Click the Scan button to start the scan.
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.
We need to run a scan with FRST:

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right-click FRST then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.
Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.

In your next post I need the following:
  • answers to my questions above
  • result of Panda immunization process
  • aswMBR.txt from aswMBR scan
  • FRST.txt and Addition.txt from FRST scan
  • Status Update - anything new to report at this time? any additional symptoms?
Best Regards,
whoabuddy
Meditate. Elevate. Appreciate. | "Life is a journey, love is the destination, happiness is the path!"
If I am helping you and have not responded within 48 hours, please send me a PM.
Vi Veri Universum Vivus Vici (VVVVV)
Excellent Security Advice
Proud member of UNITE

#8 Inset irises

Inset irises
  • Topic Starter

  • Members
  • 142 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:17 PM

Posted 25 April 2014 - 12:11 AM

i am using my netbook and I have a usb stick.
When I power up, it goes to the sign in screen, but sometimes freezes and can't use the mouse or keyboard.
If it freezes, I cannot F8 into safe mode.
Sys config utility popped up and says I should switch from Selective startup with modified boot.ini toNormal startup.
I have not tried this yet.
I do not think I switched to selective...would malware or f8 or control alt delete cuase this?
I plan on upgrading to win 7 soon, but for now just want to be sure pc is clean.

I will run and post.

#9 Inset irises

Inset irises
  • Topic Starter

  • Members
  • 142 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:17 PM

Posted 25 April 2014 - 02:04 AM

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2014-04-24 22:34:08
-----------------------------
22:34:08.890    OS Version: Windows 5.1.2600 Service Pack 3
22:34:08.890    Number of processors: 2 586 0x170A
22:34:08.890    ComputerName: OWNER-6ADD8C5BC  UserName: Owner
22:34:09.375    Initialize success
22:34:13.140    AVAST engine download error: 0
22:34:17.484    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e
22:34:17.484    Disk 0 Vendor: WDC_WD2500AAKS-22VSA0 01.01B01 Size: 238475MB BusType: 3
22:34:17.578    Disk 0 MBR read successfully
22:34:17.578    Disk 0 MBR scan
22:34:17.578    Disk 0 Windows XP default MBR code
22:34:17.578    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       238464 MB offset 63
22:34:17.578    Disk 0 scanning sectors +488376000
22:34:17.609    Disk 0 scanning C:\WINDOWS\system32\drivers
22:34:20.640    Service scanning
22:34:23.218    Service MpKsl44afb0cb c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A644DC3A-BE45-4E48-B66E-4D3BEE9791DC}\MpKsl44afb0cb.sys **LOCKED** 32
22:34:26.140    Modules scanning
22:34:29.125    Disk 0 trace - called modules:
22:34:29.140    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
22:34:29.140    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a832ab8]
22:34:29.140    3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\0000005f[0x8a8af988]
22:34:29.140    5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-e[0x8a833940]
22:34:29.140    Scan finished successfully
22:35:16.046    Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
22:35:16.046    The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"

 

 


Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-04-2014
Ran by Owner (administrator) on OWNER-6ADD8C5BC on 24-04-2014 23:08:01
Running from C:\Documents and Settings\Owner\Desktop
Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(VIA Technologies, Inc.) C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(PFU LIMITED) C:\Program Files\PFU\ScanSnap\Update\SsUWatcher.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(PFU LIMITED) C:\Program Files\PFU\ScanSnap\CardMinder\CardLauncher.exe
() C:\Program Files\MagicTune Premium\GammaTray.exe
(Nikon Corporation) C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
(PFU LIMITED) C:\Program Files\PFU\ScanSnap\Driver\PfuSsMon.exe
(Microsoft Corporation) C:\Program Files\Windows Desktop Search\WindowsSearch.exe
(PFU LIMITED) C:\Program Files\PFU\ScanSnap\SSFolder\SSFolderTray.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
() C:\Documents and Settings\Owner\Application Data\U3\000015EBBA6133D1\LaunchPad.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HDAudDeck] => C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe [33673216 2009-08-28] (VIA Technologies, Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [ScanSnap OnlineUpdate Watcher] => C:\Program Files\PFU\ScanSnap\Update\SsUWatcher.exe [53248 2013-09-26] (PFU LIMITED)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3478392 2013-12-20] (Adobe Systems Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-09-17] (Apple Inc.)
HKLM\...\Run: [MagicTuneLauncher] => C:\Program Files\MagicTune Premium\MagicTuneLauncher.exe [51712 2012-11-08] ()
HKLM\...\Run: [itype] => C:\Program Files\Microsoft IntelliType Pro\itype.exe [988584 2007-08-31] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [MSConfig] => C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [169984 2008-04-14] (Microsoft Corporation)
HKU\.DEFAULT\...\Run: [DWQueuedReporting] => C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [437160 2007-02-26] (Microsoft Corporation)
HKU\S-1-5-21-57989841-220523388-1801674531-1003\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-21-57989841-220523388-1801674531-1003\...\MountPoints2: I - I:\LaunchU3.exe -a
HKU\S-1-5-21-57989841-220523388-1801674531-1003\...\MountPoints2: {f515adc4-c5dc-11e3-9623-00248cbdc0d7} - I:\LaunchU3.exe -a
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
ShortcutTarget: Adobe Gamma Loader.exe.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CardMinder Viewer.lnk
ShortcutTarget: CardMinder Viewer.lnk -> C:\Program Files\PFU\ScanSnap\CardMinder\CardLauncher.exe (PFU LIMITED)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Conversion to PDF with ScanSnap Organizer.lnk
ShortcutTarget: Conversion to PDF with ScanSnap Organizer.lnk -> C:\Program Files\PFU\ScanSnap\Organizer\PfuSsOrgOcrChk.exe (PFU LIMITED)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GammaTray.lnk
ShortcutTarget: GammaTray.lnk -> C:\Program Files\MagicTune Premium\GammaTray.exe ()
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Nikon Monitor.lnk
ShortcutTarget: Nikon Monitor.lnk -> C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ScanSnap Manager.lnk
ShortcutTarget: ScanSnap Manager.lnk -> C:\Program Files\PFU\ScanSnap\Driver\PfuSsMon.exe (PFU LIMITED)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
ShortcutTarget: Windows Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
ShortcutTarget: ERUNT AutoBackup.lnk -> C:\Program Files\ERUNT\AUTOBACK.EXE ()
Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Fujitsu iX500 Registration.lnk
ShortcutTarget: Fujitsu iX500 Registration.lnk -> C:\Program Files\Fujitsu\LeaderTech\fujitsuWebview-Release.exe (Leader Technologies/Fujitsu)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: Adobe Acrobat Create PDF from Selection - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1374097240297
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9x1pupud.default
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_13_0_0_182.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Acrobat - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2013-07-19]

========================== Services (Whitelisted) =================

R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-10-08] (Oracle Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S2 IcRecUsb; C:\WINDOWS\System32\Drivers\IcRecUsb.sys [17432 2001-10-02] (lecs Inc.)
R3 L1e; C:\WINDOWS\System32\DRIVERS\l1e51x86.sys [46632 2010-03-19] (Atheros Communications, Inc.)
R1 MagicTune; C:\WINDOWS\system32\drivers\MTiCtwl.sys [14336 2010-04-22] (Samsung Electronics, Inc. )
R0 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
R1 MpKsl44afb0cb; c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A644DC3A-BE45-4E48-B66E-4D3BEE9791DC}\MpKsl44afb0cb.sys [39464 2014-04-24] (Microsoft Corporation)
R3 MTsensor; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [5810 2013-07-17] ()
R2 StarOpen; C:\WINDOWS\system32\Drivers\StarOpen.sys [5504 2012-06-03] ()
R3 VIAHdAudAddService; C:\WINDOWS\System32\drivers\viahduaa.sys [1390976 2009-08-17] (VIA Technologies, Inc.)
S4 IntelIde; No ImagePath
U1 WS2IFSL;
U3 aswMBR; \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\aswMBR.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-24 23:08 - 2014-04-24 23:08 - 00012668 _____ () C:\Documents and Settings\Owner\Desktop\FRST.txt
2014-04-24 22:38 - 2014-04-24 23:08 - 00000000 ____D () C:\FRST
2014-04-24 22:35 - 2014-04-24 22:35 - 00001865 _____ () C:\Documents and Settings\Owner\Desktop\aswMBR.txt
2014-04-24 22:35 - 2014-04-24 22:35 - 00000512 _____ () C:\Documents and Settings\Owner\Desktop\MBR.dat
2014-04-24 22:31 - 2014-04-24 22:28 - 04745728 _____ (AVAST Software) C:\Documents and Settings\Owner\Desktop\aswmbr.exe
2014-04-24 22:31 - 2014-04-24 22:28 - 01048576 _____ (Farbar) C:\Documents and Settings\Owner\Desktop\FRST.exe
2014-04-23 22:16 - 2014-04-23 22:16 - 00000000 ____D () C:\Documents and Settings\Owner\Local Settings\Application Data\WMTools Downloaded Files
2014-04-23 21:30 - 2014-04-23 21:33 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\High School
2014-04-22 21:20 - 2014-04-22 21:20 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\April 2014 PC Problem
2014-04-21 07:16 - 2014-04-21 07:16 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Application Data\PCHealth
2014-04-18 23:31 - 2014-04-18 23:36 - 00000000 ____D () C:\WINDOWS\pss
2014-04-17 21:42 - 2014-04-23 21:31 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\New Folder
2014-04-16 20:04 - 2014-04-24 22:31 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\U3
2014-04-16 15:09 - 2014-04-16 15:09 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
2014-04-13 21:22 - 2014-04-23 21:07 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\My Pictures 2002 to 2007
2014-04-09 09:04 - 2014-04-09 09:04 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2922229$
2014-04-09 09:00 - 2014-04-09 09:01 - 00011113 _____ () C:\WINDOWS\KB2936068-IE8.log
2014-04-09 08:49 - 2014-04-09 09:04 - 00013075 _____ () C:\WINDOWS\KB2922229.log
2014-03-31 07:37 - 2014-04-17 21:42 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Mediation
2014-03-29 16:36 - 2014-03-29 16:36 - 00001868 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Windows 7 Upgrade Advisor.lnk
2014-03-29 16:36 - 2014-03-29 16:36 - 00001862 _____ () C:\Documents and Settings\All Users\Desktop\Windows 7 Upgrade Advisor.lnk
2014-03-29 16:36 - 2014-03-29 16:36 - 00000000 ____D () C:\WINDOWS\Performance
2014-03-29 16:36 - 2014-03-29 16:36 - 00000000 ____D () C:\Program Files\Microsoft Windows 7 Upgrade Advisor
2014-03-29 16:36 - 2014-03-29 16:36 - 00000000 ____D () C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft Corporation
2014-03-29 13:38 - 2014-04-24 08:48 - 00000384 ____H () C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2014-03-28 22:40 - 2014-03-28 22:41 - 00000000 ____D () C:\Program Files\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2014-04-24 23:08 - 2014-04-24 23:08 - 00012668 _____ () C:\Documents and Settings\Owner\Desktop\FRST.txt
2014-04-24 23:08 - 2014-04-24 22:38 - 00000000 ____D () C:\FRST
2014-04-24 22:35 - 2014-04-24 22:35 - 00001865 _____ () C:\Documents and Settings\Owner\Desktop\aswMBR.txt
2014-04-24 22:35 - 2014-04-24 22:35 - 00000512 _____ () C:\Documents and Settings\Owner\Desktop\MBR.dat
2014-04-24 22:33 - 2013-07-17 17:58 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-04-24 22:31 - 2014-04-16 20:04 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\U3
2014-04-24 22:28 - 2014-04-24 22:31 - 04745728 _____ (AVAST Software) C:\Documents and Settings\Owner\Desktop\aswmbr.exe
2014-04-24 22:28 - 2014-04-24 22:31 - 01048576 _____ (Farbar) C:\Documents and Settings\Owner\Desktop\FRST.exe
2014-04-24 22:15 - 2013-07-17 14:22 - 01830294 _____ () C:\WINDOWS\WindowsUpdate.log
2014-04-24 08:48 - 2014-03-29 13:38 - 00000384 ____H () C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2014-04-24 08:42 - 2013-07-17 07:14 - 00556124 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-04-24 08:41 - 2014-03-08 19:34 - 00000222 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-04-24 08:33 - 2013-07-17 14:26 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-04-24 08:33 - 2013-07-17 07:16 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-04-24 08:33 - 2013-07-17 07:16 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-04-24 08:33 - 2004-08-16 17:49 - 00013646 _____ () C:\WINDOWS\system32\wpa.dbl
2014-04-24 00:13 - 2013-07-17 14:32 - 00000278 ___SH () C:\Documents and Settings\Owner\ntuser.ini
2014-04-24 00:13 - 2013-07-17 14:26 - 00032470 _____ () C:\WINDOWS\SchedLgU.Txt
2014-04-24 00:02 - 2013-07-21 17:44 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\ScanSnap Scanned after July 20 2013
2014-04-23 22:16 - 2014-04-23 22:16 - 00000000 ____D () C:\Documents and Settings\Owner\Local Settings\Application Data\WMTools Downloaded Files
2014-04-23 22:15 - 2013-07-23 22:59 - 00146432 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-04-23 22:12 - 2013-07-17 21:46 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\Peter Yencso MASTER
2014-04-23 21:33 - 2014-04-23 21:30 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\High School
2014-04-23 21:31 - 2014-04-17 21:42 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\New Folder
2014-04-23 21:07 - 2014-04-13 21:22 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\My Pictures 2002 to 2007
2014-04-23 21:06 - 2013-09-21 22:56 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\Dave MASTER
2014-04-22 21:36 - 2013-07-22 22:48 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\vlc
2014-04-22 21:20 - 2014-04-22 21:20 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\April 2014 PC Problem
2014-04-21 07:16 - 2014-04-21 07:16 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Application Data\PCHealth
2014-04-21 07:07 - 2013-07-20 13:44 - 00081262 _____ () C:\WINDOWS\SGTBox.INI
2014-04-21 07:07 - 2013-07-20 13:43 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\Canon
2014-04-18 23:36 - 2014-04-18 23:31 - 00000000 ____D () C:\WINDOWS\pss
2014-04-18 23:36 - 2013-07-17 07:10 - 00000211 ___SH () C:\boot.ini
2014-04-18 23:36 - 2004-08-16 17:49 - 00000603 _____ () C:\WINDOWS\win.ini
2014-04-18 23:36 - 2004-08-16 17:49 - 00000227 _____ () C:\WINDOWS\system.ini
2014-04-17 21:42 - 2014-03-31 07:37 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Mediation
2014-04-16 20:04 - 2013-07-17 07:11 - 00747957 _____ () C:\WINDOWS\setupapi.log
2014-04-16 15:09 - 2014-04-16 15:09 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
2014-04-15 01:50 - 2013-07-21 17:21 - 00000020 ____H () C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
2014-04-14 20:46 - 2013-09-17 19:16 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\Norika INBOX
2014-04-12 13:38 - 2013-10-21 23:31 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-04-12 11:04 - 2013-07-19 22:13 - 00000000 ____D () C:\Documents and Settings\Owner\Local Settings\Application Data\Adobe
2014-04-12 11:00 - 2013-07-17 17:58 - 00692400 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-04-12 11:00 - 2013-07-17 17:58 - 00070832 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-04-12 10:51 - 2013-07-19 22:47 - 00002339 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Acrobat XI Standard.lnk
2014-04-09 09:04 - 2014-04-09 09:04 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2922229$
2014-04-09 09:04 - 2014-04-09 08:49 - 00013075 _____ () C:\WINDOWS\KB2922229.log
2014-04-09 09:04 - 2013-07-17 07:14 - 01161565 _____ () C:\WINDOWS\FaxSetup.log
2014-04-09 09:04 - 2013-07-17 07:14 - 00564541 _____ () C:\WINDOWS\ocgen.log
2014-04-09 09:04 - 2013-07-17 07:14 - 00447742 _____ () C:\WINDOWS\tsoc.log
2014-04-09 09:04 - 2013-07-17 07:14 - 00396830 _____ () C:\WINDOWS\comsetup.log
2014-04-09 09:04 - 2013-07-17 07:14 - 00238979 _____ () C:\WINDOWS\ntdtcsetup.log
2014-04-09 09:04 - 2013-07-17 07:14 - 00183872 _____ () C:\WINDOWS\iis6.log
2014-04-09 09:04 - 2013-07-17 07:14 - 00064497 _____ () C:\WINDOWS\ocmsn.log
2014-04-09 09:04 - 2013-07-17 07:14 - 00058345 _____ () C:\WINDOWS\msgsocm.log
2014-04-09 09:04 - 2013-07-17 07:14 - 00001355 _____ () C:\WINDOWS\imsins.log
2014-04-09 09:03 - 2013-07-17 16:15 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-04-09 09:01 - 2014-04-09 09:00 - 00011113 _____ () C:\WINDOWS\KB2936068-IE8.log
2014-04-09 09:01 - 2013-07-17 15:49 - 88028728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-04-09 09:01 - 2013-07-17 07:14 - 00001355 _____ () C:\WINDOWS\imsins.BAK
2014-04-09 09:00 - 2013-07-17 15:51 - 00000000 ____D () C:\WINDOWS\ie8updates
2014-04-09 09:00 - 2013-07-17 15:42 - 00092082 _____ () C:\WINDOWS\updspapi.log
2014-04-09 08:35 - 2013-09-13 19:30 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\Fulton 8th Grade 2013 - 2014 MASTER
2014-04-08 15:37 - 2014-03-08 19:34 - 00000216 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-04-07 03:25 - 2013-07-17 14:32 - 00000000 ____D () C:\Documents and Settings\Owner
2014-04-03 12:07 - 2013-09-04 10:33 - 00000520 _____ () C:\Documents and Settings\Owner\My Documents\spider.sav
2014-03-29 16:36 - 2014-03-29 16:36 - 00001868 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Windows 7 Upgrade Advisor.lnk
2014-03-29 16:36 - 2014-03-29 16:36 - 00001862 _____ () C:\Documents and Settings\All Users\Desktop\Windows 7 Upgrade Advisor.lnk
2014-03-29 16:36 - 2014-03-29 16:36 - 00000000 ____D () C:\WINDOWS\Performance
2014-03-29 16:36 - 2014-03-29 16:36 - 00000000 ____D () C:\Program Files\Microsoft Windows 7 Upgrade Advisor
2014-03-29 16:36 - 2014-03-29 16:36 - 00000000 ____D () C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft Corporation
2014-03-29 13:28 - 2013-07-17 18:06 - 00001945 _____ () C:\WINDOWS\epplauncher.mif
2014-03-29 13:28 - 2013-07-17 18:06 - 00001698 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-03-29 13:28 - 2013-07-17 18:05 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-03-29 09:00 - 2013-07-17 17:57 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-03-29 02:01 - 2014-02-05 23:26 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\Download 1
2014-03-28 22:41 - 2014-03-28 22:40 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-27 16:03 - 2013-07-21 17:34 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

Some content of TEMP:
====================
C:\Documents and Settings\Owner\Local Settings\Temp\vlc-2.1.2-win32.exe


==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================



#10 Inset irises

Inset irises
  • Topic Starter

  • Members
  • 142 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:17 PM

Posted 25 April 2014 - 02:05 AM

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 24-04-2014
Ran by Owner at 2014-04-24 23:08:25
Running from C:\Documents and Settings\Owner\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Disabled - Up to date) {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

==================== Installed Programs ======================

ABBYY FineReader for ScanSnap ™ 5.0 (HKLM\...\{FB300000-0002-0000-0000-074957833700}) (Version: 11.0.159 - ABBYY)
Adobe Acrobat XI Standard (HKLM\...\{AC76BA86-1033-FFFF-BA7E-000000000006}) (Version: 11.0.06 - Adobe Systems)
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.182 - Adobe Systems Incorporated)
Adobe Photoshop Elements (HKLM\...\Adobe Photoshop Elements 1.0) (Version: 1.0 - Adobe Systems, Inc.)
Adobe Reader XI (11.0.06) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.0.150 - Adobe Systems, Inc.)
Adobe SVG Viewer (HKLM\...\Adobe SVG Viewer) (Version: 1.0 - Adobe Systems, Inc.)
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft Panorama Maker 4 (HKLM\...\{D45E8C45-B601-4A80-AFD8-E16338744DE1}) (Version:  - ArcSoft)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Canon ScanGear Toolbox 3.0 (HKLM\...\Canon ScanGear Toolbox 3.0) (Version:  - )
CardMinder (HKLM\...\{D4F2AFD3-0167-4464-B92F-78AB6DA8A0AA}) (Version: V5.1L21 - PFU)
CardMinder V5.0 (Version: 5.0.10.1 - PFU) Hidden
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.2.4214 - CDBurnerXP)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
ERUNT 1.1j (HKLM\...\ERUNT_is1) (Version:  - Lars Hederer)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
Evernote v. 4.5.8 (HKLM\...\{DED01768-E634-11E1-AEB0-984BE15F174E}) (Version: 4.5.8.7356 - Evernote Corp.)
Family Tree Maker 2011 (HKLM\...\Family Tree Maker 2011) (Version: 20.0.368 - Ancestry.com)
Family Tree Maker 2011 (Version: 20.0.368 - Ancestry.com) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - )
iTunes (HKLM\...\{DF9C119C-7F26-45B9-93D4-7C372CBBBA11}) (Version: 11.1.0.126 - Apple Inc.)
Java 7 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.450 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
MagicTune Premium (HKLM\...\{69F962F7-3761-4704-9E4B-24FF10F77111}) (Version: 4.0.22 - Samsung Electronics Co. Ltd.)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version:  - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft IntelliType Pro 6.2 (HKLM\...\{345112D9-0930-4A68-AB71-A831BA5DE7AA}) (Version: 6.20.182.0 - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mozilla Firefox 28.0 (x86 en-US) (HKLM\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nikon Message Center (HKLM\...\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}) (Version: 0.92.000 - Nikon)
Nikon Transfer (HKLM\...\{E9757890-7EC5-46C8-99AB-B00F07B6525C}) (Version: 1.0.2 - Nikon)
Panasonic Office Add-in (HKLM\...\{C97AEFB5-E52F-49C8-AB51-D5F335AF8B7C}) (Version: 1.0.0 - Panasonic)
Platform (Version: 1.34 - VIA Technologies, Inc.) Hidden
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
RealSpeak_Solo_Common_for_Panasonic (HKLM\...\{C52BEBC0-4A0C-42FB-B7EC-FAD0A14DD64E}) (Version: 1.0.0 - Panasonic)
RealSpeak_Solo_English_for_Panasonic (HKLM\...\{DA12E3FF-60E1-43E0-8E64-C43890A596AE}) (Version: 1.0.0 - Panasonic)
Samsung_MonSetup (HKLM\...\{8EA79DBF-D637-448A-89D6-410A087A4493}) (Version: 1.00.0000 - Samsung)
SAPI5_Common (HKLM\...\{50B631C6-6E91-4D7B-A4E0-81E7FA8D5B3D}) (Version: 1.0.0 - Panasonic)
SAPI5_English (HKLM\...\{4922C9E7-CD91-496A-A73B-0FDF9D54B44F}) (Version: 1.0.0 - Panasonic)
ScanSnap Manager (HKLM\...\{DBCDB997-EEEB-4BE9-BAFF-26B4094DBDE6}) (Version: V6.2L21 - PFU)
ScanSnap Manager (Version: 6.0.11.5.07 - PFU) Hidden
ScanSnap Manager (Version: 6.1.11.2.9 - PFU) Hidden
ScanSnap Manager (Version: 6.2.15.9.12 - PFU) Hidden
ScanSnap Manager (Version: 6.2.21.11.4 - PFU) Hidden
ScanSnap Organizer (HKLM\...\{E58F3B88-3B3E-4F85-9323-04789D979C15}) (Version: V5.1L41 - PFU)
ScanSnap Organizer (Version: 5.0.11.1 - PFU LIMITED) Hidden
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB2598845) (HKLM\...\KB2598845-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB2632503) (HKLM\...\KB2632503-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2467659) (HKLM\...\KB2467659) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2492386) (HKLM\...\KB2492386) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2808679) (HKLM\...\KB2808679) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB898461) (HKLM\...\KB898461) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951978) (Version: 1 - Microsoft Corporation) Hidden
Update for Windows XP (KB967715) (HKLM\...\KB967715) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
VIA Platform Device Manager (HKLM\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
VLC media player 2.1.2 (HKLM\...\VLC media player) (Version: 2.1.2 - VideoLAN)
Voice Editing (HKLM\...\{44CE6902-84EA-11D6-887E-00609721D519}) (Version:  - )
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows 7 Upgrade Advisor (HKLM\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Driver Package - Atheros (L1E) Net  (03/29/2010 1.0.0.22) (HKLM\...\4C78D95CBBF2ADC8EB0500594743341461C2C4FC) (Version: 03/29/2010 1.0.0.22 - Atheros)
Windows Driver Package - Atheros (L1e) Net  (06/29/2009 1.0.0.39) (HKLM\...\7B24954C4BF8513EEE6582E715754DBE4A4722A0) (Version: 06/29/2009 1.0.0.39 - Atheros)
Windows Driver Package - Atheros (L1e) Net  (12/02/2009 1.0.0.41) (HKLM\...\8F83A3232DF60EE9AB12A66CC77ACBBE5B21C073) (Version: 12/02/2009 1.0.0.41 - Atheros)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM\...\Windows Media Encoder 9) (Version:  - )
Windows Media Encoder 9 Series (Version: 9.00.2980 - Microsoft Corporation) Hidden
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Format 11 runtime (Version:  - Microsoft Corporation) Hidden
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows Media Player 11 (Version:  - Microsoft Corporation) Hidden
Windows Search 4.0 (HKLM\...\KB940157) (Version: 04.00.6001.503 - Microsoft Corporation)

==================== Restore Points  =========================

25-01-2014 05:22:57 Software Distribution Service 3.0
26-01-2014 05:33:52 System Checkpoint
26-01-2014 18:10:34 Software Distribution Service 3.0
27-01-2014 19:10:18 System Checkpoint
28-01-2014 02:48:03 Software Distribution Service 3.0
29-01-2014 06:41:41 Software Distribution Service 3.0
30-01-2014 15:23:04 Software Distribution Service 3.0
31-01-2014 15:45:30 System Checkpoint
31-01-2014 16:27:31 Software Distribution Service 3.0
01-02-2014 03:18:02 Software Distribution Service 3.0
02-02-2014 04:19:49 System Checkpoint
02-02-2014 18:15:41 Software Distribution Service 3.0
03-02-2014 18:55:11 System Checkpoint
03-02-2014 23:55:11 Software Distribution Service 3.0
05-02-2014 02:21:55 Software Distribution Service 3.0
06-02-2014 02:29:29 Software Distribution Service 3.0
07-02-2014 03:18:00 System Checkpoint
07-02-2014 03:30:13 Installed CardMinder
07-02-2014 03:31:39 Installed ScanSnap Organizer
07-02-2014 03:33:28 Installed ScanSnap Manager
07-02-2014 09:40:42 Software Distribution Service 3.0
08-02-2014 17:43:45 Software Distribution Service 3.0
09-02-2014 20:20:30 Software Distribution Service 3.0
11-02-2014 00:54:36 Software Distribution Service 3.0
12-02-2014 02:18:05 Software Distribution Service 3.0
12-02-2014 21:05:49 Software Distribution Service 3.0
13-02-2014 03:27:39 Software Distribution Service 3.0
14-02-2014 04:59:10 System Checkpoint
14-02-2014 15:05:59 Software Distribution Service 3.0
15-02-2014 18:42:41 Software Distribution Service 3.0
16-02-2014 17:26:32 Software Distribution Service 3.0
18-02-2014 01:40:41 Software Distribution Service 3.0
18-02-2014 05:38:16 Software Distribution Service 3.0
19-02-2014 05:45:45 Software Distribution Service 3.0
20-02-2014 05:50:31 System Checkpoint
20-02-2014 08:30:01 Software Distribution Service 3.0
21-02-2014 08:34:52 System Checkpoint
21-02-2014 15:13:39 Software Distribution Service 3.0
22-02-2014 15:18:55 System Checkpoint
23-02-2014 04:48:27 Software Distribution Service 3.0
24-02-2014 04:51:40 Software Distribution Service 3.0
25-02-2014 05:47:02 System Checkpoint
25-02-2014 15:11:23 Software Distribution Service 3.0
26-02-2014 15:21:58 Software Distribution Service 3.0
27-02-2014 16:31:11 Software Distribution Service 3.0
28-02-2014 17:39:14 Software Distribution Service 3.0
01-03-2014 03:22:40 Software Distribution Service 3.0
01-03-2014 08:33:19 Installed QuickTime 7
02-03-2014 06:40:41 Software Distribution Service 3.0
02-03-2014 17:19:45 Software Distribution Service 3.0
03-03-2014 18:27:00 Software Distribution Service 3.0
04-03-2014 19:09:14 System Checkpoint
05-03-2014 02:32:02 Software Distribution Service 3.0
06-03-2014 03:33:08 Software Distribution Service 3.0
07-03-2014 05:11:10 Software Distribution Service 3.0
08-03-2014 05:43:17 Software Distribution Service 3.0
08-03-2014 16:07:19 Software Distribution Service 3.0
09-03-2014 18:59:25 Software Distribution Service 3.0
10-03-2014 23:17:52 Software Distribution Service 3.0
12-03-2014 00:46:41 Software Distribution Service 3.0
12-03-2014 08:58:02 Software Distribution Service 3.0
13-03-2014 01:54:14 Software Distribution Service 3.0
14-03-2014 06:07:24 System Checkpoint
14-03-2014 16:09:17 Software Distribution Service 3.0
15-03-2014 16:43:18 Software Distribution Service 3.0
16-03-2014 15:54:45 Software Distribution Service 3.0
17-03-2014 16:18:21 System Checkpoint
17-03-2014 19:46:11 Software Distribution Service 3.0
19-03-2014 01:31:37 Software Distribution Service 3.0
19-03-2014 03:20:40 Software Distribution Service 3.0
20-03-2014 04:09:01 System Checkpoint
20-03-2014 14:09:19 Software Distribution Service 3.0
21-03-2014 15:49:09 System Checkpoint
21-03-2014 21:06:22 Software Distribution Service 3.0
22-03-2014 21:12:18 Software Distribution Service 3.0
24-03-2014 00:17:19 System Checkpoint
24-03-2014 00:24:23 Software Distribution Service 3.0
25-03-2014 02:57:31 Software Distribution Service 3.0
26-03-2014 05:01:30 Software Distribution Service 3.0
27-03-2014 05:24:57 System Checkpoint
27-03-2014 15:26:42 Software Distribution Service 3.0
28-03-2014 15:40:42 Software Distribution Service 3.0
29-03-2014 16:12:58 Software Distribution Service 3.0
29-03-2014 20:27:54 Software Distribution Service 3.0
29-03-2014 23:36:14 Installed Windows 7 Upgrade Advisor
30-03-2014 22:41:30 Software Distribution Service 3.0
01-04-2014 01:36:30 Software Distribution Service 3.0
02-04-2014 05:10:30 System Checkpoint
02-04-2014 15:41:36 Software Distribution Service 3.0
03-04-2014 21:19:14 Software Distribution Service 3.0
05-04-2014 01:32:02 Software Distribution Service 3.0
06-04-2014 01:53:27 Software Distribution Service 3.0
07-04-2014 03:54:00 Software Distribution Service 3.0
08-04-2014 05:21:50 Software Distribution Service 3.0
09-04-2014 08:16:09 Software Distribution Service 3.0
09-04-2014 16:00:19 Software Distribution Service 3.0
10-04-2014 16:02:47 Software Distribution Service 3.0
11-04-2014 20:48:05 Software Distribution Service 3.0
12-04-2014 20:48:12 System Checkpoint
13-04-2014 01:32:02 Software Distribution Service 3.0
14-04-2014 03:10:55 Software Distribution Service 3.0
15-04-2014 03:55:35 Software Distribution Service 3.0
16-04-2014 03:59:37 System Checkpoint
16-04-2014 04:38:16 Software Distribution Service 3.0
17-04-2014 06:49:23 System Checkpoint
19-04-2014 06:52:45 System Checkpoint
21-04-2014 14:26:13 System Checkpoint
22-04-2014 15:16:40 System Checkpoint
24-04-2014 03:52:46 System Checkpoint
25-04-2014 05:28:03 System Checkpoint

==================== Hosts content: ==========================

2004-08-16 17:48 - 2014-02-05 19:33 - 00450622 ____R C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    100sexlinks.com
127.0.0.1    10sek.com
127.0.0.1    www.10sek.com
127.0.0.1    www.1-2005-search.com
127.0.0.1    1-2005-search.com
127.0.0.1    123fporn.info
127.0.0.1    www.123fporn.info
127.0.0.1    123haustiereundmehr.com
127.0.0.1    www.123haustiereundmehr.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe

==================== Loaded Modules (whitelisted) =============

2013-04-21 21:44 - 2013-04-21 21:44 - 00087952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2013-04-21 21:44 - 2013-04-21 21:44 - 01242952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-07-19 22:30 - 2012-06-25 16:54 - 00599419 _____ () C:\Program Files\PFU\ScanSnap\CardMinder\sqlite3.dll
2013-10-10 20:40 - 2009-10-05 16:36 - 00036864 _____ () C:\Program Files\MagicTune Premium\GammaTray.exe
2013-07-19 22:26 - 2013-11-18 10:52 - 00430080 _____ () C:\Program Files\PFU\ScanSnap\Driver\PfuSsConfig.dll
2013-07-19 22:26 - 2013-11-15 10:19 - 00241664 _____ () C:\Program Files\PFU\ScanSnap\Driver\PfuSsExtention.dll
2013-07-19 22:26 - 2003-03-26 18:46 - 00135168 _____ () C:\Program Files\PFU\ScanSnap\Driver\PfuSsImgIO.dll
2013-07-19 22:26 - 2010-08-24 16:56 - 00167936 _____ () C:\Program Files\PFU\ScanSnap\Driver\SSsltsa.dll
2013-07-19 22:26 - 2013-03-12 10:43 - 00888832 _____ () C:\Program Files\PFU\ScanSnap\Driver\P2IDIGCROP.dll
2013-11-04 08:09 - 2013-11-28 18:49 - 01884160 _____ () C:\Program Files\PFU\ScanSnap\Driver\bookbound.dll
2008-05-04 16:02 - 2008-05-04 16:02 - 04603904 _____ () C:\Documents and Settings\Owner\Application Data\U3\000015EBBA6133D1\LaunchPad.exe
2007-10-23 09:23 - 2007-10-23 09:23 - 02600960 _____ () C:\Documents and Settings\Owner\Application Data\U3\000015EBBA6133D1\u3dapi10.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Class Guid: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/24/2014 10:33:25 PM) (Source: Application Error) (User: )
Description: Faulting application aswmbr.exe, version 0.9.9.1771, faulting module aswmbr.exe, version 0.9.9.1771, fault address 0x0004fdeb.
Processing media-specific event for [aswmbr.exe!ws!]

Error: (04/24/2014 08:41:22 AM) (Source: Application Error) (User: )
Description: Faulting application MsMpEng.exe, version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Error in creating result PEAP-TLV in response to received PEAP-TLV (MsMpEng.exe!ld!)

Error: (04/24/2014 08:33:51 AM) (Source: Application Error) (User: )
Description: Faulting application , version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [!ws!]

Error: (04/24/2014 00:00:14 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4694187

Error: (04/24/2014 00:00:14 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4694187

Error: (04/24/2014 00:00:14 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/24/2014 00:00:08 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4688422

Error: (04/24/2014 00:00:08 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4688422

Error: (04/24/2014 00:00:08 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/22/2014 10:22:36 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P2 4.5.216.0, P3 timeout, P4 1.1.10501.0, P5 fixed, P6 2 _ 2049+, P7 5 _ not boot, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.


System errors:
=============
Error: (04/24/2014 10:15:56 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.171.29.0

    Update Source: %NT AUTHORITY51

    Update Stage: 4.5.0216.00

    Source Path: 4.5.0216.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\NETWORK SERVICE

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

Error: (04/24/2014 10:15:56 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.171.29.0

    Update Source: %NT AUTHORITY51

    Update Stage: 4.5.0216.00

    Source Path: 4.5.0216.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\NETWORK SERVICE

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

Error: (04/24/2014 10:15:56 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.171.29.0

    Update Source: %NT AUTHORITY59

    Update Stage: 4.5.0216.00

    Source Path: 4.5.0216.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\SYSTEM

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

Error: (04/24/2014 10:15:54 PM) (Source: Microsoft Antimalware) (User: )
Description: The support for your operating system has expired. Running %%860 on an out of support operating system is not an adequate solution to protect against threats.

Error: (04/24/2014 04:45:35 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.171.29.0

    Update Source: %NT AUTHORITY51

    Update Stage: 4.5.0216.00

    Source Path: 4.5.0216.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\NETWORK SERVICE

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

Error: (04/24/2014 04:45:35 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.171.29.0

    Update Source: %NT AUTHORITY51

    Update Stage: 4.5.0216.00

    Source Path: 4.5.0216.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\NETWORK SERVICE

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

Error: (04/24/2014 04:45:35 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.171.29.0

    Update Source: %NT AUTHORITY59

    Update Stage: 4.5.0216.00

    Source Path: 4.5.0216.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\SYSTEM

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

Error: (04/24/2014 04:45:33 PM) (Source: Microsoft Antimalware) (User: )
Description: The support for your operating system has expired. Running %%860 on an out of support operating system is not an adequate solution to protect against threats.

Error: (04/24/2014 09:08:14 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.171.29.0

    Update Source: %NT AUTHORITY51

    Update Stage: 4.5.0216.00

    Source Path: 4.5.0216.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\NETWORK SERVICE

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

Error: (04/24/2014 09:08:14 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.171.29.0

    Update Source: %NT AUTHORITY51

    Update Stage: 4.5.0216.00

    Source Path: 4.5.0216.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\NETWORK SERVICE

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608


Microsoft Office Sessions:
=========================
Error: (04/24/2014 10:33:25 PM) (Source: Application Error)(User: )
Description: aswmbr.exe0.9.9.1771aswmbr.exe0.9.9.17710004fdeb

Error: (04/24/2014 08:41:22 AM) (Source: Application Error)(User: )
Description: MsMpEng.exe0.0.0.0unknown0.0.0.000000000

Error: (04/24/2014 08:33:51 AM) (Source: Application Error)(User: )
Description: 0.0.0.0unknown0.0.0.000000000

Error: (04/24/2014 00:00:14 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4694187

Error: (04/24/2014 00:00:14 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4694187

Error: (04/24/2014 00:00:14 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/24/2014 00:00:08 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4688422

Error: (04/24/2014 00:00:08 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4688422

Error: (04/24/2014 00:00:08 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/22/2014 10:22:36 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetrymicrosoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)4.5.216.0timeout1.1.10501.0fixed2 _ 2049+5 _ not bootNILNILNIL


==================== Memory info ===========================

Percentage of memory in use: 18%
Total physical RAM: 3574.11 MB
Available physical RAM: 2909.64 MB
Total Pagefile: 5456.66 MB
Available Pagefile: 4988.59 MB
Total Virtual: 2047.88 MB
Available Virtual: 1948.18 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.88 GB) (Free:9.82 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive i: (U3 System) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
Drive j: () (Removable) (Total:0.95 GB) (Free:0.75 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 233 GB) (Disk ID: 75767576)
Partition 1: (Active) - (Size=233 GB) - (Type=07 NTFS)

========================================================
Disk: 5 (Size: 972 MB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================



#11 Inset irises

Inset irises
  • Topic Starter

  • Members
  • 142 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:17 PM

Posted 25 April 2014 - 02:12 AM

Ok, I got the usb drive protected.  Posted the requested logs and comments.

3 options are boot from optical drive, a drive, and I don't recall the 3rd one.

It appears that I am in a different boot.ini (see above post)



#12 whoabuddy

whoabuddy

    Bleepin' Verbose


  • Malware Response Instructor
  • 2,052 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cottonwood, AZ
  • Local time:07:17 PM

Posted 25 April 2014 - 10:48 AM

Hello Inset irises,

3 options are boot from optical drive, a drive, and I don't recall the 3rd one.

Thank you for this information, for now that sounds normal but we may be able to adjust the display time or options from the BIOS for that particular screen. Since it's asking if you want to boot to CD, Hard Drive, and most likely a Network Card these actions occur before the Hard Drive is selected and Windows loads. If you weren't seeing them before they may have been applied by an update but it's hard to say at this point. The good news is it is not anything malicious however we will scan your hard drive at the end to make sure there are no hardware errors or failing parts just to be safe.

The keyboard and mouse errors indicate the driver that runs them (i8042prt.sys) may be damaged in some way, we will take a closer look in our fix based on these errors, which explain what you are experiencing.

==================== Faulty Device Manager Devices =============

Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)

Name: Microsoft PS/2 Mouse
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)

In addition it appears your Microsoft Security Essentials installation is corrupted, so we will need to choose an alternate anti-virus such as Avira. Did you have a preferred AV from the list I linked i my earlier post?

We need to download some updated files:
  • Please delete your current copy of FRST and download the latest version to your flash drive. Our tools are updated frequently to address malware as it changes as well as address any bugs, using the latest version is always recommended.
    http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/
  • Please download the attached fixlist.txt file and save it to the same location as FRST
    Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
    Attached File  fixlist.txt   317bytes   1 downloads
  • Please download the antivirus software of your choice that you would like to use in place of the broken Microsoft Security Essentials and save it to your flash drive. Do not install it at this time. Antivirus programs use a special type of driver so we need to go in a specific order to ensure the highest level of compatibility with your system.
Note: We want to download the installer for the new antivirus before removing the old one, so please do so before we continue with the next step. If you need any assistance please stop here and let me know.

Note: From this point forward all instructions/fixes will be applied to the sick PC.

We need to update a Windows setting:

Since your system is set to Selective Startup let's reset that to Normal Startup for now. If it remains in Selective Startup afterward that's ok, just let me know and we will address it toward the end.
  • Click Start > Run > type msconfig and click OK
  • Select the General tab and select Normal Startup
  • Click Apply and OK (no need to reboot yet)
We need to remove Microsoft Security Essentials:
  • Click on Start, then Control Panel
    note: if you have a single-column start menu, the option will be under Start Menu > Settings > Control Panel
  • Double-click on Add or Remove Programs
    note: the list may take some time to populate, please wait until complete
  • If the following entries exist on the list, please click on each one and then click Remove
    Microsoft Security Essentials
    Microsoft Security Client
We need to run a fix with FRST:
  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply
We need to search for a file with FRST:
  • Double-click on FRST.exe/FRST64.exe to open it, in the search box, type the following: i8042prt.sys
  • Press the Search Files button, allow FRST to run
  • A log file Search.txt will appear when complete, please post this in your next reply
We need to install your new Antivirus software:

Please run the installer, complete the installation, and reboot the PC one time.

We need to run a new scan with FRST:
  • Double-click on FRST.exe/FRST64.exe to open it, click on Scan
  • A log file FRST.txt will appear when complete, please post this in your next reply
In your next post I need the following:
  • result of msconfig setting change
  • result of Microsoft Security Essentials removal
  • fixlog.txt from FRST fix
  • Search.txt from FRST search
  • result of Antivirus installation
  • FRST.txt from FRST scan
  • Status Update - anything else to add at this time?
Best Regards,
whoabuddy
Meditate. Elevate. Appreciate. | "Life is a journey, love is the destination, happiness is the path!"
If I am helping you and have not responded within 48 hours, please send me a PM.
Vi Veri Universum Vivus Vici (VVVVV)
Excellent Security Advice
Proud member of UNITE

#13 Inset irises

Inset irises
  • Topic Starter

  • Members
  • 142 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:17 PM

Posted 25 April 2014 - 07:13 PM

Thanks, I will be offline this weekend. I missed the AV suggestions, I have used NOD 32 in the past...which do you like for Win 7?

#14 whoabuddy

whoabuddy

    Bleepin' Verbose


  • Malware Response Instructor
  • 2,052 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cottonwood, AZ
  • Local time:07:17 PM

Posted 26 April 2014 - 04:10 PM

Hello Inset irises,

No problem and thanks for letting me know, when you return we can begin where we left off. Personally I use either Avira (free) or Emsisoft (paid) for Windows 7, but what works best really depends on how you use your computer. There are independent test sites available that can help guide you to a decision, however keep in mind the tests are usually for a specific purpose: "performance", "known virus detection", "successful virus removal", or similar.

http://www.virusbtn.com/index
http://www.av-test.org/
http://www.av-comparatives.org/

Please let me know if you have any other questions otherwise I look forward to your post when you return.

Best Regards,
whoabuddy

Edited by whoabuddy, 26 April 2014 - 04:11 PM.
fixed av-test url

Meditate. Elevate. Appreciate. | "Life is a journey, love is the destination, happiness is the path!"
If I am helping you and have not responded within 48 hours, please send me a PM.
Vi Veri Universum Vivus Vici (VVVVV)
Excellent Security Advice
Proud member of UNITE

#15 Inset irises

Inset irises
  • Topic Starter

  • Members
  • 142 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:17 PM

Posted 27 April 2014 - 06:17 PM

Have downloads, here goes.
Msconfig allowed pc to boot to sign in and allowed normal signin. ok
will post farbar files soon.
Am installing Avira now.

Edited by Inset irises, 27 April 2014 - 06:41 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users