Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

All my files corrupted - images won't appear


  • This topic is locked This topic is locked
23 replies to this topic

#1 Bastille Day

Bastille Day

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:11:49 AM

Posted 12 July 2014 - 07:39 AM

Problem:

 

Hundreds of .txt files un-readable.

 

Images will not appear in Windows Picture and fax Viewer.

 

Some images in the 'My Pictures" folder are viewable.

 

Windows xp.

 

Text document icons appear different when in bottom tray.

 

Doing a permanent shutdown of my computer BUT would like to save a few of my documents and images.

 

Told I need a virus scan at a cost of $60.00 but it would require two costly trips to the city.

 

Any suggestions appreciated.

 

This topic already started in the windows xp area.



BC AdBot (Login to Remove)

 


m

#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,550 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:49 PM

Posted 17 July 2014 - 07:40 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/540688 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Bastille Day

Bastille Day
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:11:49 AM

Posted 17 July 2014 - 01:26 PM

Ran DDS and results posted below. Could not find the link to attach a zip folder.
 
Also scanned with Combo Fix. Multiple infections. 80-120

 

 

DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 5/3/2014 1:31:40 PM
System Uptime: 7/17/2014 1:50:06 PM (1 hours ago)
.
Motherboard: Dell Inc.           |  | 0WG261
Processor:               Intel® Pentium® 4 CPU 3.00GHz | Microprocessor | 2992/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 298 GiB total, 285.296 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Audio Device on High Definition Audio Bus
Device ID: HDAUDIO\FUNC_01&VEN_8384&DEV_7680&SUBSYS_102801AB&REV_1032\4&B5B2454&0&0001
Manufacturer:
Name: Audio Device on High Definition Audio Bus
PNP Device ID: HDAUDIO\FUNC_01&VEN_8384&DEV_7680&SUBSYS_102801AB&REV_1032\4&B5B2454&0&0001
Service:
.
==== System Restore Points ===================
.
RP1: 5/3/2014 1:34:56 PM - System Checkpoint
RP2: 5/3/2014 2:05:34 PM - Installed Intel® PROSet for Wired Connections
RP3: 5/3/2014 2:05:58 PM - Installed Intel® PROSafe for Wired Connections
RP4: 5/3/2014 2:06:15 PM - Installed Dell System Software
RP5: 5/3/2014 2:06:18 PM - Installed Desktop System Software
RP6: 5/3/2014 2:06:25 PM - Installed Windows XP KB908673.
RP7: 5/3/2014 2:06:44 PM - Installed SigmaTel Audio
RP8: 5/3/2014 2:55:48 PM - Installed Java™ 6 Update 16
RP9: 5/3/2014 2:56:23 PM - Installed OpenOffice.org 3.1
RP10: 5/3/2014 3:01:05 PM - Installed Windows XP Service Pack 3.
RP11: 5/3/2014 3:29:29 PM - Installed Windows XP Service Pack 3.
RP12: 5/3/2014 4:05:37 PM - Installed Windows Internet Explorer 8.
RP13: 5/6/2014 11:22:53 PM - System Checkpoint
RP14: 5/7/2014 11:51:23 AM - Installed HPSU306Stub
RP15: 5/13/2014 1:46:33 PM - System Checkpoint
RP16: 5/27/2014 9:12:07 PM - System Checkpoint
RP17: 5/28/2014 9:57:21 PM - System Checkpoint
RP18: 5/30/2014 5:51:42 PM - System Checkpoint
RP19: 6/3/2014 9:36:45 PM - System Checkpoint
RP20: 6/22/2014 8:25:19 PM - System Checkpoint
RP21: 7/9/2014 12:09:03 AM - july 08 2014
RP22: 7/9/2014 12:10:37 AM - Restore Operation
RP23: 7/9/2014 12:15:00 AM - Restore Operation
RP24: 7/9/2014 12:21:19 AM - july 7 2014
RP25: 7/9/2014 12:24:22 AM - Restore Operation
RP26: 7/9/2014 2:01:37 AM - Restore Operation
RP27: 7/9/2014 1:17:18 PM - Restore Operation
RP28: 7/9/2014 1:30:05 PM - Restore Operation
RP29: 7/9/2014 1:36:00 PM - Restore Operation
RP30: 7/9/2014 3:22:01 PM - Restore Operation
RP31: 7/9/2014 3:28:21 PM - 07/07/14
RP32: 7/9/2014 3:29:07 PM - Restore Operation
RP33: 7/12/2014 10:41:43 AM - Removed Adobe Reader XI (11.0.07).
RP34: 7/12/2014 11:15:18 AM - Restore Operation
RP35: 7/12/2014 11:22:37 AM - Restore Operation
RP36: 7/15/2014 12:09:01 PM - System Checkpoint
.
==== Installed Programs ======================
.
Adobe Flash Player 14 Plugin
AiO_Scan
BufferChm
CustomerResearchQFolder
D2300
D2300_Help
DeviceManagementQFolder
eSupportQFolder
HP Customer Participation Program 7.0
HP Imaging Device Functions 7.0
HP Photosmart and Deskjet 7.0 Software
HP Photosmart Essential
HP PSC & OfficeJet 5.3.B
HP Software Update
HP Solution Center 7.0
hph_ProductContext
hph_readme
hph_software
hph_software_req
HPPhotoSmartExpress
HPProductAssistant
Intel® Graphics Media Accelerator Driver
Intel® PRO Network Connections Drivers
Intel® PROSet for Wired Connections
Java™ 6 Update 16
Malwarebytes Anti-Malware version 2.0.2.1012
MarketResearch
McAfee Security Scan Plus
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox 30.0 (x86 en-US)
Mozilla Maintenance Service
OpenOffice.org 3.1
PhotoScape
Scan
SigmaTel Audio
SolutionCenter
Spybot - Search & Destroy
Status
Toolbox
TrayApp
Unload
WebFldrs XP
WebReg
Windows Internet Explorer 8
Windows XP Service Pack 3
.
==== Event Viewer Messages From Past Week ========
.
7/12/2014 9:58:38 AM, error: Service Control Manager [7011]  - Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.
7/12/2014 7:43:54 AM, error: Service Control Manager [7009]  - Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security Center Service service to connect.
7/12/2014 7:43:54 AM, error: Service Control Manager [7000]  - The Spybot-S&D 2 Security Center Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
7/12/2014 6:25:11 PM, error: SideBySide [59]  - Generate Activation Context failed for C:\Program Files\DLCleaner\mfc90u.dll. Reference error message: The operation completed successfully. .
7/12/2014 6:25:11 PM, error: SideBySide [58]  - Syntax error in manifest or policy file "C:\Program Files\DLCleaner\Microsoft.VC90.MFCLOC.MANIFEST" on line 4.
7/12/2014 6:25:11 PM, error: SideBySide [34]  - Component identity found in manifest does not match the identity of the component requested
7/12/2014 11:35:39 AM, error: Service Control Manager [7034]  - The Java Quick Starter service terminated unexpectedly.  It has done this 1 time(s).
7/12/2014 11:32:43 AM, error: Service Control Manager [7000]  - The WMI Performance Adapter service failed to start due to the following error:  The process cannot access the file because it is being used by another process.
7/12/2014 11:15:43 AM, error: Service Control Manager [7000]  - The Spybot-S&D 2 Security Center Service service failed to start due to the following error:  The process cannot access the file because it is being used by another process.
7/12/2014 11:15:43 AM, error: Service Control Manager [7000]  - The Mozilla Maintenance Service service failed to start due to the following error:  The process cannot access the file because it is being used by another process.
7/12/2014 10:42:13 AM, error: Service Control Manager [7023]  - The Application Management service terminated with the following error:  The specified module could not be found.
7/12/2014 10:40:53 AM, error: DCOM [10005]  - DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
7/12/2014 10:06:00 PM, error: Service Control Manager [7009]  - Timeout (30000 milliseconds) waiting for the Adobe Flash Player Update Service service to connect.
7/12/2014 10:06:00 PM, error: Service Control Manager [7000]  - The Adobe Flash Player Update Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
7/11/2014 12:00:02 PM, error: Service Control Manager [7000]  - The COM+ System Application service failed to start due to the following error:  The process cannot access the file because it is being used by another process.
7/11/2014 11:46:26 AM, error: Service Control Manager [7034]  - The WMI Performance Adapter service terminated unexpectedly.  It has done this 1 time(s).
7/11/2014 11:46:26 AM, error: Service Control Manager [7034]  - The Volume Shadow Copy service terminated unexpectedly.  It has done this 1 time(s).
7/11/2014 11:46:26 AM, error: Service Control Manager [7034]  - The Logical Disk Manager Administrative Service service terminated unexpectedly.  It has done this 1 time(s).
7/11/2014 11:46:26 AM, error: Service Control Manager [7034]  - The Indexing Service service terminated unexpectedly.  It has done this 1 time(s).
7/10/2014 2:01:44 PM, error: Service Control Manager [7031]  - The COM+ System Application service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.
7/10/2014 11:10:45 AM, error: Dhcp [1002]  - The IP address lease 24.57.166.183 for the Network Card with network address 001372B54DDD has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
7/10/2014 1:52:51 PM, error: Service Control Manager [7001]  - The Network DDE service depends on the Network DDE DSDM service which failed to start because of the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
7/10/2014 1:52:51 PM, error: Service Control Manager [7001]  - The ClipBook service depends on the Network DDE service which failed to start because of the following error:  The dependency service or group failed to start.
.
==== End Of File ===========================


 



#4 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,015 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:04:49 PM

Posted 19 July 2014 - 09:08 AM

Greetings and :welcome: to BleepingComputer,
My name is xXToffeeXx, but feel free to call me Toffee if it is easier for you. I will be helping you with your malware problems.
 
A few points to cover before we start:

  • Do not run any tools without being instructed to as this makes my job much harder in trying to figure out what you have done.
  • Make sure to read my instructions fully before attempting a step.
  • If you have problems or questions with any of the steps, feel free to ask me. I will be happy to answer any questions you have.
  • Please follow the topic by clicking on the "Follow this topic" button, and make sure a tick is in the "receive notifications" and is set to "Instantly". Any replies should be made in this topic by clicking the "Reply to this topic" button.
  • Important information in my posts will often be in bold, make sure to take note of these.
  • I will attempt to reply as soon as possible, and normally within 24 hours of your reply. If this is not possible or I have a delay then I will let you know.
  • I will bump a topic after 3 days of no activity, and then will give you another 2 days to reply before a topic is closed. If you need more time than this please let me know.
  • Lets get going now :thumbup2:

==========================
 
Hi Bastille Day,
 
Please go to the root of your drive (normally C:) and you should see a text file named Combofix.txt. Please copy and paste that into your next reply.
 
--------------
 
Please download Farbar Recovery Scan Tool and save it to your Desktop.
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right-click FRST then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.

Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.
 
--------------
 
To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • Combofix.txt
  • FRST.txt
  • Addition.txt

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

~Currently in my last year of school, so replies might be more delayed~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#5 Bastille Day

Bastille Day
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:11:49 AM

Posted 19 July 2014 - 01:03 PM

Combo Fix results:

 

ComboFix 14-07-12.02 - Tim 07/12/2014  11:40:19.1.2 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.2038.1439 [GMT -4:00]
Running from: c:\documents and settings\Tim\My Documents\Downloads\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\LocalService\Local Settings\Application Data\unygyrnq.exe
c:\documents and settings\Tim\Local Settings\Application Data\dfl30z32.dll
c:\documents and settings\Tim\Local Settings\Application Data\unygyrnq.exe
c:\documents and settings\Tim\Local Settings\Application Data\wsr30zt32.dll
c:\windows\SET49B.tmp
c:\windows\system32\_004201_.tmp.dll
c:\windows\system32\_004202_.tmp.dll
c:\windows\system32\_004203_.tmp.dll
c:\windows\system32\_004204_.tmp.dll
c:\windows\system32\_004211_.tmp.dll
c:\windows\system32\_004212_.tmp.dll
c:\windows\system32\_004213_.tmp.dll
c:\windows\system32\_004214_.tmp.dll
c:\windows\system32\_004216_.tmp.dll
c:\windows\system32\_004217_.tmp.dll
c:\windows\system32\_004220_.tmp.dll
c:\windows\system32\_004221_.tmp.dll
c:\windows\system32\_004223_.tmp.dll
c:\windows\system32\_004224_.tmp.dll
c:\windows\system32\_004225_.tmp.dll
c:\windows\system32\_004227_.tmp.dll
c:\windows\system32\_004230_.tmp.dll
c:\windows\system32\_004231_.tmp.dll
c:\windows\system32\_004235_.tmp.dll
c:\windows\system32\_004236_.tmp.dll
c:\windows\system32\_004238_.tmp.dll
c:\windows\system32\_004241_.tmp.dll
c:\windows\system32\_004243_.tmp.dll
c:\windows\system32\_004244_.tmp.dll
c:\windows\system32\_004245_.tmp.dll
c:\windows\system32\_004246_.tmp.dll
c:\windows\system32\_004247_.tmp.dll
c:\windows\system32\_004250_.tmp.dll
c:\windows\system32\_004251_.tmp.dll
c:\windows\system32\_004252_.tmp.dll
c:\windows\system32\_004253_.tmp.dll
c:\windows\system32\_004254_.tmp.dll
c:\windows\system32\_004259_.tmp.dll
c:\windows\system32\_004261_.tmp.dll
c:\windows\system32\drivers\1028_DELL_XPS_Dell DM051                   .MRK
c:\windows\system32\drivers\DELL_XPS_Dell DM051                   .MRK
c:\windows\system32\SET158.tmp
c:\windows\system32\SET15C.tmp
c:\windows\system32\SET15D.tmp
c:\windows\system32\SET15F.tmp
c:\windows\system32\SET161.tmp
c:\windows\system32\SET163.tmp
c:\windows\system32\SET16A.tmp
c:\windows\system32\SET16B.tmp
c:\windows\system32\SET16E.tmp
c:\windows\system32\SET17D.tmp
c:\windows\system32\SET183.tmp
c:\windows\system32\SET184.tmp
c:\windows\system32\SET186.tmp
c:\windows\system32\SET187.tmp
c:\windows\system32\SET188.tmp
c:\windows\system32\SET189.tmp
c:\windows\system32\SET18A.tmp
c:\windows\system32\SET18C.tmp
c:\windows\system32\SET18D.tmp
c:\windows\system32\SET18E.tmp
c:\windows\system32\SET18F.tmp
c:\windows\system32\SET199.tmp
c:\windows\system32\SET19A.tmp
c:\windows\system32\SET19C.tmp
c:\windows\system32\SET19F.tmp
c:\windows\system32\SET1A0.tmp
c:\windows\system32\SET1A1.tmp
c:\windows\system32\SET1A2.tmp
c:\windows\system32\SET1A9.tmp
c:\windows\system32\SET1AC.tmp
c:\windows\system32\SET1AD.tmp
c:\windows\system32\SET1AF.tmp
c:\windows\system32\SET1B0.tmp
c:\windows\system32\SET1B1.tmp
c:\windows\system32\SET1B6.tmp
c:\windows\system32\SET1B7.tmp
c:\windows\system32\SET1B8.tmp
c:\windows\system32\SET1B9.tmp
c:\windows\system32\SET1BA.tmp
c:\windows\system32\SET1C0.tmp
c:\windows\system32\SET1C5.tmp
c:\windows\system32\SET1C6.tmp
c:\windows\system32\SET1CA.tmp
c:\windows\system32\SET1CD.tmp
c:\windows\system32\SET1CE.tmp
c:\windows\system32\SET1D5.tmp
c:\windows\system32\SET1D6.tmp
c:\windows\system32\SET1D9.tmp
c:\windows\system32\SET1DD.tmp
c:\windows\system32\SET1E6.tmp
c:\windows\system32\SET1E7.tmp
c:\windows\system32\SET1EA.tmp
c:\windows\system32\SET1EC.tmp
c:\windows\system32\SET1ED.tmp
c:\windows\system32\SET1EE.tmp
c:\windows\system32\SET1EF.tmp
c:\windows\system32\SET1F0.tmp
c:\windows\system32\SET1F1.tmp
c:\windows\system32\SET201.tmp
c:\windows\system32\SET206.tmp
c:\windows\system32\SET207.tmp
c:\windows\system32\SET208.tmp
c:\windows\system32\SET20B.tmp
c:\windows\system32\SET20C.tmp
c:\windows\system32\SET20D.tmp
c:\windows\system32\SET20F.tmp
c:\windows\system32\SET210.tmp
c:\windows\system32\SET214.tmp
c:\windows\system32\SET215.tmp
c:\windows\system32\SET219.tmp
c:\windows\system32\SET21A.tmp
c:\windows\system32\SET220.tmp
c:\windows\system32\SET221.tmp
c:\windows\system32\SET222.tmp
c:\windows\system32\SET22A.tmp
c:\windows\system32\SET230.tmp
c:\windows\system32\SET231.tmp
c:\windows\system32\SET232.tmp
c:\windows\system32\SET235.tmp
c:\windows\system32\SET23B.tmp
c:\windows\system32\SET247.tmp
c:\windows\system32\SET249.tmp
c:\windows\system32\SET24B.tmp
c:\windows\system32\SET24C.tmp
c:\windows\system32\SET24D.tmp
c:\windows\system32\SET24F.tmp
c:\windows\system32\SET259.tmp
c:\windows\system32\SET25A.tmp
c:\windows\system32\SET25B.tmp
c:\windows\system32\SET25C.tmp
c:\windows\system32\SET25F.tmp
c:\windows\system32\SET261.tmp
c:\windows\system32\SET265.tmp
c:\windows\system32\SET26A.tmp
c:\windows\system32\SET26D.tmp
c:\windows\system32\SET26E.tmp
c:\windows\system32\SET271.tmp
c:\windows\system32\SET277.tmp
c:\windows\system32\SET278.tmp
c:\windows\system32\SET27F.tmp
c:\windows\system32\SET280.tmp
c:\windows\system32\SET283.tmp
c:\windows\system32\SET284.tmp
c:\windows\system32\SET285.tmp
c:\windows\system32\SET286.tmp
c:\windows\system32\SET287.tmp
c:\windows\system32\SET289.tmp
c:\windows\system32\SET28A.tmp
c:\windows\system32\SET28B.tmp
c:\windows\system32\SET28D.tmp
c:\windows\system32\SET28E.tmp
c:\windows\system32\SET28F.tmp
c:\windows\system32\SET292.tmp
c:\windows\system32\SET295.tmp
c:\windows\system32\SET29A.tmp
c:\windows\system32\SET29B.tmp
c:\windows\system32\SET29C.tmp
c:\windows\system32\SET2A1.tmp
c:\windows\system32\SET2A2.tmp
c:\windows\system32\SET2A3.tmp
c:\windows\system32\SET2A5.tmp
c:\windows\system32\SET2A8.tmp
c:\windows\system32\SET2AA.tmp
c:\windows\system32\SET2AB.tmp
c:\windows\system32\SET2AE.tmp
c:\windows\system32\SET2AF.tmp
c:\windows\system32\SET2B2.tmp
c:\windows\system32\SET2B5.tmp
c:\windows\system32\SET2B6.tmp
c:\windows\system32\SET2B8.tmp
c:\windows\system32\SET2BD.tmp
c:\windows\system32\SET2BF.tmp
c:\windows\system32\SET2C4.tmp
c:\windows\system32\SET2CC.tmp
c:\windows\system32\SET2CD.tmp
c:\windows\system32\SET2D1.tmp
c:\windows\system32\SET2D5.tmp
c:\windows\system32\SET2DE.tmp
c:\windows\system32\SET2E3.tmp
c:\windows\system32\SET2E4.tmp
c:\windows\system32\SET2F0.tmp
c:\windows\system32\SET2F2.tmp
c:\windows\system32\SET2F3.tmp
c:\windows\system32\SET2F4.tmp
c:\windows\system32\SET2F5.tmp
c:\windows\system32\SET2F7.tmp
c:\windows\system32\SET2F9.tmp
c:\windows\system32\SET2FD.tmp
c:\windows\system32\SET301.tmp
c:\windows\system32\SET30D.tmp
c:\windows\system32\SET310.tmp
c:\windows\system32\SET311.tmp
c:\windows\system32\SET313.tmp
c:\windows\system32\SET315.tmp
c:\windows\system32\SET31A.tmp
c:\windows\system32\SET31C.tmp
c:\windows\system32\SET31D.tmp
c:\windows\system32\SET324.tmp
c:\windows\system32\SET32F.tmp
c:\windows\system32\SET333.tmp
c:\windows\system32\SET334.tmp
c:\windows\system32\SET338.tmp
c:\windows\system32\SET340.tmp
c:\windows\system32\SET348.tmp
c:\windows\system32\SET34A.tmp
c:\windows\system32\SET350.tmp
c:\windows\system32\SET352.tmp
c:\windows\system32\SET365.tmp
c:\windows\system32\SET369.tmp
c:\windows\system32\SET36B.tmp
c:\windows\system32\SET36D.tmp
c:\windows\system32\SET374.tmp
c:\windows\system32\SET379.tmp
c:\windows\system32\SET38D.tmp
c:\windows\system32\SET38F.tmp
c:\windows\system32\SET395.tmp
c:\windows\system32\SET397.tmp
c:\windows\system32\SET398.tmp
c:\windows\system32\SET399.tmp
c:\windows\system32\SET39F.tmp
c:\windows\system32\SET3A3.tmp
c:\windows\system32\SET3AC.tmp
c:\windows\system32\SET3B1.tmp
c:\windows\system32\SET3B3.tmp
c:\windows\system32\SET3B4.tmp
c:\windows\system32\SET3B5.tmp
c:\windows\system32\SET3BF.tmp
c:\windows\system32\SET3C3.tmp
c:\windows\system32\SET3CE.tmp
c:\windows\system32\SET3E1.tmp
c:\windows\system32\SET3E2.tmp
c:\windows\system32\SET3E3.tmp
c:\windows\system32\SET3E7.tmp
c:\windows\system32\SET3F0.tmp
c:\windows\system32\SET40E.tmp
c:\windows\system32\SET416.tmp
c:\windows\system32\SET417.tmp
c:\windows\system32\SET419.tmp
c:\windows\system32\SET41A.tmp
c:\windows\system32\SET41B.tmp
c:\windows\system32\SET41C.tmp
c:\windows\system32\SET41E.tmp
c:\windows\system32\SET420.tmp
c:\windows\system32\SET421.tmp
c:\windows\system32\SET423.tmp
c:\windows\system32\SET426.tmp
c:\windows\system32\SET428.tmp
c:\windows\system32\SET42D.tmp
c:\windows\system32\SET42E.tmp
c:\windows\system32\SET436.tmp
c:\windows\system32\SET43D.tmp
c:\windows\system32\SET43F.tmp
c:\windows\system32\SET446.tmp
c:\windows\system32\SET449.tmp
c:\windows\system32\SET44B.tmp
c:\windows\system32\SET44F.tmp
c:\windows\system32\SET451.tmp
c:\windows\system32\SET452.tmp
c:\windows\system32\SET453.tmp
c:\windows\system32\SET457.tmp
c:\windows\system32\SET458.tmp
c:\windows\system32\SET45C.tmp
c:\windows\system32\SET45D.tmp
c:\windows\system32\SET462.tmp
c:\windows\system32\SET468.tmp
c:\windows\system32\SET46B.tmp
c:\windows\system32\SET46D.tmp
c:\windows\system32\SET470.tmp
c:\windows\system32\SET473.tmp
c:\windows\system32\SET475.tmp
.
c:\windows\explorer.exe . . . is infected!!
.
c:\windows\system32\clipsrv.exe . . . is infected!!
.
c:\windows\regedit.exe . . . is infected!!
.
c:\windows\slrundll.exe . . . is infected!!
.
c:\windows\inf\unregmp2.exe . . . is infected!!
.
c:\windows\msagent\agentsvr.exe . . . is infected!!
.
c:\windows\pchealth\helpctr\binaries\helpctr.exe . . . is infected!!
.
c:\windows\pchealth\helpctr\binaries\HelpHost.exe . . . is infected!!
.
c:\windows\pchealth\helpctr\binaries\helpsvc.exe . . . is infected!!
.
c:\windows\pchealth\helpctr\binaries\hscupd.exe . . . is infected!!
.
c:\windows\pchealth\helpctr\binaries\msconfig.exe . . . is infected!!
.
c:\windows\pchealth\helpctr\binaries\notiflag.exe . . . is infected!!
.
c:\windows\pchealth\UploadLB\Binaries\uploadm.exe . . . is infected!!
.
c:\windows\system32\accwiz.exe . . . is infected!!
.
c:\windows\system32\ahui.exe . . . is infected!!
.
c:\windows\system32\arp.exe . . . is infected!!
.
c:\windows\system32\at.exe . . . is infected!!
.
c:\windows\system32\blastcln.exe . . . is infected!!
.
c:\windows\system32\calc.exe . . . is infected!!
.
c:\windows\system32\charmap.exe . . . is infected!!
.
c:\windows\system32\cidaemon.exe . . . is infected!!
.
c:\windows\system32\cisvc.exe . . . is infected!!
.
c:\windows\system32\cmd.exe . . . is infected!!
.
c:\windows\system32\cmdl32.exe . . . is infected!!
.
c:\windows\system32\cmstp.exe . . . is infected!!
.
c:\windows\system32\cscript.exe . . . is infected!!
.
c:\windows\system32\ctfmon.exe . . . is infected!!
.
c:\windows\system32\defrag.exe . . . is infected!!
.
c:\windows\system32\dfrgfat.exe . . . is infected!!
.
c:\windows\system32\dfrgntfs.exe . . . is infected!!
.
c:\windows\system32\diantz.exe . . . is infected!!
.
c:\windows\system32\diskpart.exe . . . is infected!!
.
Infected copy of c:\windows\system32\dllhost.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\dllhost.exe
.
c:\windows\system32\dmadmin.exe . . . is infected!!
.
c:\windows\system32\dplaysvr.exe . . . is infected!!
.
c:\windows\system32\dpnsvr.exe . . . is infected!!
.
c:\windows\system32\dpvsetup.exe . . . is infected!!
.
c:\windows\system32\drwtsn32.exe . . . is infected!!
.
c:\windows\system32\dvdupgrd.exe . . . is infected!!
.
c:\windows\system32\dwwin.exe . . . is infected!!
.
c:\windows\system32\dxdiag.exe . . . is infected!!
.
c:\windows\system32\esentutl.exe . . . is infected!!
.
c:\windows\system32\eudcedit.exe . . . is infected!!
.
c:\windows\system32\expand.exe . . . is infected!!
.
c:\windows\system32\fltmc.exe . . . is infected!!
.
c:\windows\system32\freecell.exe . . . is infected!!
.
c:\windows\system32\fsquirt.exe . . . is infected!!
.
c:\windows\system32\ftp.exe . . . is infected!!
.
c:\windows\system32\hostname.exe . . . is infected!!
.
c:\windows\system32\ie4uinit.exe . . . is infected!!
.
c:\windows\system32\iexpress.exe . . . is infected!!
.
c:\windows\system32\imapi.exe . . . is infected!!
.
c:\windows\system32\ipconfig.exe . . . is infected!!
.
c:\windows\system32\ipsec6.exe . . . is infected!!
.
c:\windows\system32\ipv6.exe . . . is infected!!
.
c:\windows\system32\ipxroute.exe . . . is infected!!
.
c:\windows\system32\lnkstub.exe . . . is infected!!
.
c:\windows\system32\locator.exe . . . is infected!!
.
c:\windows\system32\logagent.exe . . . is infected!!
.
c:\windows\system32\logman.exe . . . is infected!!
.
c:\windows\system32\logonui.exe . . . is infected!!
.
c:\windows\system32\magnify.exe . . . is infected!!
.
c:\windows\system32\mmcperf.exe . . . is infected!!
.
c:\windows\system32\mnmsrvc.exe . . . is infected!!
.
c:\windows\system32\mobsync.exe . . . is infected!!
.
c:\windows\system32\mplay32.exe . . . is infected!!
.
c:\windows\system32\mpnotify.exe . . . is infected!!
.
Infected copy of c:\windows\system32\msdtc.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\msdtc.exe
.
c:\windows\system32\msg.exe . . . is infected!!
.
c:\windows\system32\mshearts.exe . . . is infected!!
.
c:\windows\system32\mshta.exe . . . is infected!!
.
c:\windows\system32\msiexec.exe . . . is infected!!
.
c:\windows\system32\mspaint.exe . . . is infected!!
.
c:\windows\system32\mstsc.exe . . . is infected!!
.
c:\windows\system32\napstat.exe . . . is infected!!
.
c:\windows\system32\narrator.exe . . . is infected!!
.
c:\windows\system32\net.exe . . . is infected!!
.
c:\windows\system32\net1.exe . . . is infected!!
.
c:\windows\system32\netdde.exe . . . is infected!!
.
c:\windows\system32\netsetup.exe . . . is infected!!
.
c:\windows\system32\netstat.exe . . . is infected!!
.
c:\windows\system32\nslookup.exe . . . is infected!!
.
c:\windows\system32\ntsd.exe . . . is infected!!
.
c:\windows\system32\ntvdm.exe . . . is infected!!
.
c:\windows\system32\odbcad32.exe . . . is infected!!
.
c:\windows\system32\odbcconf.exe . . . is infected!!
.
c:\windows\system32\osk.exe . . . is infected!!
.
c:\windows\system32\ping6.exe . . . is infected!!
.
c:\windows\system32\powercfg.exe . . . is infected!!
.
c:\windows\system32\proquota.exe . . . is infected!!
.
c:\windows\system32\rasautou.exe . . . is infected!!
.
c:\windows\system32\rasphone.exe . . . is infected!!
.
c:\windows\system32\rcp.exe . . . is infected!!
.
c:\windows\system32\rdpclip.exe . . . is infected!!
.
c:\windows\system32\rdsaddin.exe . . . is infected!!
.
c:\windows\system32\rdshost.exe . . . is infected!!
.
c:\windows\system32\regini.exe . . . is infected!!
.
c:\windows\system32\rexec.exe . . . is infected!!
.
c:\windows\system32\routemon.exe . . . is infected!!
.
c:\windows\system32\rsh.exe . . . is infected!!
.
c:\windows\system32\rsmsink.exe . . . is infected!!
.
c:\windows\system32\rsmui.exe . . . is infected!!
.
c:\windows\system32\rtcshare.exe . . . is infected!!
.
c:\windows\system32\runonce.exe . . . is infected!!
.
c:\windows\system32\scardsvr.exe . . . is infected!!
.
c:\windows\system32\sdbinst.exe . . . is infected!!
.
c:\windows\system32\sessmgr.exe . . . is infected!!
.
c:\windows\system32\sethc.exe . . . is infected!!
.
c:\windows\system32\setup.exe . . . is infected!!
.
c:\windows\system32\setupn.exe . . . is infected!!
.
c:\windows\system32\shrpubw.exe . . . is infected!!
.
c:\windows\system32\slserv.exe . . . is infected!!
.
c:\windows\system32\smlogsvc.exe . . . is infected!!
.
c:\windows\system32\sndrec32.exe . . . is infected!!
.
c:\windows\system32\sndvol32.exe . . . is infected!!
.
c:\windows\system32\sol.exe . . . is infected!!
.
c:\windows\system32\sort.exe . . . is infected!!
.
c:\windows\system32\spider.exe . . . is infected!!
.
c:\windows\system32\syncapp.exe . . . is infected!!
.
c:\windows\system32\syskey.exe . . . is infected!!
.
c:\windows\system32\sysocmgr.exe . . . is infected!!
.
c:\windows\system32\taskmgr.exe . . . is infected!!
.
c:\windows\system32\tcpsvcs.exe . . . is infected!!
.
c:\windows\system32\telnet.exe . . . is infected!!
.
c:\windows\system32\tftp.exe . . . is infected!!
.
c:\windows\system32\tracert6.exe . . . is infected!!
.
c:\windows\system32\upnpcont.exe . . . is infected!!
.
Infected copy of c:\windows\system32\ups.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\ups.exe
.
c:\windows\system32\usrmlnka.exe . . . is infected!!
.
c:\windows\system32\usrshuta.exe . . . is infected!!
.
c:\windows\system32\verifier.exe . . . is infected!!
.
c:\windows\system32\vssadmin.exe . . . is infected!!
.
Infected copy of c:\windows\system32\vssvc.exe was found and disinfected
Restored copy from - c:\qoobox\Quarantine\C\WINDOWS\system32\SET1A0.tmp.vir
.
c:\windows\system32\w32tm.exe . . . is infected!!
.
c:\windows\system32\wextract.exe . . . is infected!!
.
c:\windows\system32\wiaacmgr.exe . . . is infected!!
.
c:\windows\system32\winchat.exe . . . is infected!!
.
c:\windows\system32\winmine.exe . . . is infected!!
.
c:\windows\system32\winmsd.exe . . . is infected!!
.
c:\windows\system32\wscntfy.exe . . . is infected!!
.
c:\windows\system32\wscript.exe . . . is infected!!
.
c:\windows\system32\wuauclt.exe . . . is infected!!
.
c:\windows\system32\wuauclt1.exe . . . is infected!!
.
c:\windows\system32\wupdmgr.exe . . . is infected!!
.
c:\windows\system32\Com\comrepl.exe . . . is infected!!
.
c:\windows\system32\npp\nppagent.exe . . . is infected!!
.
c:\windows\system32\oobe\oobebaln.exe . . . is infected!!
.
c:\windows\system32\Restore\rstrui.exe . . . is infected!!
.
c:\windows\system32\Restore\srdiag.exe . . . is infected!!
.
c:\windows\system32\usmt\migload.exe . . . is infected!!
.
c:\windows\system32\usmt\migwiz.exe . . . is infected!!
.
c:\windows\system32\usmt\migwiza.exe . . . is infected!!
.
c:\windows\system32\wbem\mofcomp.exe . . . is infected!!
.
c:\windows\system32\wbem\scrcons.exe . . . is infected!!
.
c:\windows\system32\wbem\unsecapp.exe . . . is infected!!
.
c:\windows\system32\wbem\wbemtest.exe . . . is infected!!
.
c:\windows\system32\wbem\winmgmt.exe . . . is infected!!
.
c:\windows\system32\wbem\wmiadap.exe . . . is infected!!
.
c:\windows\system32\wbem\wmiapsrv.exe . . . is infected!!
.
c:\windows\system32\wbem\wmiprvse.exe . . . is infected!!
.
.
(((((((((((((((((((((((((   Files Created from 2014-06-12 to 2014-07-12  )))))))))))))))))))))))))))))))
.
.
2014-07-12 15:20 . 2014-07-12 15:20    --------    d-----w-    c:\documents and settings\Tim\Application Data\FastStone
2014-07-12 14:23 . 2014-07-12 14:23    --------    d-----w-    c:\documents and settings\All Users\Application Data\ESET
2014-07-12 11:43 . 2013-09-20 14:49    18968    ----a-w-    c:\windows\system32\sdnclean.exe
2014-07-12 11:43 . 2014-07-12 11:50    --------    d-----w-    c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2014-07-12 11:43 . 2014-07-12 15:19    --------    d-----w-    c:\program files\Spybot - Search & Destroy 2
2014-07-12 11:12 . 2014-07-12 16:01    110296    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-07-12 11:11 . 2014-05-12 11:26    53208    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-07-12 11:11 . 2014-05-12 11:25    23256    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-07-12 11:11 . 2014-07-12 15:43    --------    d-----w-    c:\program files\Malwarebytes Anti-Malware
2014-07-12 11:10 . 2014-07-12 11:10    --------    d-----w-    c:\documents and settings\LocalService\Application Data\McAfee
2014-07-12 11:08 . 2014-07-12 15:19    --------    d-----w-    c:\documents and settings\All Users\Application Data\McAfee Security Scan
2014-07-12 11:08 . 2014-07-12 15:19    --------    d-----w-    c:\program files\McAfee Security Scan
2014-07-12 10:51 . 2014-07-12 11:30    708096    ----a-w-    c:\windows\system32\mninemn.exe
2014-07-12 10:48 . 2014-07-12 11:30    708096    ----a-w-    c:\windows\system32\filnohd.exe
2014-07-11 16:08 . 2014-07-11 16:08    --------    d-----w-    c:\windows\ERUNT
2014-07-11 15:53 . 2014-07-12 15:29    --------    d-----w-    C:\AdwCleaner
2014-07-09 19:29 . 2014-07-09 19:29    --------    d-----w-    c:\windows\system32\wbem\Repository
2014-07-09 04:46 . 2014-07-09 04:46    --------    d-----w-    c:\documents and settings\All Users\Application Data\Malwarebytes
2014-07-02 17:22 . 2014-07-02 17:22    --------    d-----w-    c:\documents and settings\Tim\Local Settings\Application Data\Adobe
2014-06-23 18:05 . 2014-06-23 22:31    1196544    ----a-w-    c:\windows\system32\pehpdha.exe
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-12 16:17 . 2006-02-28 12:00    842752    ----a-w-    c:\windows\system32\vssvc.exe
2014-07-09 02:08 . 2014-05-30 23:49    1245696    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2014-07-09 02:07 . 2014-05-30 23:49    71344    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-05-27 23:57 . 2006-02-28 12:00    568320    ----a-w-    c:\windows\system32\ctfmon.exe
2014-05-11 23:01 . 2014-05-07 15:49    859648    ----a-w-    c:\windows\IsUninst.exe
2014-05-07 20:51 . 2006-02-28 12:00    1586688    ----a-w-    c:\windows\explorer.exe
2014-05-07 16:03 . 2014-05-07 15:49    618496    ------w-    c:\windows\system32\HPZinw12.exe
2014-05-06 21:58 . 2014-05-03 17:25    679424    ----a-w-    c:\windows\system32\wbem\wmiapsrv.exe
2014-05-06 14:51 . 2014-05-03 17:27    718848    ----a-w-    c:\windows\system32\wuauclt1.exe
2014-05-06 14:51 . 2014-05-03 17:27    600064    ----a-w-    c:\windows\system32\wuauclt.exe
2014-05-06 14:51 . 2006-02-28 12:00    708608    ----a-w-    c:\windows\system32\wscript.exe
2014-05-06 14:51 . 2006-02-28 12:00    566784    ----a-w-    c:\windows\system32\wscntfy.exe
2014-05-06 14:51 . 2006-02-28 12:00    986624    ----a-w-    c:\windows\system32\wiaacmgr.exe
2014-05-06 14:51 . 2006-02-28 12:00    617984    ----a-w-    c:\windows\system32\wextract.exe
2014-05-06 14:51 . 2014-05-03 17:25    771072    ----a-w-    c:\windows\system32\wbem\wmiprvse.exe
2014-05-06 14:51 . 2014-05-03 17:25    749568    ----a-w-    c:\windows\system32\wbem\wmiadap.exe
2014-05-06 14:51 . 2014-05-03 17:25    669184    ----a-w-    c:\windows\system32\wbem\wbemtest.exe
2014-05-06 14:51 . 2014-05-03 17:25    589312    ----a-w-    c:\windows\system32\wbem\scrcons.exe
2014-05-06 14:51 . 2014-05-03 17:25    569344    ----a-w-    c:\windows\system32\wbem\mofcomp.exe
2014-05-06 14:51 . 2014-05-03 19:36    581632    ----a-w-    c:\windows\system32\verclsid.exe
2014-05-06 14:50 . 2006-02-28 12:00    569856    ----a-w-    c:\windows\system32\upnpcont.exe
2014-05-06 14:50 . 2006-02-28 12:00    688640    ----a-w-    c:\windows\system32\taskmgr.exe
2014-05-06 14:50 . 2006-02-28 12:00    659456    ----a-w-    c:\windows\system32\sysocmgr.exe
2014-05-06 14:50 . 2006-02-28 12:00    1232896    ----a-w-    c:\windows\system32\sstext3d.scr
2014-05-06 14:50 . 2006-02-28 12:00    1163264    ----a-w-    c:\windows\system32\sspipes.scr
2014-05-06 14:50 . 2006-02-28 12:00    946176    ----a-w-    c:\windows\system32\ssflwbox.scr
2014-05-06 14:50 . 2006-02-28 12:00    600064    ----a-w-    c:\windows\system32\ssmypics.scr
2014-05-06 14:50 . 2006-02-28 12:00    1257472    ----a-w-    c:\windows\system32\ss3dfo.scr
2014-05-06 14:50 . 2006-02-28 12:00    577536    ----a-w-    c:\windows\system32\sort.exe
2014-05-06 14:50 . 2014-05-03 19:36    630784    ----a-w-    c:\windows\system32\slserv.exe
2014-05-06 14:50 . 2014-05-03 19:36    589824    ----a-w-    c:\windows\system32\slrundll.exe
2014-05-06 14:50 . 2006-02-28 12:00    630784    ----a-w-    c:\windows\system32\shrpubw.exe
2014-05-06 14:50 . 2014-05-03 19:36    585728    ----a-w-    c:\windows\system32\setupn.exe
2014-05-06 14:50 . 2006-02-28 12:00    584192    ----a-w-    c:\windows\system32\sethc.exe
2014-05-06 14:50 . 2006-02-28 12:00    576000    ----a-w-    c:\windows\system32\setup.exe
2014-05-06 14:50 . 2014-05-03 18:59    694272    ----a-w-    c:\windows\system32\sessmgr.exe
2014-05-06 14:50 . 2006-02-28 12:00    630272    ----a-w-    c:\windows\system32\sdbinst.exe
2014-05-06 14:50 . 2006-02-28 12:00    567296    ----a-w-    c:\windows\system32\runonce.exe
2014-05-06 14:50 . 2006-02-28 12:00    630272    ----a-w-    c:\windows\system32\rtcshare.exe
2014-05-06 14:50 . 2006-02-28 12:00    567808    ----a-w-    c:\windows\system32\rsh.exe
2014-05-06 14:50 . 2006-02-28 12:00    566784    ----a-w-    c:\windows\system32\rexec.exe
2014-05-06 14:50 . 2014-05-03 17:25    620032    ----a-w-    c:\windows\system32\rdshost.exe
2014-05-06 14:50 . 2014-05-03 17:25    566784    ----a-w-    c:\windows\system32\rdsaddin.exe
2014-05-06 14:50 . 2014-05-03 17:25    615936    ----a-w-    c:\windows\system32\rdpclip.exe
2014-05-06 14:50 . 2006-02-28 12:00    609792    ----a-w-    c:\windows\system32\rasphone.exe
2014-05-06 14:50 . 2006-02-28 12:00    574464    ----a-w-    c:\windows\system32\rcp.exe
2014-05-06 14:50 . 2006-02-28 12:00    603136    ----a-w-    c:\windows\system32\proquota.exe
2014-05-06 14:50 . 2006-02-28 12:00    602112    ----a-w-    c:\windows\system32\powercfg.exe
2014-05-06 14:49 . 2006-02-28 12:00    622592    ----a-w-    c:\windows\system32\odbcconf.exe
2014-05-06 14:49 . 2014-05-03 18:59    973824    ----a-w-    c:\windows\system32\ntvdm.exe
2014-05-06 14:49 . 2014-05-03 18:59    629760    ----a-w-    c:\windows\system32\nslookup.exe
2014-05-06 14:49 . 2006-02-28 12:00    589824    ----a-w-    c:\windows\system32\netstat.exe
2014-05-06 14:49 . 2006-02-28 12:00    677888    ----a-w-    c:\windows\system32\net1.exe
2014-05-06 14:49 . 2006-02-28 12:00    595456    ----a-w-    c:\windows\system32\net.exe
2014-05-06 14:49 . 2014-05-03 19:36    729600    ----a-w-    c:\windows\system32\napstat.exe
2014-05-06 14:49 . 2006-02-28 12:00    598528    ----a-w-    c:\windows\system32\mshta.exe
2014-05-06 14:49 . 2014-05-03 17:25    676352    ----a-w-    c:\windows\system32\mplay32.exe
2014-05-06 14:49 . 2014-05-03 19:36    586752    ----a-w-    c:\windows\system32\mmcperf.exe
2014-05-06 14:49 . 2006-02-28 12:00    1067520    ----a-w-    c:\windows\system32\logonui.exe
2014-05-06 14:49 . 2006-02-28 12:00    656896    ----a-w-    c:\windows\system32\logagent.exe
2014-05-06 14:49 . 2006-02-28 12:00    612352    ----a-w-    c:\windows\system32\logman.exe
2014-05-06 14:49 . 2006-02-28 12:00    576512    ----a-w-    c:\windows\system32\ipxroute.exe
2014-05-06 14:49 . 2006-02-28 12:00    608768    ----a-w-    c:\windows\system32\ipconfig.exe
2014-05-06 14:49 . 2006-02-28 12:00    606208    ----a-w-    c:\windows\system32\ipv6.exe
2014-05-06 14:49 . 2006-02-28 12:00    667648    ----a-w-    c:\windows\system32\iexpress.exe
2014-05-06 14:49 . 2014-05-03 18:59    595456    ----a-w-    c:\windows\system32\ftp.exe
2014-05-06 14:49 . 2006-02-28 12:00    745984    ----a-w-    c:\windows\system32\fsquirt.exe
2014-05-06 14:49 . 2014-05-03 17:27    576000    ----a-w-    c:\windows\system32\fltmc.exe
2014-05-06 14:49 . 2006-02-28 12:00    745984    ----a-w-    c:\windows\system32\eudcedit.exe
2014-05-06 14:49 . 2006-02-28 12:00    733184    ----a-w-    c:\windows\system32\dwwin.exe
2014-05-06 14:49 . 2006-02-28 12:00    1851392    ----a-w-    c:\windows\system32\dxdiag.exe
2014-05-06 14:49 . 2006-02-28 12:00    570880    ----a-w-    c:\windows\system32\dvdupgrd.exe
2014-05-06 14:49 . 2006-02-28 12:00    636416    ----a-w-    c:\windows\system32\dpvsetup.exe
2014-05-06 14:49 . 2006-02-28 12:00    582656    ----a-w-    c:\windows\system32\dplaysvr.exe
2014-05-06 14:49 . 2006-02-28 12:00    570880    ----a-w-    c:\windows\system32\dpnsvr.exe
2014-05-06 14:48 . 2006-02-28 12:00    716800    ----a-w-    c:\windows\system32\diskpart.exe
2014-05-06 14:48 . 2006-02-28 12:00    640000    ----a-w-    c:\windows\system32\diantz.exe
2014-05-06 14:48 . 2006-02-28 12:00    635904    ----a-w-    c:\windows\system32\dfrgfat.exe
2014-05-06 14:48 . 2006-02-28 12:00    578048    ----a-w-    c:\windows\system32\defrag.exe
2014-05-06 14:48 . 2006-02-28 12:00    692224    ----a-w-    c:\windows\system32\cscript.exe
2014-05-06 14:47 . 2006-02-28 12:00    616448    ----a-w-    c:\windows\system32\cmstp.exe
2014-05-06 14:47 . 2006-02-28 12:00    578560    ----a-w-    c:\windows\system32\cmdl32.exe
2014-05-06 14:47 . 2006-02-28 12:00    624640    ----a-w-    c:\windows\system32\blastcln.exe
2014-05-06 14:47 . 2006-02-28 12:00    578048    ----a-w-    c:\windows\system32\at.exe
2014-05-06 14:47 . 2006-02-28 12:00    651264    ----a-w-    c:\windows\system32\ahui.exe
2014-05-06 14:47 . 2014-05-03 19:36    589824    ----a-w-    c:\windows\slrundll.exe
2014-05-06 14:45 . 2014-05-03 17:27    703488    ----a-w-    c:\windows\pchealth\UploadLB\Binaries\uploadm.exe
2014-05-06 14:45 . 2014-05-03 17:27    722944    ----a-w-    c:\windows\pchealth\helpctr\binaries\msconfig.exe
2014-05-06 14:45 . 2014-05-03 17:27    571392    ----a-w-    c:\windows\pchealth\helpctr\binaries\hscupd.exe
2014-05-06 14:45 . 2014-05-03 17:27    1297408    ----a-w-    c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2014-05-06 14:45 . 2014-05-03 17:27    1321984    ----a-w-    c:\windows\pchealth\helpctr\binaries\helpctr.exe
2014-05-06 13:44 . 2006-02-28 12:00    558592    ----a-w-    c:\windows\system32\cisvc.exe
2014-05-06 12:58 . 2006-02-28 12:00    631808    ----a-w-    c:\windows\system32\msiexec.exe
2014-05-03 20:02 . 2006-02-28 12:00    777728    ----a-w-    c:\windows\system32\dmadmin.exe
2014-05-03 19:49 . 2014-05-03 17:25    1091584    ----a-w-    c:\windows\system32\spider.exe
2014-05-03 19:49 . 2006-02-28 12:00    585728    ----a-w-    c:\windows\system32\odbcad32.exe
2014-05-03 19:49 . 2014-05-03 17:25    684544    ----a-w-    c:\windows\system32\sndrec32.exe
2014-05-03 19:49 . 2014-05-03 17:25    896000    ----a-w-    c:\windows\system32\mspaint.exe
2014-05-03 19:49 . 2014-05-03 17:25    1230848    ----a-w-    c:\windows\system32\mstsc.exe
2014-05-03 19:49 . 2014-05-03 17:25    737280    ----a-w-    c:\windows\system32\accwiz.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2014-05-06 . B1EB3DB4C45533CEDF4576A1D78C647A . 600064 . . [7.6.7600.256] . . c:\windows\system32\wuauclt.exe
[-] 2014-05-06 . DFC82249410A8B47C97D1666BC16CAE0 . 600064 . . [7.6.7600.256] . . c:\windows\system32\dllcache\wuauclt.exe
[-] 2014-05-06 . 93AA0C2080B5EF008727E1305556E656 . 664064 . . [5.4.3790.5512] . . c:\windows\ServicePackFiles\i386\wuauclt.exe
[-] 2014-05-03 . F54132CA11621761110F8D8570A5998A . 664064 . . [5.4.3790.2180] . . c:\windows\$NtServicePackUninstall$\wuauclt.exe
.
[-] 2014-05-07 . C42615DA24F81990877FEE4C05CA4853 . 1586688 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2014-05-06 . 19A0C88DDC2DA196BAF42DE066A68C69 . 1586688 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2014-05-03 . CA05FE2728931CE8012E72CED3D65A71 . 1585152 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\explorer.exe
.
[-] 2014-05-03 . EDE4BF8A048F6BFD4C317D49BD336C70 . 699392 . . [5.1.2600.5512] . . c:\windows\regedit.exe
[-] 2014-05-03 . EDE4BF8A048F6BFD4C317D49BD336C70 . 699392 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regedit.exe
[-] 2014-05-03 . 75F109923277771008C7417854131764 . 699392 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regedit.exe
.
[7] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\ksuser.dll
.
[-] 2014-05-27 . 7C1C026F88ADAEBEFAE293E2E07A0B65 . 568320 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[-] 2014-05-06 . 6B97585591C5C3C1FEBC0FB84BD1B6FD . 568320 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2014-05-03 . B6B59E37F29C347A2BB10BD15A7DF16B . 568320 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe
.
[-] 2014-05-06 . F9CF2E558995B994DA3FF614959448D8 . 566784 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe
[-] 2014-05-06 . D1FAB44675947CFD69AE1D31A74CC570 . 566784 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wscntfy.exe
[-] 2014-05-03 . 182CFBAE330DBC136D3E4EDB97DC5090 . 566784 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wscntfy.exe
.
[-] 2014-05-06 . D9FF7ADDFB4B86868E67D14BBA474B4F . 1185792 . . [8.00.6001.18702] . . c:\windows\system32\dllcache\iexplore.exe
[7] 2008-04-14 . 55794B97A7FAABD2910873C85274F409 . 93184 . . [6.00.2900.5512] . . c:\windows\ie8\iexplore.exe
[7] 2008-04-14 . 55794B97A7FAABD2910873C85274F409 . 93184 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\iexplore.exe
[7] 2006-02-28 . E7484514C0464642BE7B4DC2689354C8 . 93184 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\iexplore.exe
.
.
c:\windows\System32\ksuser.dll ... is missing !!
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2014-05-27 568320]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2013-10-23 647168]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2013-10-23 630784]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2013-10-23 671744]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2014-05-03 696320]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2014-05-07 602112]
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2014-06-24 4101576]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.150\SSScheduler.exe [2014-4-9 822784]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       autocheck autochk *\0\0sdnclean.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDTray.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDFSSvc.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdate.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"=
.
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [7/12/2014 7:11 AM 2356224]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [7/12/2014 7:11 AM 1406976]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [7/12/2014 7:43 AM 1738168]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [7/12/2014 7:43 AM 2088408]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7/12/2014 7:11 AM 23256]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [7/12/2014 7:12 AM 110296]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [7/12/2014 7:43 AM 1285632]
S3 efavdrv;efavdrv;\??\c:\windows\system32\drivers\efavdrv.sys --> c:\windows\system32\drivers\efavdrv.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe [4/9/2014 9:12 AM 779264]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2014-07-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-30 02:08]
.
2014-07-12 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDUpdate.exe [2014-07-12 15:52]
.
2014-07-12 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2014-07-12 14:41]
.
2014-07-12 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDScan.exe [2014-07-12 14:42]
.
2014-07-11 c:\windows\Tasks\User_Feed_Synchronization-{129F5B96-149F-45A2-9E96-25BD68E9BC96}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 14:49]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com/
TCP: DhcpNameServer = 24.226.1.93 24.226.10.193 24.226.10.194 24.226.1.94
FF - ProfilePath - c:\documents and settings\Tim\Application Data\Mozilla\Firefox\Profiles\to9pxg2j.default\
FF - prefs.js: browser.search.selectedEngine - Bing
.
- - - - ORPHANS REMOVED - - - -
.
Notify-SDWinLogon - SDWinLogon.dll
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-07-12 12:19
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3888)
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\msiexec.exe
c:\program files\Malwarebytes Anti-Malware\mbam.exe
c:\program files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\sessmgr.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
.
**************************************************************************
.
Completion time: 2014-07-12  12:21:43 - machine was rebooted
ComboFix-quarantined-files.txt  2014-07-12 16:21
.
Pre-Run: 306,298,929,152 bytes free
Post-Run: 306,152,075,264 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - DAE3F849EA80874E3924FD41DA4A8B43
8F558EB6672622401DA993E1E865C861



#6 Bastille Day

Bastille Day
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:11:49 AM

Posted 19 July 2014 - 01:08 PM

FIRST.txt results

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:19-07-2014
Ran by Tim (administrator) on TIM-8D42A9B93A4 on 19-07-2014 13:52:15
Running from C:\Documents and Settings\Tim\My Documents\Downloads
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jusched.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
(Intel® Corporation) C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
(HP) C:\WINDOWS\system32\HPZipm12.exe
(Microsoft Corporation) C:\WINDOWS\system32\sessmgr.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
(Microsoft Corp., Veritas Software) C:\WINDOWS\system32\dmadmin.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Microsoft Corporation) C:\Program Files\Windows NT\Accessories\wordpad.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Policies\Explorer: [HideSCAHealth] 1
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Development Company, L.P.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Documents and Settings\Tim\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
ShortcutTarget: OpenOffice.org 3.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1399146733031
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
Tcpip\Parameters: [DhcpNameServer] 24.226.1.93 24.226.10.193 24.226.10.194 24.226.1.94

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\to9pxg2j.default
FF DefaultSearchEngine: Bing
FF SelectedSearchEngine: Bing
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2014-05-03]
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\Documents and Settings\All Users\Application Data\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\Documents and Settings\All Users\Application Data\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

========================== Services (Whitelisted) =================

S3 CiSvc; C:\WINDOWS\system32\cisvc.exe [558592 2014-05-06] (Microsoft Corporation) [File not signed]
S3 ClipSrv; C:\WINDOWS\system32\clipsrv.exe [586240 2014-05-03] (Microsoft Corporation) [File not signed]
R2 dmadmin; C:\WINDOWS\System32\dmadmin.exe [777728 2014-05-03] (Microsoft Corp., Veritas Software) [File not signed]
S2 ImapiService; C:\WINDOWS\system32\imapi.exe [703488 2014-05-03] (Microsoft Corporation) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [700416 2014-05-03] (Sun Microsystems, Inc.) [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [779264 2014-07-12] (McAfee, Inc.) [File not signed]
S2 mnmsrvc; C:\WINDOWS\system32\mnmsrvc.exe [585728 2014-05-03] (Microsoft Corporation) [File not signed]
S2 MozillaMaintenance; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [664064 2014-06-18] (Mozilla Foundation) [File not signed]
R2 MSIServer; C:\WINDOWS\System32\msiexec.exe [631808 2014-05-06] (Microsoft Corporation) [File not signed]
S2 NetDDE; C:\WINDOWS\system32\netdde.exe [664064 2014-05-03] (Microsoft Corporation) [File not signed]
S4 NetDDEdsdm; C:\WINDOWS\system32\netdde.exe [664064 2014-05-03] (Microsoft Corporation) [File not signed]
R2 NetSvc; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [700416 2014-05-03] (Intel® Corporation) [File not signed]
R2 RDSessMgr; C:\WINDOWS\system32\sessmgr.exe [694272 2014-05-06] (Microsoft Corporation) [File not signed]
S3 RpcLocator; C:\WINDOWS\system32\locator.exe [628224 2014-05-03] (Microsoft Corporation) [File not signed]
S3 SCardSvr; C:\WINDOWS\System32\SCardSvr.exe [648704 2014-05-03] (Microsoft Corporation) [File not signed]
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [1285632 2014-07-12] (Safer-Networking Ltd.) [File not signed]
S3 SysmonLog; C:\WINDOWS\system32\smlogsvc.exe [642560 2014-05-03] (Microsoft Corporation) [File not signed]
S3 VSS; C:\WINDOWS\System32\vssvc.exe [842752 2014-07-12] (Microsoft Corporation) [File not signed]
R2 WmiApSrv; C:\WINDOWS\system32\wbem\wmiapsrv.exe [679424 2014-05-06] (Microsoft Corporation) [File not signed]

==================== Drivers (Whitelisted) ====================

S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49664 2006-05-16] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2006-05-16] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2006-05-16] (HP)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 DMusic; system32\drivers\DMusic.sys [X]
S3 efavdrv; \??\C:\WINDOWS\system32\drivers\efavdrv.sys [X]
S4 IntelIde; No ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
U3 TlntSvr;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-19 13:52 - 2014-07-19 13:52 - 00000000 ____D () C:\FRST
2014-07-17 14:21 - 2014-07-17 16:40 - 00005744 _____ () C:\Documents and Settings\Tim\Desktop\dds.zip
2014-07-17 14:21 - 2014-07-17 14:21 - 00000000 ____D () C:\Documents and Settings\Tim\Desktop\New Folder
2014-07-17 14:06 - 2014-07-17 14:06 - 00014631 _____ () C:\Documents and Settings\Tim\Desktop\dds.txt
2014-07-17 14:06 - 2014-07-17 14:06 - 00008569 _____ () C:\Documents and Settings\Tim\Desktop\attach.txt
2014-07-16 14:55 - 2014-07-17 14:48 - 00000228 _____ () C:\Documents and Settings\Tim\Desktop\apt-02.txt
2014-07-13 09:52 - 2014-07-19 13:48 - 00000000 ____D () C:\Documents and Settings\Tim\Desktop\new docs
2014-07-12 19:45 - 2014-07-17 16:16 - 00000299 _____ () C:\Documents and Settings\Tim\Desktop\st.thomas.txt
2014-07-12 18:38 - 2014-07-12 18:38 - 00000042 _____ () C:\Documents and Settings\Tim\Local Settings\Application Data\wsr30zt32.dll
2014-07-12 18:15 - 2014-07-12 18:22 - 00000000 ____D () C:\Documents and Settings\Tim\Desktop\images
2014-07-12 18:06 - 2014-07-12 18:21 - 00000000 ____D () C:\Program Files\Common Files\AVSMedia
2014-07-12 18:06 - 2014-07-12 18:06 - 00000000 ____D () C:\Documents and Settings\Tim\Application Data\AVS4YOU
2014-07-12 18:06 - 2014-07-12 18:06 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVS4YOU
2014-07-12 18:05 - 2014-07-12 18:21 - 00000000 ____D () C:\Program Files\AVS4YOU
2014-07-12 18:05 - 2012-10-29 11:51 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3a.dll
2014-07-12 17:57 - 2014-07-12 17:57 - 00000000 ____D () C:\Documents and Settings\Tim\Application Data\Image Zone Express
2014-07-12 17:02 - 2014-07-12 17:02 - 01545180 _____ () C:\Documents and Settings\Tim\Desktop\cat-chipmunk.zip
2014-07-12 12:25 - 2014-07-12 12:25 - 00039262 _____ () C:\Documents and Settings\Tim\Desktop\combo-fix.txt
2014-07-12 12:21 - 2014-07-12 12:21 - 00039262 _____ () C:\ComboFix.txt
2014-07-12 12:21 - 2014-07-12 12:21 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\temp
2014-07-12 12:21 - 2014-07-12 12:21 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\temp
2014-07-12 12:21 - 2014-07-12 12:21 - 00000000 ____D () C:\Documents and Settings\Default User\Local Settings\temp
2014-07-12 12:15 - 2014-07-12 12:15 - 00008192 ____H () C:\WINDOWS\system32\config\SECURITY.tmp.LOG
2014-07-12 12:15 - 2014-07-12 12:15 - 00000000 ____H () C:\WINDOWS\system32\config\system.tmp.LOG
2014-07-12 12:15 - 2014-07-12 12:15 - 00000000 ____H () C:\WINDOWS\system32\config\software.tmp.LOG
2014-07-12 12:15 - 2014-07-12 12:15 - 00000000 ____H () C:\WINDOWS\system32\config\SAM.tmp.LOG
2014-07-12 12:15 - 2014-07-12 12:15 - 00000000 ____H () C:\WINDOWS\system32\config\default.tmp.LOG
2014-07-12 11:38 - 2014-07-12 11:38 - 00000000 _RSHD () C:\cmdcons
2014-07-12 11:38 - 2014-05-03 13:24 - 00000211 _____ () C:\Boot.bak
2014-07-12 11:38 - 2004-08-03 23:00 - 00260272 __RSH () C:\cmldr
2014-07-12 11:36 - 2014-07-12 17:51 - 00621056 _____ () C:\WINDOWS\zip.exe
2014-07-12 11:36 - 2014-07-12 17:45 - 00808960 _____ () C:\WINDOWS\PEV.exe
2014-07-12 11:36 - 2014-07-12 17:45 - 00651776 _____ () C:\WINDOWS\sed.exe
2014-07-12 11:36 - 2014-07-12 12:21 - 00000000 ____D () C:\ComboFix
2014-07-12 11:36 - 2010-11-07 13:20 - 00208896 _____ () C:\WINDOWS\MBR.exe
2014-07-12 11:36 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2014-07-12 11:36 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2014-07-12 11:36 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2014-07-12 11:36 - 2000-08-30 20:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2014-07-12 11:36 - 2000-08-30 20:00 - 00080412 _____ () C:\WINDOWS\grep.exe
2014-07-12 11:35 - 2014-07-12 12:21 - 00000000 ____D () C:\Qoobox
2014-07-12 11:35 - 2014-07-12 12:19 - 00000000 ____D () C:\WINDOWS\erdnt
2014-07-12 11:32 - 2014-07-12 11:32 - 00001090 _____ () C:\Documents and Settings\Tim\Desktop\AdwCleaner[S1].txt
2014-07-12 11:20 - 2014-07-12 11:20 - 00000000 ____D () C:\Documents and Settings\Tim\Application Data\FastStone
2014-07-12 11:20 - 2014-07-12 11:20 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy 2
2014-07-12 11:20 - 2014-07-12 11:20 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\McAfee Security Scan Plus
2014-07-12 11:20 - 2014-07-12 11:20 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-12 10:23 - 2014-07-12 10:23 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\ESET
2014-07-12 07:43 - 2014-07-19 13:43 - 00000644 _____ () C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job
2014-07-12 07:43 - 2014-07-12 11:19 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-07-12 07:43 - 2014-07-12 09:55 - 00065536 _____ () C:\WINDOWS\system32\config\SpybotSD.evt
2014-07-12 07:43 - 2014-07-12 07:50 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2014-07-12 07:43 - 2014-07-12 07:43 - 00001842 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-07-12 07:43 - 2014-07-12 07:43 - 00001836 _____ () C:\Documents and Settings\All Users\Desktop\Spybot-S&D Start Center.lnk
2014-07-12 07:43 - 2014-07-12 07:43 - 00000616 _____ () C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2014-07-12 07:43 - 2014-07-12 07:43 - 00000446 _____ () C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job
2014-07-12 07:43 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean.exe
2014-07-12 07:12 - 2014-07-12 18:31 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-07-12 07:11 - 2014-07-12 18:36 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-07-12 07:11 - 2014-05-12 07:26 - 00053208 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-07-12 07:11 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-07-12 07:10 - 2014-07-12 07:10 - 00000000 ____D () C:\Documents and Settings\LocalService\Application Data\McAfee
2014-07-12 07:08 - 2014-07-12 11:19 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-07-12 07:08 - 2014-07-12 11:19 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\McAfee Security Scan
2014-07-12 07:08 - 2014-07-12 07:08 - 00001805 _____ () C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk
2014-07-12 06:51 - 2014-07-12 07:30 - 00708096 _____ () C:\WINDOWS\system32\mninemn.exe
2014-07-12 06:48 - 2014-07-12 10:11 - 00000003 _____ () C:\Documents and Settings\All Users\Application Data\iefbahgc33.nls
2014-07-12 06:48 - 2014-07-12 07:30 - 00708096 _____ () C:\WINDOWS\system32\filnohd.exe
2014-07-11 12:08 - 2014-07-11 12:08 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-07-11 11:53 - 2014-07-12 11:29 - 00000000 ____D () C:\AdwCleaner
2014-07-09 01:31 - 2014-07-08 22:47 - 00001204 ____R () C:\Documents and Settings\Tim\My Documents\domains.txt
2014-07-09 00:46 - 2014-07-09 00:46 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-07-08 23:47 - 2014-07-09 00:02 - 00000804 _____ () C:\Documents and Settings\Tim\Desktop\New Text Document.txt
2014-07-08 21:56 - 2014-07-08 21:56 - 00001060 ____H () C:\Documents and Settings\Tim\Local Settings\Application Data\dtejtqol
2014-07-08 21:56 - 2014-07-08 21:56 - 00000580 ____H () C:\Documents and Settings\Tim\Local Settings\Application Data\cuvgxiaz
2014-07-08 21:36 - 2014-07-08 21:36 - 00001060 ____H () C:\Documents and Settings\LocalService\Local Settings\Application Data\dtejtqol
2014-07-08 21:36 - 2014-07-08 21:36 - 00000580 ____H () C:\Documents and Settings\LocalService\Local Settings\Application Data\cuvgxiaz
2014-07-07 19:38 - 2014-07-08 22:47 - 00001204 ____R () C:\Documents and Settings\Tim\Desktop\domains.txt
2014-07-07 17:29 - 2014-07-07 19:08 - 00000000 ____D () C:\Documents and Settings\Tim\Desktop\coin-show-x
2014-07-02 13:22 - 2014-07-02 13:22 - 00000000 ____D () C:\Documents and Settings\Tim\Local Settings\Application Data\Adobe
2014-06-23 14:13 - 2014-06-23 14:13 - 00000000 ____D () C:\Documents and Settings\Tim\Desktop\Originals
2014-06-23 14:05 - 2014-06-23 18:31 - 01196544 _____ (Microsoft Corporation) C:\WINDOWS\system32\pehpdha.exe

==================== One Month Modified Files and Folders =======

2014-07-19 13:52 - 2014-07-19 13:52 - 00000000 ____D () C:\FRST
2014-07-19 13:52 - 2014-05-03 13:34 - 00000000 ____D () C:\Documents and Settings\Tim\Local Settings\Temp
2014-07-19 13:48 - 2014-07-13 09:52 - 00000000 ____D () C:\Documents and Settings\Tim\Desktop\new docs
2014-07-19 13:45 - 2014-05-05 16:47 - 00000418 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{129F5B96-149F-45A2-9E96-25BD68E9BC96}.job
2014-07-19 13:44 - 2014-05-03 09:23 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-07-19 13:44 - 2014-05-03 09:23 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-07-19 13:43 - 2014-07-12 07:43 - 00000644 _____ () C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job
2014-07-19 13:42 - 2014-05-03 13:33 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-07-19 13:42 - 2006-02-28 08:00 - 00012984 _____ () C:\WINDOWS\system32\wpa.dbl
2014-07-17 16:42 - 2014-05-03 14:36 - 00000003 _____ () C:\30.nls
2014-07-17 16:41 - 2014-05-03 13:34 - 00000178 ___SH () C:\Documents and Settings\Tim\ntuser.ini
2014-07-17 16:41 - 2014-05-03 13:33 - 00032488 _____ () C:\WINDOWS\SchedLgU.Txt
2014-07-17 16:41 - 2014-05-03 13:28 - 00154029 _____ () C:\WINDOWS\WindowsUpdate.log
2014-07-17 16:40 - 2014-07-17 14:21 - 00005744 _____ () C:\Documents and Settings\Tim\Desktop\dds.zip
2014-07-17 16:16 - 2014-07-12 19:45 - 00000299 _____ () C:\Documents and Settings\Tim\Desktop\st.thomas.txt
2014-07-17 14:48 - 2014-07-16 14:55 - 00000228 _____ () C:\Documents and Settings\Tim\Desktop\apt-02.txt
2014-07-17 14:21 - 2014-07-17 14:21 - 00000000 ____D () C:\Documents and Settings\Tim\Desktop\New Folder
2014-07-17 14:19 - 2014-05-06 22:34 - 00000754 _____ () C:\WINDOWS\WORDPAD.INI
2014-07-17 14:06 - 2014-07-17 14:06 - 00014631 _____ () C:\Documents and Settings\Tim\Desktop\dds.txt
2014-07-17 14:06 - 2014-07-17 14:06 - 00008569 _____ () C:\Documents and Settings\Tim\Desktop\attach.txt
2014-07-14 21:12 - 2014-05-03 14:15 - 00000000 ____D () C:\Documents and Settings\Tim\Desktop\delete-01
2014-07-13 09:27 - 2014-06-03 19:50 - 00000000 ____D () C:\Documents and Settings\Tim\Desktop\H-bin
2014-07-13 09:26 - 2014-06-03 16:11 - 00000000 ____D () C:\Documents and Settings\Tim\Desktop\vcc-01-edit
2014-07-12 18:38 - 2014-07-12 18:38 - 00000042 _____ () C:\Documents and Settings\Tim\Local Settings\Application Data\wsr30zt32.dll
2014-07-12 18:36 - 2014-07-12 07:11 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-07-12 18:36 - 2014-05-03 15:05 - 00000000 ____D () C:\WINDOWS\ServicePackFiles
2014-07-12 18:31 - 2014-07-12 07:12 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-07-12 18:22 - 2014-07-12 18:15 - 00000000 ____D () C:\Documents and Settings\Tim\Desktop\images
2014-07-12 18:21 - 2014-07-12 18:06 - 00000000 ____D () C:\Program Files\Common Files\AVSMedia
2014-07-12 18:21 - 2014-07-12 18:05 - 00000000 ____D () C:\Program Files\AVS4YOU
2014-07-12 18:06 - 2014-07-12 18:06 - 00000000 ____D () C:\Documents and Settings\Tim\Application Data\AVS4YOU
2014-07-12 18:06 - 2014-07-12 18:06 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVS4YOU
2014-07-12 18:06 - 2014-05-03 09:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-07-12 17:57 - 2014-07-12 17:57 - 00000000 ____D () C:\Documents and Settings\Tim\Application Data\Image Zone Express
2014-07-12 17:51 - 2014-07-12 11:36 - 00621056 _____ () C:\WINDOWS\zip.exe
2014-07-12 17:50 - 2014-05-03 14:50 - 00000000 ____D () C:\Documents and Settings\Tim\Desktop\BB-folders
2014-07-12 17:45 - 2014-07-12 11:36 - 00808960 _____ () C:\WINDOWS\PEV.exe
2014-07-12 17:45 - 2014-07-12 11:36 - 00651776 _____ () C:\WINDOWS\sed.exe
2014-07-12 17:28 - 2014-06-03 14:00 - 00000000 ____D () C:\Documents and Settings\Tim\Desktop\BB-edit
2014-07-12 17:28 - 2014-05-03 14:14 - 00000000 ____D () C:\Documents and Settings\Tim\Desktop\bullion-coins
2014-07-12 17:02 - 2014-07-12 17:02 - 01545180 _____ () C:\Documents and Settings\Tim\Desktop\cat-chipmunk.zip
2014-07-12 17:00 - 2014-05-03 13:32 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2014-07-12 12:25 - 2014-07-12 12:25 - 00039262 _____ () C:\Documents and Settings\Tim\Desktop\combo-fix.txt
2014-07-12 12:21 - 2014-07-12 12:21 - 00039262 _____ () C:\ComboFix.txt
2014-07-12 12:21 - 2014-07-12 12:21 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\temp
2014-07-12 12:21 - 2014-07-12 12:21 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\temp
2014-07-12 12:21 - 2014-07-12 12:21 - 00000000 ____D () C:\Documents and Settings\Default User\Local Settings\temp
2014-07-12 12:21 - 2014-07-12 11:36 - 00000000 ____D () C:\ComboFix
2014-07-12 12:21 - 2014-07-12 11:35 - 00000000 ____D () C:\Qoobox
2014-07-12 12:19 - 2014-07-12 11:35 - 00000000 ____D () C:\WINDOWS\erdnt
2014-07-12 12:18 - 2006-02-28 08:00 - 00000227 _____ () C:\WINDOWS\system.ini
2014-07-12 12:17 - 2006-02-28 08:00 - 00842752 _____ (Microsoft Corporation) C:\WINDOWS\system32\vssvc.exe
2014-07-12 12:16 - 2014-05-03 09:19 - 00040960 _____ () C:\WINDOWS\system32\config\SECURITY.bak
2014-07-12 12:16 - 2014-05-03 09:19 - 00020480 _____ () C:\WINDOWS\system32\config\SAM.bak
2014-07-12 12:16 - 2014-05-03 09:18 - 13893632 _____ () C:\WINDOWS\system32\config\software.bak
2014-07-12 12:16 - 2014-05-03 09:18 - 03932160 _____ () C:\WINDOWS\system32\config\system.bak
2014-07-12 12:16 - 2014-05-03 09:18 - 00253952 _____ () C:\WINDOWS\system32\config\default.bak
2014-07-12 12:15 - 2014-07-12 12:15 - 00008192 ____H () C:\WINDOWS\system32\config\SECURITY.tmp.LOG
2014-07-12 12:15 - 2014-07-12 12:15 - 00000000 ____H () C:\WINDOWS\system32\config\system.tmp.LOG
2014-07-12 12:15 - 2014-07-12 12:15 - 00000000 ____H () C:\WINDOWS\system32\config\software.tmp.LOG
2014-07-12 12:15 - 2014-07-12 12:15 - 00000000 ____H () C:\WINDOWS\system32\config\SAM.tmp.LOG
2014-07-12 12:15 - 2014-07-12 12:15 - 00000000 ____H () C:\WINDOWS\system32\config\default.tmp.LOG
2014-07-12 11:56 - 2014-05-03 13:26 - 00000000 ____D () C:\WINDOWS\Registration
2014-07-12 11:38 - 2014-07-12 11:38 - 00000000 _RSHD () C:\cmdcons
2014-07-12 11:38 - 2014-05-03 09:18 - 00000327 __RSH () C:\boot.ini
2014-07-12 11:32 - 2014-07-12 11:32 - 00001090 _____ () C:\Documents and Settings\Tim\Desktop\AdwCleaner[S1].txt
2014-07-12 11:29 - 2014-07-11 11:53 - 00000000 ____D () C:\AdwCleaner
2014-07-12 11:20 - 2014-07-12 11:20 - 00000000 ____D () C:\Documents and Settings\Tim\Application Data\FastStone
2014-07-12 11:20 - 2014-07-12 11:20 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy 2
2014-07-12 11:20 - 2014-07-12 11:20 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\McAfee Security Scan Plus
2014-07-12 11:20 - 2014-07-12 11:20 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-12 11:20 - 2014-05-19 12:11 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Adobe
2014-07-12 11:20 - 2014-05-03 14:15 - 00000000 ____D () C:\Documents and Settings\Tim\Desktop\JUNK
2014-07-12 11:20 - 2014-05-03 14:15 - 00000000 ____D () C:\Documents and Settings\Tim\Desktop\flashdrive
2014-07-12 11:20 - 2014-05-03 14:14 - 00000000 ____D () C:\Documents and Settings\Tim\Desktop\2014-acbn
2014-07-12 11:19 - 2014-07-12 07:43 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-07-12 11:19 - 2014-07-12 07:08 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-07-12 11:19 - 2014-07-12 07:08 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\McAfee Security Scan
2014-07-12 10:43 - 2014-05-07 11:48 - 00003646 _____ () C:\Documents and Settings\All Users\Application Data\hpzinstall.log
2014-07-12 10:23 - 2014-07-12 10:23 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\ESET
2014-07-12 10:11 - 2014-07-12 06:48 - 00000003 _____ () C:\Documents and Settings\All Users\Application Data\iefbahgc33.nls
2014-07-12 09:55 - 2014-07-12 07:43 - 00065536 _____ () C:\WINDOWS\system32\config\SpybotSD.evt
2014-07-12 07:50 - 2014-07-12 07:43 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2014-07-12 07:46 - 2014-05-03 13:33 - 00000000 __SHD () C:\Documents and Settings\LocalService
2014-07-12 07:43 - 2014-07-12 07:43 - 00001842 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-07-12 07:43 - 2014-07-12 07:43 - 00001836 _____ () C:\Documents and Settings\All Users\Desktop\Spybot-S&D Start Center.lnk
2014-07-12 07:43 - 2014-07-12 07:43 - 00000616 _____ () C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2014-07-12 07:43 - 2014-07-12 07:43 - 00000446 _____ () C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job
2014-07-12 07:30 - 2014-07-12 06:51 - 00708096 _____ () C:\WINDOWS\system32\mninemn.exe
2014-07-12 07:30 - 2014-07-12 06:48 - 00708096 _____ () C:\WINDOWS\system32\filnohd.exe
2014-07-12 07:10 - 2014-07-12 07:10 - 00000000 ____D () C:\Documents and Settings\LocalService\Application Data\McAfee
2014-07-12 07:08 - 2014-07-12 07:08 - 00001805 _____ () C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk
2014-07-12 07:02 - 2014-05-06 18:23 - 00000003 _____ () C:\Documents and Settings\Tim\Local Settings\Application Data\iefbahgc30.nls
2014-07-12 06:38 - 2014-05-03 09:20 - 00501644 _____ () C:\WINDOWS\setupapi.log
2014-07-12 06:38 - 2014-05-03 09:19 - 00174587 _____ () C:\WINDOWS\setupact.log
2014-07-11 12:08 - 2014-07-11 12:08 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-07-09 17:14 - 2014-05-03 14:15 - 00000000 ____D () C:\Documents and Settings\Tim\Desktop\can-trends
2014-07-09 17:01 - 2014-05-03 14:15 - 00000000 ____D () C:\Documents and Settings\Tim\Desktop\us-trends
2014-07-09 16:22 - 2014-05-03 14:15 - 00000000 ___RD () C:\Documents and Settings\Tim\Desktop\images-01
2014-07-09 15:29 - 2014-05-03 13:34 - 00000000 ____D () C:\Documents and Settings\Tim
2014-07-09 15:05 - 2014-05-03 13:27 - 00000000 ____D () C:\WINDOWS\srchasst
2014-07-09 15:03 - 2014-05-03 15:27 - 00000000 __HDC () C:\WINDOWS\$NtServicePackUninstall$
2014-07-09 01:17 - 2014-05-03 09:12 - 00000000 ____D () C:\WINDOWS\PeerNet
2014-07-09 00:46 - 2014-07-09 00:46 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-07-09 00:10 - 2014-05-03 13:27 - 00000000 ____D () C:\WINDOWS\system32\Restore
2014-07-09 00:02 - 2014-07-08 23:47 - 00000804 _____ () C:\Documents and Settings\Tim\Desktop\New Text Document.txt
2014-07-09 00:02 - 2014-05-03 14:51 - 00001392 _____ () C:\Documents and Settings\Tim\Desktop\label-01.txt
2014-07-08 23:57 - 2014-06-16 14:46 - 00002618 _____ () C:\Documents and Settings\Tim\Desktop\H-box-01.txt
2014-07-08 23:57 - 2014-05-03 14:15 - 00001967 _____ () C:\Documents and Settings\Tim\Desktop\H-contacts.txt
2014-07-08 23:56 - 2014-06-08 12:10 - 00002079 _____ () C:\Documents and Settings\Tim\Desktop\work-pad.txt
2014-07-08 23:56 - 2014-05-03 14:15 - 01544575 _____ () C:\Documents and Settings\Tim\Desktop\chipmunk.tiff
2014-07-08 23:50 - 2014-05-03 14:50 - 00702976 _____ () C:\Documents and Settings\Tim\Desktop\ted.bmp
2014-07-08 22:57 - 2014-05-03 14:50 - 00001982 _____ () C:\Documents and Settings\Tim\Desktop\windsor.txt
2014-07-08 22:53 - 2014-05-29 22:21 - 00001841 _____ () C:\Documents and Settings\Tim\Desktop\project.txt
2014-07-08 22:47 - 2014-07-09 01:31 - 00001204 ____R () C:\Documents and Settings\Tim\My Documents\domains.txt
2014-07-08 22:47 - 2014-07-07 19:38 - 00001204 ____R () C:\Documents and Settings\Tim\Desktop\domains.txt
2014-07-08 22:08 - 2014-05-30 19:49 - 01245696 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-07-08 22:07 - 2014-05-30 19:49 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-07-08 21:56 - 2014-07-08 21:56 - 00001060 ____H () C:\Documents and Settings\Tim\Local Settings\Application Data\dtejtqol
2014-07-08 21:56 - 2014-07-08 21:56 - 00000580 ____H () C:\Documents and Settings\Tim\Local Settings\Application Data\cuvgxiaz
2014-07-08 21:36 - 2014-07-08 21:36 - 00001060 ____H () C:\Documents and Settings\LocalService\Local Settings\Application Data\dtejtqol
2014-07-08 21:36 - 2014-07-08 21:36 - 00000580 ____H () C:\Documents and Settings\LocalService\Local Settings\Application Data\cuvgxiaz
2014-07-08 14:30 - 2014-05-03 14:14 - 00000000 ____D () C:\Documents and Settings\Tim\Desktop\coin-01
2014-07-07 19:41 - 2014-05-03 14:15 - 00000000 ____D () C:\Documents and Settings\Tim\Desktop\card-lists-x
2014-07-07 19:08 - 2014-07-07 17:29 - 00000000 ____D () C:\Documents and Settings\Tim\Desktop\coin-show-x
2014-07-07 19:05 - 2014-06-07 09:18 - 00000000 ____D () C:\Documents and Settings\Tim\Desktop\apartments
2014-07-07 17:24 - 2014-05-03 14:14 - 00000000 ____D () C:\Documents and Settings\Tim\Desktop\cloud-add
2014-07-02 13:22 - 2014-07-02 13:22 - 00000000 ____D () C:\Documents and Settings\Tim\Local Settings\Application Data\Adobe
2014-07-02 12:48 - 2014-05-03 14:50 - 00000000 ____D () C:\Documents and Settings\Tim\Desktop\uploaded
2014-06-23 18:31 - 2014-06-23 14:05 - 01196544 _____ (Microsoft Corporation) C:\WINDOWS\system32\pehpdha.exe
2014-06-23 14:13 - 2014-06-23 14:13 - 00000000 ____D () C:\Documents and Settings\Tim\Desktop\Originals
2014-06-23 14:09 - 2014-06-01 23:28 - 00000000 ____D () C:\Documents and Settings\Tim\Desktop\card-edit
2014-06-20 22:21 - 2014-05-30 19:45 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service

==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe
[2006-02-28 08:00] - [2014-05-07 16:51] - 1586688 ____A (Microsoft Corporation) c42615da24f81990877fee4c05ca4853



#7 Bastille Day

Bastille Day
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:11:49 AM

Posted 19 July 2014 - 01:12 PM

ADDITION.txt

 

dditional scan result of Farbar Recovery Scan Tool (x86) Version:19-07-2014
Ran by Tim at 2014-07-19 13:52:54
Running from C:\Documents and Settings\Tim\My Documents\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================


==================== Installed Programs ======================

Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
AiO_Scan (Version: 50.0.227.000 - Hewlett-Packard) Hidden
BufferChm (Version: 70.0.170.000 - Hewlett-Packard) Hidden
CustomerResearchQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
D2300 (Version: 70.0.260.000 - Hewlett-Packard) Hidden
D2300_Help (Version: 70.0.260.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
HP Customer Participation Program 7.0 (HKLM\...\HPExtendedCapabilities) (Version: 7.0 - HP)
HP Imaging Device Functions 7.0 (HKLM\...\HP Imaging Device Functions) (Version: 7.0 - HP)
HP Photosmart and Deskjet 7.0 Software (HKLM\...\{D2A3C9D5-0B56-4656-8277-7EDC65D62B6E}) (Version: 7.1 - HP)
HP Photosmart Essential (HKLM\...\{6994491D-D491-48F1-AE1F-E179C1FFFC2F}) (Version: 1.9.1.3 - HP)
HP PSC & OfficeJet 5.3.B (HKLM\...\{49FB31C1-26EC-44c6-AB47-73C66E2BC41E}) (Version:  - HP)
HP Software Update (HKLM\...\{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}) (Version: 3.0.7.014 - HEWLET~1|Hewlett-Packard)
HP Solution Center 7.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 7.0 - HP)
hph_ProductContext (Version: 70.0.260.000 - Hewlett-Packard) Hidden
hph_readme (Version: 70.0.260.000 - Hewlett-Packard) Hidden
hph_software (Version: 70.0.260.000 - Hewlett-Packard) Hidden
hph_software_req (Version: 70.0.260.000 - Hewlett-Packard) Hidden
HPPhotoSmartExpress (Version: 70.0.170.000 - Hewlett-Packard) Hidden
HPProductAssistant (Version: 70.0.170.000 - Hewlett-Packard) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: 6.14.10.4543 - )
Intel® PRO Network Connections Drivers (HKLM\...\PROSet) (Version:  - )
Intel® PROSet for Wired Connections (HKLM\...\{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}) (Version: 9.20.0000 - Dell)
Java™ 6 Update 16 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216016FF}) (Version: 6.0.160 - Sun Microsystems, Inc.)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MarketResearch (Version: 70.0.170.000 - Hewlett-Packard) Hidden
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Mozilla Firefox 30.0 (x86 en-US) (HKLM\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
OpenOffice.org 3.1 (HKLM\...\{E6B87DC4-2B3D-4483-ADFF-E483BF718991}) (Version: 3.1.9420 - OpenOffice.org)
PhotoScape (HKLM\...\PhotoScape) (Version:  - )
Scan (Version: 5.2.0.0 - Hewlett-Packard) Hidden
SigmaTel Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 5.10.4600.0 - SigmaTel)
SolutionCenter (Version: 70.0.170.000 - Hewlett-Packard) Hidden
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Status (Version: 70.0.170.000 - Hewlett-Packard) Hidden
Toolbox (Version: 70.0.170.000 - Hewlett-Packard) Hidden
TrayApp (Version: 70.0.170.000 - Hewlett-Packard) Hidden
Unload (Version: 7.0.0 - Hewlett-Packard) Hidden
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WebReg (Version: 70.0.170.000 - Hewlett-Packard) Hidden
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)

==================== Restore Points  =========================

03-05-2014 17:34:56 System Checkpoint
03-05-2014 18:05:34 Installed Intel® PROSet for Wired Connections
03-05-2014 18:05:58 Installed Intel® PROSafe for Wired Connections
03-05-2014 18:06:15 Installed Dell System Software
03-05-2014 18:06:18 Installed Desktop System Software
03-05-2014 18:06:25 Installed Windows XP KB908673.
03-05-2014 18:06:44 Installed SigmaTel Audio
03-05-2014 18:55:48 Installed Java™ 6 Update 16
03-05-2014 18:56:23 Installed OpenOffice.org 3.1
03-05-2014 19:01:05 Installed Windows XP Service Pack 3.
03-05-2014 19:29:29 Installed Windows XP Service Pack 3.
03-05-2014 20:05:37 Installed Windows Internet Explorer 8.
07-05-2014 03:22:53 System Checkpoint
07-05-2014 15:51:23 Installed HPSU306Stub
13-05-2014 17:46:33 System Checkpoint
28-05-2014 01:12:07 System Checkpoint
29-05-2014 01:57:21 System Checkpoint
30-05-2014 21:51:42 System Checkpoint
04-06-2014 01:36:45 System Checkpoint
23-06-2014 00:25:19 System Checkpoint
09-07-2014 04:09:03 july 08 2014
09-07-2014 04:10:37 Restore Operation
09-07-2014 04:15:00 Restore Operation
09-07-2014 04:21:19 july 7 2014
09-07-2014 04:24:22 Restore Operation
09-07-2014 06:01:37 Restore Operation
09-07-2014 17:17:18 Restore Operation
09-07-2014 17:30:05 Restore Operation
09-07-2014 17:36:00 Restore Operation
09-07-2014 19:22:01 Restore Operation
09-07-2014 19:28:21 07/07/14
09-07-2014 19:29:07 Restore Operation
12-07-2014 14:41:43 Removed Adobe Reader XI (11.0.07).
12-07-2014 15:15:18 Restore Operation
12-07-2014 15:22:37 Restore Operation
15-07-2014 16:09:01 System Checkpoint

==================== Hosts content: ==========================

2006-02-28 08:00 - 2014-07-12 12:17 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{129F5B96-149F-45A2-9E96-25BD68E9BC96}.job => C:\WINDOWS\system32\msfeedssync.exe

==================== Loaded Modules (whitelisted) =============

2014-07-12 07:43 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-07-12 07:43 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2014-07-12 07:43 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2009-08-18 15:54 - 2009-08-18 15:54 - 00970752 _____ () C:\Program Files\OpenOffice.org 3\program\libxml2.dll
2014-07-12 07:43 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2014-07-12 07:43 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-06-18 18:05 - 2014-06-18 18:05 - 03852912 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2005-10-20 10:36 - 2005-10-20 10:36 - 00065536 ____R () C:\Program Files\HP\Digital Imaging\bin\crm\xmlparse.dll
2005-10-20 10:36 - 2005-10-20 10:36 - 00077824 ____R () C:\Program Files\HP\Digital Imaging\bin\crm\xmltok.dll
2014-07-08 22:07 - 2014-07-08 22:07 - 17029808 _____ () C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========


==================== Faulty Device Manager Devices =============

Name: Audio Device on High Definition Audio Bus
Description: Audio Device on High Definition Audio Bus
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/19/2014 01:44:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application SDWSCSvc.exe, version 2.3.39.2, faulting module SDWSCSvc.exe, version 2.3.39.2, fault address 0x000cba90.
Processing media-specific event for [SDWSCSvc.exe!ws!]

Error: (07/17/2014 01:51:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application SDWSCSvc.exe, version 2.3.39.2, faulting module SDWSCSvc.exe, version 2.3.39.2, fault address 0x000cba90.
Processing media-specific event for [SDWSCSvc.exe!ws!]

Error: (07/16/2014 01:38:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application SDWSCSvc.exe, version 2.3.39.2, faulting module SDWSCSvc.exe, version 2.3.39.2, fault address 0x000cba90.
Processing media-specific event for [SDWSCSvc.exe!ws!]

Error: (07/15/2014 05:50:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application SDWSCSvc.exe, version 2.3.39.2, faulting module SDWSCSvc.exe, version 2.3.39.2, fault address 0x000cba90.
Processing media-specific event for [SDWSCSvc.exe!ws!]

Error: (07/15/2014 11:10:33 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application SDWSCSvc.exe, version 2.3.39.2, faulting module SDWSCSvc.exe, version 2.3.39.2, fault address 0x000cba90.
Processing media-specific event for [SDWSCSvc.exe!ws!]

Error: (07/14/2014 03:19:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application SDWSCSvc.exe, version 2.3.39.2, faulting module SDWSCSvc.exe, version 2.3.39.2, fault address 0x000cba90.
Processing media-specific event for [SDWSCSvc.exe!ws!]

Error: (07/13/2014 06:26:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application SDWSCSvc.exe, version 2.3.39.2, faulting module SDWSCSvc.exe, version 2.3.39.2, fault address 0x000cba90.
Processing media-specific event for [SDWSCSvc.exe!ws!]

Error: (07/13/2014 08:50:05 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application SDWSCSvc.exe, version 2.3.39.2, faulting module SDWSCSvc.exe, version 2.3.39.2, fault address 0x000cba90.
Processing media-specific event for [SDWSCSvc.exe!ws!]

Error: (07/12/2014 06:37:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application SDWSCSvc.exe, version 2.3.39.2, faulting module SDWSCSvc.exe, version 2.3.39.2, fault address 0x000cba90.
Processing media-specific event for [SDWSCSvc.exe!ws!]

Error: (07/12/2014 06:30:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application SDWSCSvc.exe, version 2.3.39.2, faulting module SDWSCSvc.exe, version 2.3.39.2, fault address 0x000cba90.
Processing media-specific event for [SDWSCSvc.exe!ws!]


System errors:
=============
Error: (07/19/2014 01:45:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Security Center Service service failed to start due to the following error:
%%1053

Error: (07/19/2014 01:45:02 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security Center Service service to connect.

Error: (07/19/2014 01:45:02 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network DDE service depends on the Network DDE DSDM service which failed to start because of the following error:
%%1058

Error: (07/17/2014 01:52:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Security Center Service service failed to start due to the following error:
%%1053

Error: (07/17/2014 01:52:33 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security Center Service service to connect.

Error: (07/17/2014 01:52:33 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network DDE service depends on the Network DDE DSDM service which failed to start because of the following error:
%%1058

Error: (07/16/2014 01:38:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Security Center Service service failed to start due to the following error:
%%1053

Error: (07/16/2014 01:38:59 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security Center Service service to connect.

Error: (07/16/2014 01:38:59 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network DDE service depends on the Network DDE DSDM service which failed to start because of the following error:
%%1058

Error: (07/15/2014 05:50:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Security Center Service service failed to start due to the following error:
%%1053


Microsoft Office Sessions:
=========================
Error: (07/19/2014 01:44:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: SDWSCSvc.exe2.3.39.2SDWSCSvc.exe2.3.39.2000cba90

Error: (07/17/2014 01:51:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: SDWSCSvc.exe2.3.39.2SDWSCSvc.exe2.3.39.2000cba90

Error: (07/16/2014 01:38:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: SDWSCSvc.exe2.3.39.2SDWSCSvc.exe2.3.39.2000cba90

Error: (07/15/2014 05:50:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: SDWSCSvc.exe2.3.39.2SDWSCSvc.exe2.3.39.2000cba90

Error: (07/15/2014 11:10:33 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: SDWSCSvc.exe2.3.39.2SDWSCSvc.exe2.3.39.2000cba90

Error: (07/14/2014 03:19:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: SDWSCSvc.exe2.3.39.2SDWSCSvc.exe2.3.39.2000cba90

Error: (07/13/2014 06:26:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: SDWSCSvc.exe2.3.39.2SDWSCSvc.exe2.3.39.2000cba90

Error: (07/13/2014 08:50:05 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: SDWSCSvc.exe2.3.39.2SDWSCSvc.exe2.3.39.2000cba90

Error: (07/12/2014 06:37:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: SDWSCSvc.exe2.3.39.2SDWSCSvc.exe2.3.39.2000cba90

Error: (07/12/2014 06:30:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: SDWSCSvc.exe2.3.39.2SDWSCSvc.exe2.3.39.2000cba90


==================== Memory info ===========================

Percentage of memory in use: 31%
Total physical RAM: 2038.07 MB
Available physical RAM: 1400.9 MB
Total Pagefile: 3931.28 MB
Available Pagefile: 3409.47 MB
Total Virtual: 2047.88 MB
Available Virtual: 1924.64 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:298.08 GB) (Free:285.19 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 298 GB) (Disk ID: 30977E84)
Partition 1: (Active) - (Size=298 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#8 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,015 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:04:49 PM

Posted 19 July 2014 - 02:12 PM

Hi Bastille Day,

 

I have some bad news, an infection is your log has been identified as Expiro:

 

Expiro (Win32/Expiro) is a dangerous family of polymorphic file infectors which encrypts its code differently with each infection...meaning that the viral code inserted into each infected file is unique. Typically the virus infects executable files with .exe extensions in all drives, and steals user login credentials which it sends back to the attacker. It also allows backdoor access and control to the infected computer, lowers Internet Explorer settings and includes functionality to inject malicious code into web pages visited.

File Infector EXPIRO Hits US, Steals FTP Credentials

This attack used exploit kits (in particular Java and PDF exploits) to deliver file infectors onto vulnerable systems. Interestingly, these file infectors have information theft routines, which is a behavior not usually found among file infectors. These malware are part of PE_EXPIRO family, file infectors that was first spotted spotted in 2010. In addition to standard file infection routines, the variants seen in this attack also have information theft routines, an uncommon routine for file infectors.


W64.Xpiro

The virus infects all .exe files (32-bit and 64-bit) on the compromised computer and also on mapped or removable drives (C to Z).

The virus may install Firefox or Chrome extensions and perform the following actions:
• monitor browser activity
• redirect users to malicious URLs

The virus may steal the following information from the compromised computer:
• Language
• Product IDs
• System volume information
• Windows system information
• Email addresses
• Passwords
• Online banking information, including account numbers


Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Please read:

 

I can run some programs to attempt to clean this, but it's possible it may not be cleanable or your system could end up unbootable. Let me know what you want to do.

 

xXToffeeXx~ 


Edited by xXToffeeXx, 19 July 2014 - 02:12 PM.

~If I am helping you and you have not had a reply from me in two days, please send me a PM~

~Currently in my last year of school, so replies might be more delayed~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#9 Bastille Day

Bastille Day
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:11:49 AM

Posted 19 July 2014 - 02:33 PM

Toffee:

 

All I want is to be able to read some .txt files and copy / paste into a document then store in a safe location.

 

Would also like some of my images back as they took me years to acquire.

 

The computor expert here in town could re-install windows but if my old images and .txt files can not be saved, I will simply send the computor in for recycling.

 

If someone is tracking my every move, tell me and I will do away with this computer immeniately.



#10 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,015 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:04:49 PM

Posted 19 July 2014 - 02:52 PM

Hi Bastille Day,

 

Please upload a few txt and pictures which are not showing as they should here.

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

~Currently in my last year of school, so replies might be more delayed~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#11 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,015 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:04:49 PM

Posted 21 July 2014 - 07:14 AM

Hi Bastille Day,

 

I'm seeing if a colleague of mine will have a look at the files, in order to identify what has happened to them. This may take a little while, so I will get back to you when they reply to me.

 

xXToffeeXx~ 


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

~Currently in my last year of school, so replies might be more delayed~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#12 Bastille Day

Bastille Day
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:11:49 AM

Posted 21 July 2014 - 01:41 PM

Hi Bastille Day,

 

I'm seeing if a colleague of mine will have a look at the files, in order to identify what has happened to them. This may take a little while, so I will get back to you when they reply to me.

 

xXToffeeXx~ 

Thanks again and a few things to note for your own knowledge.

 

When .txt files are put in the bottom tray, they appear different.

 

They also will not respond to change in font size. I can still copy and paste new files. 

 

You will also notice, the icon in the Windows Picture and Fax Viewer to save the image, does not operate.



#13 Bastille Day

Bastille Day
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:11:49 AM

Posted 21 July 2014 - 09:00 PM

Also of note, only .jpg images on my desktop were affected.

 

A few images in the "My Pictures" folder in the "start" menu were not affected.



#14 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,015 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:04:49 PM

Posted 22 July 2014 - 12:49 PM

Hi Bastille Day,

 

Have you been hit with ransomware recently which puts up a screen claiming to encrypt files?

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

~Currently in my last year of school, so replies might be more delayed~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#15 Bastille Day

Bastille Day
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:11:49 AM

Posted 22 July 2014 - 02:55 PM

Hi Bastille Day,

 

Have you been hit with ransomware recently which puts up a screen claiming to encrypt files?

 

xXToffeeXx~

No, this is the odd thing about this.

 

No ransom demands, I have no idea why this would happen.

 

Microsoft has in the past tampered with my notepad documents because I would not buy Office 2010 after I accidently clicked on a 30 day trial period to read a document someone sent me.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users