Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

unable to save all data scheduler_vsserv.bck - Windows Delayed Write Failed


  • Please log in to reply
16 replies to this topic

#1 vishwanath

vishwanath

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:51 PM

Posted 27 April 2015 - 09:00 PM

Ok, at first glance it looks to be like a case of failing HDD. However , this is just a new message in a series of white exclamation in yellow triangle box errors that have been popping up in the last 3 weeks. The earlier one is Connection is Untrusted when browsing secure sites and I completed part of the instructions on the following link http://www.bleepingcomputer.com/forums/t/557186/this-connection-is-untrusted/ ---- That issue still persists and I get random baloon popup errors in the white exclamation in yellow triangle box. My HDD light is on constantly. I apologise but I did try and run combofix and it did not complete, this link describes what happens- http://www.bleepingcomputer.com/forums/t/438741/google-redirect-woes/  and I also ran superantispyware and removed numerous infections.
Besides I type one word in google search and Google opens something totally unrelated to that search, I type it again and hit search and then it works ok. I dont believe that my HDD has unrecoverabe errors or on its way out. I did run chkdsk /r from recovery mode and when I restarted the computer seemed better because the HDD light was not on continiously. However , It is now (again :inlove: ) and the error baloons have started to pop up. I think I have some kind of infection on my pc , Kindly help !

 

Here is the FRST log ---------- The process did not create an additional.txt file

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-04-2015 01
Ran by Admin (administrator) on COMPUTER_1 on 28-04-2015 06:49:22
Running from C:\Documents and Settings\Admin\My Documents\Downloads
Loaded Profiles: Admin (Available profiles: Admin & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\VSSERV.EXE
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Intel Corporation) C:\WINDOWS\System32\igfxpers.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe
(Intel Corporation) C:\WINDOWS\System32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe
(Mediatek Inc.) C:\Program Files\MediatekWiFi\Common\RaRegistry.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Steganos Software GmbH) C:\Program Files\Steganos Online Shield\OnlineShieldService.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe
(GEMTEKS) C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
(Linksys) C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\downloader.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\WINDOWS\System32\mspaint.exe
() C:\Documents and Settings\Admin\Local Settings\Application Data\Viber\Viber.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [20145368 2013-10-04] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe [1862056 2015-03-17] (Bitdefender)
HKLM\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe [2561848 2014-12-10] (Malwarebytes Corporation)
HKU\S-1-5-21-1993962763-2025429265-1644491937-1003\...\Run: [Bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe [671400 2015-02-10] (Bitdefender)
HKU\S-1-5-21-1993962763-2025429265-1644491937-1003\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6718744 2015-03-26] (SUPERAntiSpyware)
ShellIconOverlayIdentifiers: [__SafeBox1] -> {152C96EB-288E-4EDC-B7C6-D21F8250ADF3} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [2014-07-04] (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox2] -> {342DAA0B-D796-460D-8566-901E08A1CCAD} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [2014-07-04] (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox3] -> {57595DAE-1AE1-4D97-A49E-67CBB53B52DF} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [2014-07-04] (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox4] -> {33816773-98AE-4723-ADE0-EBE54C8B5A67} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [2014-07-04] (Bitdefender)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
BHO: No Name -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} ->  No File
BHO: No Name -> {42DFA04F-0F16-418e-B80C-AB97A5AFAD3A} ->  No File
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-08-10] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-08-10] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-1993962763-2025429265-1644491937-1003 -> No Name - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -  No File
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL [2000-04-19] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll [2014-03-06] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll [2014-03-06] (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-08] (SuperAdBlocker.com)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{6916EB48-DF0A-4723-8F68-B7D8A5577A8A}: [NameServer] 8.8.8.8,8.8.4.4

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\fyai4e2m.default-1392912289531
FF Homepage: hxxp://www.google.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2012-05-07] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-08-10] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-08-10] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2012-05-07] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-02-05] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-08-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1993962763-2025429265-1644491937-1003: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2012-05-07] (Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-1993962763-2025429265-1644491937-1003: @talk.google.com/GoogleTalkPlugin -> C:\Documents and Settings\Admin\Application Data\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-1993962763-2025429265-1644491937-1003: @talk.google.com/O1DPlugin -> C:\Documents and Settings\Admin\Application Data\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-1993962763-2025429265-1644491937-1003: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-08] (Google Inc.)
FF Plugin HKU\S-1-5-21-1993962763-2025429265-1644491937-1003: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-08] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL [2003-07-14] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2012-05-07] (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-08-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Admin\Application Data\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Admin\Application Data\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Extension: LastPass - C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\fyai4e2m.default-1392912289531\Extensions\support@lastpass.com [2015-04-25]
FF Extension: Adblock Edge - C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\fyai4e2m.default-1392912289531\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2015-04-25]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-02-08]
FF HKLM\...\Firefox\Extensions: [bdwteff@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\bdwteff
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender 2015\bdwteff [2015-02-08]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext
FF Extension: Bitdefender Antispam Toolbar - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext [2015-02-08]

Chrome:
=======
CHR HomePage: Default ->
CHR StartupUrls: Default -> "https://www.google.com/"
CHR Profile: C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-13]
CHR Extension: (Gmail) - C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-13]
CHR Extension: (YouTube) - C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-13]
CHR Extension: (Google Drive) - C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-13]
CHR Extension: (Google Search) - C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-13]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-13]
CHR Extension: (Adblock Plus) - C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-04-22]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-05]
CHR Extension: (BuyHatke) - C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jaehkpjddfdgiiefcnhahapilbejohhj [2014-09-08]
CHR Extension: (PriceKart) - C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\podlgdgkolggpcmpkccmpioelchkojoe [2014-09-15]
CHR HKLM\...\Chrome\Extension: [fabcmochhfpldjekobfaaggijgohadih] - https://clients2.google.com/service/update2/crx

Opera:
=======
OPR StartupUrls: "hxxp://www.google.com/"

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-07-23] (SUPERAntiSpyware.com)
S3 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender 2015\bdparentalservice.exe [69880 2014-12-09] (Bitdefender)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-08-10] (Oracle Corporation)
R2 MbaeSvc; C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe [555320 2014-12-10] (Malwarebytes Corporation)
R2 MediatekRegistryWriter; C:\Program Files\MediatekWiFi\Common\RaRegistry.exe [401040 2014-07-31] (Mediatek Inc.)
R2 Online Shield Starter Service; C:\Program Files\Steganos Online Shield\OnlineShieldService.exe [324048 2014-12-12] (Steganos Software GmbH)
S2 RalinkRegistryWriter; C:\Program Files\Ralink\Common\RaRegistry.exe [372736 2012-01-12] (Ralink Technology, Corp.) [File not signed]
S3 RaMediaServer; C:\Program Files\Ralink\Common\RaMediaServer.exe [625728 2011-08-18] ()
S4 SafeBox; C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [81704 2013-07-08] (Bitdefender)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe [54424 2014-10-27] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe [1308464 2015-03-17] (Bitdefender)
R2 WMP54Gv4SVC; "C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe" "WMP54Gv4.exe" [X]
S2 ZAPrivacyService; "C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [20747 2014-02-07] (Meetinghouse Data Communications) [File not signed]
S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
S3 anvsnddrv; C:\WINDOWS\System32\drivers\anvsnddrv.sys [32896 2011-11-28] (AnvSoft Inc.) [File not signed]
R0 avc3; C:\WINDOWS\System32\DRIVERS\avc3.sys [1083448 2015-02-10] (BitDefender)
R3 avchv; C:\WINDOWS\System32\DRIVERS\avchv.sys [243456 2015-02-10] (BitDefender)
S3 avckf; C:\WINDOWS\System32\DRIVERS\avckf.sys [548336 2015-02-10] (BitDefender)
R3 Bdfndisf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf.sys [116816 2015-02-10] (BitDefender LLC)
R1 bdftdif; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdftdif.sys [131432 2012-02-07] (BitDefender LLC)
S3 BDSandBox; C:\WINDOWS\system32\drivers\bdsandbox.sys [66832 2015-02-10] (BitDefender SRL)
R1 bdselfpr; C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys [135600 2013-07-26] (BitDefender LLC)
R1 BDVEDISK; C:\WINDOWS\System32\DRIVERS\bdvedisk.sys [72704 2012-04-17] (BitDefender)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R1 ElRawDisk; C:\WINDOWS\system32\drivers\rsdrv.sys [22312 2009-02-12] (EldoS Corporation)
R1 ESProtectionDriver; C:\Program Files\Malwarebytes Anti-Exploit\mbae.sys [47928 2014-12-10] ()
R0 gzflt; C:\WINDOWS\System32\DRIVERS\gzflt.sys [172936 2015-03-17] (BitDefender LLC)
R3 mcdbus; C:\WINDOWS\System32\DRIVERS\mcdbus.sys [116736 2009-02-24] (MagicISO, Inc.) [File not signed]
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R3 rt2870; C:\WINDOWS\System32\DRIVERS\rt2870.sys [2811536 2014-07-04] (MediaTek Inc.)
S3 RT61; C:\WINDOWS\System32\DRIVERS\RT61.sys [356096 2005-10-27] (Ralink Technology Inc.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R2 Scutum50; C:\WINDOWS\System32\Drivers\Scutum50.sys [26336 2012-10-25] (Printing Communications Assoc., Inc. (PCAUSA))
R3 tap0901; C:\WINDOWS\System32\DRIVERS\tap0901.sys [35288 2013-09-13] (The OpenVPN Project)
R0 trufos; C:\WINDOWS\System32\DRIVERS\trufos.sys [408280 2014-10-15] (BitDefender S.R.L.)
S3 V0230Vfx; C:\WINDOWS\System32\DRIVERS\V0230Vfx.sys [6272 2006-03-24] (EyePower Games Pte. Ltd.)
S3 V0230VID; C:\WINDOWS\System32\DRIVERS\V0230VID.sys [500480 2006-09-29] (Creative Technology Ltd.)
S3 andnetadb; System32\Drivers\lgandnetadb.sys [X]
S3 AndNetDiag; system32\DRIVERS\lgandnetdiag.sys [X]
S3 AndNetGps; system32\DRIVERS\lgandnetgps.sys [X]
S3 ANDNetModem; system32\DRIVERS\lgandnetmodem.sys [X]
S3 andnetndis; system32\DRIVERS\lgandnetndis.sys [X]
S3 catchme; \??\C:\DOCUME~1\Admin\LOCALS~1\Temp\catchme.sys [X]
S4 IntelIde; No ImagePath
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [74336 2013-10-08] (Kaspersky Lab ZAO)
S3 NTIOLib_1_0_3; \??\C:\Program Files\MSI\Super-Charger\NTIOLib.sys [X]
S3 NTIOLib_1_0_4; \??\C:\Program Files\MSI\Live Update 5\NTIOLib.sys [X]
S2 StarOpen; No ImagePath
U5 Tcpip6; C:\Windows\System32\Drivers\Tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-28 06:49 - 2015-04-28 06:49 - 00000000 ____D () C:\FRST
2015-04-26 17:14 - 2015-04-26 17:14 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-04-26 17:14 - 2015-04-26 17:14 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2015-04-25 22:19 - 2015-04-25 22:19 - 00000000 __SHD () C:\Recycled
2015-04-25 19:54 - 2015-04-25 19:54 - 00000000 ___SD () C:\ComboFix
2015-04-25 19:37 - 2015-04-25 19:37 - 00000000 __SHD () C:\FOUND.000
2015-04-25 14:21 - 2015-04-25 14:21 - 00000000 ____D () C:\Documents and Settings\Admin\Application Data\(null)
2015-04-24 23:30 - 2015-04-24 23:36 - 00000544 _____ () C:\Documents and Settings\Admin\Desktop\Legal procedure to be followed in event of Employment visa grant.txt
2015-04-23 12:49 - 2015-04-23 12:49 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Exploit
2015-04-23 12:49 - 2015-04-23 12:49 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Exploit
2015-04-23 12:49 - 2015-04-23 12:49 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes Anti-Exploit
2015-04-23 12:43 - 2015-04-23 10:52 - 02685470 _____ (Thisisu) C:\Documents and Settings\Admin\Desktop\JRT_NEW.exe
2015-04-23 12:30 - 2015-04-26 17:01 - 00120024 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-04-23 12:30 - 2015-04-23 12:30 - 00000000 ____D () C:\Documents and Settings\Admin\Desktop\mbar
2015-04-23 10:38 - 2015-04-23 10:38 - 00000000 ____D () C:\Documents and Settings\Admin\Application Data\SUPERAntiSpyware.com
2015-04-23 10:37 - 2015-04-23 10:37 - 00001620 _____ () C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
2015-04-23 10:37 - 2015-04-23 10:37 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-04-23 10:37 - 2015-04-23 10:37 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
2015-04-23 10:37 - 2015-04-23 10:37 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2015-04-23 10:28 - 2015-04-23 10:28 - 00013016 _____ () C:\Documents and Settings\Admin\Desktop\dds.txt
2015-04-23 10:28 - 2015-04-23 10:28 - 00012866 _____ () C:\Documents and Settings\Admin\Desktop\attach.txt
2015-04-23 10:24 - 2015-04-23 10:24 - 00688992 ____R (Swearware) C:\Documents and Settings\Admin\Desktop\dds.com
2015-04-23 08:14 - 2015-04-23 11:09 - 00002414 _____ () C:\Documents and Settings\Admin\Desktop\Rkill.txt
2015-04-23 08:11 - 2015-04-23 08:11 - 00000000 ____D () C:\Documents and Settings\Admin\Desktop\bleeping computer tools for malware removal
2015-04-22 23:46 - 2015-04-22 23:46 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-04-22 09:08 - 2015-04-22 09:08 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-04-18 16:07 - 2015-04-18 16:07 - 00000000 ____D () C:\Program Files\MediatekWiFi
2015-04-18 16:07 - 2015-04-18 16:07 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Mediatek Wireless
2015-04-18 16:07 - 2015-04-18 16:07 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Mediatek Driver
2015-04-18 16:07 - 2014-06-24 18:30 - 00091412 _____ () C:\WINDOWS\system32\Drivers\FW_7662.bin
2015-04-18 16:07 - 2014-06-04 22:22 - 00241296 _____ (Mediatek Inc.) C:\WINDOWS\system32\RaCoInst.dll
2015-04-18 16:07 - 2014-03-15 06:06 - 00020626 _____ () C:\WINDOWS\system32\Drivers\Patch_7662.bin
2015-04-15 09:05 - 2015-04-25 21:48 - 00000892 _____ () C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2015-04-15 07:20 - 2015-04-15 07:20 - 00000000 ____D () C:\Documents and Settings\Admin\Local Settings\Application Data\Bluestacks
2015-04-14 09:03 - 2015-04-14 09:03 - 00000786 _____ () C:\Documents and Settings\All Users\Desktop\Steganos Online Shield.lnk
2015-04-14 09:02 - 2015-04-14 09:02 - 00000000 ____D () C:\Program Files\VMNetSrv
2015-04-14 09:02 - 2015-04-14 09:02 - 00000000 ____D () C:\Documents and Settings\Admin\Application Data\Steganos VPN
2015-04-14 09:01 - 2015-04-14 09:01 - 00000000 ____D () C:\Program Files\Steganos Online Shield
2015-04-14 09:01 - 2015-04-14 09:01 - 00000000 ____D () C:\Program Files\Common Files\Steganos
2015-04-14 09:01 - 2015-04-14 09:01 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Steganos Online Shield
2015-04-14 09:01 - 2015-04-14 09:01 - 00000000 ____D () C:\Documents and Settings\Admin\Application Data\Steganos
2015-04-09 14:12 - 2015-04-09 14:12 - 00000000 ____D () C:\Documents and Settings\Admin\Application Data\Xilisoft
2015-04-09 14:11 - 2015-04-09 14:11 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Xilisoft
2015-04-09 14:10 - 2015-04-09 14:10 - 00000000 ____D () C:\Program Files\Xilisoft
2015-04-09 14:10 - 2015-04-09 14:10 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Xilisoft
2015-04-06 17:34 - 2015-04-06 17:34 - 00000000 ____D () C:\Documents and Settings\Admin\Desktop\docs to be printed for passport
2015-04-05 01:35 - 2015-04-05 01:35 - 02867098 _____ () C:\Documents and Settings\Admin\My Documents\Lost in the Labyrinth.au_house_committee_haa_overseasdoctors_report_combined
2015-04-03 23:08 - 2015-04-27 21:06 - 00004309 _____ () C:\Documents and Settings\Admin\Desktop\to do list.txt
2015-03-29 15:10 - 2015-03-29 15:10 - 00000000 ____D () C:\Linksys Driver

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-28 06:30 - 2015-02-15 08:59 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2015-04-28 06:30 - 2014-11-30 13:18 - 00000274 _____ () C:\WINDOWS\Tasks\JetBoost_AutoUpdate.job
2015-04-28 06:30 - 2014-02-13 21:35 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-28 06:30 - 2014-02-07 02:44 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-04-27 21:46 - 2015-02-15 08:59 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2015-04-27 21:46 - 2015-02-15 08:58 - 01273325 _____ () C:\WINDOWS\WindowsUpdate.log
2015-04-27 21:46 - 2015-02-15 08:58 - 00032406 _____ () C:\WINDOWS\SchedLgU.Txt
2015-04-27 21:45 - 2014-02-07 02:44 - 00000178 ___SH () C:\Documents and Settings\Admin\ntuser.ini
2015-04-27 21:17 - 2014-02-13 21:35 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-27 21:03 - 2014-03-13 13:41 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-04-27 10:08 - 2014-10-25 23:10 - 00000926 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1993962763-2025429265-1644491937-1003Core1cff07ab9a495a2.job
2015-04-27 09:37 - 2015-02-08 09:32 - 00000926 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1993962763-2025429265-1644491937-1003Core1d043549f630ac.job
2015-04-27 09:37 - 2014-11-14 09:26 - 00000926 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1993962763-2025429265-1644491937-1003Core1cfffbeedc72d1a.job
2015-04-26 23:30 - 2014-06-21 23:04 - 00000926 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1993962763-2025429265-1644491937-1003Core1cf8d7779e3b4e.job
2015-04-25 11:40 - 2014-02-09 17:33 - 00227071 _____ () C:\Documents and Settings\Admin\Desktop\newest text doc.txt
2015-04-24 00:21 - 2014-02-07 08:40 - 00000672 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2015-04-23 12:50 - 2014-08-16 10:47 - 00035064 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
2015-04-23 10:09 - 2015-02-17 09:50 - 00094355 _____ () C:\WINDOWS\setupapi.log
2015-04-18 17:00 - 2014-02-07 11:32 - 00000060 _____ () C:\WINDOWS\wpd99.drv
2015-04-18 16:15 - 2014-02-06 20:08 - 00000573 _____ () C:\WINDOWS\win.ini
2015-04-18 16:15 - 2014-02-06 20:08 - 00000227 _____ () C:\WINDOWS\system.ini
2015-04-18 16:08 - 2014-02-07 02:33 - 00559802 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-04-18 16:07 - 2014-04-19 14:13 - 00003213 _____ () C:\WINDOWS\system32\RaCoInst.log
2015-04-15 20:26 - 2014-02-07 12:02 - 125832184 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-04-15 09:05 - 2014-02-08 06:43 - 00778416 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-04-15 09:05 - 2014-02-08 06:43 - 00142512 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-04-15 07:32 - 2015-03-07 11:45 - 00000412 _____ () C:\WINDOWS\setupact.log
2015-04-09 15:23 - 2014-02-07 10:40 - 00126976 _____ () C:\Documents and Settings\Admin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-04-08 15:00 - 2014-07-02 00:08 - 00000216 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2015-04-06 15:21 - 2014-03-06 14:59 - 00002347 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
2015-03-30 22:14 - 2015-03-05 09:23 - 00003049 _____ () C:\Documents and Settings\Admin\Desktop\list of websites and job prtals applied on.txt
2015-03-29 09:08 - 2014-02-06 20:10 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl

==================== Files in the root of some directories =======

2014-07-10 11:46 - 2014-07-10 11:46 - 2174976 _____ (Advanced Micro Devices Inc.) C:\Program Files\Common Files\atimpenc.dll
2014-02-07 10:40 - 2015-04-09 15:23 - 0126976 _____ () C:\Documents and Settings\Admin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-09-17 12:51 - 2014-09-17 12:51 - 0000036 _____ () C:\Documents and Settings\Admin\Local Settings\Application Data\housecall.guid.cache
2014-09-17 15:48 - 2014-09-17 15:48 - 0155150 _____ () C:\Documents and Settings\Admin\Local Settings\Application Data\ars.cache
2014-09-17 15:48 - 2014-09-17 15:48 - 0104950 _____ () C:\Documents and Settings\Admin\Local Settings\Application Data\census.cache

Files to move or delete:
====================
C:\Documents and Settings\Admin\TempWmicBatchFile.bat


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:21 PM

Posted 02 May 2015 - 09:05 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/574595 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 vishwanath

vishwanath
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:51 PM

Posted 03 May 2015 - 03:40 AM

Hello,

Yes, I still need help !  Besides the problem I was having earlier, now I have additional issues; I get errors when I access secure sites. The error on Google Chrome is a follows " Your connection is not private

Attackers might be trying to steal your information from in.mail.yahoo.com (for example, passwords, messages, or credit cards). NET::ERR_CERT_AUTHORITY_INVALID". I get similar sites when I access the same site through IE. When I try to open FF I get a popup box saying " Couldn't load XPCOM " and I have to click ok. FF does not open at all.
 
I do not have XP CD
 
Thank you for the help :-) 
 
Here is the FRST log ----------------------------------------------------------------------------------------
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-05-2015
Ran by Admin (administrator) on COMPUTER_1 on 03-05-2015 13:56:01
Running from C:\Documents and Settings\Admin\My Documents\Downloads
Loaded Profiles: Admin (Available profiles: Admin & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\VSSERV.EXE
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Intel Corporation) C:\WINDOWS\System32\IGFXPERS.EXE
(Intel Corporation) C:\WINDOWS\System32\HKCMD.EXE
(Intel Corporation) C:\WINDOWS\System32\IGFXSRVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\BDAGENT.EXE
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe
(Mediatek Inc.) C:\Program Files\MediatekWiFi\Common\RaRegistry.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\BDWTXAG.EXE
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Steganos Software GmbH) C:\Program Files\Steganos Online Shield\OnlineShieldService.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe
(GEMTEKS) C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
(Microsoft Corporation) C:\WINDOWS\System32\OSK.exe
(Microsoft Corporation) C:\WINDOWS\System32\MSSWCHX.EXE
(Linksys) C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Farbar) C:\Documents and Settings\Admin\My Documents\Downloads\FRST (1).exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [20145368 2013-10-04] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe [1862056 2015-03-17] (Bitdefender)
HKLM\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe [2618680 2015-04-08] (Malwarebytes Corporation)
HKU\S-1-5-21-1993962763-2025429265-1644491937-1003\...\Run: [Bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe [671400 2015-02-10] (Bitdefender)
HKU\S-1-5-21-1993962763-2025429265-1644491937-1003\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6718744 2015-03-26] (SUPERAntiSpyware)
HKU\S-1-5-21-1993962763-2025429265-1644491937-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6278424 2015-04-23] (Piriform Ltd)
ShellIconOverlayIdentifiers: [__SafeBox1] -> {152C96EB-288E-4EDC-B7C6-D21F8250ADF3} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [2014-07-04] (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox2] -> {342DAA0B-D796-460D-8566-901E08A1CCAD} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [2014-07-04] (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox3] -> {57595DAE-1AE1-4D97-A49E-67CBB53B52DF} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [2014-07-04] (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox4] -> {33816773-98AE-4723-ADE0-EBE54C8B5A67} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [2014-07-04] (Bitdefender)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
BHO: No Name -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} ->  No File
BHO: No Name -> {42DFA04F-0F16-418e-B80C-AB97A5AFAD3A} ->  No File
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-08-10] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-08-10] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-1993962763-2025429265-1644491937-1003 -> No Name - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -  No File
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL [2000-04-19] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll [2014-03-06] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll [2014-03-06] (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-08] (SuperAdBlocker.com)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{6916EB48-DF0A-4723-8F68-B7D8A5577A8A}: [NameServer] 8.8.8.8,8.8.4.4
 
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\fyai4e2m.default-1392912289531
FF Homepage: hxxp://www.google.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2012-05-07] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-08-10] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-08-10] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2012-05-07] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-02-05] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-08-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1993962763-2025429265-1644491937-1003: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2012-05-07] (Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-1993962763-2025429265-1644491937-1003: @talk.google.com/GoogleTalkPlugin -> C:\Documents and Settings\Admin\Application Data\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-1993962763-2025429265-1644491937-1003: @talk.google.com/O1DPlugin -> C:\Documents and Settings\Admin\Application Data\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-1993962763-2025429265-1644491937-1003: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-08] (Google Inc.)
FF Plugin HKU\S-1-5-21-1993962763-2025429265-1644491937-1003: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-08] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL [2003-07-14] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2012-05-07] (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-08-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Admin\Application Data\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Admin\Application Data\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Extension: LastPass - C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\fyai4e2m.default-1392912289531\Extensions\support@lastpass.com [2015-04-25]
FF Extension: Adblock Edge - C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\fyai4e2m.default-1392912289531\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2015-04-25]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-02-08]
FF HKLM\...\Firefox\Extensions: [bdwteff@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\bdwteff
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender 2015\bdwteff [2015-02-08]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext
FF Extension: Bitdefender Antispam Toolbar - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext [2015-02-08]
 
Chrome: 
=======
CHR HomePage: Default -> 
CHR StartupUrls: Default -> "https://www.google.com/"
CHR Profile: C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-13]
CHR Extension: (Gmail) - C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-13]
CHR Extension: (YouTube) - C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-13]
CHR Extension: (Google Drive) - C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-13]
CHR Extension: (Google Search) - C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-13]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-13]
CHR Extension: (Adblock Plus) - C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-04-22]
CHR Extension: (BuyHatke) - C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jaehkpjddfdgiiefcnhahapilbejohhj [2014-09-08]
CHR Extension: (PriceKart) - C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\podlgdgkolggpcmpkccmpioelchkojoe [2014-09-15]
CHR Extension: (Chrome Hotword Shared Module) - C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-29]
CHR Extension: (Bookmark Manager) - C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-29]
CHR HKLM\...\Chrome\Extension: [fabcmochhfpldjekobfaaggijgohadih] - https://clients2.google.com/service/update2/crx
 
Opera: 
=======
OPR StartupUrls: "hxxp://www.google.com/"
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-07-23] (SUPERAntiSpyware.com)
S3 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender 2015\bdparentalservice.exe [69880 2014-12-09] (Bitdefender)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-08-10] (Oracle Corporation)
R2 MbaeSvc; C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe [656184 2015-04-08] (Malwarebytes Corporation)
R2 MediatekRegistryWriter; C:\Program Files\MediatekWiFi\Common\RaRegistry.exe [401040 2014-07-31] (Mediatek Inc.)
R2 Online Shield Starter Service; C:\Program Files\Steganos Online Shield\OnlineShieldService.exe [324048 2014-12-12] (Steganos Software GmbH)
S2 RalinkRegistryWriter; C:\Program Files\Ralink\Common\RaRegistry.exe [372736 2012-01-12] (Ralink Technology, Corp.) [File not signed]
S3 RaMediaServer; C:\Program Files\Ralink\Common\RaMediaServer.exe [625728 2011-08-18] ()
S4 SafeBox; C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [81704 2013-07-08] (Bitdefender)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe [54424 2014-10-27] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe [1308464 2015-03-17] (Bitdefender)
R2 WMP54Gv4SVC; "C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe" "WMP54Gv4.exe" [X]
S2 ZAPrivacyService; "C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe" [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [20747 2014-02-07] (Meetinghouse Data Communications) [File not signed]
S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
S3 anvsnddrv; C:\WINDOWS\System32\drivers\anvsnddrv.sys [32896 2011-11-28] (AnvSoft Inc.) [File not signed]
R0 avc3; C:\WINDOWS\System32\DRIVERS\avc3.sys [1083448 2015-02-10] (BitDefender)
R3 avchv; C:\WINDOWS\System32\DRIVERS\avchv.sys [243456 2015-02-10] (BitDefender)
R3 avckf; C:\WINDOWS\System32\DRIVERS\avckf.sys [548336 2015-02-10] (BitDefender)
R3 Bdfndisf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf.sys [116816 2015-02-10] (BitDefender LLC)
R1 bdftdif; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdftdif.sys [131432 2012-02-07] (BitDefender LLC)
S3 BDSandBox; C:\WINDOWS\system32\drivers\bdsandbox.sys [66832 2015-02-10] (BitDefender SRL)
R1 bdselfpr; C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys [135600 2013-07-26] (BitDefender LLC)
R1 BDVEDISK; C:\WINDOWS\System32\DRIVERS\bdvedisk.sys [72704 2012-04-17] (BitDefender)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R1 ElRawDisk; C:\WINDOWS\system32\drivers\rsdrv.sys [22312 2009-02-12] (EldoS Corporation)
R1 ESProtectionDriver; C:\Program Files\Malwarebytes Anti-Exploit\mbae.sys [47928 2015-04-08] ()
R0 gzflt; C:\WINDOWS\System32\DRIVERS\gzflt.sys [172936 2015-03-17] (BitDefender LLC)
R3 mcdbus; C:\WINDOWS\System32\DRIVERS\mcdbus.sys [116736 2009-02-24] (MagicISO, Inc.) [File not signed]
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R3 rt2870; C:\WINDOWS\System32\DRIVERS\rt2870.sys [2811536 2014-07-04] (MediaTek Inc.)
S3 RT61; C:\WINDOWS\System32\DRIVERS\RT61.sys [356096 2005-10-27] (Ralink Technology Inc.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R2 Scutum50; C:\WINDOWS\System32\Drivers\Scutum50.sys [26336 2012-10-25] (Printing Communications Assoc., Inc. (PCAUSA))
R3 tap0901; C:\WINDOWS\System32\DRIVERS\tap0901.sys [35288 2013-09-13] (The OpenVPN Project)
R0 trufos; C:\WINDOWS\System32\DRIVERS\trufos.sys [408280 2014-10-15] (BitDefender S.R.L.)
S3 V0230Vfx; C:\WINDOWS\System32\DRIVERS\V0230Vfx.sys [6272 2006-03-24] (EyePower Games Pte. Ltd.)
S3 V0230VID; C:\WINDOWS\System32\DRIVERS\V0230VID.sys [500480 2006-09-29] (Creative Technology Ltd.)
S3 andnetadb; System32\Drivers\lgandnetadb.sys [X]
S3 AndNetDiag; system32\DRIVERS\lgandnetdiag.sys [X]
S3 AndNetGps; system32\DRIVERS\lgandnetgps.sys [X]
S3 ANDNetModem; system32\DRIVERS\lgandnetmodem.sys [X]
S3 andnetndis; system32\DRIVERS\lgandnetndis.sys [X]
S3 catchme; \??\C:\DOCUME~1\Admin\LOCALS~1\Temp\catchme.sys [X]
S4 IntelIde; No ImagePath
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [74336 2013-10-08] (Kaspersky Lab ZAO)
S3 NTIOLib_1_0_3; \??\C:\Program Files\MSI\Super-Charger\NTIOLib.sys [X]
S3 NTIOLib_1_0_4; \??\C:\Program Files\MSI\Live Update 5\NTIOLib.sys [X]
S2 StarOpen; No ImagePath
U5 Tcpip6; C:\Windows\System32\Drivers\Tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-05-02 07:47 - 2015-05-02 07:47 - 00000000 __SHD () C:\Recycled
2015-04-30 06:28 - 2015-05-03 13:47 - 00125309 _____ () C:\WINDOWS\WindowsUpdate.log
2015-04-29 22:16 - 2015-04-29 22:16 - 00000000 ___SD () C:\ComboFix
2015-04-29 21:58 - 2015-04-29 21:58 - 00000000 __SHD () C:\FOUND.001
2015-04-29 19:59 - 2015-04-29 19:59 - 00000000 ____D () C:\Program Files\CCleaner
2015-04-29 19:59 - 2015-04-29 19:59 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
2015-04-29 18:48 - 2015-04-29 18:48 - 00000672 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2015-04-29 18:48 - 2015-04-29 18:48 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-04-29 07:48 - 2015-04-29 07:48 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-04-29 00:38 - 2015-04-29 00:38 - 00000000 ____D () C:\Documents and Settings\Admin\Desktop\Tor Browser
2015-04-28 06:49 - 2015-04-28 06:49 - 00000000 ____D () C:\FRST
2015-04-26 17:14 - 2015-05-02 16:15 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-04-26 17:14 - 2015-04-26 17:14 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2015-04-25 19:37 - 2015-04-25 19:37 - 00000000 __SHD () C:\FOUND.000
2015-04-25 14:21 - 2015-04-25 14:21 - 00000000 ____D () C:\Documents and Settings\Admin\Application Data\(null)
2015-04-24 23:30 - 2015-04-24 23:36 - 00000544 _____ () C:\Documents and Settings\Admin\Desktop\Legal procedure to be followed in event of Employment visa grant.txt
2015-04-23 12:49 - 2015-04-23 12:49 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Exploit
2015-04-23 12:49 - 2015-04-23 12:49 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Exploit
2015-04-23 12:49 - 2015-04-23 12:49 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes Anti-Exploit
2015-04-23 12:43 - 2015-04-23 10:52 - 02685470 _____ (Thisisu) C:\Documents and Settings\Admin\Desktop\JRT_NEW.exe
2015-04-23 12:30 - 2015-05-02 16:03 - 00120024 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-04-23 12:30 - 2015-04-23 12:30 - 00000000 ____D () C:\Documents and Settings\Admin\Desktop\mbar
2015-04-23 10:38 - 2015-04-23 10:38 - 00000000 ____D () C:\Documents and Settings\Admin\Application Data\SUPERAntiSpyware.com
2015-04-23 10:37 - 2015-04-23 10:37 - 00001620 _____ () C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
2015-04-23 10:37 - 2015-04-23 10:37 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-04-23 10:37 - 2015-04-23 10:37 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
2015-04-23 10:37 - 2015-04-23 10:37 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2015-04-23 10:28 - 2015-04-23 10:28 - 00013016 _____ () C:\Documents and Settings\Admin\Desktop\dds.txt
2015-04-23 10:28 - 2015-04-23 10:28 - 00012866 _____ () C:\Documents and Settings\Admin\Desktop\attach.txt
2015-04-23 10:24 - 2015-04-23 10:24 - 00688992 ____R (Swearware) C:\Documents and Settings\Admin\Desktop\dds.com
2015-04-23 08:14 - 2015-04-29 22:15 - 00001784 _____ () C:\Documents and Settings\Admin\Desktop\Rkill.txt
2015-04-23 08:11 - 2015-04-23 08:11 - 00000000 ____D () C:\Documents and Settings\Admin\Desktop\bleeping computer tools for malware removal
2015-04-18 16:07 - 2015-04-18 16:07 - 00000000 ____D () C:\Program Files\MediatekWiFi
2015-04-18 16:07 - 2015-04-18 16:07 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Mediatek Wireless
2015-04-18 16:07 - 2015-04-18 16:07 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Mediatek Driver
2015-04-18 16:07 - 2014-06-24 18:30 - 00091412 _____ () C:\WINDOWS\system32\Drivers\FW_7662.bin
2015-04-18 16:07 - 2014-06-04 22:22 - 00241296 _____ (Mediatek Inc.) C:\WINDOWS\system32\RaCoInst.dll
2015-04-18 16:07 - 2014-03-15 06:06 - 00020626 _____ () C:\WINDOWS\system32\Drivers\Patch_7662.bin
2015-04-15 09:05 - 2015-05-02 21:48 - 00000892 _____ () C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2015-04-15 07:20 - 2015-04-15 07:20 - 00000000 ____D () C:\Documents and Settings\Admin\Local Settings\Application Data\Bluestacks
2015-04-14 09:03 - 2015-04-14 09:03 - 00000786 _____ () C:\Documents and Settings\All Users\Desktop\Steganos Online Shield.lnk
2015-04-14 09:02 - 2015-04-14 09:02 - 00000000 ____D () C:\Program Files\VMNetSrv
2015-04-14 09:02 - 2015-04-14 09:02 - 00000000 ____D () C:\Documents and Settings\Admin\Application Data\Steganos VPN
2015-04-14 09:01 - 2015-04-14 09:01 - 00000000 ____D () C:\Program Files\Steganos Online Shield
2015-04-14 09:01 - 2015-04-14 09:01 - 00000000 ____D () C:\Program Files\Common Files\Steganos
2015-04-14 09:01 - 2015-04-14 09:01 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Steganos Online Shield
2015-04-14 09:01 - 2015-04-14 09:01 - 00000000 ____D () C:\Documents and Settings\Admin\Application Data\Steganos
2015-04-09 14:12 - 2015-04-09 14:12 - 00000000 ____D () C:\Documents and Settings\Admin\Application Data\Xilisoft
2015-04-09 14:11 - 2015-04-09 14:11 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Xilisoft
2015-04-09 14:10 - 2015-04-09 14:10 - 00000000 ____D () C:\Program Files\Xilisoft
2015-04-09 14:10 - 2015-04-09 14:10 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Xilisoft
2015-04-06 17:34 - 2015-04-06 17:34 - 00000000 ____D () C:\Documents and Settings\Admin\Desktop\docs to be printed for passport
2015-04-05 01:35 - 2015-04-05 01:35 - 02867098 _____ () C:\Documents and Settings\Admin\My Documents\Lost in the Labyrinth.au_house_committee_haa_overseasdoctors_report_combined
2015-04-03 23:08 - 2015-04-27 21:06 - 00004309 _____ () C:\Documents and Settings\Admin\Desktop\to do list.txt
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-05-03 13:53 - 2014-02-09 17:33 - 00227264 _____ () C:\Documents and Settings\Admin\Desktop\newest text doc.txt
2015-05-03 13:49 - 2015-02-15 08:59 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2015-05-03 13:48 - 2014-11-30 13:18 - 00000274 _____ () C:\WINDOWS\Tasks\JetBoost_AutoUpdate.job
2015-05-03 13:48 - 2014-02-13 21:35 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-03 13:48 - 2014-02-07 02:44 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-05-03 13:47 - 2015-02-15 08:59 - 00000048 _____ () C:\WINDOWS\wiaservc.log
2015-05-03 13:47 - 2015-02-15 08:58 - 00032442 _____ () C:\WINDOWS\SchedLgU.Txt
2015-05-03 13:46 - 2014-10-25 23:10 - 00000926 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1993962763-2025429265-1644491937-1003Core1cff07ab9a495a2.job
2015-05-03 13:46 - 2014-02-07 02:44 - 00000178 ___SH () C:\Documents and Settings\Admin\ntuser.ini
2015-05-03 13:17 - 2014-02-13 21:35 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-03 13:03 - 2014-03-13 13:41 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-05-03 09:37 - 2015-02-08 09:32 - 00000926 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1993962763-2025429265-1644491937-1003Core1d043549f630ac.job
2015-05-03 09:37 - 2014-11-14 09:26 - 00000926 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1993962763-2025429265-1644491937-1003Core1cfffbeedc72d1a.job
2015-05-02 07:13 - 2014-06-21 23:04 - 00000926 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1993962763-2025429265-1644491937-1003Core1cf8d7779e3b4e.job
2015-04-29 20:22 - 2014-08-16 10:47 - 00035064 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
2015-04-29 07:57 - 2014-02-07 10:40 - 00129536 _____ () C:\Documents and Settings\Admin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-04-18 17:00 - 2014-02-07 11:32 - 00000060 _____ () C:\WINDOWS\wpd99.drv
2015-04-18 16:15 - 2014-02-06 20:08 - 00000573 _____ () C:\WINDOWS\win.ini
2015-04-18 16:15 - 2014-02-06 20:08 - 00000227 _____ () C:\WINDOWS\system.ini
2015-04-18 16:08 - 2014-02-07 02:33 - 00559802 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-04-18 16:07 - 2014-04-19 14:13 - 00003213 _____ () C:\WINDOWS\system32\RaCoInst.log
2015-04-15 20:26 - 2014-02-07 12:02 - 125832184 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-04-15 09:05 - 2014-02-08 06:43 - 00778416 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-04-15 09:05 - 2014-02-08 06:43 - 00142512 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-04-08 15:00 - 2014-07-02 00:08 - 00000216 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2015-04-06 15:21 - 2014-03-06 14:59 - 00002347 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
 
==================== Files in the root of some directories =======
 
2014-07-10 11:46 - 2014-07-10 11:46 - 2174976 _____ (Advanced Micro Devices Inc.) C:\Program Files\Common Files\atimpenc.dll
2014-02-07 10:40 - 2015-04-29 07:57 - 0129536 _____ () C:\Documents and Settings\Admin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-09-17 12:51 - 2014-09-17 12:51 - 0000036 _____ () C:\Documents and Settings\Admin\Local Settings\Application Data\housecall.guid.cache
2014-09-17 15:48 - 2014-09-17 15:48 - 0155150 _____ () C:\Documents and Settings\Admin\Local Settings\Application Data\ars.cache
2014-09-17 15:48 - 2014-09-17 15:48 - 0104950 _____ () C:\Documents and Settings\Admin\Local Settings\Application Data\census.cache
 
Files to move or delete:
====================
C:\Documents and Settings\Admin\TempWmicBatchFile.bat
 
 
Some content of TEMP:
====================
C:\Documents and Settings\Admin\Local Settings\temp\SkypeSetup.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End Of Log ============================ 

Edited by vishwanath, 03 May 2015 - 03:43 AM.


#4 vishwanath

vishwanath
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:51 PM

Posted 06 May 2015 - 08:19 AM

Hi

It has been a while since I responded to the bot's request. I just want to know if I will get more help. Thanks

 

Vish



#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,764 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:21 PM

Posted 19 May 2015 - 08:58 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start

CreateRestorePoint:
CloseProcesses:

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
BHO: No Name -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} ->  No File
BHO: No Name -> {42DFA04F-0F16-418e-B80C-AB97A5AFAD3A} ->  No File
Toolbar: HKU\S-1-5-21-1993962763-2025429265-1644491937-1003 -> No Name - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -  No File
CHR HKLM\...\Chrome\Extension: [fabcmochhfpldjekobfaaggijgohadih] - https://clients2.google.com/service/update2/crx
R2 WMP54Gv4SVC; "C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe" "WMP54Gv4.exe" [X]
S2 ZAPrivacyService; "C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe" [X]
S3 andnetadb; System32\Drivers\lgandnetadb.sys [X]
S3 AndNetDiag; system32\DRIVERS\lgandnetdiag.sys [X]
S3 AndNetGps; system32\DRIVERS\lgandnetgps.sys [X]
S3 ANDNetModem; system32\DRIVERS\lgandnetmodem.sys [X]
S3 andnetndis; system32\DRIVERS\lgandnetndis.sys [X]
S3 catchme; \??\C:\DOCUME~1\Admin\LOCALS~1\Temp\catchme.sys [X]
S4 IntelIde; No ImagePath
S3 NTIOLib_1_0_3; \??\C:\Program Files\MSI\Super-Charger\NTIOLib.sys [X]
S3 NTIOLib_1_0_4; \??\C:\Program Files\MSI\Live Update 5\NTIOLib.sys [X]
S2 StarOpen; No ImagePath

End
Save the files as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

How is the computer running now?

#6 vishwanath

vishwanath
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:51 PM

Posted 20 May 2015 - 02:59 AM

Hi nasdaq. Thanks for your assistance. I followed the steps mentioned and here are the logs --- start CreateRestorePoint: CloseProcesses: HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION BHO: No Name -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> No File BHO: No Name -> {42DFA04F-0F16-418e-B80C-AB97A5AFAD3A} -> No File Toolbar: HKU\S-1-5-21-1993962763-2025429265-1644491937-1003 -> No Name - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - No File CHR HKLM\...\Chrome\Extension: [fabcmochhfpldjekobfaaggijgohadih] - https://clients2.google.com/service/update2/crx R2 WMP54Gv4SVC; "C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe" "WMP54Gv4.exe" [X] S2 ZAPrivacyService; "C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe" [X] S3 andnetadb; System32\Drivers\lgandnetadb.sys [X] S3 AndNetDiag; system32\DRIVERS\lgandnetdiag.sys [X] S3 AndNetGps; system32\DRIVERS\lgandnetgps.sys [X] S3 ANDNetModem; system32\DRIVERS\lgandnetmodem.sys [X] S3 andnetndis; system32\DRIVERS\lgandnetndis.sys [X] S3 catchme; \??\C:\DOCUME~1\Admin\LOCALS~1\Temp\catchme.sys [X] S4 IntelIde; No ImagePath S3 NTIOLib_1_0_3; \??\C:\Program Files\MSI\Super-Charger\NTIOLib.sys [X] S3 NTIOLib_1_0_4; \??\C:\Program Files\MSI\Live Update 5\NTIOLib.sys [X] S2 StarOpen; No ImagePath End -------------------------------------------------- # AdwCleaner v4.204 - Logfile created 20/05/2015 at 13:14:52 # Updated 12/05/2015 by Xplode # Database : 2015-05-12.2 [Server] # Operating system : Microsoft Windows XP Service Pack 3 (x86) # Username : Admin - COMPUTER_1 # Running from : C:\Documents and Settings\Admin\My Documents\Downloads\adwcleaner_4.204.exe # Option : Cleaning ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\Documents and Settings\Admin\Application Data\Solvusoft [!] Folder Deleted : C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jaehkpjddfdgiiefcnhahapilbejohhj [!] Folder Deleted : C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\podlgdgkolggpcmpkccmpioelchkojoe File Deleted : C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_jaehkpjddfdgiiefcnhahapilbejohhj_0.localstorage File Deleted : C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_jaehkpjddfdgiiefcnhahapilbejohhj_0.localstorage-journal File Deleted : C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_podlgdgkolggpcmpkccmpioelchkojoe_0.localstorage File Deleted : C:\WINDOWS\system32\roboot.exe File Deleted : C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\fyai4e2m.default-1392912289531\invalidprefs.js ***** [ Scheduled tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKCU\Software\Squeaky ***** [ Web browsers ] ***** -\\ Internet Explorer v8.0.6001.18702 -\\ Mozilla Firefox v38.0.1 (x86 en-US) -\\ Google Chrome v42.0.2311.152 [C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms} [C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms} [C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : jaehkpjddfdgiiefcnhahapilbejohhj [C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : podlgdgkolggpcmpkccmpioelchkojoe -\\ Comodo Dragon v [C:\Documents and Settings\Admin\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Preferences] - Deleted [Extension] : cmaiofennmphjldldcpphcechfnnohja [C:\Documents and Settings\Admin\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Preferences] - Deleted [Extension] : aaaalipaokhkccgmgkdglfinfnfhflko -\\ Opera v0.0.0.0 ************************* AdwCleaner[R2].txt - [3094 bytes] - [20/05/2015 13:12:05] AdwCleaner[S2].txt - [3057 bytes] - [20/05/2015 13:14:52] ########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [3116 bytes] ########## ------------------------------------------------------------------------------------------ I still get "This Connection is Untrusted" - I understand the risks -message on some websites. I cannot seem to replicate or single out which websites I get the message but almost every time when it happens, it seems to happen at the time of making a payment using a credit card on the very last step, and that kinda raises a red flag. Besides that my PC works ok. I appreciate your assistance. Best Regards Vish

#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,764 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:21 PM

Posted 20 May 2015 - 08:39 AM





I still get "This Connection is Untrusted" - I understand the risks -message on some websites

Is the time and date correct on your computer?
==

Since you are using FireFox look at this topic.

https://support.mozilla.org/en-US/kb/connection-untrusted-error-message#w_bypassing-the-warning

Hope it helps.

p.s.
You can also consider removing and re-installing Firefox.

Remove Firefox using the instructions one this page.
https://support.mozilla.org/en-US/kb/uninstall-firefox-from-your-computer

Before proceeding save your Bookmarks.
https://support.mozilla.org/en-US/kb/export-firefox-bookmarks-to-backup-or-transfer

Install the latest version of the application.

You can then import them to the new version of Firefox.

Firefox Password manager -
Remember, delete and change saved passwords in Firefox
https://support.mozilla.org/en-US/kb/password-manager-remember-delete-change-passwords
<<<>>>

#8 vishwanath

vishwanath
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:51 PM

Posted 20 May 2015 - 11:27 AM

Hi

The date and time on my PC are correct. I checked the https://support.mozilla.org/en-US/kb/connection-untrusted-error-message#w_bypassing-the-warning site but as I mentioned it does not happen in the same site every time , sometimes it happens sometimes not. This is one of the links that it very often happens - https://nationalinsuranceindia.nic.co.in/portal/page/portal/Corporate/Home --- its happening right now on FF. The strange thing is that the same link opens without errors on Chrome. I followed the steps Error code: sec_error_unknown_issuer and this did not fix the issue.

Am I right in concluding without doubt that because the site opens without errors on Chrome, my FF is the the culprit?

Another new observation I made just now , I did a search for fixlist.txt and instead of listing just 1 file, the search box listed the exact file about 160 times. I have taken screen shot

Thanks again for your help

Best Regards
Vish

#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,764 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:21 PM

Posted 20 May 2015 - 12:44 PM

Another new observation I made just now , I did a search for fixlist.txt and instead of listing just 1 file, the search box listed the exact file about 160 times. I have taken screen shot

Strange I never seen this.

Run the Farbar tool and remove the application.

===

Firefox:
Reset Default Browsing settings:
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-problems?utm_expid=65912487-41.djHNRQY0RhaLvvtvcd0BQA.2&utm_referrer=https%3A%2F%2Fwww.google.ca%2F
===

If that fails to correct the problem remove Firefox using the instructions one this page.
https://support.mozilla.org/en-US/kb/uninstall-firefox-from-your-computer

Before proceeding save your Bookmarks.
https://support.mozilla.org/en-US/kb/export-firefox-bookmarks-to-backup-or-transfer

Install the latest version of the application.

You can then import them to the new version of Firefox.

Firefox Password manager -
Remember, delete and change saved passwords in Firefox
https://support.mozilla.org/en-US/kb/password-manager-remember-delete-change-passwords
<<<>>>

Keep me posted.

#10 vishwanath

vishwanath
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:51 PM

Posted 20 May 2015 - 10:08 PM

Hi, I ran the farbar tool and clicked 'ok' to restart pc. It finished smoothly but I tried searching for the file again and the searches do once again show numerous files. Also reinstalled FF after uninstalling it , the same situation persists, that link - https://nationalinsuranceindia.nic.co.in/portal/page/portal/Corporate/Home throws a untrusted connection error while it opens ok on Chrome. I have not deleted /changed passwords in FF. Is it mandatory to do that step? Thanks Nasdaq Vish

#11 nasdaq

nasdaq

  • Malware Response Team
  • 38,764 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:21 PM

Posted 21 May 2015 - 06:52 AM

It may be caused by a bad cookie.

Check it out.

https://support.mozilla.org/en-US/questions/971055

#12 vishwanath

vishwanath
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:51 PM

Posted 21 May 2015 - 10:53 AM

Hi Followed steps at that link; started in safe mode , cleared cache and cookies. No go. I don't really want to add the website in the exception because that defeats the purpose of security. An update: besides Chrome, the site opens without errors on IE. I am afraid that I am unable to give you positive feedback from my Troubleshooting steps. Any thoughts on the phenomenon of the same file showing up 160 times on search ? Thanks Vish

#13 nasdaq

nasdaq

  • Malware Response Team
  • 38,764 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:21 PM

Posted 21 May 2015 - 01:49 PM

Run the Farbar tool and search for the fixlist.txt file.

Save the file and post it for my review.

I have no problems is reaching the site with Firefox or Chrome.

Creating a new profile may the the way to go.

https://support.mozilla.org/en-US/kb/profile-manager-create-and-remove-firefox-profiles

#14 vishwanath

vishwanath
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:51 PM

Posted 23 May 2015 - 10:45 PM

Hi

Here is the copy of the log----------------------

Fix result of Farbar Recovery Scan Tool (x86) Version: 22-05-2015 01
Ran by Admin at 2015-05-24 09:02:01 Run:3
Running from C:\Documents and Settings\Admin\My Documents\Downloads
Loaded Profiles: Admin (Available Profiles: Admin & Administrator)
Boot Mode: Normal

==============================================

fixlist content:
*****************
start

CreateRestorePoint:
CloseProcesses:

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
BHO: No Name -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} ->  No File
BHO: No Name -> {42DFA04F-0F16-418e-B80C-AB97A5AFAD3A} ->  No File
Toolbar: HKU\S-1-5-21-1993962763-2025429265-1644491937-1003 -> No Name - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -  No File
CHR HKLM\...\Chrome\Extension: [fabcmochhfpldjekobfaaggijgohadih] - https://clients2.google.com/service/update2/crx
R2 WMP54Gv4SVC; "C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe" "WMP54Gv4.exe" [X]
S2 ZAPrivacyService; "C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe" [X]
S3 andnetadb; System32\Drivers\lgandnetadb.sys [X]
S3 AndNetDiag; system32\DRIVERS\lgandnetdiag.sys [X]
S3 AndNetGps; system32\DRIVERS\lgandnetgps.sys [X]
S3 ANDNetModem; system32\DRIVERS\lgandnetmodem.sys [X]
S3 andnetndis; system32\DRIVERS\lgandnetndis.sys [X]
S3 catchme; \??\C:\DOCUME~1\Admin\LOCALS~1\Temp\catchme.sys [X]
S4 IntelIde; No ImagePath
S3 NTIOLib_1_0_3; \??\C:\Program Files\MSI\Super-Charger\NTIOLib.sys [X]
S3 NTIOLib_1_0_4; \??\C:\Program Files\MSI\Live Update 5\NTIOLib.sys [X]
S2 StarOpen; No ImagePath

End
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1DAC0C53-7D23-4AB3-856A-B04D98CD982A} => key not found.
HKCR\CLSID\{1DAC0C53-7D23-4AB3-856A-B04D98CD982A} => key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{42DFA04F-0F16-418e-B80C-AB97A5AFAD3A} => key not found.
HKCR\CLSID\{42DFA04F-0F16-418e-B80C-AB97A5AFAD3A} => key not found.
HKU\S-1-5-21-1993962763-2025429265-1644491937-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1DAC0C53-7D23-4AB3-856A-B04D98CD982A} => Value not found.
HKCR\CLSID\{1DAC0C53-7D23-4AB3-856A-B04D98CD982A} => key not found.
HKLM\SOFTWARE\Google\Chrome\Extensions\fabcmochhfpldjekobfaaggijgohadih => key not found.
WMP54Gv4SVC => Service not found.
ZAPrivacyService => Service not found.
andnetadb => Service not found.
AndNetDiag => Service not found.
AndNetGps => Service not found.
ANDNetModem => Service not found.
andnetndis => Service not found.
catchme => Service not found.
IntelIde => Service not found.
NTIOLib_1_0_3 => Service not found.
NTIOLib_1_0_4 => Service not found.
StarOpen => Service not found.


The system needed a reboot.

==== End of Fixlog 09:02:14 ====

 

 

I have decided to use Chrome or IE to access that site securely, so I was thinking if we can put the unsecured connection error in the back burner for now because creating new profile didnt help.

Can you please help check why I am getting so many entries in search for the same file?

 

Thanks

Vish



#15 nasdaq

nasdaq

  • Malware Response Team
  • 38,764 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:21 PM

Posted 24 May 2015 - 06:50 AM

If the FRST log is correct you are running the Farbar tool from this Downloads folder.
Running from C:\Documents and Settings\Admin\My Documents\Downloads

Delete the .exe file.


Download the latest version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

p.s. Make sure you place the file on your Desktop.

Run it normally and post a fresh FRST log.

Also, search for a file as you previously did and post the resultant log for my review.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users