Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My friend was watching inappropriate content & then tried to fix - now infected


  • This topic is locked This topic is locked
19 replies to this topic

#1 jacobjohann

jacobjohann

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:32 PM

Posted 04 July 2014 - 10:31 PM

My friend was watching inappropriate internet content on my computer and he "installed" some things so he could watch.
My mom knows a lot about computers and has used this site for help on my grandparents computer. She only had one more program to run when my friend came back and tried to "fix" the computer. No, he didn't have permission and did it behind our backs as no one was home.  I think the initial "virus removal" program installed was PC Optimizer. She tried some things with this one and then recommended I go online to see if it is salvagable or not.

 

DDS log:

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Jacob at 22:21:50 on 2014-07-04
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1526.512 [GMT -5:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ================
.
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uSearch Bar = hxxp://www.toshiba.com/search
uInternet Connection Wizard,ShellNext = hxxp://www.toshibadirect.com/dpdstart
EB: Real.com: {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\shdocvw.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [TFncKy] TFncKy.exe
mRun: [TDispVol] TDispVol.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [THotkey] c:\program files\toshiba\toshiba applet\thotkey.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [Tvs] c:\program files\toshiba\tvs\TvsTray.exe
mRun: [TPSMain] TPSMain.exe
mRun: [PadTouch] c:\program files\toshiba\touch and launch\PadExe.exe
mRun: [SmoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe
mRun: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ramasst.lnk - c:\windows\system32\RAMASST.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_04\bin\npjpi150_04.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1347402736921
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{F44C8BFF-C97A-4FC7-8E82-68489B5FF073} : DHCPNameServer = 192.168.1.254
Notify: igfxcui - igfxdev.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 231960]
R1 {a3f28269-ad17-41a8-b032-3e0313ef8979}Gt;{a3f28269-ad17-41a8-b032-3e0313ef8979}Gt;c:\windows\system32\drivers\{a3f28269-ad17-41a8-b032-3e0313ef8979}Gt.sys [2014-6-9 55128]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\drivers\mcvidrv.sys [2013-11-26 40736]
S3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv.sys [2013-12-6 29728]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2014-07-05 03:00:26 19620 ----a-w- C:\FixitRegBackup.reg
2014-07-04 22:02:32 -------- d-----w- C:\6985909982e2d7fbd550
2014-07-04 22:00:37 -------- d-----w- C:\83143a5174adbfd71bbee084
2014-07-04 18:30:55 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-07-04 18:13:06 53208 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-07-04 18:13:06 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-07-04 18:13:06 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-07-04 17:55:18 8140904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{722d57f2-ff55-4c39-925a-e5236f44e22a}\mpengine.dll
2014-06-24 04:38:51 -------- d-----w- c:\windows\pss
2014-06-24 03:53:38 8140904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2014-06-10 02:44:20 536576 ----a-w- c:\windows\system32\sqlite3.dll
2014-06-09 22:03:42 55128 ----a-w- c:\windows\system32\drivers\{a3f28269-ad17-41a8-b032-3e0313ef8979}Gt.sys
2014-06-09 18:48:40 -------- d-----w- c:\documents and settings\jacob\AppData
2014-06-09 18:47:17 -------- d-----w- c:\documents and settings\jacob\local settings\application data\Temp
2014-06-09 18:44:55 17136 ----a-w- c:\windows\system32\sasnative32.exe
2014-06-09 18:43:31 -------- d-----w- c:\windows\system32\drivers\nss\0401000.01C
2014-06-09 18:43:31 -------- d-----w- c:\windows\system32\drivers\NSS
2014-06-09 18:42:56 -------- d-----w- c:\documents and settings\all users\application data\NortonInstaller
.
==================== Find3M  ====================
.
.
============= FINISH: 22:22:14.43 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 Johnny Computer

Johnny Computer

  • Malware Response Team
  • 1,739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:127.0.0.1
  • Local time:03:32 PM

Posted 08 July 2014 - 10:56 AM

Hello JacobJohann-

 

My name is Johnny Computer and I will be helping you clean up your computer today.  Please give me some time to look over your logs and I will be back with further instructions as soon as possible.   :)


avatar591802_2.gif"DO OR DO NOT. THERE IS NO TRY."


#3 Johnny Computer

Johnny Computer

  • Malware Response Team
  • 1,739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:127.0.0.1
  • Local time:03:32 PM

Posted 09 July 2014 - 08:51 AM

Hello JacobJohann-
 
 

Hello and  :welcome:  to BLEEPING COMPUTER
My name is Johnny Computer and I will be helping you with your malware related computer issues today :)  

Before we move on, please read the following points carefully.

  • First, I would like to inform you that most of us here at Bleeping Computer are volunteers. The logs you will be asked to submit can take time to analyze. Please try to match our commitment to you with your patience toward us.  :)
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • IMPORTANT-----> Post all logfiles as a reply rather than as an attachment. If you can not post all log files in one reply, feel free to use more posts.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop and ask any questions you may have.
  • Please stay with me until I have notified you that your system is All Clean. Absence of symptoms does not necessarily mean your machine is clean. :)
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your operating system and losing all your programs and data.

============================================================================================================

STEP #1:

Please go to Virus Total here: https://www.virustotal.com/

Navigate to and upload the following file and copy and paste the results into your next reply

c:\windows\system32\sasnative32.exe

================================================================================================

STEP #2:

Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
==========================================================================================

THINGS I NEED IN YOUR NEXT REPLY:

1.) Virus Total Results
2.) ADWCleaner log
3.) Description of the symptoms you are experiencing that make you think your system is infected.

Thanks :)

avatar591802_2.gif"DO OR DO NOT. THERE IS NO TRY."


#4 jacobjohann

jacobjohann
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:32 PM

Posted 09 July 2014 - 05:45 PM

SHA256: bf28a8eb57684f7819ae1c76282d26356590559f827eddb576662bada1d2c9fc File name: sasnative32.exe Detection ratio: 0 / 53 Analysis date: 2014-07-09 22:37:13 UTC ( 0 minutes ago )
 
0
 
1
 
Probably harmless! There are strong indicators suggesting that this file is safe to use.
Antivirus Result Update AVG   20140709 Ad-Aware   20140709 AegisLab   20140709 Agnitum   20140709 AhnLab-V3   20140709 AntiVir   20140709 Avast   20140709 Baidu-International   20140709 BitDefender   20140709 Bkav   20140709 ByteHero   20140709 CAT-QuickHeal   20140709 CMC   20140707 ClamAV   20140709 Commtouch   20140709 Comodo   20140709 DrWeb   20140709 ESET-NOD32   20140709 Emsisoft   20140709 F-Prot   20140709 F-Secure   20140709 Fortinet   20140709 GData   20140709 Ikarus   20140709 Jiangmin   20140709 K7AntiVirus   20140709 K7GW   20140709 Kaspersky   20140709 Kingsoft   20140709 Malwarebytes   20140709 McAfee   20140709 McAfee-GW-Edition   20140709 MicroWorld-eScan   20140709 Microsoft   20140709 NANO-Antivirus   20140709 Norman   20140709 Panda   20140709 Qihoo-360   20140709 Rising   20140709 SUPERAntiSpyware   20140709 Sophos   20140709 Symantec   20140709 Tencent   20140709 TheHacker   20140708 TotalDefense   20140709 TrendMicro   20140709 TrendMicro-HouseCall   20140709 VBA32   20140709 VIPRE   20140709 ViRobot   20140709 Zillya   20140709 Zoner   20140708 nProtect   20140709

 

The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Native subsystem.
Authenticode signature block
Publisher Systweak Inc
Signature verification Signed file, verified signature
Signing date 3:18 PM 11/10/2008
Signers
[+] Systweak Inc
Status Certificate out of its validity period
Valid from 1:00 AM 1/21/2008
Valid to 12:59 AM 2/17/2010
Valid usage Code Signing
Algorithm SHA1
Thumbrint F3DF6B6EC5C2E6C592396C6A1E9500D067A0CAB6
Serial number 5A F6 64 8D CB 33 B9 24 4F 74 69 C7 3E A7 22 AC
[+] VeriSign Class 3 Code Signing 2004 CA
Status Valid
Valid from 1:00 AM 7/16/2004
Valid to 12:59 AM 7/16/2014
Valid usage Client Auth, Code Signing
Algorithm SHA1
Thumbrint 197A4AEBDB25F0170079BB8C73CB2D655E0018A4
Serial number 41 91 A1 5A 39 78 DF CF 49 65 66 38 1D 4C 75 C2
[+] VeriSign Class 3 Public Primary CA
Status Valid
Valid from 1:00 AM 1/29/1996
Valid to 12:59 AM 8/2/2028
Valid usage Email Protection, Client Auth, Code Signing, Server Auth
Algorithm MD2
Thumbrint 742C3192E607E424EB4549542BE1BBC53E6174E2
Serial number 70 BA E4 1D 10 D9 29 34 B6 38 CA 7B 03 CC BA BF
Counter signers
[+] VeriSign Time Stamping Services Signer - G2
Status Certificate out of its validity period
Valid from 1:00 AM 6/15/2007
Valid to 12:59 AM 6/15/2012
Valid usage Timestamp Signing
Algorithm SHA1
Thumbrint ADA8AAA643FF7DC38DD40FA4C97AD559FF4846DE
Serial number 38 25 D7 FA F8 61 AF 9E F4 90 E7 26 B5 D6 5A D5
[+] VeriSign Time Stamping Services CA
Status Certificate out of its validity period
Valid from 1:00 AM 12/4/2003
Valid to 12:59 AM 12/4/2013
Valid usage Timestamp Signing
Algorithm SHA1
Thumbrint F46AC0C6EFBB8C6A14F55F09E2D37DF4C0DE012D
Serial number 47 BF 19 95 DF 8D 52 46 43 F7 DB 6D 48 0D 31 A4
[+] Thawte Timestamping CA
Status Valid
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm MD5
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2008-11-10 13:39:33
Entry Point 0x00002890
Number of sections 5
PE sections
Name Virtual address Virtual size Raw size Entropy MD5
.text 4096 6486 6656 5.94 f7ae9844a6a186531301497463da3e90
.rdata 12288 2954 3072 3.99 d9c3d4c5e3b641af8e0a7b096510c0aa
.data 16384 4 0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rsrc 20480 176 512 4.08 e75462be5446e4713a9bfd1160790c3e
.reloc 24576 440 512 4.70 89619446203afa3f4be6c3ccd707b631
PE imports
ZwDeleteValueKey
ZwReadFile
RtlInitUnicodeString
ZwOpenKey
ZwCreateFile
wcschr
ZwTerminateProcess
memset
NtQueryValueKey
ZwSaveKey
ZwWriteFile
ZwCreateKey
ZwInitializeRegistry
RtlCreateHeap
ZwDeleteKey
ZwDelayExecution
wcsrchr
ZwDisplayString
RtlAllocateHeap
ZwQueryInformationFile
_wcsnicmp
RtlNtStatusToDosError
RtlFreeHeap
memcpy
ZwSetInformationFile
_chkstk
ZwOpenFile
ZwRestoreKey
swprintf
RtlAdjustPrivilege
ZwClose
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 1
ExifTool file metadata
MIMEType
application/octet-stream
Subsystem
Native
MachineType
Intel 386 or later, and compatibles
TimeStamp
2008:11:10 14:39:33+01:00
FileType
Win32 EXE
PEType
PE32
CodeSize
6656
LinkerVersion
8.0
FileAccessDate
2014:07:09 23:35:38+01:00
EntryPoint
0x2890
InitializedDataSize
4096
SubsystemVersion
4.0
ImageVersion
0.0
OSVersion
4.0
FileCreateDate
2014:07:09 23:35:38+01:00
UninitializedDataSize
0


#5 jacobjohann

jacobjohann
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:32 PM

Posted 09 July 2014 - 06:02 PM

I hope I pasted what you were looking for. I had random pop up ads, a "pc cleaner" kept "scanning" computer and said 857 threats, icons on google and home screen are different, browser had been changed to greener-e or something like that, if I tried to go to a site it would redirect me, malware bytes had initially shown several hundred threats. My mom did do some work trying to clean it up then found out my friend had gotten on the computer again. He had downloaded manycam as well as a few others and was watching sexually explicit material. He went to a random site to download Norton and a virus removal program trying to "fix" my computer.

 

Please review and let me know. Thank you. Jacob

Attached Files



#6 Johnny Computer

Johnny Computer

  • Malware Response Team
  • 1,739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:127.0.0.1
  • Local time:03:32 PM

Posted 10 July 2014 - 08:18 AM

Hello JacobJohann-
 

I hope I pasted what you were looking for.

 Please copy and paste rather then attach all logs :wink:


Yes, you posted the correct logs for both Virus Total and ADWCleaner   :)  but also please pay careful attention to follow the instructions as given.  In my previous post I had asked you to scan with ADWCleaner not scan and clean.  This will make the cleaning process go much faster and smoother  :wink: 
 
 
 
Please do the following:
 
 
STEP:1
 
thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
==============================================================================================
 
 
STEP #2:
 
Please download Farbar Recovery Scan Tool and save it to your Desktop.
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right-click FRST then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.
Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.
 
 ==============================================================================================
 
 
THINGS I NEED IN YOUR NEXT REPLY:
 
1.) JRT log
2.) FRST log
 
Thanks :)

avatar591802_2.gif"DO OR DO NOT. THERE IS NO TRY."


#7 jacobjohann

jacobjohann
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:32 PM

Posted 11 July 2014 - 07:07 PM

I cleaned out the attachments in my settings.

 

I attached the JRT log. I also  attached a screen shot of what appeared when I tried to run FRST scan.  I right clicked selected run as and this appeared.  I was not able to print screen and copy into this reply which is why I attached it. I will not proceed until you advise. Thank you.

 

  

Attached Files



#8 Johnny Computer

Johnny Computer

  • Malware Response Team
  • 1,739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:127.0.0.1
  • Local time:03:32 PM

Posted 12 July 2014 - 08:49 AM

Hello JacobJohann-

 

Please try double left clicking the FRST file instead of Right-Clicking, run the program and copy and paste the log file.  Let me know if that works.  

 

Thanks :)


Edited by Johnny Computer, 12 July 2014 - 08:50 AM.

avatar591802_2.gif"DO OR DO NOT. THERE IS NO TRY."


#9 jacobjohann

jacobjohann
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:32 PM

Posted 12 July 2014 - 10:20 AM

Here is the FRST log:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:11-07-2014
Ran by Jacob (administrator) on OPEN on 12-07-2014 10:12:35
Running from C:\Documents and Settings\Jacob\Desktop\virus programs
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
(Intel Corporation ) C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
(Matsubleepa Electric Industrial Co., Ltd.) C:\WINDOWS\system32\DVDRAMSV.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehrecvr.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehSched.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
() C:\TOSHIBA\IVP\swupdate\swupdtmr.exe
(TOSHIBA Corporation) C:\WINDOWS\system32\TDispVol.exe
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(TOSHIBA Corp.) C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe
(TOSHIBA) C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Agere Systems) C:\Program Files\ltmoh\ltmoh.exe
(Agere Systems) C:\WINDOWS\agrsmmsg.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\Toshiba.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
(TOSHIBA Corporation) C:\TOSHIBA\IVP\ISM\pinger.exe
(TOSHIBA Corporation) C:\WINDOWS\system32\TPSBattM.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
(TOSHIBA) C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
(Matsubleepa Electric Industrial Co., Ltd.) C:\WINDOWS\system32\RAMASST.exe
(Intel Corporation) C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehmsas.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [TFncKy] => TFncKy.exe
HKLM\...\Run: [TDispVol] => C:\WINDOWS\system32\TDispVol.exe [73728 2005-03-11] (TOSHIBA Corporation)
HKLM\...\Run: [igfxhkcmd] => C:\WINDOWS\system32\hkcmd.exe [77824 2005-11-28] (Intel Corporation)
HKLM\...\Run: [igfxpers] => C:\WINDOWS\system32\igfxpers.exe [118784 2005-11-28] (Intel Corporation)
HKLM\...\Run: [ehTray] => C:\WINDOWS\ehome\ehtray.exe [64512 2005-08-05] (Microsoft Corporation)
HKLM\...\Run: [THotkey] => C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe [352256 2006-01-05] (TOSHIBA)
HKLM\...\Run: [SynTPLpr] => C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [82009 2005-12-16] (Synaptics, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [761945 2005-12-16] (Synaptics, Inc.)
HKLM\...\Run: [LtMoh] => C:\Program Files\ltmoh\Ltmoh.exe [184320 2004-08-18] (Agere Systems)
HKLM\...\Run: [AGRSMMSG] => C:\WINDOWS\AGRSMMSG.exe [88203 2005-10-15] (Agere Systems)
HKLM\...\Run: [NDSTray.exe] => NDSTray.exe
HKLM\...\Run: [Tvs] => C:\Program Files\Toshiba\Tvs\TvsTray.exe [73728 2005-11-30] (TOSHIBA Corporation)
HKLM\...\Run: [TPSMain] => C:\WINDOWS\system32\TPSMain.exe [282624 2005-06-01] (TOSHIBA Corporation)
HKLM\...\Run: [PadTouch] => C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
HKLM\...\Run: [SmoothView] => C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe [122880 2005-04-26] (TOSHIBA Corporation)
HKLM\...\Run: [Pinger] => c:\toshiba\ivp\ism\pinger.exe [151552 2005-03-17] (TOSHIBA Corporation)
HKLM\...\Run: [IntelZeroConfig] => C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [667718 2005-12-05] (Intel Corporation)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [602182 2005-11-28] (Intel Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
HKU\S-1-5-21-2745038705-3874588759-3976702830-1005\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-21-2745038705-3874588759-3976702830-1005\...\Run: [TOSCDSPD] => C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe [65536 2004-12-30] (TOSHIBA)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk
ShortcutTarget: RAMASST.lnk -> C:\WINDOWS\system32\RAMASST.exe (Matsubleepa Electric Industrial Co., Ltd.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1347402736921
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-10-16]

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR StartupUrls: "hxxp://www.google.com/"
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\Jacob\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-27]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Jacob\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-05]
CHR HKLM\...\Chrome\Extension: [icmlaeflemplmjndnaapfdbbnpncnbda] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-05-05]

========================== Services (Whitelisted) =================

R2 CFSvcs; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2005-01-17] (TOSHIBA CORPORATION) [File not signed]
R2 DVD-RAM_Service; C:\WINDOWS\system32\DVDRAMSV.exe [110592 2004-08-28] (Matsubleepa Electric Industrial Co., Ltd.) [File not signed]
R2 EvtEng; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [114753 2005-11-28] (Intel Corporation) [File not signed]
R2 McrdSvc; C:\WINDOWS\ehome\mcrdsvc.exe [99328 2005-08-05] (Microsoft Corporation)
S3 MHN; C:\WINDOWS\System32\mhn.dll [85504 2004-08-10] (Microsoft Corporation) [File not signed]
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
R2 RegSrvc; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [217164 2005-11-28] (Intel Corporation) [File not signed]
R2 S24EventMonitor; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [540745 2005-11-28] (Intel Corporation ) [File not signed]
R2 Swupdtmr; c:\TOSHIBA\IVP\swupdate\swupdtmr.exe [40960 2005-07-12] () [File not signed]
R2 TAPPSRV; C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe [35328 2005-12-20] (TOSHIBA Corp.) [File not signed]

==================== Drivers (Whitelisted) ====================

R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [21275 2012-09-11] (Meetinghouse Data Communications) [File not signed]
R2 ASCTRM; C:\WINDOWS\system32\Drivers\ASCTRM.sys [8552 2006-02-16] (Windows ® 2000 DDK provider) [File not signed]
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R3 Iviaspi; C:\WINDOWS\System32\drivers\iviaspi.sys [21060 2003-09-11] (InterVideo, Inc.) [File not signed]
S3 ManyCam; C:\WINDOWS\System32\DRIVERS\mcvidrv.sys [40736 2013-11-26] (Visicom Media Inc.)
S3 mcaudrv_simple; C:\WINDOWS\System32\drivers\mcaudrv.sys [29728 2013-12-06] (Visicom Media Inc.)
R1 meiudf; C:\WINDOWS\System32\Drivers\meiudf.sys [102384 2005-06-02] (Matsubleepa Electric Industrial Co.,Ltd.) [File not signed]
S3 MHNDRV; C:\WINDOWS\System32\DRIVERS\mhndrv.sys [11008 2004-08-10] (Microsoft Corporation) [File not signed]
R0 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R2 Netdevio; C:\WINDOWS\System32\DRIVERS\netdevio.sys [12032 2003-01-29] (TOSHIBA Corporation.) [File not signed]
R3 Pfc; C:\WINDOWS\System32\drivers\pfc.sys [10368 2003-09-19] (Padus, Inc.) [File not signed]
R0 PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [20640 2005-04-25] (Sonic Solutions) [File not signed]
R2 s24trans; C:\WINDOWS\System32\DRIVERS\s24trans.sys [13568 2005-11-28] (Intel Corporation) [File not signed]
R3 tbiosdrv; C:\WINDOWS\System32\DRIVERS\tbiosdrv.sys [9472 2005-08-24] ()
S3 tosrfec; C:\WINDOWS\System32\DRIVERS\tosrfec.sys [9344 2005-09-09] (TOSHIBA Corporation) [File not signed]
R3 TVALD; C:\WINDOWS\System32\DRIVERS\NBSMI.sys [6144 2005-10-20] (Toshiba Corporation) [File not signed]
R3 Tvs; C:\WINDOWS\System32\DRIVERS\Tvs.sys [43392 2005-11-30] (TOSHIBA Corporation) [File not signed]
R3 w39n51; C:\WINDOWS\System32\DRIVERS\w39n51.sys [1428096 2005-12-04] (Intel® Corporation)
S3 wanatw; C:\WINDOWS\System32\DRIVERS\wanatw4.sys [33588 2003-01-10] (America Online, Inc.)
R1 {a3f28269-ad17-41a8-b032-3e0313ef8979}Gt; C:\WINDOWS\System32\drivers\{a3f28269-ad17-41a8-b032-3e0313ef8979}Gt.sys [55128 2014-06-09] (StdLib)
S4 IntelIde; No ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
U5 Tosrfcom; C:\Windows\System32\Drivers\Tosrfcom.sys [64896 2005-08-01] (TOSHIBA Corporation) [File not signed]
U1 WS2IFSL;

==================== NetSvcs (Whitelisted) ===================

NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation)

==================== One Month Created Files and Folders ========

2014-07-12 10:11 - 2014-07-12 10:12 - 00000000 ____D () C:\FRST
2014-07-11 18:54 - 2014-07-11 18:54 - 00000589 _____ () C:\Documents and Settings\Jacob\Desktop\JRT.txt
2014-07-11 18:47 - 2014-07-11 18:47 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-07-09 17:39 - 2014-07-09 17:45 - 00000000 ____D () C:\AdwCleaner
2014-07-04 22:22 - 2014-07-04 22:22 - 00019191 _____ () C:\Documents and Settings\Jacob\Desktop\attach.txt
2014-07-04 22:22 - 2014-07-04 22:22 - 00008569 _____ () C:\Documents and Settings\Jacob\Desktop\dds.txt
2014-07-04 22:00 - 2014-07-04 22:00 - 00019620 _____ () C:\FixitRegBackup.reg
2014-07-04 13:30 - 2014-07-05 11:10 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-07-04 13:13 - 2014-07-04 13:13 - 00000783 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-04 13:13 - 2014-07-04 13:13 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-07-04 13:13 - 2014-07-04 13:13 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-04 13:13 - 2014-05-12 07:35 - 00053208 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-07-04 13:13 - 2014-05-12 07:35 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-06-23 23:38 - 2014-06-23 23:38 - 00000000 ____D () C:\WINDOWS\pss

==================== One Month Modified Files and Folders =======

2014-07-12 10:13 - 2012-09-11 17:14 - 00000000 ____D () C:\Documents and Settings\Jacob\Local Settings\Temp
2014-07-12 10:12 - 2014-07-12 10:11 - 00000000 ____D () C:\FRST
2014-07-12 09:41 - 2006-02-15 10:37 - 01551870 _____ () C:\WINDOWS\WindowsUpdate.log
2014-07-12 09:41 - 2006-02-15 10:35 - 00000000 ____D () C:\WINDOWS\Registration
2014-07-12 09:39 - 2014-04-27 14:23 - 00000222 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-07-12 09:39 - 2006-02-15 10:42 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-07-11 19:12 - 2012-09-11 17:14 - 00000278 ___SH () C:\Documents and Settings\Jacob\ntuser.ini
2014-07-11 19:12 - 2006-02-15 10:42 - 00031846 _____ () C:\WINDOWS\SchedLgU.Txt
2014-07-11 19:04 - 2012-09-11 19:19 - 00002497 _____ () C:\Documents and Settings\Jacob\Desktop\Microsoft Office Word 2003.lnk
2014-07-11 18:54 - 2014-07-11 18:54 - 00000589 _____ () C:\Documents and Settings\Jacob\Desktop\JRT.txt
2014-07-11 18:47 - 2014-07-11 18:47 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-07-11 18:47 - 2013-08-15 19:13 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-07-11 18:31 - 2012-09-11 18:55 - 93585272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-07-11 18:25 - 2006-02-15 09:04 - 00001158 _____ () C:\WINDOWS\system32\wpa.dbl
2014-07-09 17:45 - 2014-07-09 17:39 - 00000000 ____D () C:\AdwCleaner
2014-07-09 17:30 - 2012-09-11 18:27 - 00397015 _____ () C:\WINDOWS\setupapi.log
2014-07-09 17:30 - 2006-02-15 02:29 - 00360545 _____ () C:\WINDOWS\setupact.log
2014-07-05 11:10 - 2014-07-04 13:30 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-07-05 11:08 - 2012-11-22 18:58 - 00000000 ____D () C:\WINDOWS\system32\Adobe
2014-07-05 11:08 - 2012-09-11 17:15 - 00000000 ____D () C:\Documents and Settings\Jacob\Application Data\Adobe
2014-07-04 22:22 - 2014-07-04 22:22 - 00019191 _____ () C:\Documents and Settings\Jacob\Desktop\attach.txt
2014-07-04 22:22 - 2014-07-04 22:22 - 00008569 _____ () C:\Documents and Settings\Jacob\Desktop\dds.txt
2014-07-04 22:00 - 2014-07-04 22:00 - 00019620 _____ () C:\FixitRegBackup.reg
2014-07-04 21:57 - 2012-09-11 19:35 - 00002039 _____ () C:\WINDOWS\epplauncher.mif
2014-07-04 16:40 - 2012-10-12 03:01 - 00000000 ___DC () C:\WINDOWS\$NtUninstallKB2756822$
2014-07-04 14:08 - 2014-06-09 13:44 - 00000440 ____H () C:\WINDOWS\Tasks\Norton Security Scan for Jacob.job
2014-07-04 13:13 - 2014-07-04 13:13 - 00000783 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-04 13:13 - 2014-07-04 13:13 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-07-04 13:13 - 2014-07-04 13:13 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-04 13:13 - 2013-03-29 09:04 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-07-04 12:56 - 2006-02-15 10:44 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-06-24 06:29 - 2012-09-11 18:48 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2491683$
2014-06-23 23:38 - 2014-06-23 23:38 - 00000000 ____D () C:\WINDOWS\pss
2014-06-23 22:57 - 2006-02-16 05:18 - 00000000 ____D () C:\WINDOWS\system32\DLA
2014-06-23 22:55 - 2012-09-11 17:14 - 00000000 ____D () C:\Documents and Settings\Jacob\Local Settings\Application Data\Yahoo
2014-06-23 22:55 - 2012-09-11 17:13 - 00000000 ____D () C:\Documents and Settings\Default User\Local Settings\Application Data\Yahoo
2014-06-23 22:55 - 2006-02-16 05:14 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Yahoo
2014-06-23 22:44 - 2006-02-15 10:42 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Temp
2014-06-23 22:42 - 2006-02-15 09:04 - 00000675 _____ () C:\WINDOWS\win.ini

Some content of TEMP:
====================
C:\Documents and Settings\Jacob\Local Settings\Temp\GoogleToolbarStandaloneSetup_7_5_4501_1952.exe
C:\Documents and Settings\Jacob\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\Jacob\Local Settings\Temp\setup_wm.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-8c387d88.exe

==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

 

Here is the addition log:

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:11-07-2014
Ran by Jacob at 2014-07-12 10:13:50
Running from C:\Documents and Settings\Jacob\Desktop\virus programs
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Microsoft Security Essentials (Disabled - Up to date) {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

==================== Installed Programs ======================

Adobe Reader XI (11.0.07) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v4.00.23(T) - )
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
CD/DVD Drive Acoustic Silencer (HKLM\...\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}) (Version: 1.00.008 - TOSHIBA)
DVD-RAM Driver (HKLM\...\{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}) (Version: 5.0.2.5 - )
High Definition Audio Driver Package - KB888111 (HKLM\...\KB888111WXPSP2) (Version: 20040219.000000 - Microsoft Corporation)
HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden
I.R.I.S. OCR (HKLM\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Intel® Graphics Media Accelerator Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: 6.14.10.4436 - )
Intel® PRO Network Connections Drivers (HKLM\...\PROSet) (Version:  - )
Intel® PROSet/Wireless Software (HKLM\...\ProInst) (Version: 10.01.0000 - Intel Corporation)
InterVideo WinDVD Creator 2 (HKLM\...\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}) (Version: 2.0.14.376 - InterVideo Inc.)
InterVideo WinDVD for TOSHIBA (HKLM\...\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}) (Version: 5.0-B11.533 - InterVideo Inc.)
J2SE Runtime Environment 5.0 Update 4 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0150040}) (Version: 1.5.0.40 - Sun Microsystems, Inc.)
Macromedia Flash Player 8 (HKLM\...\{6815FCDD-401D-481E-BA88-31B4754C2B46}) (Version: 8.0.22.0 - Macromedia)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
mCore (Version: 5.40.0000 - Intel Corporation) Hidden
mDrWiFi (Version: 5.40.0000 - Intel Corporation) Hidden
Metamail (Toshiba Registration Utility) (HKLM\...\{BE3F89C0-42D5-11D5-A40A-00105AC8331A}) (Version: 4.5 - )
mHelp (Version: 5.40.0000 - Intel) Hidden
Microsoft .NET Framework 1.0 Hotfix (KB2604042) (HKLM\...\KB2604042) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Hotfix (KB2656378) (HKLM\...\KB2656378) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Hotfix (KB979904) (HKLM\...\KB979904) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2698035) (HKLM\...\KB2698035) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2742607) (HKLM\...\KB2742607) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2833951) (HKLM\...\KB2833951) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2904878) (HKLM\...\KB2904878) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Security Client (Version: 4.1.0522.0 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
mIWA (Version: 5.40.0000 - Intel Corporation) Hidden
mLogView (Version: 5.40.0000 - Intel Corporation) Hidden
mMHouse (Version: 5.40.0000 - Intel Corporation) Hidden
mPfMgr (Version: 5.40.0000 - Intel Corporation) Hidden
mPfWiz (Version: 5.40.0000 - Intel Corporation) Hidden
mProSafe (Version: 9.00.0000 - Intel) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
mWlsSafe (Version: 9.00.0000 - Intel) Hidden
mXML (Version: 5.40.0000 - Intel Corporation) Hidden
mZConfig (Version: 5.40.0000 - Intel Corporation) Hidden
Office 2003 Trial Assistant (Version: 1.0.0 - Microsoft) Hidden
RealPlayer Basic (HKLM\...\RealPlayer 6.0) (Version:  - )
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 2.02 - Realtek Semiconductor Corp.)
Sonic Encoders (HKLM\...\{9941F0AA-B903-4AF4-A055-83A9815CC011}) (Version: 1.00 - Sonic Solutions)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 8.2.9.0 - Synaptics)
Texas Instruments PCIxx21/x515/xx12 drivers. (HKLM\...\InstallShield_{4497AFF6-98C4-4F49-B073-F48F42BCBF9E}) (Version: 1.16.0000 - Texas Instruments Inc.)
TIPCI (Version: 1.16.0000 - Texas Instruments Inc.) Hidden
TOSHIBA Assist (HKLM\...\{12B3A009-A080-4619-9A2A-C6DB151D8D67}) (Version:  - )
TOSHIBA ConfigFree (HKLM\...\{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}) (Version: 5.90.05 - )
TOSHIBA Controls (HKLM\...\{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}) (Version:  - )
TOSHIBA Game Console (HKLM\...\TOSHIBA Game Console) (Version:  - WildTangent)
TOSHIBA Hotkey Utility (HKLM\...\{64DD71BC-3109-4C88-9AD3-D5422644B722}) (Version: 1.00.01ST - )
TOSHIBA PC Diagnostic Tool (HKLM\...\PC Diagnostic Tool) (Version:  - )
TOSHIBA Power Saver (HKLM\...\Power Saver) (Version: 7.03.07.I - )
TOSHIBA SD Memory Card Format (HKLM\...\{48CF9A66-5F03-4025-ABD0-B3A3FA095A59}) (Version:  - )
TOSHIBA Software Modem (HKLM\...\TOSHIBA Software Modem) (Version: 2.1.62 (SM2162ALD04) - )
TOSHIBA Software Upgrades (HKLM\...\{425A2BC2-AA64-4107-9C29-484245BBEA05}) (Version:  - )
TOSHIBA Speech System Applications (HKLM\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version:  - )
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version:  - )
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version:  - )
TOSHIBA TouchPad ON/Off Utility (HKLM\...\{69BE47C2-36FE-4397-8199-85D8EAE69982}) (Version: 1.00.01ST - )
TOSHIBA TV Tuner 4.0.12.73 (HKLM\...\TOSHIBA TV Tuner) (Version: 4.0.12.73 - AVerMedia TECHNOLOGIES, Inc.)
TOSHIBA Utilities (HKLM\...\{78C68CB9-3DF5-44F3-AB9D-FA305C5EB85C}) (Version: 1.00.07ST - )
TOSHIBA Virtual Sound (HKLM\...\{8B12BA86-ADAC-4BA6-B441-FFC591087252}) (Version:  - )
TOSHIBA Zooming Utility (HKLM\...\{64212898-097F-4F3F-AECA-6D34A7EF82DF}) (Version:  - )
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Windows Media Player 10 (KB910393) (HKLM\...\KB910393) (Version:  - Microsoft Corporation)
Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2718704) (HKLM\...\KB2718704) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB898461) (HKLM\...\KB898461) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951978) (HKLM\...\KB951978) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
Update Rollup 2 for Windows XP Media Center Edition 2005 (HKLM\...\KB900325) (Version:  - Microsoft Corporation)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WildTangent Web Driver (HKLM\...\WildTangent CDA) (Version:  - )
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format Runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows XP Media Center Edition 2005 KB2502898 (HKLM\...\KB2502898) (Version:  - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB2619340 (HKLM\...\KB2619340) (Version:  - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB2628259 (HKLM\...\KB2628259) (Version:  - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB888316 (HKLM\...\KB888316) (Version:  - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB894553 (HKLM\...\KB894553) (Version:  - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB895678 (HKLM\...\KB895678) (Version:  - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB908250 (HKLM\...\KB908250) (Version:  - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB973768 (HKLM\...\KB973768) (Version:  - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)

==================== Restore Points  =========================

27-04-2014 02:39:30 System Checkpoint
27-04-2014 15:29:20 Software Distribution Service 3.0
27-04-2014 16:22:44 Software Distribution Service 3.0
27-04-2014 22:00:24 Software Distribution Service 3.0
27-04-2014 22:27:55 Software Distribution Service 3.0
28-04-2014 01:03:06 Software Distribution Service 3.0
28-04-2014 01:42:06 Software Distribution Service 3.0
02-05-2014 00:04:04 Software Distribution Service 3.0
02-05-2014 02:10:56 Software Distribution Service 3.0
04-05-2014 02:31:23 Software Distribution Service 3.0
05-05-2014 01:18:30 Software Distribution Service 3.0
05-05-2014 02:38:03 Software Distribution Service 3.0
05-05-2014 02:54:41 Software Distribution Service 3.0
05-05-2014 04:04:56 Printer Driver PDF reDirect Pro Installed
05-05-2014 04:44:43 Software Distribution Service 3.0
06-05-2014 03:21:30 Software Distribution Service 3.0
06-05-2014 22:00:19 Software Distribution Service 3.0
06-05-2014 23:11:07 Software Distribution Service 3.0
07-05-2014 03:56:53 Software Distribution Service 3.0
22-05-2014 00:42:19 Software Distribution Service 3.0
22-05-2014 00:57:12 Software Distribution Service 3.0
22-05-2014 02:20:31 Software Distribution Service 3.0
24-05-2014 18:16:58 Software Distribution Service 3.0
27-05-2014 21:45:54 Software Distribution Service 3.0
27-05-2014 22:02:13 Software Distribution Service 3.0
29-05-2014 03:26:44 Software Distribution Service 3.0
29-05-2014 03:40:38 Software Distribution Service 3.0
29-05-2014 04:19:18 Software Distribution Service 3.0
29-05-2014 12:24:13 Software Distribution Service 3.0
30-05-2014 20:41:16 Software Distribution Service 3.0
30-05-2014 23:51:55 Software Distribution Service 3.0
31-05-2014 22:00:30 Software Distribution Service 3.0
31-05-2014 22:14:06 Software Distribution Service 3.0
03-06-2014 20:07:00 Software Distribution Service 3.0
03-06-2014 20:24:53 Software Distribution Service 3.0
03-06-2014 22:00:23 Software Distribution Service 3.0
04-06-2014 06:08:53 Software Distribution Service 3.0
04-06-2014 23:51:50 Removed HP Officejet Pro 8600 Help
04-06-2014 23:54:35 Software Distribution Service 3.0
04-06-2014 23:59:06 Restore Operation
09-06-2014 17:16:24 Software Distribution Service 3.0
09-06-2014 17:33:24 Software Distribution Service 3.0
09-06-2014 22:01:07 Software Distribution Service 3.0
09-06-2014 22:23:49 Removed HP Officejet Pro 8600 Basic Device Software
09-06-2014 22:27:27 Removed HP Update.
09-06-2014 22:28:09 Removed HP FWUpdateEDO2
09-06-2014 22:29:15 Removed Compatibility Pack for the 2007 Office system
09-06-2014 22:31:39 Removed Apple Mobile Device Support
09-06-2014 22:33:08 Removed Apple Software Update
09-06-2014 22:34:40 Removed Apple Application Support
09-06-2014 22:38:48 Removed iTunes
09-06-2014 22:46:36 Removed Microsoft Office File Validation Add-In
10-06-2014 02:36:43 Restore Operation
10-06-2014 03:01:22 Software Distribution Service 3.0
11-06-2014 21:57:29 Software Distribution Service 3.0
24-06-2014 03:41:48 Software Distribution Service 3.0
24-06-2014 03:50:16 Removed Driver Support.
24-06-2014 03:52:37 Software Distribution Service 3.0
24-06-2014 03:54:26 Removed Sonic RecordNow!
24-06-2014 03:56:22 Removed Sonic DLA
24-06-2014 12:55:31 Software Distribution Service 3.0
04-07-2014 17:55:50 Software Distribution Service 3.0
04-07-2014 22:00:29 Software Distribution Service 3.0
05-07-2014 03:00:15 Installed Microsoft Fix it 50535
11-07-2014 23:28:41 Software Distribution Service 3.0

==================== Hosts content: ==========================

2006-02-15 09:02 - 2004-08-10 07:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Norton Security Scan for Jacob.job => C:\PROGRA~1\NORTON~2\Engine\410~1.28\Nss.exe
Task: C:\WINDOWS\Tasks\Registration reminder 1.job => C:\WINDOWS\system32\OOBE\oobebaln.exe
Task: C:\WINDOWS\Tasks\Registration reminder 2.job => C:\WINDOWS\system32\OOBE\oobebaln.exe
Task: C:\WINDOWS\Tasks\Registration reminder 3.job => C:\WINDOWS\system32\OOBE\oobebaln.exe

==================== Loaded Modules (whitelisted) =============

2005-11-28 13:59 - 2005-11-28 13:59 - 00876544 _____ () C:\Program Files\Intel\Wireless\Bin\LIBEAY32.dll
2005-11-28 13:59 - 2005-11-28 13:59 - 00053322 _____ () C:\Program Files\Intel\Wireless\Bin\IntStngs.dll
2005-11-28 13:59 - 2005-11-28 13:59 - 00208965 _____ () C:\Program Files\Intel\Wireless\Bin\IWMSPROV.DLL
2006-02-24 23:28 - 2002-03-03 07:40 - 00045056 _____ () C:\WINDOWS\system32\TDispVol.dll
2004-07-20 20:04 - 2004-07-20 20:04 - 00094208 _____ () C:\WINDOWS\system32\TosBtHcrpAPI.dll
2006-02-16 12:03 - 2011-02-04 17:48 - 00291840 _____ () C:\WINDOWS\system32\sbe.dll
2006-02-15 09:03 - 2013-01-02 01:49 - 01292288 _____ () C:\WINDOWS\system32\quartz.dll
2006-02-15 09:02 - 2008-04-14 05:41 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2006-02-15 09:03 - 2008-04-14 05:42 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2006-02-15 11:25 - 2005-11-23 17:55 - 00118784 _____ () C:\WINDOWS\system32\TCtrlIO.DLL
2006-02-16 04:19 - 2005-07-12 20:14 - 00040960 _____ () c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
2006-02-15 11:25 - 2006-01-04 21:14 - 00049152 _____ () C:\Program Files\Toshiba\Toshiba Applet\TouchPad_OnOff.dll
2005-11-28 13:59 - 2005-11-28 13:59 - 00876544 _____ () C:\Program Files\Intel\Wireless\bin\LIBEAY32.dll
2005-11-28 13:59 - 2005-11-28 13:59 - 00053322 _____ () C:\Program Files\Intel\Wireless\bin\IntStngs.dll
2005-11-03 13:37 - 2005-11-03 13:37 - 00970862 _____ () C:\Program Files\Intel\Wireless\Bin\acAuth.dll
2005-11-28 13:59 - 2005-11-28 13:59 - 00208965 _____ () C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
2005-11-28 13:59 - 2005-11-28 13:59 - 00876544 _____ () C:\Program Files\Intel\Wireless\Bin\Libeay32.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

==================== EXE Association (whitelisted) =============

==================== MSCONFIG/TASK MANAGER disabled items =========

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (07/04/2014 09:57:05 PM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: )
Description: HRESULT:0x8007064C
Description:.  0x8007064C. The installation source for this product is not available.  Verify that the source exists and that you can access it.

Error: (07/04/2014 05:18:35 PM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: )
Description: HRESULT:0x8007064C
Description:.  0x8007064C. The installation source for this product is not available.  Verify that the source exists and that you can access it.

Error: (07/04/2014 05:03:02 PM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: )
Description: HRESULT:0x8004FF84
Description:.  0x8004FF84.

Error: (07/04/2014 05:02:57 PM) (Source: MsiInstaller) (EventID: 11714) (User: NT AUTHORITY)
Description: Product: Microsoft Security Client -- Error 1714. The older version of Microsoft Security Client cannot be removed.  Contact your technical support group.  System Error 1612.

Error: (07/04/2014 05:02:19 PM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: )
Description: HRESULT:0x8004FF84
Description:.  0x8004FF84.

Error: (07/04/2014 05:01:21 PM) (Source: MsiInstaller) (EventID: 11714) (User: NT AUTHORITY)
Description: Product: Microsoft Security Client -- Error 1714. The older version of Microsoft Security Client cannot be removed.  Contact your technical support group.  System Error 1612.

Error: (07/04/2014 01:05:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application mbamservice.exe, version 3.0.2.0, faulting module mbamservice.exe, version 3.0.2.0, fault address 0x0007da8a.
Processing media-specific event for [mbamservice.exe!ws!]

Error: (06/24/2014 08:00:54 AM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: )
Description: HRESULT:0x8004FF84
Description:.  0x8004FF84.

Error: (06/24/2014 08:00:51 AM) (Source: MsiInstaller) (EventID: 11714) (User: NT AUTHORITY)
Description: Product: Microsoft Security Client -- Error 1714. The older version of Microsoft Security Client cannot be removed.  Contact your technical support group.  System Error 1612.

Error: (06/24/2014 08:00:26 AM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: )
Description: HRESULT:0x8004FF84
Description:.  0x8004FF84.

System errors:
=============
Error: (07/12/2014 09:41:14 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Microsoft Antimalware Service service terminated with the following error:
%%2147942402

Error: (07/11/2014 06:27:15 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Microsoft Antimalware Service service terminated with the following error:
%%2147942402

Error: (07/09/2014 07:25:52 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Microsoft Antimalware Service service terminated with the following error:
%%2147942402

Error: (07/09/2014 05:51:28 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {7F6316B4-4D69-4765-B0A3-B2598F2FA80A} did not register with DCOM within the required timeout.

Error: (07/09/2014 05:49:27 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Microsoft Antimalware Service service terminated with the following error:
%%2147942402

Error: (07/09/2014 05:11:49 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Microsoft Antimalware Service service terminated with the following error:
%%2147942402

Error: (07/05/2014 10:45:24 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Microsoft Antimalware Service service terminated with the following error:
%%2147942402

Error: (07/04/2014 11:03:17 PM) (Source: 0) (EventID: 7) (User: )
Description: \Device\Harddisk0\D

Error: (07/04/2014 11:03:10 PM) (Source: 0) (EventID: 7) (User: )
Description: \Device\Harddisk0\D

Error: (07/04/2014 11:03:04 PM) (Source: 0) (EventID: 7) (User: )
Description: \Device\Harddisk0\D

Microsoft Office Sessions:
=========================
Error: (07/04/2014 09:57:05 PM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: )
Description: HRESULT:0x8007064C
Description:.  0x8007064C. The installation source for this product is not available.  Verify that the source exists and that you can access it.

Error: (07/04/2014 05:18:35 PM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: )
Description: HRESULT:0x8007064C
Description:.  0x8007064C. The installation source for this product is not available.  Verify that the source exists and that you can access it.

Error: (07/04/2014 05:03:02 PM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: )
Description: HRESULT:0x8004FF84
Description:.  0x8004FF84.

Error: (07/04/2014 05:02:57 PM) (Source: MsiInstaller) (EventID: 11714) (User: NT AUTHORITY)
Description: Product: Microsoft Security Client -- Error 1714. The older version of Microsoft Security Client cannot be removed.  Contact your technical support group.  System Error 1612.(NULL)(NULL)(NULL)

Error: (07/04/2014 05:02:19 PM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: )
Description: HRESULT:0x8004FF84
Description:.  0x8004FF84.

Error: (07/04/2014 05:01:21 PM) (Source: MsiInstaller) (EventID: 11714) (User: NT AUTHORITY)
Description: Product: Microsoft Security Client -- Error 1714. The older version of Microsoft Security Client cannot be removed.  Contact your technical support group.  System Error 1612.(NULL)(NULL)(NULL)

Error: (07/04/2014 01:05:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbamservice.exe3.0.2.0mbamservice.exe3.0.2.00007da8a

Error: (06/24/2014 08:00:54 AM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: )
Description: HRESULT:0x8004FF84
Description:.  0x8004FF84.

Error: (06/24/2014 08:00:51 AM) (Source: MsiInstaller) (EventID: 11714) (User: NT AUTHORITY)
Description: Product: Microsoft Security Client -- Error 1714. The older version of Microsoft Security Client cannot be removed.  Contact your technical support group.  System Error 1612.(NULL)(NULL)(NULL)

Error: (06/24/2014 08:00:26 AM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: )
Description: HRESULT:0x8004FF84
Description:.  0x8004FF84.

==================== Memory info ===========================

Percentage of memory in use: 32%
Total physical RAM: 1525.98 MB
Available physical RAM: 1031.71 MB
Total Pagefile: 3424.95 MB
Available Pagefile: 3091.15 MB
Total Virtual: 2047.88 MB
Available Virtual: 1925.34 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:111.54 GB) (Free:85.31 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 112 GB) (Disk ID: EEDBEEDB)
Partition 1: (Active) - (Size=112 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=251 MB) - (Type=88)

==================== End Of Log ============================

 

Thank you.



#10 Johnny Computer

Johnny Computer

  • Malware Response Team
  • 1,739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:127.0.0.1
  • Local time:03:32 PM

Posted 13 July 2014 - 08:34 AM

Hello JacobJohann-
 
Please do the following:
 
1.) Open notepad. Please copy the contents of the code box below.
2.) To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
3.) Save it on the Desktop in your "Virus Programs" folder as fixlist.txt

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

 

SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
S3 ManyCam; C:\WINDOWS\System32\DRIVERS\mcvidrv.sys [40736 2013-11-26] (Visicom Media Inc.)
S3 mcaudrv_simple; C:\WINDOWS\System32\drivers\mcaudrv.sys [29728 2013-12-06] (Visicom Media Inc.)
R1 {a3f28269-ad17-41a8-b032-3e0313ef8979}Gt; C:\WINDOWS\System32\drivers\{a3f28269-ad17-41a8-b032-3e0313ef8979}Gt.sys [55128 2014-06-09] (StdLib)
 

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 
THINGS I NEED IN YOUR NEXT REPLY:
 
1.)  FRST Fix Log
2.)  How is your system running now.  
 
Thanks :)

avatar591802_2.gif"DO OR DO NOT. THERE IS NO TRY."


#11 jacobjohann

jacobjohann
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:32 PM

Posted 13 July 2014 - 09:05 AM

Attached is the fixlog. It is very slow to load. I know this is an older computer with XP and Internet Explorer 8 but I am afraid to update IE until the computer is clean. I actually prefer firefox as browser.  There is an error code that appears when the computer starts, I will do a print screen or write down number to add to post if in case it is something that has also been affected.  Thank you again!

Attached Files



#12 jacobjohann

jacobjohann
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:32 PM

Posted 13 July 2014 - 09:41 AM

Here is the error message that appears.

Attached Files



#13 Johnny Computer

Johnny Computer

  • Malware Response Team
  • 1,739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:127.0.0.1
  • Local time:03:32 PM

Posted 13 July 2014 - 11:58 AM

Hello JacobJohann-

As this is an older computer, lets first make sure the hard disk is still okay.....Please follow the instructions at the following link and let me know the results and if you are still receiving the error message after running Check Disk.

 

 

http://forums.whatthetech.com/index.php?showtopic=102348

Thanks  :)

 

 


avatar591802_2.gif"DO OR DO NOT. THERE IS NO TRY."


#14 jacobjohann

jacobjohann
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:32 PM

Posted 15 July 2014 - 11:12 AM

I completed the graphic mode and am still getting the error. Should I run the command line option too?



#15 jacobjohann

jacobjohann
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:32 PM

Posted 15 July 2014 - 11:51 AM

I looked up the error message and Microsoft Mr. Fixit popped up to install. Without thinking I saved it to my download folder but did not run any program with it - I am more concerned about removing the virus than the error message.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users