Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Chrome Browser Update Virus - Please help remove


  • Please log in to reply
32 replies to this topic

#1 rdkapp

rdkapp

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:01:39 PM

Posted 01 November 2014 - 06:09 PM

When I boot to XP in my dual boot system (Win 7 & XP), I keep getting the pop-up window shown in the following image:  

 

sshot-8_zps52008787.jpg

 

Occasionally, I'm also getting the popup shown here:  

 

sshot-9_zps644a7f62.jpg

I know that this is not a valid notification, as Chrome updates itself.  I've run some antivirus programs, as well as Malwarebytes Anti-Malware (Free), Superantispyware, and a couple of other tools suggested by an Antimalware website to remove this Chrome Browser Update virus.  It did go away for a day or so, but it came right back.  My computer seems to be running fine other than this annoying popup, but I'm afraid it's working it's way up to doing additional damage.

 

I have noticed a couple of strange new folders in my Shared Documents folder since this started.  I've removed them several times, but they keep coming back.  One of the folders is named "Optimizer" and it contains a subfolder named "program" that contains 3 different installer files: (i) newver_89_1.6.6.0.exe; (ii) newver_94_1.6.7.0.exe; and (iii) updatex_Test002.exe.  The updatex_Test002.exe returns immediately upon reboot.  The other 2 files return after some time and I believe they are directly related to the pop-ups, as the pop-ups happen once they reappear.

 

The 2nd folder is named "Windows VXM" and it initially contained several files, but now it only comes back with a single file . . . systeinfo.vpx.  Perhaps the other files appear after the update is done, which I'm pretty sure that I did, initially.



BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:11:39 AM

Posted 01 November 2014 - 08:28 PM

p22002970.gif Download Security Check from here or here and save it to your Desktop.

  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run

p22002970.gif Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


p22002970.gif Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (do NOT change any settings here)
  • List Users, Partitions and Memory size
  • List Restore Points

Click Go and post the result.

p22002970.gif Please download Malwarebytes Anti-Malware to your desktop.
NOTE. If you already have MBAM 2.0 installed scroll down.

  • Double-click mb3-setup-1878.1878-3.5.1.2522.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:

    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.

  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.



If you already have MBAM 2.0 installed:

  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.


How to get logs:
(Export log to save as txt)


  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • Attach that saved log to your next reply.



(Copy to clipboard for pasting into forum replies or tickets)

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.


p22002970.gifDownload 51a5f31352b88-icon_MBAR.pngMalwarebytes Anti-Rootkit to your desktop.
  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • Double click on downloaded file. OK self extracting prompt.
  • MBAR will start. Click "Next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
  • When the scan is finished and no malware has been found select "Exit".
  • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
  • Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
  • "mbar-log-{date} (xx-xx-xx).txt"
  • "system-log.txt"



p22002970.gif Please download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.


If normal mode still doesn't work, run the tool from safe mode.

When the scan is done Notepad will open with rKill log.
Post it in your next reply.

NOTE. rKill.txt log will also be present on your desktop.

NOTE Do NOT wrap your logs in "quote" or "code" brackets.
Do NOT use spoilers.
Do NOT edit your reply to post additional logs. Create new reply. I'll not get any email notifications about edits so I won't know you posted something new.


My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#3 rdkapp

rdkapp
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:01:39 PM

Posted 02 November 2014 - 01:50 AM

Thanks Broni,

 

The following is the contents of the checkup.txt file:

 

 Results of screen317's Security Check version 0.99.89  
 Windows XP Service Pack 3 x86   
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Microsoft Security Essentials   
 Antivirus up to date! (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Out of date HijackThis  installed! 
 SUPERAntiSpyware     
 HijackThis 1.99.1    
 CCleaner     
 Java 7 Update 71  
 Java version out of Date! 
 Adobe Flash Player 15.0.0.189  
 Adobe Reader XI  
 Mozilla Firefox (33.0.2) 
 Google Chrome 38.0.2125.104  
 Google Chrome 38.0.2125.111  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:: 16% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log`````````````````````` 


#4 rdkapp

rdkapp
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:01:39 PM

Posted 02 November 2014 - 01:54 AM

The following is the contents of the FSS.txt file:

 

Farbar Service Scanner Version: 21-07-2014
Ran by Rodney (administrator) on 02-11-2014 at 01:53:36
Running from "C:\Documents and Settings\Rodney\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Disabled Policy: 
========================
 
 
Security Center:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Other Services:
==============
 
 
File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\afd.sys => File is digitally signed
C:\WINDOWS\system32\Drivers\netbt.sys => File is digitally signed
C:\WINDOWS\system32\Drivers\tcpip.sys => File is digitally signed
C:\WINDOWS\system32\Drivers\ipsec.sys => File is digitally signed
C:\WINDOWS\system32\dnsrslvr.dll => File is digitally signed
C:\WINDOWS\system32\ipnathlp.dll => File is digitally signed
C:\WINDOWS\system32\netman.dll => File is digitally signed
C:\WINDOWS\system32\wbem\WMIsvc.dll => File is digitally signed
C:\WINDOWS\system32\srsvc.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\sr.sys => File is digitally signed
C:\WINDOWS\system32\wscsvc.dll => File is digitally signed
C:\WINDOWS\system32\wbem\WMIsvc.dll => File is digitally signed
C:\WINDOWS\system32\wuauserv.dll => File is digitally signed
C:\WINDOWS\system32\qmgr.dll => File is digitally signed
C:\WINDOWS\system32\es.dll => File is digitally signed
C:\WINDOWS\system32\cryptsvc.dll => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
 
Extra List:
=======
Gpc(3) IPSec(5) NetBT(6) PSched(7) RFCOMM(8) Tcpip(4) 
0x080000000500000001000000020000000300000004000000060000000700000008000000
IpSec Tag value is correct.
 
**** End of log ****


#5 rdkapp

rdkapp
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:01:39 PM

Posted 02 November 2014 - 01:59 AM

The following is the contents of the Result.txt file from running MiniToolBox:

 

MiniToolBox by Farbar  Version: 21-07-2014
Ran by Rodney (administrator) on 02-11-2014 at 01:57:45
Running from "C:\Documents and Settings\Rodney\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
========================= FF Proxy Settings: ============================== 
 
========================= Hosts content: =================================
 
 
127.0.0.1       localhost
 
========================= IP Configuration: ================================
 
1394 Net Adapter = 1394 Connection (Connected)
Realtek PCIe GBE Family Controller = Local Area Connection (Connected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)
 
 
# ---------------------------------- 
# Interface IP Configuration         
# ---------------------------------- 
pushd interface ip
 
 
# Interface IP Configuration for "Local Area Connection"
 
set address name="Local Area Connection" source=dhcp 
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp
 
# Interface IP Configuration for "Bluetooth Network Connection"
 
set address name="Bluetooth Network Connection" source=dhcp 
set dns name="Bluetooth Network Connection" source=dhcp register=PRIMARY
set wins name="Bluetooth Network Connection" source=dhcp
 
 
popd
# End of interface IP configuration
 
 
 
 
Windows IP Configuration
 
 
 
        Host Name . . . . . . . . . . . . : kapp-110910
 
        Primary Dns Suffix  . . . . . . . : 
 
        Node Type . . . . . . . . . . . . : Mixed
 
        IP Routing Enabled. . . . . . . . : No
 
        WINS Proxy Enabled. . . . . . . . : No
 
        DNS Suffix Search List. . . . . . : hsd1.tx.comcast.net.
 
 
 
Ethernet adapter Local Area Connection:
 
 
 
        Connection-specific DNS Suffix  . : hsd1.tx.comcast.net.
 
        Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
 
        Physical Address. . . . . . . . . : 6C-F0-49-52-E7-7A
 
        Dhcp Enabled. . . . . . . . . . . : Yes
 
        Autoconfiguration Enabled . . . . : Yes
 
        IP Address. . . . . . . . . . . . : 192.168.1.119
 
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
 
        Default Gateway . . . . . . . . . : 192.168.1.1
 
        DHCP Server . . . . . . . . . . . : 192.168.1.1
 
        DNS Servers . . . . . . . . . . . : 192.168.1.1
 
        Lease Obtained. . . . . . . . . . : Saturday, November 01, 2014 2:06:15 PM
 
        Lease Expires . . . . . . . . . . : Saturday, November 08, 2014 2:06:15 PM
 
 
 
Ethernet adapter Bluetooth Network Connection:
 
 
 
        Media State . . . . . . . . . . . : Media disconnected
 
        Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network) #4
 
        Physical Address. . . . . . . . . : 00-18-E7-29-BD-5D
 
Server:  UnKnown
Address:  192.168.1.1
 
Name:    google.com
Addresses:  173.194.115.132, 173.194.115.128, 173.194.115.136, 173.194.115.131
 173.194.115.130, 173.194.115.137, 173.194.115.134, 173.194.115.129, 173.194.115.133
 173.194.115.142, 173.194.115.135
 
 
 
Pinging google.com [173.194.46.6] with 32 bytes of data:
 
 
 
Reply from 173.194.46.6: bytes=32 time=15ms TTL=55
 
Reply from 173.194.46.6: bytes=32 time=14ms TTL=55
 
 
 
Ping statistics for 173.194.46.6:
 
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
 
Approximate round trip times in milli-seconds:
 
    Minimum = 14ms, Maximum = 15ms, Average = 14ms
 
Server:  UnKnown
Address:  192.168.1.1
 
Name:    yahoo.com
Addresses:  98.139.183.24, 98.138.253.109, 206.190.36.45
 
 
 
Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
 
 
 
Reply from 206.190.36.45: bytes=32 time=61ms TTL=49
 
Reply from 206.190.36.45: bytes=32 time=61ms TTL=49
 
 
 
Ping statistics for 206.190.36.45:
 
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
 
Approximate round trip times in milli-seconds:
 
    Minimum = 61ms, Maximum = 61ms, Average = 61ms
 
 
 
Pinging 127.0.0.1 with 32 bytes of data:
 
 
 
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
 
 
Ping statistics for 127.0.0.1:
 
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
 
Approximate round trip times in milli-seconds:
 
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
 
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...6c f0 49 52 e7 7a ...... Realtek PCIe GBE Family Controller - Packet Scheduler Miniport
0x10004 ...00 18 e7 29 bd 5d ...... Bluetooth Device (Personal Area Network) #4
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1   192.168.1.119  20
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1  1
      192.168.1.0    255.255.255.0    192.168.1.119   192.168.1.119  20
    192.168.1.119  255.255.255.255        127.0.0.1       127.0.0.1  20
    192.168.1.255  255.255.255.255    192.168.1.119   192.168.1.119  20
        224.0.0.0        240.0.0.0    192.168.1.119   192.168.1.119  20
  255.255.255.255  255.255.255.255    192.168.1.119   192.168.1.119  1
  255.255.255.255  255.255.255.255    192.168.1.119           10004  1
Default Gateway:       192.168.1.1
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\system32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\system32\wshbth.dll [108032] (Microsoft Corporation)
Catalog9 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 20 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 21 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 22 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 23 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 24 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 25 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 26 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 27 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 28 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (10/31/2014 07:39:10 PM) (Source: Microsoft Fax) (User: )
Description: The Fax service failed to receive a fax.
From: .
CallerId: .
To: 713-777-5591 .
Pages: 0.
Device Name: LSI PCI-SV92PP Soft Modem.
 
Error: (10/31/2014 06:14:39 PM) (Source: Microsoft Fax) (User: )
Description: The Fax service failed to receive a fax.
From: .
CallerId: .
To: 713-777-5591 .
Pages: 0.
Device Name: LSI PCI-SV92PP Soft Modem.
 
Error: (10/30/2014 06:29:13 PM) (Source: Microsoft Fax) (User: )
Description: The Fax service failed to receive a fax.
From: .
CallerId: .
To: 713-777-5591 .
Pages: 0.
Device Name: LSI PCI-SV92PP Soft Modem.
 
Error: (10/30/2014 06:01:54 PM) (Source: Microsoft Fax) (User: )
Description: The Fax service failed to receive a fax.
From: .
CallerId: .
To: 713-777-5591 .
Pages: 0.
Device Name: LSI PCI-SV92PP Soft Modem.
 
Error: (10/30/2014 03:23:01 PM) (Source: Microsoft Fax) (User: )
Description: The Fax service failed to receive a fax.
From: .
CallerId: .
To: 713-777-5591 .
Pages: 0.
Device Name: LSI PCI-SV92PP Soft Modem.
 
Error: (10/30/2014 11:41:08 AM) (Source: Microsoft Fax) (User: )
Description: The Fax service failed to receive a fax.
From: .
CallerId: .
To: 713-777-5591 .
Pages: 0.
Device Name: LSI PCI-SV92PP Soft Modem.
 
Error: (10/30/2014 10:00:08 AM) (Source: Microsoft Fax) (User: )
Description: The Fax service failed to receive a fax.
From: .
CallerId: .
To: 713-777-5591 .
Pages: 0.
Device Name: LSI PCI-SV92PP Soft Modem.
 
Error: (10/30/2014 00:36:22 AM) (Source: Application Hang) (User: )
Description: Hanging application explorer.exe, version 6.0.2900.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (10/30/2014 00:36:22 AM) (Source: Application Hang) (User: )
Description: Hanging application explorer.exe, version 6.0.2900.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (10/29/2014 07:24:11 PM) (Source: Microsoft Fax) (User: )
Description: The Fax service failed to receive a fax.
From: .
CallerId: .
To: 713-777-5591 .
Pages: 0.
Device Name: LSI PCI-SV92PP Soft Modem.
 
 
System errors:
=============
Error: (11/01/2014 02:17:22 PM) (Source: Microsoft Antimalware) (User: )
Description: The support for your operating system has expired. Running %%860 on an out of support operating system is not an adequate solution to protect against threats.
 
Error: (11/01/2014 02:17:22 PM) (Source: Microsoft Antimalware) (User: )
Description: The support for your operating system has expired. Running %%860 on an out of support operating system is not an adequate solution to protect against threats.
 
Error: (11/01/2014 02:16:40 PM) (Source: Microsoft Antimalware) (User: )
Description: The support for your operating system has expired. Running %%860 on an out of support operating system is not an adequate solution to protect against threats.
 
Error: (11/01/2014 02:16:38 PM) (Source: Microsoft Antimalware) (User: )
Description: The support for your operating system has expired. Running %%860 on an out of support operating system is not an adequate solution to protect against threats.
 
Error: (11/01/2014 02:10:42 PM) (Source: Service Control Manager) (User: )
Description: The CyberLink Task Scheduler (CTS) service depends on the CyberLink Background Capture Service (CBCS) service which failed to start because of the following error: 
%%1070
 
Error: (11/01/2014 02:10:42 PM) (Source: Service Control Manager) (User: )
Description: The CyberLink Background Capture Service (CBCS) service hung on starting.
 
Error: (11/01/2014 02:08:54 PM) (Source: Service Control Manager) (User: )
Description: The Garmin Core Update Service service failed to start due to the following error: 
%%1053
 
Error: (11/01/2014 02:08:53 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the Garmin Core Update Service service to connect.
 
Error: (11/01/2014 02:06:42 PM) (Source: Microsoft Antimalware) (User: )
Description: The support for your operating system has expired. Running %%860 on an out of support operating system is not an adequate solution to protect against threats.
 
Error: (11/01/2014 04:44:06 AM) (Source: DCOM) (User: KAPP-110910)
Description: The server {022105BD-948A-40C9-AB42-A3300DDF097F} did not register with DCOM within the required timeout.
 
 
Microsoft Office Sessions:
=========================
Error: (10/31/2014 07:39:10 PM) (Source: Microsoft Fax)(User: )
Description: 713-777-5591 0LSI PCI-SV92PP Soft Modem
 
Error: (10/31/2014 06:14:39 PM) (Source: Microsoft Fax)(User: )
Description: 713-777-5591 0LSI PCI-SV92PP Soft Modem
 
Error: (10/30/2014 06:29:13 PM) (Source: Microsoft Fax)(User: )
Description: 713-777-5591 0LSI PCI-SV92PP Soft Modem
 
Error: (10/30/2014 06:01:54 PM) (Source: Microsoft Fax)(User: )
Description: 713-777-5591 0LSI PCI-SV92PP Soft Modem
 
Error: (10/30/2014 03:23:01 PM) (Source: Microsoft Fax)(User: )
Description: 713-777-5591 0LSI PCI-SV92PP Soft Modem
 
Error: (10/30/2014 11:41:08 AM) (Source: Microsoft Fax)(User: )
Description: 713-777-5591 0LSI PCI-SV92PP Soft Modem
 
Error: (10/30/2014 10:00:08 AM) (Source: Microsoft Fax)(User: )
Description: 713-777-5591 0LSI PCI-SV92PP Soft Modem
 
Error: (10/30/2014 00:36:22 AM) (Source: Application Hang)(User: )
Description: explorer.exe6.0.2900.5512hungapp0.0.0.000000000
 
Error: (10/30/2014 00:36:22 AM) (Source: Application Hang)(User: )
Description: explorer.exe6.0.2900.5512hungapp0.0.0.000000000
 
Error: (10/29/2014 07:24:11 PM) (Source: Microsoft Fax)(User: )
Description: 713-777-5591 0LSI PCI-SV92PP Soft Modem
 
 
 
=========================== Installed Programs ============================
7-Zip 9.20 (HKLM\...\{23170F69-40C1-2701-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
7-Zip 9.21 (HKLM\...\{23170F69-40C1-2701-0921-000001000000}) (Version: 9.21.00.0 - Igor Pavlov)
7-Zip 9.22beta (HKLM\...\7-Zip) (Version:  - )
Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.5.0.16600 - Adobe Systems Inc.)
Adobe AIR (Version: 2.5.0.16600 - Adobe Systems Inc.) Hidden
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.8.638 - Adobe Systems, Inc.)
Advertising Center (Version: 0.0.0.2 - Nero AG) Hidden
Aiseesoft DVD Ripper 6.2.26 (HKLM\...\{D6BAD6AB-D3D9-46ad-B2C4-5A969006CE48}_is1) (Version:  - )
Aiseesoft Total Media Converter 6.2.26 (HKLM\...\{42087B24-ECD8-41d2-8053-E6EB99E5083F}_is1) (Version:  - )
AMD Catalyst Install Manager (HKLM\...\{B293548D-735F-1F86-1C9C-1A56B8928FEE}) (Version: 8.0.873.0 - Advanced Micro Devices, Inc.)
AMD Processor Driver (HKLM\...\{C151CE54-E7EA-4804-854B-F515368B0798}) (Version: 1.3.2.0053 - AMD)
Apple Application Support (HKLM\...\{F5266D28-E0B2-4130-BFC5-EE155AD514DC}) (Version: 2.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 1.2.6 (HKLM\...\Audacity_is1) (Version:  - )
BitPim 1.0.7 (HKLM\...\{FA61D601-A0FC-48BD-AE7A-54946BCD7FB6}_is1) (Version: 1.0.7 - Joe Pham <djpham@bitpim.org>)
Browser Configuration Utility (HKLM\...\{5B363E1D-8C36-4458-BAE4-D5081999E094}) (Version: 1.1.11.0 - DeviceVM)
Bullzip PDF Printer 7.2.0.1320 (HKLM\...\Bullzip PDF Printer_is1) (Version: 7.2.0.1320 - Bullzip)
CardRecovery 6.00 (HKLM\...\{88D68A69-D247-466B-90DD-575F6BE16230}_is1) (Version:  - WinRecovery Software)
Catalyst Control Center - Branding (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (Version: 2012.0405.2154.37503 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (Version: 2012.0405.2154.37503 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (Version: 2012.0405.2154.37503 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (Version: 2012.0405.2154.37503 - Advanced Micro Devices, Inc.) Hidden
Catalyst Media Center (HKLM\...\{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version:  - )
Catalyst Media Center DVD Authoring Module (HKLM\...\{FC4F90EC-B1DA-11D9-9D77-000129760D75}) (Version:  - )
CCC Help Chinese Standard (Version: 2012.0405.2153.37503 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (Version: 2012.0405.2153.37503 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (Version: 2012.0405.2153.37503 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (Version: 2012.0405.2153.37503 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (Version: 2012.0405.2153.37503 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (Version: 2012.0405.2153.37503 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (Version: 2012.0405.2153.37503 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (Version: 2012.0405.2153.37503 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (Version: 2012.0405.2153.37503 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (Version: 2012.0405.2153.37503 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (Version: 2012.0405.2153.37503 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (Version: 2012.0405.2153.37503 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (Version: 2012.0405.2153.37503 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (Version: 2012.0405.2153.37503 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (Version: 2012.0405.2153.37503 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (Version: 2012.0405.2153.37503 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (Version: 2012.0405.2153.37503 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (Version: 2012.0405.2153.37503 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (Version: 2012.0405.2153.37503 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (Version: 2012.0405.2153.37503 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (Version: 2012.0405.2153.37503 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (Version: 2012.0405.2153.37503 - Advanced Micro Devices, Inc.) Hidden
ccc-utility (Version: 2012.0405.2154.37503 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)
Citrix Authentication Manager (Version: 5.1.0.62606 - Citrix Systems, Inc.) Hidden
Citrix Online Launcher (HKLM\...\{AC7E7905-8C59-4806-A96D-30936A2B1FC5}) (Version: 1.0.168 - Citrix)
Citrix Receiver (HDX Flash Redirection) (Version: 14.1.0.0 - Citrix Systems, Inc.) Hidden
Citrix Receiver (HKLM\...\CitrixOnlinePluginPackWeb) (Version: 14.1.0.0 - Citrix Systems, Inc.)
Citrix Receiver Inside (Version: 4.1.0.56471 - Citrix Systems, Inc.) Hidden
Citrix Receiver Updater (Version: 4.1.0.56461 - Citrix Systems, Inc.) Hidden
Citrix Receiver(Aero) (Version: 14.1.0.0 - Citrix Systems, Inc.) Hidden
Citrix Receiver(DV) (Version: 14.1.0.0 - Citrix Systems, Inc.) Hidden
Citrix Receiver(USB) (Version: 14.1.0.0 - Citrix Systems, Inc.) Hidden
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CPUID HWMonitor 1.16 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
CutePDF Writer 2.4 (HKLM\...\CutePDF Writer Installation) (Version:  - )
Data Lifeguard Tools (HKLM\...\{2C0A655C-61E7-428A-8ED2-23A3D20E7DD2}) (Version:  - )
Driver Detective (HKLM\...\{4640FDE1-B83A-4376-84ED-86F86BEE2D41}) (Version: 8.0.1 - PC Drivers HeadQuarters)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
DVD Decrypter (Remove Only) (HKLM\...\DVD Decrypter) (Version:  - )
DVD Shrink 3.2 (HKLM\...\DVD Shrink_is1) (Version:  - DVD Shrink)
Easy Driver Pro v8.03 (HKLM\...\Easy Driver Pro_is1) (Version: 8.03 - Probit Software LTD)
EasySaver B9.0904.1  (HKLM\...\{07300F01-89CA-4CF8-92BD-2A605EB83C95}) (Version: 1.00.0000 - Gigabyte)
Elevated Installer (Version: 2.2.17 - Garmin Ltd or its subsidiaries) Hidden
Emicsoft M2TS Converter (HKLM\...\Emicsoft M2TS Converter_is1) (Version:  - )
eReg (Version: 1.20.138.34 - Logitech, Inc.) Hidden
ExifPro 2.0 Photo Viewer (HKLM\...\ExifPro 2.0) (Version:  - )
EXIFutils for Windows (HKLM\...\EXIFutils for Windows) (Version: 3.14 - Hugsan Pty. Ltd.)
FaxTalk Communicator 4.5 (HKLM\...\FaxTalk Communicator 4.5) (Version:  - )
ffdshow v1.1.3562 [2010-09-07] (HKLM\...\ffdshow_is1) (Version: 1.1.3562.0 - )
Foxit Cloud (HKLM\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 1.5.129.617 - Foxit Corporation)
Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 6.2.1.618 - Foxit Corporation)
Garmin Express (HKLM\...\{bd9bc494-8cd2-4ae2-92fe-6a3dda9c3ee9}) (Version: 2.2.17 - Garmin Ltd or its subsidiaries)
Garmin Express (Version: 2.2.17 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (Version: 2.2.17 - Garmin Ltd or its subsidiaries) Hidden
Garmin Update Service (Version: 2.2.17 - Garmin Ltd or its subsidiaries) Hidden
Garmin USB Drivers (HKLM\...\{ABA5E381-EC46-425C-86C5-5CD15BBFB4BF}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Gigabyte Raid Cinfigurer (HKLM\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.00.0001 - GIGABYTE Technologies, Inc.)
GoldWave v5.14 (HKLM\...\GoldWave v5.14) (Version:  - )
Google Chrome (HKLM\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.25.5 - Google Inc.) Hidden
GoToMeeting 6.4.5.1865 (HKCU\...\GoToMeeting) (Version: 6.4.5.1865 - CitrixOnline)
H&R Block Deluxe + Efile 2012 (HKLM\...\{89D20029-0578-4D8D-979A-695C8D868868}) (Version: 12.04.7803 - HRB Technology, LLC.)
H&R Block Deluxe + Efile 2013 (HKLM\...\{AD9F55C5-93F8-4CAB-A311-77C195912CA4}) (Version: 13.04.7601 - HRB Technology, LLC.)
High Definition Audio Driver Package - KB888111 (HKLM\...\KB888111WXPSP2) (Version: 20040219.000000 - Microsoft Corporation)
HijackThis 1.99.1 (HKLM\...\HijackThis) (Version: 1.99.1 - Soeperman Enterprises Ltd.)
Hotfix 2055 for SQL Server 2000 ENU (KB960082) (HKLM\...\KB960082(ENU)) (Version: 1 - Microsoft Corporation)
HP LaserJet 1200 Uninstaller (HKLM\...\HP LaserJet 1200 Uninstaller) (Version:  - )
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HRBlockDirect version 1.1.2.0 (HKLM\...\{631EFC00-5A7A-4A90-9578-039EDA92DE0F}_is1) (Version: 1.1.2.0 - HRBlock)
HyperLoad - Mah Jongg (HKLM\...\{B314244C-753A-413B-B0F1-30972D6B58A0}) (Version: 2.0 - Kraft)
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.1.0 - LIGHTNING UK!)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.28 - Irfan Skiljan)
Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Java Auto Updater (Version: 2.1.71.14 - Oracle, Inc.) Hidden
Juniper Networks Host Checker (HKCU\...\Neoteris_Host_Checker) (Version: 7.0.0.17925 - Juniper Networks)
Juniper Networks, Inc. Setup Client (HKCU\...\Juniper_Setup_Client) (Version: 7.1.6.17115 - Juniper Networks, Inc.)
KeeForm 2.02 (HKLM\...\KeeForm2KP1_is1) (Version: 2.02 - Dave)
KeePass Password Safe 1.17 (HKLM\...\KeePass Password Safe_is1) (Version: 1.17 - Dominik Reichl)
KProbe 2.5.2 (HKLM\...\KProbe) (Version:  - )
LG USB Modem driver (HKLM\...\{C3ABE126-2BB2-4246-BFE1-6797679B3579}) (Version:  - )
Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech)
LSI PCI-SV92PP Soft Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.98 - LSI Corporation)
Magical Jelly Bean KeyFinder (HKLM\...\KeyFinder_is1) (Version: 2.0.9.8 - Magical Jelly Bean)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
marvell 91xx driver (HKLM\...\MagniDriver) (Version: 1.0.0.1027 - Marvell)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 (Version:  - Microsoft Corporation) Hidden
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 (Version:  - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Standard Edition 2003 (HKLM\...\{91120409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server Desktop Engine (PINNACLESYS) (HKLM\...\{E09B48B5-E141-427A-AB0C-D3605127224A}) (Version: 8.00.2039 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft WinUsb 1.0 (HKLM\...\winusb0100) (Version:  - Microsoft Corporation)
Motorola Device Manager (HKLM\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.4.5 - Motorola Mobility)
Motorola Device Software Update (Version: 13.09.3001 - Motorola Mobility) Hidden
Motorola Mobile Drivers Installation 6.3.0 (HKLM\...\{A55747C1-4651-433D-B082-478874FF7516}) (Version: 6.3.0 - Motorola Mobility LLC)
Mozilla Firefox 33.0.2 (x86 en-US) (HKLM\...\Mozilla Firefox 33.0.2 (x86 en-US)) (Version: 33.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Music Manager (HKCU\...\MusicManager) (Version:  - Google, Inc.)
NEC Electronics USB 3.0 Host Controller Driver (HKLM\...\InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}) (Version: 1.0.14.0 - NEC Electronics Corporation)
NEC Electronics USB 3.0 Host Controller Driver (Version: 1.0.14.0 - NEC Electronics Corporation) Hidden
Nero ControlCenter (Version: 9.0.0.1 - Nero AG) Hidden
Nero Installer (Version: 4.4.9.0 - Nero AG) Hidden
Nero MediaHome 4 (Version: 4.5.9.4 - Nero AG) Hidden
Nero MediaHome 4 Essentials (HKLM\...\{2c67fc60-9346-4f61-93a3-04b7b628b338}) (Version:  - Nero AG)
Nero MediaHome 4 Help (Version: 4.5.5.0 - Nero AG) Hidden
Nero Online Upgrade (Version: 1.3.0.0 - Nero AG) Hidden
nLite 1.4.9.3 (HKLM\...\nLite_is1) (Version: 1.4.9.3 - Dino Nuhagic (nuhi))
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
Online Plug-in (Version: 14.1.0.0 - Citrix Systems, Inc.) Hidden
Paint.NET v3.36 (HKLM\...\{43602F34-1AA3-44FB-AEB2-D08C2C73743F}) (Version: 3.36.0 - dotPDN LLC)
Pinnacle Instant DVD Recorder (HKLM\...\{EF781A5C-58F5-4BFD-87F9-E4F14D382F25}) (Version: 1.70.127 - )
Pinnacle MediaServer (HKLM\...\{460CE8B9-6EC2-458A-90D4-691631ECE9D9}) (Version: 1.10.166 - )
PMB (HKLM\...\{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}) (Version: 5.5.02.12220 - Sony Corporation)
PMB Updater (HKLM\...\{A0BB1E68-1DD0-4acd-AD82-EDA0E49F0615}) (Version: 5.6.01.03300 - Sony Corporation)
proDAD Heroglyph 2.5 (HKLM\...\proDAD-Heroglyph-2.5) (Version:  - )
QuickTime (HKLM\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
RealArcade (HKLM\...\RealArcade 1.2) (Version:  - )
REALTEK GbE & FE Ethernet PCI-E NIC Driver (HKLM\...\{C9BED750-1211-4480-B1A5-718A3BE15525}) (Version: 1.24.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.5964 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.22.0 - SAMSUNG Electronics Co., Ltd.)
SearchDiggity (HKLM\...\{5DDE2CAE-A0A7-4CC0-ADE1-50304E63C155}) (Version: 3.0.0 - Stach & Liu)
SeaTools for Windows (HKLM\...\{98613C99-1399-416C-A07C-1EE1C585D872}) (Version: 1.2.0.6 - Seagate Technology)
Self-service Plug-in (Version: 4.1.0.41738 - Citrix Systems, Inc.) Hidden
SmartSound Quicktracks Plugin (HKLM\...\InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}) (Version: 3.0.2.7 - SmartSound Software Inc)
SmartSound Quicktracks Plugin (Version: 3.0.2.7 - SmartSound Software Inc) Hidden
SmartWebPrinting (Version: 140.0.186.000 - Hewlett-Packard) Hidden
Solid YouTube Downloader and Converter 6.1.9.0 (HKLM\...\{66732EEE-ECBC-4CA6-A474-ytd}_is1) (Version:  - DreamVideoSoft,Inc.)
Studio 10 (HKLM\...\{3CB05291-F546-458E-A796-B5BCF5A3CDC4}) (Version: 10.6 - Pinnacle Systems)
Studio 10 Bonus DVD (HKLM\...\{6A012D9C-2E2E-405A-B87C-E909F5297C3F}) (Version: 10.0.000 - )
Studio 10.8 Patch (Version: 10.8.0.4641 - Pinnacle Systems) Hidden
SUABnR (HKLM\...\InstallShield_{2485354C-6B65-4978-BB91-CCE61442377B}) (Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.)
SUABnR (Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.) Hidden
SUPER © v2014.build.62+Recorder (2014/09/21) version v2014.buil (HKLM\...\{8E2A18E2-96AF-8649-4DE7-5C06C90719A4}_is1) (Version: v2014.build.62+Recorder - eRightSoft)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 4.45.1000 - SUPERAntiSpyware.com)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
SysInfoTools DBX Recovery Demo v2.0 (HKLM\...\{438D500C-8D3F-4574-B70B-4FF13B82891B}_is1) (Version:  - SysInfoTools)
System Requirements Lab for Intel (HKLM\...\{53C63F43-B827-42D9-8886-4698D91EA33B}) (Version: 4.5.15.0 - Husdawg, LLC)
Tweak UI (HKLM\...\Tweak UI 2.10) (Version:  - )
Unknown Device Identifier 8.00 (HKLM\...\Unknown Device Identifier_is1) (Version:  - Huntersoft)
Unlocker 1.9.1 (HKLM\...\Unlocker) (Version: 1.9.1 - Cedrick Collomb)
Update 4.0.3 for Microsoft .NET Framework 4 Client Profile (KB2600211) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2600211) (Version: 1 - Microsoft Corporation)
Update 4.0.3 for Microsoft .NET Framework 4 Extended (KB2600211) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2600211) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB2362765) (HKLM\...\KB2362765-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB2598845) (HKLM\...\KB2598845-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB976662) (HKLM\...\KB976662-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2141007) (HKLM\...\KB2141007) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2467659) (HKLM\...\KB2467659) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2541763) (HKLM\...\KB2541763) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2607712) (HKLM\...\KB2607712) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2616676-v2) (HKLM\...\KB2616676-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2641690) (HKLM\...\KB2641690) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2718704) (HKLM\...\KB2718704) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951978) (Version: 1 - Microsoft Corporation) Hidden
Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB967715) (HKLM\...\KB967715) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971737) (HKLM\...\KB971737) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
Veetle TV 0.9.18 (HKLM\...\Veetle TV) (Version: 0.9.18 - Veetle, Inc)
Verizon Wireless Software Upgrade Assistant - Samsung(ar) (HKLM\...\{D31032BD-B70C-4E1E-8BE3-0B870A910983}) (Version: 2.14.1002 - Samsung Electronics Co., Ltd.)
Verizon Wireless Software Utility Application for Android - Samsung (HKLM\...\{74870974-832F-42D3-8047-D87A5A722CC3}) (Version: 2.14.1002 - Samsung Electronics Co., Ltd.)
VLC media player 1.1.9 (HKLM\...\VLC media player) (Version: 1.1.9 - VideoLAN)
WD Discovery Software (HKLM\...\{324F388E-4F28-42D6-ADD1-9AB27D249523}) (Version: 1.70 - Western Digital)
Web Launcher (HKCU\...\fc3ac04dc8eedef7) (Version: 1.0.0.20 - ShowMyPC)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WinDFT (HKLM\...\{065F384A-5C64-4532-814A-A24BA5374503}) (Version: 1.0.0 - HGST)
Windows 7 Upgrade Advisor (HKLM\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Format 11 runtime (Version:  - Microsoft Corporation) Hidden
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows Media Player 11 (Version:  - Microsoft Corporation) Hidden
Windows PowerShell™ 1.0 (HKLM\...\KB926139-v2) (Version: 2 - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
WinMerge 2.12.4 (HKLM\...\WinMerge_is1) (Version: 2.12.4 - Thingamahoochie Software)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
WinSnap (HKLM\...\WinSnap) (Version: 1.1.9 - NTWind Software)
XnView 1.97.6 (HKLM\...\XnView_is1) (Version: 1.97.6 - Gougelet Pierre-e)
 
========================= Devices: ================================
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 94%
Total physical RAM: 3326.42 MB
Available physical RAM: 196.69 MB
Total Pagefile: 5209.43 MB
Available Pagefile: 1768.75 MB
Total Virtual: 2047.88 MB
Available Virtual: 1982.61 MB
 
========================= Partitions: =====================================
 
2 Drive c: () (Fixed) (Total:58.59 GB) (Free:6.9 GB) NTFS
3 Drive d: (Local Disk) (Fixed) (Total:39.06 GB) (Free:38.58 GB) NTFS
4 Drive e: (Local Disk) (Fixed) (Total:135.23 GB) (Free:72.49 GB) NTFS
5 Drive f: () (Fixed) (Total:20 GB) (Free:7.96 GB) NTFS
6 Drive g: () (Fixed) (Total:20 GB) (Free:14.99 GB) NTFS
7 Drive h: () (Fixed) (Total:109.05 GB) (Free:11.36 GB) NTFS
10 Drive k: () (Fixed) (Total:55.9 GB) (Free:37.18 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\KAPP-110910
 
Administrator            ASPNET                   Guest                    
HelpAssistant            NeroMediaHomeUser.4      Rodney                   
SUPPORT_388945a0         
 
========================= Restore Points ==================================
 
23-09-2014 19:19:54 Software Distribution Service 3.0
24-09-2014 20:16:48 System Checkpoint
26-09-2014 04:05:50 Software Distribution Service 3.0
27-09-2014 17:10:28 Software Distribution Service 3.0
28-09-2014 07:19:06 Software Distribution Service 3.0
29-09-2014 18:43:41 Software Distribution Service 3.0
30-09-2014 19:02:04 System Checkpoint
01-10-2014 19:20:31 Software Distribution Service 3.0
03-10-2014 00:30:00 System Checkpoint
03-10-2014 15:25:46 Software Distribution Service 3.0
05-10-2014 19:42:22 Software Distribution Service 3.0
06-10-2014 22:23:21 System Checkpoint
07-10-2014 18:51:12 Software Distribution Service 3.0
08-10-2014 19:06:39 Software Distribution Service 3.0
09-10-2014 19:08:34 System Checkpoint
14-10-2014 17:24:07 Software Distribution Service 3.0
15-10-2014 08:00:19 Software Distribution Service 3.0
15-10-2014 18:20:19 Revo Uninstaller's restore point - McAfee Security Scan Plus
16-10-2014 13:14:04 Software Distribution Service 3.0
17-10-2014 13:51:42 Software Distribution Service 3.0
17-10-2014 17:54:37 Removed Java 7 Update 67
17-10-2014 17:55:26 Installed Java 7 Update 71
18-10-2014 21:35:06 Software Distribution Service 3.0
19-10-2014 07:33:35 Software Distribution Service 3.0
20-10-2014 19:05:25 Software Distribution Service 3.0
20-10-2014 23:12:46 Revo Uninstaller's restore point - SmartMediaConverter
22-10-2014 01:52:27 System Checkpoint
22-10-2014 04:39:53 Installed Verizon Wireless Software Utility Application for Android - Samsung.
22-10-2014 04:43:13 Installed Verizon Wireless Software Upgrade Assistant - Samsung(ar).
22-10-2014 04:44:27 Installed SUABnR
22-10-2014 09:24:24 Software Distribution Service 3.0
22-10-2014 09:38:32 Installed SUABnR
23-10-2014 19:08:48 Software Distribution Service 3.0
24-10-2014 20:43:25 System Checkpoint
25-10-2014 20:41:50 Software Distribution Service 3.0
26-10-2014 07:19:13 Software Distribution Service 3.0
27-10-2014 14:12:55 Software Distribution Service 3.0
28-10-2014 04:15:53 Checkpoint by HitmanPro
28-10-2014 04:16:50 Checkpoint by HitmanPro
28-10-2014 17:56:12 Software Distribution Service 3.0
28-10-2014 18:20:56 Removed Verizon Wireless Software Utility Application for Android - Samsung.
29-10-2014 18:47:19 System Checkpoint
30-10-2014 13:51:58 Software Distribution Service 3.0
31-10-2014 18:51:48 Software Distribution Service 3.0
01-11-2014 19:17:02 Software Distribution Service 3.0
 
**** End of log ****


#6 rdkapp

rdkapp
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:01:39 PM

Posted 02 November 2014 - 02:46 AM

I will run MBAM and the rest of the programs and post their logs tomorrow.  In the meantime, if there is anything that jumps out at you from the logs already posted, please let me know.

 

Thanks again for your help.



#7 rdkapp

rdkapp
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:01:39 PM

Posted 02 November 2014 - 12:21 PM

Below is the contents of the MBAM log file.  I have run MBAM several times over the past week or so.  If you think any of those logs may contain pertinent information, please let me know, and I'll post them.

 

Malwarebytes Anti-Malware

www.malwarebytes.org
 
Scan Date: 11/2/2014
Scan Time: 1:01:34 AM
Logfile: MBAM log110214.txt
Administrator: Yes
 
Version: 2.00.3.1025
Malware Database: v2014.11.02.02
Rootkit Database: v2014.11.01.02
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Rodney
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 348711
Time Elapsed: 24 min, 48 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

Edited by rdkapp, 02 November 2014 - 12:32 PM.


#8 rdkapp

rdkapp
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:01:39 PM

Posted 02 November 2014 - 01:02 PM

The following is the contents of the mbar-log-2014-11-02 (11-26-10).txt file:

 

Malwarebytes Anti-Rootkit BETA 1.07.0.1012
www.malwarebytes.org
 
Database version: v2014.11.02.05
 
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Rodney :: KAPP-110910 [administrator]
 
11/2/2014 11:26:10 AM
mbar-log-2014-11-02 (11-26-10).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 347732
Time elapsed: 13 minute(s), 41 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)


#9 rdkapp

rdkapp
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:01:39 PM

Posted 02 November 2014 - 01:03 PM

The following is the contents of the MBAR system-log.txt file:

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1012
 
© Malwarebytes Corporation 2011-2012
 
OS version: 5.1.2600 Windows XP Service Pack 3 x86
 
Account is Administrative
 
Internet Explorer version: 8.0.6001.18702
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED, F:\ DRIVE_FIXED, G:\ DRIVE_FIXED, H:\ DRIVE_FIXED, K:\ DRIVE_FIXED
CPU speed: 3.013000 GHz
Memory total: 3488002048, free: 982241280
 
Downloaded database version: v2014.11.02.05
Downloaded database version: v2014.11.01.02
=======================================
Initializing...
Done!
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 81358135
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63  Numsec = 122880177
    Partition file system is NTFS
    Partition is bootable
 
    Partition 1 type is Extended with LBA (0xf)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 122880240  Numsec = 365515920
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 250059350016 bytes
Sector size: 512 bytes
 
Scanning physical sectors of unpartitioned space on drive 0 (1-62-488377168-488397168)...
Done!
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 48CE48CE
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63  Numsec = 41945652
    Partition file system is NTFS
    Partition is bootable
 
    Partition 1 type is Extended with LBA (0xf)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 41945715  Numsec = 270630990
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 160041885696 bytes
Sector size: 512 bytes
 
Done!
Drive 2
Scanning MBR on drive 2...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: CFBDF56C
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048  Numsec = 117225472
 
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 60022480896 bytes
Sector size: 512 bytes
 
Done!
Scan finished
=======================================
 
 
Removal queue found; removal started
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\VBR-0-0-63-i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\VBR-1-0-63-i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-2-i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-2-r.mbam...
Removal finished


#10 rdkapp

rdkapp
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:01:39 PM

Posted 02 November 2014 - 01:07 PM

The following is the contents of the Rkill.txt file:

 

Rkill 2.6.8 by Lawrence Abrams (Grinler)
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 11/02/2014 12:04:22 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * Reparse Point/Junctions Found (Most likely legitimate)!
 
     * C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a => C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492 [Dir]
     * C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler\v4.0_4.0.0.0__31bf3856ad364e35 => C:\WINDOWS\WinSxS\MSIL_Microsoft.Workflow.Compiler_31bf3856ad364e35_4.0.0.0_x-ww_97359ba5 [Dir]
 
Checking Windows Service Integrity: 
 
 * No issues found.
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * HOSTS file entries found: 
 
  127.0.0.1       localhost
 
Program finished at: 11/02/2014 12:05:17 PM
Execution time: 0 hours(s), 0 minute(s), and 55 seconds(s)


#11 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:11:39 AM

Posted 02 November 2014 - 01:54 PM

p22002970.gif Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

p22002970.gif Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.


p22002970.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.


p22002970.gif Please run a free online scan with the ESET Online Scanner.

  • Disable your antivirus program
  • Internet Explorer users - Click on this link to open ESET OnlineScan.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on ESET Smart Installer to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Check "Enable detection of potentially unwanted applications".
  • Click Advanced settings and make sure all 4 boxes are checkmarked (two of them are already checkmarked by default).
    Do NOT checkmark "Use custom proxy settings"
  • Click the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.


My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#12 rdkapp

rdkapp
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:01:39 PM

Posted 02 November 2014 - 04:45 PM

The following is the contents of the AdwCleaner[S0].txt file:

 

# AdwCleaner v3.311 - Report created 02/11/2014 at 15:35:03
# Updated 30/09/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Rodney - KAPP-110910
# Running from : C:\Documents and Settings\Rodney\Desktop\adwcleaner_3.311.exe
# Option : Clean
 
***** [ Services ] *****
 
Service Deleted : BCUService
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\Probit Software
Folder Deleted : C:\Program Files\DeviceVM
Folder Deleted : C:\Program Files\Probit Software
Folder Deleted : C:\Documents and Settings\NeroMediaHomeUser.4\Application Data\HPAppData
Folder Deleted : C:\Documents and Settings\Rodney\Application Data\HPAppData
Folder Deleted : C:\Documents and Settings\Rodney\Application Data\Probit Software
File Deleted : C:\END
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\AddressBarSearch.SearchHook
Key Deleted : HKLM\SOFTWARE\Classes\AddressBarSearch.SearchHook.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [BCU]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{77AA6435-2488-4A94-9FE5-49519DD2ED9B}
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\WINDOWS\system32\ARFC\wrtc.exe]
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\DeviceVM
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKLM\SOFTWARE\DeviceVM
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
 
-\\ Mozilla Firefox v33.0.2 (x86 en-US)
 
[ File : C:\Documents and Settings\Rodney\Application Data\Mozilla\Firefox\Profiles\7c1lvhdf.default\prefs.js ]
 
 
-\\ Google Chrome v38.0.2125.111
 
[ File : C:\Documents and Settings\NeroMediaHomeUser.4\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
 
[ File : C:\Documents and Settings\Rodney\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3326235&octid=EB_ORIGINAL_CTID&ISID=M8030AC6E-CDC2-4848-ABBF-C81F0FCB503F&SearchSource=58&CUI=&UM=5&UP=SP4DA3CCDB-7A31-4784-9CA8-D41B76AE4AF4&q={searchTerms}&SSPV=
 
*************************
 
AdwCleaner[R0].txt - [71660 octets] - [28/10/2014 01:59:09]
AdwCleaner[R1].txt - [3014 octets] - [02/11/2014 15:28:57]
AdwCleaner[S0].txt - [2985 octets] - [02/11/2014 15:35:03]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3045 octets] ##########


#13 rdkapp

rdkapp
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:01:39 PM

Posted 02 November 2014 - 04:58 PM

Below is the contents of the JRT.txt file.  I ran the Junkware Removal Tool back on 10/28/14 and have saved the log file from that date.  It has significantly more data in it.  If you think that log may contain pertinent information, please let me know, and I'll post it.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.5 (10.31.2014:1)
OS: Microsoft Windows XP x86
Ran by Rodney on Sun 11/02/2014 at 15:52:19.87
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ FireFox
 
Emptied folder: C:\Documents and Settings\Rodney\Application Data\mozilla\firefox\profiles\7c1lvhdf.default\minidumps [12 files]
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 11/02/2014 at 15:54:41.82
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#14 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:11:39 AM

Posted 02 November 2014 - 07:07 PM

I don't need that log.


My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#15 rdkapp

rdkapp
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:01:39 PM

Posted 02 November 2014 - 09:22 PM

Below is the list of threats from the ESET Online Scanner.  The 1st file in the list is one of the files I mentioned in my initial post.  I keep deleting it and it keeps coming back.

 

C:\Documents and Settings\All Users\Documents\Optimizer\program\updatex_Test002.exe a variant of Win32/Agent.WMC trojan cleaned by deleting - quarantined
C:\Documents and Settings\Rodney\My Documents\Downloads\FoxitReader620.0429_enu_Setup.exe a variant of Win32/OpenCandy.A potentially unsafe application deleted - quarantined
C:\Documents and Settings\Rodney\My Documents\Downloads\PandoraRecovery2.1.1Setup.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application deleted - quarantined
C:\Program Files\Solid YouTube Downloader and Converter\backendserver.exe a variant of Win32/Agent.WMC trojan cleaned by deleting - quarantined
C:\Program Files\YouTube Downloader Services\avasts.exe a variant of Win32/Agent.WMC trojan cleaned by deleting - quarantined
C:\Program Files\YouTube Downloader Services\powermgr.exe a variant of Win32/Agent.WMC trojan cleaned by deleting - quarantined
C:\Program Files\YouTube Downloader Services\vmnet.exe a variant of Win32/Agent.WMC trojan cleaned by deleting - quarantined
C:\Program Files\YouTube Downloader Services\youtubeserv.exe a variant of Win32/Agent.WMC trojan cleaned by deleting - quarantined
K:\Users\Rodney\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K1QMRH8S\easydriverpro803[1].data a variant of Win32/Adware.SpeedingUpMyPC.C application deleted - quarantined





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users