Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My Poor Wife's Desktop is Very Sick.


  • This topic is locked This topic is locked
16 replies to this topic

#1 chrislbrown

chrislbrown

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:03:20 PM

Posted 08 January 2015 - 01:04 AM

Hi,

My wife's dewsktop, which is virtually new to us, got a virus almost immediately when we started allowing the teens to use it.  I've tried to protect it and clean it up, but this malware spins up the hard drive--right now, it is operating at full tilt--which is very irritating.  Twice, our bank has notified us that some foreign, illicit activity was detected on our card and shut them down/replaced them.  I just want her to have a safe, clean workstation.  Right after this, I have a pretty strong subscription to a security service through my work that I'm going to install.  But first things first--we have to get rid of this thing!!

 

Thanks in advance for your generous help.  Below are the prelim logs.

 

P.S.: As I ran DDS and typed this, I noticed that DDS was taking longer than the normal time.  I opened task manager and deleted a n odd process.  My drive is spinning down now, and DDs finished the second I did that.  This is what I'm talking about!

 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.6001.18702
Run by PC at 0:54:43 on 2015-01-08
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2038.1196 [GMT -5:00]
.
AV: Bitdefender Antivirus *Disabled/Outdated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
.
============== Running Processes ================
.
C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
C:\WINDOWS\vVX1000.exe
C:\Program Files\Microsoft LifeCam\LifeExp.exe
C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe
C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
C:\WINDOWS\vVX1000.exe
C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe
C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
TB: Bitdefender Wallet: {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - c:\program files\bitdefender\bitdefender 2015\pmbxie.dll
uRun: [Bitdefender Wallet Agent] "c:\program files\bitdefender\bitdefender 2015\bdwtxag.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [EEventManager] c:\progra~1\epsons~1\eventm~1\EEventManager.exe
mRun: [VX1000] c:\windows\vVX1000.exe
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [Bdagent] "c:\program files\bitdefender\bitdefender 2015\bdagent.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\tp-lin~1.lnk - c:\program files\tp-link\tp-link wireless configuration utility\TWCU.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1407384670281
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{3A83D145-8BB6-46CA-9572-F3B5A53CA28F} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{EFD1DF08-3F72-4339-BDD5-B46A1EA0452F} : DHCPNameServer = 209.18.47.61 209.18.47.62
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\35.0.1916.153\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 avc3;avc3;c:\windows\system32\drivers\avc3.sys [2014-8-7 1073160]
R0 gzflt;gzflt;c:\windows\system32\drivers\gzflt.sys [2014-8-7 169992]
R2 UPDATESRV;Bitdefender Desktop Update Service;c:\program files\bitdefender\bitdefender 2015\updatesrv.exe [2014-8-7 54424]
R3 avchv;avchv Function Driver;c:\windows\system32\drivers\avchv.sys [2014-8-7 244480]
R3 avckf;avckf;c:\windows\system32\drivers\avckf.sys [2014-8-7 528248]
R3 RTL8192cu;300Mbps Wireless USB Adapter;c:\windows\system32\drivers\RTL8192cu.sys [2014-11-19 1076968]
S3 BDSandBox;BDSandBox;c:\windows\system32\drivers\bdsandbox.sys [2014-8-7 66832]
.
=============== Created Last 30 ================
.
2014-12-20 04:46:21 -------- d-----w- c:\documents and settings\all users\application data\bdch
.
==================== Find3M  ====================
.
2014-12-17 16:40:22 66832 ----a-w- c:\windows\system32\drivers\bdsandbox.sys
2014-12-17 16:40:21 169992 ----a-w- c:\windows\system32\drivers\gzflt.sys
2014-12-17 16:38:06 74000 ----a-w- c:\windows\system32\bdsandboxuiskin.dll
2014-11-19 10:50:14 408280 ----a-w- c:\windows\system32\drivers\trufos.sys
2014-11-19 10:49:06 1073160 ----a-w- c:\windows\system32\drivers\avc3.sys
2014-11-19 10:45:54 244480 ----a-w- c:\windows\system32\drivers\avchv.sys
2014-11-19 10:24:36 21361 ----a-w- c:\windows\system32\drivers\AegisP.sys
2014-11-19 10:24:35 376832 ----a-w- c:\windows\system32\AegisI5Installer.exe
.
============= FINISH:  1:02:13.87 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


m

#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:20 PM

Posted 08 January 2015 - 06:50 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

  • Important: To help me reviewing your logs, please post them in code boxes. You can create them by clicking on the <>-symbol on top of the reply window.

 
 
 
 
HijackThis is not the preferred initial scanning tool in this forum. With today's malware, a more comprehensive set of logs is required to determine the presence of malware.
 
 
  
Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)
 
  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.

 
 
Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.
  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )
  • Leave everything else as it is.
  • Close all other running programs as well as your Browser.
  • Click the Scan button & wait for it to finish.
  • Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop.
  • Please post the content of the ark.txt here.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.zip and extract to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt


Please attach this file to your next reply.
 


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 chrislbrown

chrislbrown
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:03:20 PM

Posted 08 January 2015 - 11:52 PM

Hello.

 

Thank you for your fast response, and thanks in advance for all of your hard work.

 

I realized that the process I killed last time was simply my wireless flash drive software.  When I killed it, I came offline, and thus the HD spun down--no constant contact with it's master.

 

The logs are to follow, in the order that you instructed.  Let me know!!  :thumbsup2:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-01-2015
Ran by PC (administrator) on GABALDON on 08-01-2015 21:30:09
Running from C:\Documents and Settings\PC\Desktop
Loaded Profiles: PC & Jacki (Available profiles: PC & Jacki)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe
(SEIKO EPSON CORPORATION) C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
(SEIKO EPSON CORPORATION) C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(SEIKO EPSON CORPORATION) C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
(Microsoft Corporation) C:\WINDOWS\vVX1000.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\WINDOWS\system32\taskmgr.exe
() C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [EEventManager] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe [673616 2009-04-07] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [VX1000] => C:\WINDOWS\vVX1000.exe [762736 2010-05-20] (Microsoft Corporation)
HKLM\...\Run: [LifeCam] => C:\Program Files\Microsoft LifeCam\LifeExp.exe [119152 2010-05-20] (Microsoft Corporation)
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe [1856912 2014-12-17] (Bitdefender)
HKU\S-1-5-21-854245398-861567501-839522115-1003\...\Run: [Bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe [671400 2014-12-17] (Bitdefender)
HKU\S-1-5-21-854245398-861567501-839522115-1005\...\Run: [EPSON NX210 Series] => C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIFDA.EXE [199680 2008-11-05] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-854245398-861567501-839522115-1005\...\Run: [Bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe [671400 2014-12-17] (Bitdefender)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk
ShortcutTarget: TP-LINK Wireless Configuration Utility.lnk -> C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe ()
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-854245398-861567501-839522115-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-854245398-861567501-839522115-1003\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-854245398-861567501-839522115-1005\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\S-1-5-21-854245398-861567501-839522115-1005\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-21-854245398-861567501-839522115-1003 -> DefaultScope {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = 
Toolbar: HKLM - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll (Bitdefender)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
 
FireFox:
========
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF HKLM\...\Firefox\Extensions: [bdwteff@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\bdwteff
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender 2015\bdwteff [2014-08-07]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-08-13]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Documents and Settings\PC\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Angry Birds) - C:\Documents and Settings\PC\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2014-04-12]
CHR Extension: (Google Docs) - C:\Documents and Settings\PC\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-12]
CHR Extension: (Google Drive) - C:\Documents and Settings\PC\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-12]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\PC\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-06]
CHR Extension: (YouTube) - C:\Documents and Settings\PC\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-12]
CHR Extension: (Google Cast) - C:\Documents and Settings\PC\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-06-16]
CHR Extension: (Google Search) - C:\Documents and Settings\PC\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-12]
CHR Extension: (Google Wallet) - C:\Documents and Settings\PC\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-12]
CHR Extension: (Gmail) - C:\Documents and Settings\PC\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-12]
CHR Profile: C:\Documents and Settings\PC\Local Settings\Application Data\Google\Chrome\User Data\Profile 1
CHR Profile: C:\Documents and Settings\PC\Local Settings\Application Data\Google\Chrome\User Data\Profile 2
CHR Extension: (Google Docs) - C:\Documents and Settings\PC\Local Settings\Application Data\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-14]
CHR Extension: (Google Drive) - C:\Documents and Settings\PC\Local Settings\Application Data\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-14]
CHR Extension: (YouTube) - C:\Documents and Settings\PC\Local Settings\Application Data\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-14]
CHR Extension: (Google Search) - C:\Documents and Settings\PC\Local Settings\Application Data\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-14]
CHR Extension: (Bitdefender Wallet) - C:\Documents and Settings\PC\Local Settings\Application Data\Google\Chrome\User Data\Profile 2\Extensions\fabcmochhfpldjekobfaaggijgohadih [2014-08-08]
CHR Extension: (Gmail) - C:\Documents and Settings\PC\Local Settings\Application Data\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-14]
CHR HKLM\...\Chrome\Extension: [fabcmochhfpldjekobfaaggijgohadih] - No Path
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 EPSON_EB_RPCV4_01; C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE [143872 2007-12-17] (SEIKO EPSON CORPORATION)
R2 EPSON_PM_RPCV4_01; C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE [113664 2007-01-11] (SEIKO EPSON CORPORATION)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe [54424 2014-11-19] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe [1306416 2014-12-17] (Bitdefender)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [21361 2014-11-19] (Cisco Systems, Inc.) [File not signed]
R0 avc3; C:\WINDOWS\System32\DRIVERS\avc3.sys [1073160 2014-11-19] (BitDefender)
R3 avchv; C:\WINDOWS\System32\DRIVERS\avchv.sys [244480 2014-11-19] (BitDefender)
R3 avckf; C:\WINDOWS\System32\DRIVERS\avckf.sys [528248 2014-08-25] (BitDefender)
R1 bdftdif; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdftdif.sys [131432 2012-02-07] (BitDefender LLC)
S3 BDSandBox; C:\WINDOWS\system32\drivers\bdsandbox.sys [66832 2014-12-17] (BitDefender SRL)
R1 bdselfpr; C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys [135600 2013-07-26] (BitDefender LLC)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R3 gzflt; C:\WINDOWS\System32\DRIVERS\gzflt.sys [169992 2014-12-17] (BitDefender LLC)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R3 RTL8192cu; C:\WINDOWS\System32\DRIVERS\RTL8192cu.sys [1076968 2013-03-12] (Realtek Semiconductor Corporation                           )
R0 trufos; C:\WINDOWS\System32\DRIVERS\trufos.sys [408280 2014-11-19] (BitDefender S.R.L.)
S3 VX1000; C:\WINDOWS\System32\DRIVERS\VX1000.sys [1961072 2010-05-20] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S4 IntelIde; No ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U3 mbr; \??\C:\DOCUME~1\PC\LOCALS~1\Temp\mbr.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-08 21:30 - 2015-01-08 21:30 - 00012355 _____ () C:\Documents and Settings\PC\Desktop\FRST.txt
2015-01-08 21:29 - 2015-01-08 21:30 - 00000000 ____D () C:\FRST
2015-01-08 21:28 - 2015-01-08 21:28 - 01115648 _____ (Farbar) C:\Documents and Settings\PC\Desktop\FRST.exe
2015-01-08 01:02 - 2015-01-08 01:02 - 00012314 _____ () C:\Documents and Settings\PC\Desktop\attach.txt
2015-01-08 01:02 - 2015-01-08 01:02 - 00006320 _____ () C:\Documents and Settings\PC\Desktop\dds.txt
2015-01-08 00:53 - 2015-01-08 00:53 - 00688992 ____R (Swearware) C:\Documents and Settings\PC\Desktop\dds.com
2014-12-19 23:46 - 2014-12-19 23:46 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\bdch
2014-12-14 18:21 - 2014-12-14 18:21 - 03152896 _____ () C:\Documents and Settings\PC\My Documents\Rose's Baby Book.ppt
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-08 21:31 - 2014-08-17 02:19 - 00000000 ____D () C:\Documents and Settings\PC\Local Settings\temp
2015-01-08 21:17 - 2014-04-12 15:00 - 00000878 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-08 19:05 - 2014-03-20 12:53 - 01376132 _____ () C:\WINDOWS\WindowsUpdate.log
2015-01-08 18:17 - 2014-03-20 12:57 - 00031930 _____ () C:\WINDOWS\SchedLgU.Txt
2015-01-08 15:00 - 2014-08-10 17:48 - 00000210 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2015-01-08 09:17 - 2014-04-12 15:00 - 00000874 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-08 06:29 - 2014-03-20 07:43 - 00421321 _____ () C:\WINDOWS\setupapi.log
2015-01-08 06:28 - 2014-11-19 05:25 - 00000000 _____ () C:\WINDOWS\RTacDbg.txt
2015-01-06 09:30 - 2014-08-17 02:19 - 00000000 ____D () C:\Documents and Settings\Jacki\Local Settings\temp
2015-01-06 09:26 - 2014-08-10 17:48 - 00000216 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-01-06 09:26 - 2014-03-20 07:47 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2015-01-06 09:26 - 2014-03-20 07:47 - 00000048 _____ () C:\WINDOWS\wiaservc.log
2015-01-06 09:25 - 2014-03-20 12:57 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-06 09:25 - 2004-08-04 07:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-12-27 21:47 - 2014-08-11 10:43 - 00224149 _____ () C:\Documents and Settings\PC\debug.log
2014-12-19 23:46 - 2014-03-20 12:58 - 00000178 ___SH () C:\Documents and Settings\PC\ntuser.ini
2014-12-17 11:40 - 2014-08-07 06:26 - 00066832 _____ (BitDefender SRL) C:\WINDOWS\system32\Drivers\bdsandbox.sys
2014-12-17 11:40 - 2014-08-07 06:10 - 00169992 _____ (BitDefender LLC) C:\WINDOWS\system32\Drivers\gzflt.sys
2014-12-17 11:38 - 2014-08-07 06:26 - 00074000 _____ (BitDefender SRL) C:\WINDOWS\system32\bdsandboxuiskin.dll
2014-12-14 18:08 - 2014-04-14 06:25 - 00000178 ___SH () C:\Documents and Settings\Jacki\ntuser.ini
2014-12-13 12:52 - 2014-09-09 02:15 - 00003694 _____ () C:\Documents and Settings\Jacki\debug.log
2014-12-10 03:12 - 2014-08-16 17:08 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-12-10 03:01 - 2014-08-09 03:30 - 109818608 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 07-01-2015
Ran by PC at 2015-01-08 21:31:42
Running from C:\Documents and Settings\PC\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Bitdefender Antivirus (Disabled - Up to date) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Bitdefender Antivirus Plus 2015 (HKLM\...\Bitdefender) (Version: 18.12.0.958 - Bitdefender)
Broadcom Gigabit Integrated Controller (HKLM\...\{B7F54262-AB66-44B3-88BF-9FC69941B643}) (Version: 8.10.07 - Broadcom Corporation)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation)
Epson Event Manager (HKLM\...\{48F22622-1CC2-4A83-9C1E-644DD96F832D}) (Version: 2.30.01 - SEIKO EPSON Corporation)
EPSON NX210 Series Printer Uninstall (HKLM\...\EPSON NX210 Series) (Version:  - SEIKO EPSON Corporation)
EPSON Scan (HKLM\...\EPSON Scanner) (Version:  - )
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
Free Studio version 2014 (HKLM\...\Free Studio_is1) (Version: 6.3.5.623 - DVDVideoSoft Ltd.)
Google Chrome (HKLM\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
iCamSource (HKLM\...\{09FA8C18-32F3-43ED-8984-5518D5D9CF0D}) (Version: 2.7.2 - SKJM, LLC)
Intel® Graphics Media Accelerator Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: 6.14.10.4299 - )
Jasc Paint Shop Pro 8 (HKLM\...\{81A34902-9D0B-4920-A25C-4CDC5D14B328}) (Version: 8.00.0000 - Jasc Software Inc)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft LifeCam (HKLM\...\{5FC7AB5C-61FC-42DF-A923-5139BCF10D42}) (Version: 3.22.270.0 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSN (HKLM\...\MSNINST) (Version:  - )
MSXML 6.0 Parser (KB933579) (HKLM\...\{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}) (Version: 6.10.1200.0 - Microsoft Corporation)
TP-LINK TL-WN821N©_TL-WN822N_TL-WN823N Driver (HKLM\...\{852E893E-E4FD-45BB-8B17-72ADDF686974}) (Version: 1.3.1 - TP-LINK)
TP-LINK Wireless Configuration Utility (HKLM\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 1.3.1 - TP-LINK)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Imaging Component (HKLM\...\WIC) (Version: 3.0.0.0 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
XML Paper Specification Shared Components Pack 1.0 (Version:  - Microsoft Corporation) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
26-09-2014 13:03:14 System Checkpoint
27-09-2014 13:14:04 System Checkpoint
28-09-2014 14:02:06 System Checkpoint
29-09-2014 14:25:53 System Checkpoint
30-09-2014 14:34:55 System Checkpoint
01-10-2014 15:26:06 System Checkpoint
02-10-2014 19:59:04 System Checkpoint
03-10-2014 20:24:04 System Checkpoint
04-10-2014 21:24:05 System Checkpoint
05-10-2014 22:24:38 System Checkpoint
06-10-2014 23:36:50 System Checkpoint
08-10-2014 00:23:55 System Checkpoint
09-10-2014 01:23:54 System Checkpoint
10-10-2014 01:50:08 System Checkpoint
11-10-2014 02:24:10 System Checkpoint
12-10-2014 03:24:10 System Checkpoint
13-10-2014 04:23:26 System Checkpoint
14-10-2014 05:23:25 System Checkpoint
15-10-2014 02:01:01 Software Distribution Service 3.0
16-10-2014 02:23:47 System Checkpoint
17-10-2014 02:59:25 System Checkpoint
18-10-2014 03:23:22 System Checkpoint
19-10-2014 03:35:11 System Checkpoint
21-10-2014 09:25:52 System Checkpoint
22-10-2014 15:03:53 System Checkpoint
23-10-2014 15:16:18 System Checkpoint
24-10-2014 16:14:50 System Checkpoint
25-10-2014 17:11:05 System Checkpoint
26-10-2014 18:11:05 System Checkpoint
27-10-2014 18:35:05 System Checkpoint
28-10-2014 19:11:05 System Checkpoint
29-10-2014 20:12:10 System Checkpoint
31-10-2014 11:50:26 System Checkpoint
19-11-2014 05:23:36 Installed TP-LINK Wireless Configuration Utility and Driver
19-11-2014 05:24:25 Installed TP-LINK Wireless Configuration Utility
20-11-2014 03:00:46 Software Distribution Service 3.0
21-11-2014 04:00:37 System Checkpoint
22-11-2014 05:12:21 System Checkpoint
23-11-2014 06:14:21 System Checkpoint
24-11-2014 07:00:21 System Checkpoint
25-11-2014 07:12:21 System Checkpoint
26-11-2014 20:04:01 System Checkpoint
27-11-2014 20:51:56 System Checkpoint
28-11-2014 21:51:54 System Checkpoint
29-11-2014 22:51:54 System Checkpoint
30-11-2014 23:51:54 System Checkpoint
02-12-2014 00:51:54 System Checkpoint
03-12-2014 01:51:58 System Checkpoint
05-12-2014 11:28:28 System Checkpoint
09-12-2014 17:21:29 System Checkpoint
10-12-2014 03:00:26 Software Distribution Service 3.0
11-12-2014 03:06:25 System Checkpoint
12-12-2014 15:01:45 System Checkpoint
13-12-2014 17:40:07 System Checkpoint
14-12-2014 19:48:21 System Checkpoint
17-12-2014 12:10:36 System Checkpoint
18-12-2014 12:12:04 System Checkpoint
19-12-2014 13:50:14 System Checkpoint
23-12-2014 12:15:41 System Checkpoint
24-12-2014 12:39:09 System Checkpoint
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2004-08-04 07:00 - 2014-08-17 02:08 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-08-07 06:26 - 2014-09-04 09:12 - 00204280 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\txmlutil.dll
2014-08-07 06:22 - 2013-09-03 13:29 - 00095088 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\bdmetrics.dll
2014-08-07 06:27 - 2014-07-11 16:28 - 00003072 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\UI\accessl.ui
2014-08-07 06:37 - 2014-08-07 06:37 - 00676568 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_00040_002\ashttpbr.mdl
2014-08-07 06:37 - 2014-08-07 06:37 - 00490144 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_00040_002\ashttpdsp.mdl
2014-08-07 06:37 - 2014-08-07 06:37 - 02138096 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_00040_002\ashttpph.mdl
2014-08-07 06:37 - 2014-08-07 06:37 - 01128744 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_00040_002\ashttprbl.mdl
2004-08-04 07:00 - 2008-04-14 04:41 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2004-08-04 07:00 - 2008-04-14 04:42 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2014-04-22 16:57 - 2009-03-12 14:45 - 00135168 ____N () C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll
2014-04-22 16:57 - 2008-11-21 12:58 - 00057344 ____N () C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll
2014-06-11 17:12 - 2014-06-05 08:58 - 04217672 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.153\pdf.dll
2014-06-11 17:12 - 2014-06-05 08:58 - 00414536 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll
2014-06-11 17:12 - 2014-06-05 08:58 - 01732424 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll
2014-11-19 05:24 - 2013-04-08 15:29 - 00846848 _____ () C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
2014-11-19 05:24 - 2013-03-12 20:48 - 01411072 _____ () C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\nicLan.dll
2014-11-19 05:24 - 2013-04-02 11:34 - 00193024 _____ () C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\DC_WFF.dll
2014-11-19 05:24 - 2013-04-02 11:34 - 00275456 _____ () C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\WJRtl.dll
2014-11-19 05:24 - 2013-03-12 20:47 - 01163264 _____ () C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\acAuth.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Documents and Settings\PC\Desktop\dds.com:BDU
AlternateDataStreams: C:\Documents and Settings\PC\Desktop\FRST.exe:BDU
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-854245398-861567501-839522115-500 - Administrator - Enabled)
Guest (S-1-5-21-854245398-861567501-839522115-501 - Limited - Enabled)
HelpAssistant (S-1-5-21-854245398-861567501-839522115-1000 - Limited - Disabled)
Jacki (S-1-5-21-854245398-861567501-839522115-1005 - Limited - Enabled) => %SystemDrive%\Documents and Settings\Jacki
PC (S-1-5-21-854245398-861567501-839522115-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\PC
SUPPORT_388945a0 (S-1-5-21-854245398-861567501-839522115-1002 - Limited - Disabled)
 
==================== Faulty Device Manager Devices =============
 
Name: Multimedia Audio Controller
Description: Multimedia Audio Controller
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: SM Bus Controller
Description: SM Bus Controller
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/14/2014 06:35:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application e_farnfda.exe, version 5.0.5.0, faulting module e_faprfda.dll, version 6.0.0.0, fault address 0x0008ab94.
Processing media-specific event for [e_farnfda.exe!ws!]
 
Error: (12/14/2014 06:28:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application e_farnfda.exe, version 5.0.5.0, faulting module e_faprfda.dll, version 6.0.0.0, fault address 0x0008ab94.
Processing media-specific event for [e_farnfda.exe!ws!]
 
Error: (10/10/2014 07:55:42 AM) (Source: Application Hang) (EventID: 1001) (User: )
Description: Fault bucket 742196624.
 
Error: (10/10/2014 07:55:40 AM) (Source: Application Hang) (EventID: 1001) (User: )
Description: Fault bucket 742196624.
 
Error: (10/10/2014 07:54:44 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application wiaacmgr.exe, version 5.1.2600.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (10/10/2014 07:54:42 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application wiaacmgr.exe, version 5.1.2600.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (09/30/2014 02:13:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module wiashext.dll, version 5.1.2600.5512, fault address 0x0000d3ff.
Processing media-specific event for [explorer.exe!ws!]
 
Error: (09/30/2014 08:44:56 AM) (Source: MsiInstaller) (EventID: 10005) (User: GABALDON)
Description: Product: iCloud -- iCloud for Windows requires Windows 7 or Windows 8.
 
Error: (09/10/2014 04:20:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application e_farnfda.exe, version 5.0.5.0, faulting module e_faprfda.dll, version 6.0.0.0, fault address 0x0008ab94.
Processing media-specific event for [e_farnfda.exe!ws!]
 
Error: (08/07/2014 09:23:21 AM) (Source: Application Error) (EventID: 1001) (User: )
Description: Fault bucket 423670897.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication.  The current setting has been marked as failed and the Wireless connection will be disconnected.
 
 
System errors:
=============
Error: (01/08/2015 02:20:54 PM) (Source: 0) (EventID: 8003) (User: )
Description: \Device\LanmanDatagramReceiverHP-6930PNetBT_Tcpip_{EFD1DF08-3F72-4339-
 
Error: (01/08/2015 00:57:00 PM) (Source: 0) (EventID: 8003) (User: )
Description: \Device\LanmanDatagramReceiverHP-6930PNetBT_Tcpip_{EFD1DF08-3F72-4339-
 
Error: (12/27/2014 01:55:59 PM) (Source: 0) (EventID: 8003) (User: )
Description: \Device\LanmanDatagramReceiverHP-6930PNetBT_Tcpip_{EFD1DF08-3F72-4339-
 
Error: (12/27/2014 01:57:44 AM) (Source: 0) (EventID: 8003) (User: )
Description: \Device\LanmanDatagramReceiverHP-6930PNetBT_Tcpip_{EFD1DF08-3F72-4339-
 
Error: (12/24/2014 09:45:59 AM) (Source: 0) (EventID: 8003) (User: )
Description: \Device\LanmanDatagramReceiverHP-6930PNetBT_Tcpip_{EFD1DF08-3F72-4339-
 
Error: (12/24/2014 08:45:53 AM) (Source: 0) (EventID: 8003) (User: )
Description: \Device\LanmanDatagramReceiverHP-6930PNetBT_Tcpip_{EFD1DF08-3F72-4339-
 
Error: (12/05/2014 10:45:22 AM) (Source: Windows Update Agent) (EventID: 16) (User: )
Description: Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.
 
Error: (12/01/2014 10:03:03 PM) (Source: Windows Update Agent) (EventID: 16) (User: )
Description: Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.
 
Error: (11/29/2014 10:03:02 PM) (Source: Windows Update Agent) (EventID: 16) (User: )
Description: Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.
 
Error: (11/27/2014 10:03:01 PM) (Source: Windows Update Agent) (EventID: 16) (User: )
Description: Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.
 
 
Microsoft Office Sessions:
=========================
Error: (12/14/2014 06:35:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: e_farnfda.exe5.0.5.0e_faprfda.dll6.0.0.00008ab94
 
Error: (12/14/2014 06:28:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: e_farnfda.exe5.0.5.0e_faprfda.dll6.0.0.00008ab94
 
Error: (10/10/2014 07:55:42 AM) (Source: Application Hang) (EventID: 1001) (User: )
Description: 742196624
 
Error: (10/10/2014 07:55:40 AM) (Source: Application Hang) (EventID: 1001) (User: )
Description: 742196624
 
Error: (10/10/2014 07:54:44 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: wiaacmgr.exe5.1.2600.5512hungapp0.0.0.000000000
 
Error: (10/10/2014 07:54:42 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: wiaacmgr.exe5.1.2600.5512hungapp0.0.0.000000000
 
Error: (09/30/2014 02:13:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: explorer.exe6.0.2900.5512wiashext.dll5.1.2600.55120000d3ff
 
Error: (09/30/2014 08:44:56 AM) (Source: MsiInstaller) (EventID: 10005) (User: GABALDON)
Description: Product: iCloud -- iCloud for Windows requires Windows 7 or Windows 8.(NULL)(NULL)(NULL)
 
Error: (09/10/2014 04:20:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: e_farnfda.exe5.0.5.0e_faprfda.dll6.0.0.00008ab94
 
Error: (08/07/2014 09:23:21 AM) (Source: Application Error) (EventID: 1001) (User: )
Description: 423670897
 
 
==================== Memory info =========================== 
 
Processor:  Intel® Pentium® 4 CPU 3.40GHz
Percentage of memory in use: 41%
Total physical RAM: 2038.07 MB
Available physical RAM: 1190.68 MB
Total Pagefile: 3933.34 MB
Available Pagefile: 3115.39 MB
Total Virtual: 2047.88 MB
Available Virtual: 1917.63 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:74.5 GB) (Free:32.99 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (CD184A2) (CDROM) (Total:0.04 GB) (Free:0 GB) CDFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 74.5 GB) (Disk ID: 629CA797)
Partition 1: (Active) - (Size=74.5 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 
GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2015-01-08 23:10:09
Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e Maxtor_6L080M0 rev.BANC1G10 74.51GB
Running: lggfjffc.exe; Driver: C:\DOCUME~1\PC\LOCALS~1\Temp\pwryqpow.sys
 
 
---- System - GMER 2.1 ----
 
SSDT            \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys  ZwAllocateVirtualMemory [0xA018E0BE]
SSDT            \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys  ZwAssignProcessToJobObject [0xA018EC88]
SSDT            \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys  ZwClose [0xA0191B8C]
SSDT            \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys  ZwConnectPort [0xA0190418]
SSDT            \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys  ZwCreateFile [0xA018F95C]
SSDT            \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys  ZwCreateKey [0xA0190B10]
SSDT            \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys  ZwCreateProcess [0xA018EEDE]
SSDT            \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys  ZwCreateProcessEx [0xA018EF94]
SSDT            \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys  ZwCreateSection [0xA018F27E]
SSDT            \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys  ZwCreateThread [0xA018DA2E]
SSDT            \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys  ZwDeviceIoControlFile [0xA0190C80]
SSDT            \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys  ZwDuplicateObject [0xA019511A]
SSDT            \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys  ZwFsControlFile [0xA0190F38]
SSDT            \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys  ZwLoadDriver [0xA018E594]
SSDT            \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys  ZwMakeTemporaryObject [0xA0191934]
SSDT            \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys  ZwOpenFile [0xA018F74E]
SSDT            \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys  ZwOpenProcess [0xA0194B72]
SSDT            \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys  ZwOpenSection [0xA018F04E]
SSDT            \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys  ZwOpenThread [0xA0194E22]
SSDT            \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys  ZwProtectVirtualMemory [0xA018DF42]
SSDT            \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys  ZwQueueApcThread [0xA018EDB0]
SSDT            \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys  ZwReplaceKey [0xA0191782]
SSDT            \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys  ZwRequestPort [0xA0190586]
SSDT            \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys  ZwRequestWaitReplyPort [0xA018FF1A]
SSDT            \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys  ZwRestoreKey [0xA019180C]
SSDT            \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys  ZwSecureConnectPort [0xA01909A0]
SSDT            \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys  ZwSetContextThread [0xA018DB9E]
SSDT            \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys  ZwSetSecurityObject [0xA01916DC]
SSDT            \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys  ZwSetSystemInformation [0xA018E78E]
SSDT            \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys  ZwShutdownSystem [0xA019189E]
SSDT            \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys  ZwSuspendProcess [0xA018DE1A]
SSDT            \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys  ZwSuspendThread [0xA018DCF4]
SSDT            \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys  ZwSystemDebugControl [0xA018EBBA]
SSDT            \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys  ZwTerminateProcess [0xA0194A6A]
SSDT            \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys  ZwTerminateThread [0xA019530C]
SSDT            \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys  ZwUnloadDriver [0xA01919CA]
SSDT            \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys  ZwWriteVirtualMemory [0xA018D8B2]
 
SYSENTER        avc3.sys                                                        F7B7B000
 
---- Devices - GMER 2.1 ----
 
AttachedDevice  \Driver\Tcpip \Device\Ip                                        bdftdif.sys
AttachedDevice  \Driver\Tcpip \Device\Tcp                                       bdftdif.sys
AttachedDevice  \Driver\Tcpip \Device\Udp                                       bdftdif.sys
AttachedDevice  \Driver\Tcpip \Device\RawIp                                     bdftdif.sys
AttachedDevice  \FileSystem\Fastfat \Fat                                        FLTMGR.SYS
 
---- EOF - GMER 2.1 ----
 
 

 

 

 

 

Attached Files

  • Attached File  ark.txt   4.92KB   0 downloads


#4 chrislbrown

chrislbrown
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:03:20 PM

Posted 08 January 2015 - 11:56 PM

I'm sorry, here is the TDSSKiller file, attached.  Please ignore the ARK attachment in the last post, especially seeing as how I printed it.

Attached Files



#5 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:20 PM

Posted 09 January 2015 - 07:47 AM

Full System Scan with Malwarebytes Antimalware

  • If not existing, please download Malwarebytes Anti-Malware to your desktop.
  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:

    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.

  • Click Finish.


If the program is already installed:
  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.


  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

 

 

Scan with ESET Online Scan

Go here to run an online scannner from ESET. Windows Vista/Windows 7/Windows 8 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

  • Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Here's how.
  • Click the blue Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the program to install the "OnlineScanner.cab" activex control by clicking the Install button
  • Once the activex control is installed, on the next screen click on Enable detection of potentially unwanted applications
  • Click on Advanced Settings
  • Make sure that the option Remove found threats is unticked.
  • Ensure these options are ticked
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start
  • Wait for the scan to finish
  • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
  • Close the ESET online scan, and let me know how things are now.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#6 chrislbrown

chrislbrown
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:03:20 PM

Posted 09 January 2015 - 10:21 AM

I will do this ASAP.  Question: did you see something malicious that was found, or is there nothing showing up?  Also, we already downloaded MalwareBytes--it is probably expired.  But I will check.

 

Any suggestions if it is?

 

Thanks.



#7 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:20 PM

Posted 09 January 2015 - 10:33 AM

I could not find anything suspicious within these logs so we need to check something lese with MBAM and ESET. :)


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#8 chrislbrown

chrislbrown
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:03:20 PM

Posted 09 January 2015 - 11:28 AM

OK, thanks.  It will be a few hours but I will post later.  

:thumbup2: CB



#9 chrislbrown

chrislbrown
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:03:20 PM

Posted 10 January 2015 - 10:24 AM

I will post very soon, just need a few more hours--family duties!  Thanks



#10 chrislbrown

chrislbrown
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:03:20 PM

Posted 11 January 2015 - 06:30 AM

Hi;
The scan results are below.
 
The hard drive is still spun up.  I will reboot and post if that changes, but right now, it is overworking for no apparent reason.  I don't think MBam found anything; ESET did although it sounds basic, what they detected.
 
Let me know what you think.
 
Thanks, CB
 
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 1/10/2015
Scan Time: 4:03:54 PM
Logfile: 
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2015.01.10.16
Rootkit Database: v2015.01.07.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: PC
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 335823
Time Elapsed: 40 min, 11 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
C:\Qoobox\Quarantine\C\Documents and Settings\Jacki\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ichgbbciejbjechpkakbegaaenamkpib\215\bSud2UkDS.js.vir Win32/Adware.MultiPlug.EB application
C:\Qoobox\Quarantine\C\Documents and Settings\PC\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ichgbbciejbjechpkakbegaaenamkpib\215\bSud2UkDS.js.vir Win32/Adware.MultiPlug.EB application
 


#11 chrislbrown

chrislbrown
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:03:20 PM

Posted 11 January 2015 - 07:19 AM

Well, I have to admit--I rebooted the CPU and at first, it was spun up as usual.  But minutes later, it is sitting silently like a sleeping kitten.  This must be a good sign!

 

CB



#12 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:20 PM

Posted 12 January 2015 - 04:41 AM

Use the Windows Error Checking utility (Check Disk), with the options to fix file system errors and scan the disk surface for errors, attempt recovery of data and repair the disk:

  • Click the StartBtn.gif button
  • Click My Computer.
  • Right-click on the drive that you wish to check > Properties > Tools tab
  • In the "Error checking" section, click on Check now.
  • Place a checkmark in both boxes > Start.
  • If the disk you have chosen is the Windows system disk:
  • A message will notify you that a restart is necessary ask "Do you want to check for hard disk errors the next time you start your computer?".
  • Click Schedule disk check > OK and close all windows.
  • Re-start the computer. The disk will be checked when the system boots.
  • This will take some time to run and at times may appear stalled but just let it run.
  • When the disk check is complete, the system will re-start automatically and load Windows.


A log of the disk check is recorded only if the scheduled re-start is used, and only for drives on the same HDD as the Operating System.
To open Event Viewer and view the log:

  • Click the StartBtn.gif button
  • Click Run.
  • Type "eventvwr" without the quotes and press the key.
  • The Event Viewer window will open.
  • In the left pane, expand "Event Viewer (local)" then click on Application.
  • In the right pane, at the top, click on the column heading Source to sort the list alphabetically.
  • Look in the Source column for "Winlogon", with an entry corresponding to the date and time of the disk check.
  • Click on that Winlogon entry to select it.
  • In the box below "Description", Copy all of the contents.
  • Paste the contents into your next reply.

 

 

 

System File Check

For Windows XP:

  • Press the Windows- and the R-key simultanously.
  • Within the text box that jus opened, write cmd and hit Enter.


For Windows Vista/7:

  • Press the Windows key to open the start menu.
  • Don´t highlight anything, just write cmd.
  • The start menu will offer you an entry named cmd.
  • Right click it and select "run as administrator"



Within the opening window, write the following:

sfc /scannow
(See the blank within).


  • Hit enter. Your system will be checked for damaged system files.
  • Tell me the result of that scan in here (as the tool produces no log).

Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#13 chrislbrown

chrislbrown
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:03:20 PM

Posted 13 January 2015 - 06:24 AM

Doing this piecemeal....thanks

 

Checking file system on C:
The type of the file system is NTFS.
 
A disk check has been scheduled.
Windows will now check the disk.                         
Cleaning up 240 unused index entries from index $SII of file 0x9.
Cleaning up 240 unused index entries from index $SDH of file 0x9.
Cleaning up 240 unused security descriptors.
CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
Free space verification is complete.
 
  78116030 KB total disk space.
  42508132 KB in 73433 files.
     26396 KB in 7245 indexes.
         0 KB in bad sectors.
    240742 KB in use by the system.
     65536 KB occupied by the log file.
  35340760 KB available on disk.
 
      4096 bytes in each allocation unit.
  19529007 total allocation units on disk.
   8835190 allocation units available on disk.
 
Internal Info:
a0 1c 02 00 32 3b 01 00 4d c0 01 00 00 00 00 00  ....2;..M.......
35 01 00 00 02 00 00 00 ca 07 00 00 00 00 00 00  5...............
94 9a 44 1e 00 00 00 00 fe f4 53 6d 00 00 00 00  ..D.......Sm....
84 0c f8 30 00 00 00 00 2a 57 a9 2b 22 00 00 00  ...0....*W.+"...
38 7b 35 10 02 00 00 00 86 ae 08 1b 25 00 00 00  8{5.........%...
c0 51 28 ca 00 00 00 00 88 38 07 00 d9 1e 01 00  .Q(......8......
00 00 00 00 00 90 7d 22 0a 00 00 00 4d 1c 00 00  ......}"....M...
 
Windows has finished checking your disk.
Please wait while your computer restarts.
 
 
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


#14 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:20 PM

Posted 13 January 2015 - 10:31 AM

what about the system file check?


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#15 chrislbrown

chrislbrown
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:03:20 PM

Posted 13 January 2015 - 08:01 PM

I started it, but it would not finish because I don't have the Windows disk.  I try to muddle through the infinite stop dialogue popups, but I simply couldn't.  So I am content as it is.  ..

 

It is not spinning up anymore, so silent!  Thanks a ton!!






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users