Jump to content

chequebook

Honorary Members
 View Profile  See their activity

  • Posts

    41

  • Joined

  • Last visited

 Content Type 

Everything posted by chequebook

  1. chequebook
    MrC, Many thanks for your help. After rebooting I was able to DL Security Check Results of screen317's Security Check version 0.99.85 Windows XP Service Pack 3 x86 Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Microsoft Security Essentials Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` SpywareBlaster 5.0 Spybot - Search & Destroy CCleaner ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe Spybot Teatimer.exe is disabled! Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe Malwarebytes Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C:: 2% ````````````````````End of Log``````````````````````
  2. chequebook
    MrC Unable to connect. Internet Explorer cannot display the webpage.
  3. chequebook
    MrC scan Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 6/30/2014 Scan Time: 8:00:50 PM Logfile: mbam-history-30.06.2014.txt Administrator: Yes Version: 2.00.2.1012 Malware Database: v2014.07.01.01 Rootkit Database: v2014.06.30.01 License: Premium Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows XP Service Pack 3 CPU: x86 File System: NTFS User: Leo Hordyk III Scan Type: Threat Scan Result: Completed Objects Scanned: 292886 Time Elapsed: 5 min, 30 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) mbam-history-30.06.2014.txt
  4. chequebook
    MrC... 1) JRT results of YES to reboot now. Scan was run after no reboot to see if results changed. A bad module has been detected! A reboot is require to remove modules. Press "y" to reboot now Press "n" to reboot later Reboot now? [y,n] 2) JRT Results with NO to reboot later ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.4 (04.06.2014:1) OS: Microsoft Windows XP x86 Ran by Leo Hordyk III on Mon 06/30/2014 at 17:58:29.78 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Mon 06/30/2014 at 18:01:14.84 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  5. chequebook
    MrC, I ran JRT 4 times pressed "y" to remove modules, rebooted, and each reboot received blank dosbox. Press any key to continue... Creating a registry backup Checking Startup Checking Modules A bad module has been detected! A reboot is require to remove modules. Press "y" to reboot now Press "n" to reboot later Reboot now? [y,n] The 5th time I pressed "n" to reboot later. Results... ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.4 (04.06.2014:1) OS: Microsoft Windows XP x86 Ran by Leo Hordyk III on Mon 06/30/2014 at 14:55:38.23 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Mon 06/30/2014 at 15:02:12.71 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  6. chequebook
    MrC, I'm confused, Registry is the only place with information, everything else has blank information? # AdwCleaner v3.214 - Report created 30/06/2014 at 13:52:44 # Updated 29/06/2014 by Xplode # Operating System : Microsoft Windows XP Service Pack 3 (32 bits) # Username : Leo Hordyk III - LEO3 # Running from : C:\Documents and Settings\Leo Hordyk III\Desktop\AdwCleaner.exe # Option : Scan ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Found : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}] Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}] ***** [ Browsers ] ***** -\\ Internet Explorer v8.0.6001.18702 -\\ Google Chrome v [ File : C:\Documents and Settings\Leo Hordyk III\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [2299 octets] - [30/06/2014 13:52:44] ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [2359 octets] ##########
  7. chequebook
    MrC FRST and Addition FRST.txt Addition.txt
  8. chequebook
    MrC Results attached TDSSKiller.3.0.0.39_30.06.2014_12.15.11_log.txt TDSSKiller.3.0.0.39_30.06.2014_12.18.12_log.txt ComboFix.txt
  9. chequebook
    MrC Hello, thank you RogueKiller V9.1.0.0 [Jun 23 2014] by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://www.adlice.com Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version Started in : Normal mode User : Leo Hordyk III [Admin rights] Mode : Scan -- Date : 06/30/2014 11:01:19 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 8 ¤¤¤ [PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 71.9.127.107 68.116.46.115 69.144.127.53 -> FOUND [PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 71.9.127.107 68.116.46.115 69.144.127.53 -> FOUND [PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 71.9.127.107 68.116.46.115 69.144.127.53 -> FOUND [PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{309009FF-87DC-4C12-A5EA-C01386CC42A6} | DhcpNameServer : 71.9.127.107 68.116.46.115 69.144.127.53 -> FOUND [PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{309009FF-87DC-4C12-A5EA-C01386CC42A6} | DhcpNameServer : 71.9.127.107 68.116.46.115 69.144.127.53 -> FOUND [PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{309009FF-87DC-4C12-A5EA-C01386CC42A6} | DhcpNameServer : 71.9.127.107 68.116.46.115 69.144.127.53 -> FOUND [PUM.StartMenu] HKEY_USERS\S-1-5-21-419336428-1721064354-3771444642-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRecentDocs : 2 -> FOUND [PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ HOSTS File : 0 [Too big!] ¤¤¤ ¤¤¤ Antirootkit : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: WDC WD800ADFS-75SLR2 +++++ --- User --- [MBR] 80e82f9aa2a24c45d9c80ce8145cbfd2 [bSP] 11d467b9f31927f29d49c85858b51038 : Windows XP MBR Code Partition table: 0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 86 MB 1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 176715 | Size: 76191 MB User = LL1 ... OK User = LL2 ... OK
  10. chequebook
    Hello, April of this year we switched to to Malwarebytes Premium 2.0.2.102. Today during maintenance I changed detection & protection, scanned rootkits for the first time. To my surprise discovered Trojan.Sirdef.c Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:28-06-2014 02 Ran by Leo Hordyk III (administrator) on LEO3 on 30-06-2014 09:09:11 Running from C:\Documents and Settings\Leo Hordyk III\Desktop Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States) Internet Explorer Version 8 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe (Logitech Inc.) C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE () C:\WINDOWS\system32\WLTRYSVC.EXE (Dell Inc.) C:\WINDOWS\system32\BCMWLTRY.EXE (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Logitech Inc.) C:\Program Files\SetPoint\SetPoint.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe (Logitech Inc.) C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.exe (Intel Corporation) C:\Program Files\Intel\ASF Agent\ASFAgent.exe (Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe (Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.3.132.0\SeaPort.EXE (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2010-09-08] (Apple Inc.) HKLM\...\Run: [Acrobat Synchronizer] => C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [738776 2011-08-30] (Adobe Systems Incorporated) HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation) HKLM\...\Run: [sDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [3825176 2012-11-13] (Safer-Networking Ltd.) Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.) Winlogon\Notify\LBTWlgn: c:\program files\common files\logitech\bluetooth\LBTWlgn.dll (Logitech Inc.) Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X] HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dll ATTENTION! ====> ZeroAccess? HKU\.DEFAULT\...\RunOnce: [RunNarrator] - C:\WINDOWS\system32\Narrator.exe [53760 2008-04-13] (Microsoft Corporation) HKU\S-1-5-21-419336428-1721064354-3771444642-1008\...\RunOnce: [FlashPlayerUpdate] - C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe [699400 2013-01-20] (Adobe Systems Incorporated) HKU\S-1-5-21-419336428-1721064354-3771444642-1008\...\MountPoints2: {08dd1416-00a2-11df-84f4-001fe2c9ce19} - F:\qkm.exe HKU\S-1-5-21-419336428-1721064354-3771444642-1008\...409d6c4515e9\InprocServer32: [Default-shell32] shell32.dll ATTENTION! ====> ZeroAccess? Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SetPoint.lnk ShortcutTarget: SetPoint.lnk -> C:\Program Files\SetPoint\SetPoint.exe (Logitech Inc.) BootExecute: autocheck autochk * sdnclean.exe ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us-smb HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8 HKCU\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 URLSearchHook: HKCU - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) StartMenuInternet: IEXPLORE.EXE - iexplore.exe SearchScopes: HKCU - {06F87639-D7E7-450F-AF34-3CE3FDBF9D5F} URL = http://delicious.com/search?p={searchTerms} SearchScopes: HKCU - {40645E71-7B9D-44A3-AFB2-44F0A70AB210} URL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie8 SearchScopes: HKCU - {6979EC2B-16B5-4A30-BE3C-CBA01BC4C89A} URL = http://rover.ebay.com/rover/1/711-43047-14818-1/4?satitle={searchTerms} SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = SearchScopes: HKCU - {9D09B558-E15F-440C-85E4-7B075E84527A} URL = http://www.flickr.com/search/?q={searchTerms} BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) BHO: No Name - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.) BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.) BHO: No Name - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc) Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.) Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation) DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 71.9.127.107 68.116.46.115 69.144.127.53 FireFox: ======== FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-04-20] Chrome: ======= CHR HomePage: hxxp://www.google.com/ CHR RestoreOnStartup: "hxxp://www.google.com/" CHR DefaultSearchKeyword: yahoo.com CHR DefaultSearchProvider: Yahoo! CHR DefaultSearchURL: http://search.yahoo.com/search?ei={inputEncoding}&fr=crmas&p={searchTerms} CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\19.0.1084.52\pdf.dll No File CHR Plugin: (Google Gears 0.5.33.0) - C:\Program Files\Google\Chrome\Application\19.0.1084.52\gears.dll No File CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\19.0.1084.52\gcswf32.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.) CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation) CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.)) CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation) CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll No File CHR Plugin: (Shockwave for Director) - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.0.50917.0\npctrl.dll No File CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) CHR Plugin: (Default Plug-in) - default_plugin No File CHR Extension: (YouTube) - C:\Documents and Settings\Leo Hordyk III\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-01-04] CHR Extension: (Google Search) - C:\Documents and Settings\Leo Hordyk III\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-01-04] CHR Extension: (Gmail) - C:\Documents and Settings\Leo Hordyk III\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-01-04] ========================== Services (Whitelisted) ================= R2 ASFAgent; C:\Program Files\Intel\ASF Agent\ASFAgent.exe [133968 2007-01-23] (Intel Corporation) R2 btwdins; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [266295 2006-11-29] (Broadcom Corporation.) [File not signed] S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2008-07-07] (Macrovision Europe Ltd.) [File not signed] R2 LBTServ; C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE [110592 2007-12-03] (Logitech Inc.) [File not signed] R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation) S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation) R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.) S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.) S3 usprserv; C:\WINDOWS\System32\svchost.exe [14336 2008-04-13] (Microsoft Corporation) R2 wltrysvc; C:\WINDOWS\System32\bcmwltry.exe [1253376 2007-03-02] (Dell Inc.) [File not signed] ==================== Drivers (Whitelisted) ==================== S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation) S3 AsfAlrt; C:\WINDOWS\system32\Drivers\AsfAlrt.sys [42832 2007-01-23] (Intel Corporation) R1 BANTExt; C:\WINDOWS\System32\Drivers\BANTExt.sys [3840 2008-02-27] () [File not signed] R3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [604928 2006-10-11] (Broadcom Corporation) R3 btaudio; C:\WINDOWS\System32\drivers\btaudio.sys [329901 2006-12-03] (Broadcom Corporation.) R3 BTDriver; C:\WINDOWS\System32\DRIVERS\btport.sys [30459 2006-12-03] (Broadcom Corporation.) R3 BTKRNL; C:\WINDOWS\System32\DRIVERS\btkrnl.sys [863402 2006-12-03] (Broadcom Corporation.) R3 btwhid; C:\WINDOWS\System32\DRIVERS\btwhid.sys [47907 2006-12-03] (Broadcom Corporation.) R3 BTWUSB; C:\WINDOWS\System32\Drivers\btwusb.sys [67672 2006-12-03] (Broadcom Corporation.) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [110296 2014-06-30] (Malwarebytes Corporation) R0 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation) R1 MpKsla007a9d5; c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1B2BFA80-ABEE-4E29-8C99-AC2AB39B1630}\MpKsla007a9d5.sys [39464 2014-06-29] (Microsoft Corporation) R3 SenFiltService; C:\WINDOWS\System32\drivers\Senfilt.sys [392960 2007-09-24] (Sensaura) S3 EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys [X] S3 npkcusb; \??\C:\Nexon\MapleStory\npkcusb.sys [X] U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation) U5 Sdbus; C:\Windows\System32\Drivers\Sdbus.sys [79232 2008-04-13] (Microsoft Corporation) U1 WS2IFSL; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-06-30 09:09 - 2014-06-30 09:09 - 00016622 _____ () C:\Documents and Settings\Leo Hordyk III\Desktop\FRST.txt 2014-06-30 09:08 - 2014-06-30 09:09 - 00000000 ____D () C:\FRST 2014-06-30 09:07 - 2014-06-30 09:07 - 01073664 _____ (Farbar) C:\Documents and Settings\Leo Hordyk III\Desktop\FRST.exe 2014-06-08 15:47 - 2014-06-08 15:47 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk ==================== One Month Modified Files and Folders ======= 2014-06-30 09:09 - 2014-06-30 09:09 - 00016622 _____ () C:\Documents and Settings\Leo Hordyk III\Desktop\FRST.txt 2014-06-30 09:09 - 2014-06-30 09:08 - 00000000 ____D () C:\FRST 2014-06-30 09:09 - 2008-07-11 11:55 - 00000000 ____D () C:\Documents and Settings\Leo Hordyk III\Local Settings\Temp 2014-06-30 09:07 - 2014-06-30 09:07 - 01073664 _____ (Farbar) C:\Documents and Settings\Leo Hordyk III\Desktop\FRST.exe 2014-06-30 08:58 - 2009-10-21 14:51 - 00000902 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2014-06-30 08:31 - 2013-01-13 00:31 - 00000000 ____D () C:\Program Files\SpywareBlaster 2014-06-30 08:31 - 2008-10-27 13:21 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\TEMP 2014-06-30 08:24 - 2014-04-28 10:43 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-06-30 08:19 - 2009-08-24 16:39 - 00000440 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{00D35F47-D1D6-4EBB-8639-DED41170F6A8}.job 2014-06-30 08:19 - 2004-08-11 15:07 - 00595844 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2014-06-30 03:34 - 2004-08-11 15:20 - 00032362 _____ () C:\WINDOWS\SchedLgU.Txt 2014-06-29 22:30 - 2010-11-07 15:45 - 00000187 _____ () C:\WINDOWS\hpbafd.ini 2014-06-29 15:18 - 2013-01-15 12:40 - 01911092 _____ () C:\WINDOWS\WindowsUpdate.log 2014-06-29 15:16 - 2004-08-11 15:20 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Temp 2014-06-29 15:12 - 2014-04-03 10:10 - 00000384 ____H () C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job 2014-06-29 12:58 - 2009-10-21 14:51 - 00000898 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2014-06-27 10:36 - 2004-08-11 15:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl 2014-06-27 10:35 - 2014-03-07 11:21 - 00000240 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job 2014-06-27 10:35 - 2013-01-13 01:31 - 00524288 _____ () C:\WINDOWS\system32\config\SpybotSD.evt 2014-06-27 10:35 - 2013-01-13 01:31 - 00000620 _____ () C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job 2014-06-27 10:35 - 2009-12-02 10:16 - 00000236 _____ () C:\WINDOWS\Tasks\OGALogon.job 2014-06-27 10:35 - 2009-02-16 13:21 - 00000159 _____ () C:\WINDOWS\wiadebug.log 2014-06-27 10:35 - 2009-02-16 13:21 - 00000049 _____ () C:\WINDOWS\wiaservc.log 2014-06-27 10:35 - 2008-07-11 11:55 - 00000178 ___SH () C:\Documents and Settings\Leo Hordyk III\ntuser.ini 2014-06-27 10:35 - 2008-07-11 11:55 - 00000000 ____D () C:\Documents and Settings\Leo Hordyk III 2014-06-27 10:35 - 2004-08-11 15:20 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-06-26 18:45 - 2010-11-18 16:43 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job 2014-06-25 14:53 - 2013-01-13 01:31 - 00000616 _____ () C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job 2014-06-25 14:52 - 2013-01-13 01:31 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2 2014-06-25 14:52 - 2004-08-11 15:20 - 00000000 __SHD () C:\Documents and Settings\NetworkService 2014-06-12 10:03 - 2013-08-14 10:03 - 00000000 ____D () C:\WINDOWS\system32\MRT 2014-06-12 10:03 - 2008-07-07 15:47 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help 2014-06-12 10:01 - 2008-09-11 16:33 - 92708840 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2014-06-08 15:47 - 2014-06-08 15:47 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk 2014-06-08 15:47 - 2014-04-28 10:42 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware 2014-06-08 15:47 - 2014-04-28 10:42 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware 2014-06-08 15:46 - 2014-03-07 11:21 - 00000234 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job Files to move or delete: ==================== C:\Documents and Settings\911\mbam-setup-1.70.0.1100.exe C:\Documents and Settings\Leo Hordyk III\jagex_runescape_preferences.dat C:\Documents and Settings\Leo Hordyk III\jagex_runescape_preferences2.dat ==================== Bamital & volsnap Check ================= C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x86) Version:28-06-2014 02 Ran by Leo Hordyk III at 2014-06-30 09:09:43 Running from C:\Documents and Settings\Leo Hordyk III\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Microsoft Security Essentials (Disabled - Up to date) {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} ==================== Installed Programs ====================== 2007 Microsoft Office system (HKLM\...\PROHYBRIDR) (Version: 12.0.6612.1000 - Microsoft Corporation) Adobe Acrobat 8 Standard (Version: 8.3.1 - Adobe Systems) Hidden Adobe Acrobat 8.3.1 - CPSID_83708 (HKLM\...\Adobe Acrobat 8 Standard_831) (Version: - Adobe Systems Incorporated) Adobe Acrobat 8.3.1 Standard (HKLM\...\Adobe Acrobat 8 Standard) (Version: 8.3.1 - Adobe Systems) Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) (Version: 8.1.2 - Adobe Systems, Inc) Hidden Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.5.502.146 - Adobe Systems Incorporated) Adobe Shockwave Player 11.5 (HKLM\...\Adobe Shockwave Player) (Version: 11.5.1.601 - Adobe Systems, Inc.) Apple Application Support (HKLM\...\{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}) (Version: 1.3.2 - Apple Inc.) Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) ATI Catalyst Control Center (HKLM\...\{87841AF8-C785-42FF-A76E-CC0F0C2816CC}) (Version: 1.2.2735.37383 - ) Belarc Advisor 8.1 (HKLM\...\Belarc Advisor) (Version: - ) Bing Bar (HKLM\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation) Browser Address Error Redirector (HKLM\...\{62230596-37E5-4618-A329-0D21F529A86F}) (Version: 1.00.0000 - Dell) Business Contact Manager for Outlook 2007 SP2 (HKLM\...\Business Contact Manager) (Version: 3.0.8619.1 - Microsoft Corporation) Business Contact Manager for Outlook 2007 SP2 (Version: 3.0.8619.1 - Microsoft Corporation) Hidden CCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform) CDDRV_Installer (Version: 1.00.0000 - Logitech Inc.) Hidden Citrix Presentation Server Client (HKLM\...\{42ACCB45-3363-47E0-94E9-F0074CC8BC56}) (Version: 10.150.58643 - Citrix Systems, Inc.) Critical Update for Windows Media Player 11 (KB959772) (HKLM\...\KB959772_WM11) (Version: - Microsoft Corporation) Dell ETS Factory Installation (Version: 1.0.0 - Dell Inc.) Hidden Dell Wireless WLAN Card (HKLM\...\Broadcom 802.11b Network Adapter) (Version: 4.100.15.8 - Dell Inc.) ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - ) Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden High Definition Audio Driver Package - KB835221 (HKLM\...\KB835221WXP) (Version: 20040219.000000 - Microsoft Corporation) Image Resizer Powertoy for Windows XP (HKLM\...\{1CB92574-96F2-467B-B793-5CEB35C40C29}) (Version: 1.00.0001 - Microsoft Corporation) InstallIQ Updater (HKLM\...\{8E5E3330-6746-4A1D-A6BA-043E4D437A59}) (Version: 1.2.0.0 - W3i, LLC) Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - ) Intel® PRO Alerting Agent (HKLM\...\{53183B25-FBDC-4B95-856A-DCDD69DFEE18}) (Version: 12.0.2 - Intel Corporation) Intel® PRO Network Connections 12.1.12.4 (HKLM\...\{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}) (Version: - Dell) iSqFt Full Viewer V4.01 (HKLM\...\{19A71C4F-94D9-44EA-AC98-FF8A045273AB}) (Version: - ) KhalSetup (Version: 3.22.50 - Logitech) Hidden Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) MFCLOC (Version: 1.00.0000 - Dell Inc.) Hidden Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - ) Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version: - ) Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - ) Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version: - ) Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation) Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation) Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation) Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden Microsoft Automated Troubleshooting Services Shim (HKLM\...\{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb) (Version: - ) Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation) Microsoft Fix it Center (HKLM\...\{B7588D45-AFDC-4C93-9E2E-A100F3554B64}) (Version: 1.0.0100 - Microsoft Corporation) Microsoft Internationalized Domain Names Mitigation APIs (Version: - Microsoft Corporation) Hidden Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 (Version: - Microsoft Corporation) Hidden Microsoft National Language Support Downlevel APIs (Version: - Microsoft Corporation) Hidden Microsoft Office 2003 Web Components (HKLM\...\{90A40409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation) Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Professional Hybrid 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Small Business Connectivity Components (HKLM\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation) Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation) Microsoft Software Update for Web Folders (English) 12 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation) Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) (Version: 9.4.5000.00 - Microsoft Corporation) Hidden Microsoft SQL Server Native Client (HKLM\...\{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}) (Version: 9.00.5000.00 - Microsoft Corporation) Microsoft SQL Server Setup Support Files (English) (HKLM\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation) Microsoft SQL Server VSS Writer (HKLM\...\{E7084B89-69E0-46B3-A118-8F99D06988CD}) (Version: 9.00.5000.00 - Microsoft Corporation) Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) MSN (HKLM\...\MSNINST) (Version: - ) MSXML 6 Service Pack 2 (KB973686) (HKLM\...\{56EA8BC0-3751-4B93-BC9D-6651CC36E5AA}) (Version: 6.20.2003.0 - Microsoft Corporation) NTREGOPT 1.1j (HKLM\...\NTREGOPT_is1) (Version: - Lars Hederer) OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden Pando Media Booster (HKLM\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.3.1.3 - Pando Networks Inc.) PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.0 - Dell) QuickTime (HKLM\...\{E7004147-2CCA-431C-AA05-2AB166B9785D}) (Version: 7.68.75.0 - Apple Inc.) SearchAssist (HKLM\...\SearchAssist) (Version: - ) SetPoint (HKLM\...\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}) (Version: 3.22 - Logitech) Speccy (HKLM\...\Speccy) (Version: 1.25 - Piriform) Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.0.12 - Safer-Networking Ltd.) SpywareBlaster 5.0 (HKLM\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC) Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation) Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft) Update for Microsoft Office Access 2007 Help (KB963663) (HKLM\...\{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version: - Microsoft) Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version: - Microsoft) Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version: - Microsoft) Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version: - Microsoft) Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version: - Microsoft) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2881065) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{B7EF38F7-1D58-4085-A9A4-0F6C69A5AA1E}) (Version: - Microsoft) Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version: - Microsoft) Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM\...\{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version: - Microsoft) Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft) Update for Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version: - Microsoft) Update for Windows Internet Explorer 8 (KB2447568) (HKLM\...\KB2447568-IE8) (Version: 1 - Microsoft Corporation) Update for Windows Internet Explorer 8 (KB2632503) (HKLM\...\KB2632503-IE8) (Version: 1 - Microsoft Corporation) Update for Windows Internet Explorer 8 (KB968220) (HKLM\...\KB968220-IE8) (Version: 1 - Microsoft Corporation) Update for Windows Internet Explorer 8 (KB976662) (HKLM\...\KB976662-IE8) (Version: 1 - Microsoft Corporation) Update for Windows Internet Explorer 8 (KB976749) (HKLM\...\KB976749-IE8) (Version: 1 - Microsoft Corporation) Update for Windows Internet Explorer 8 (KB980182) (HKLM\...\KB980182-IE8) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2492386) (HKLM\...\KB2492386) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2541763) (HKLM\...\KB2541763) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2607712) (HKLM\...\KB2607712) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2616676) (HKLM\...\KB2616676) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2641690) (HKLM\...\KB2641690) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation) Update for Windows XP (KB2718704) (HKLM\...\KB2718704) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB951072-v2) (HKLM\...\KB951072-v2) (Version: 2 - Microsoft Corporation) Update for Windows XP (KB951978) (HKLM\...\KB951978) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB955839) (HKLM\...\KB955839) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB967715) (HKLM\...\KB967715) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB971737) (HKLM\...\KB971737) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation) WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden WIDCOMM Bluetooth Software (HKLM\...\{84814E6B-2581-46EC-926A-823BD1C670F6}) (Version: 5.1.0.2700 - Logitech) Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation) Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation) Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation) Windows Imaging Component (HKLM\...\WIC) (Version: 3.0.0.0 - Microsoft Corporation) Windows Installer 3.1 (KB893803) (HKLM\...\KB893803v2) (Version: - Microsoft Corporation) Windows Internet Explorer 7 (Version: 20070813.185237 - Microsoft Corporation) Hidden Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation) Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - ) Windows Media Format 11 runtime (Version: - Microsoft Corporation) Hidden Windows Media Format SDK Hotfix - KB891122 (Version: - Microsoft Corporation) Hidden Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - ) Windows Media Player 11 (Version: - Microsoft Corporation) Hidden Windows PowerShell 1.0 (HKLM\...\KB926139-v2) (Version: 2 - Microsoft Corporation) Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation) Yahoo! Toolbar (HKLM\...\Yahoo! Companion) (Version: - ) ==================== Restore Points ========================= 22-06-2014 04:43:22 System Checkpoint 22-06-2014 21:53:06 Software Distribution Service 3.0 23-06-2014 03:58:03 Software Distribution Service 3.0 23-06-2014 21:52:07 Software Distribution Service 3.0 24-06-2014 03:58:01 Software Distribution Service 3.0 24-06-2014 21:52:43 Software Distribution Service 3.0 25-06-2014 03:58:11 Software Distribution Service 3.0 25-06-2014 21:52:24 Software Distribution Service 3.0 26-06-2014 03:58:14 Software Distribution Service 3.0 26-06-2014 21:52:12 Software Distribution Service 3.0 27-06-2014 03:57:29 Software Distribution Service 3.0 27-06-2014 22:14:17 Software Distribution Service 3.0 28-06-2014 17:47:02 Software Distribution Service 3.0 28-06-2014 22:13:33 Software Distribution Service 3.0 29-06-2014 17:47:07 Software Distribution Service 3.0 29-06-2014 22:13:34 Software Distribution Service 3.0 ==================== Hosts content: ========================== 2004-08-11 15:00 - 2014-05-07 04:38 - 00450781 ____R C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 www.100sexlinks.com 127.0.0.1 100sexlinks.com 127.0.0.1 10sek.com 127.0.0.1 www.10sek.com 127.0.0.1 123topsearch.com 127.0.0.1 www.123topsearch.com 127.0.0.1 132.com 127.0.0.1 www.132.com 127.0.0.1 www.136136.net 127.0.0.1 136136.net 127.0.0.1 163ns.com 127.0.0.1 www.163ns.com 127.0.0.1 171203.com 127.0.0.1 17-plus.com There are 1000 more lines. ==================== Scheduled Tasks (whitelisted) ============= Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe Task: C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job => c:\Program Files\Microsoft Security Client\MpCmdRun.exe Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe Task: C:\WINDOWS\Tasks\OGALogon.job => C:\WINDOWS\system32\OGAEXEC.exe Task: C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe Task: C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{00D35F47-D1D6-4EBB-8639-DED41170F6A8}.job => C:\WINDOWS\system32\msfeedssync.exe ==================== Loaded Modules (whitelisted) ============= 2008-07-07 15:44 - 2006-10-25 17:48 - 00020480 _____ () C:\WINDOWS\System32\WLTRYSVC.EXE 2008-07-07 15:44 - 2006-10-25 17:48 - 00757760 _____ () C:\WINDOWS\System32\bcm1xsup.dll 2013-01-13 01:31 - 2012-11-13 15:06 - 00528288 _____ () C:\Program Files\Spybot - Search & Destroy 2\JSDialogPack150.bpl 2013-01-13 01:31 - 2012-11-13 15:06 - 00108960 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl 2013-01-13 01:31 - 2012-11-13 15:06 - 00416160 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl 2013-01-13 01:31 - 2012-11-13 15:06 - 00158624 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl 2013-01-13 01:31 - 2012-11-13 15:06 - 00554400 _____ () C:\Program Files\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl 2013-01-13 01:31 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 ==================== Safe Mode (whitelisted) =================== ==================== EXE Association (whitelisted) ============= ==================== MSCONFIG/TASK MANAGER disabled items ========= ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (05/03/2014 10:26:14 AM) (Source: Microsoft Office 12) (EventID: 5000) (User: ) Description: EventType offdiag12, P1 b115f4a7-5437-46ce-816b-f74208e67eaaca8e355a-24da-4849-a292-28308e76f824, P2 NIL, P3 NIL, P4 NIL, P5 NIL, P6 NIL, P7 NIL, P8 NIL, P9 offdiag120, P10 offdiag121. Error: (04/23/2014 05:17:31 PM) (Source: Application Hang) (EventID: 1001) (User: ) Description: Fault bucket 1180947459. Error: (04/23/2014 05:17:29 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error: (04/23/2014 04:03:02 PM) (Source: Application Error) (EventID: 1001) (User: ) Description: Fault bucket 177526749. The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected. Error: (04/23/2014 04:02:59 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module mshtml.dll, version 8.0.6001.23580, fault address 0x001a5275. Processing media-specific event for [iexplore.exe!ws!] Error: (04/23/2014 04:02:01 PM) (Source: Application Hang) (EventID: 1001) (User: ) Description: Fault bucket 1180947459. Error: (04/23/2014 04:01:56 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error: (04/18/2014 04:33:04 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error: (04/16/2014 10:16:01 PM) (Source: MPSampleSubmission) (EventID: 5000) (User: ) Description: EventType mptelemetry, P1 2152759308, P2 unspecified, P3 scanfile, P4 4.5.216.0, P5 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P6 unspecified, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1. Error: (04/16/2014 03:09:02 PM) (Source: MPSampleSubmission) (EventID: 5000) (User: ) Description: EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P2 4.5.216.0, P3 timeout, P4 1.1.10501.0, P5 fixed, P6 4 _ 2049+, P7 5 _ not boot, P8 NIL, P9 mptelemetry0, P10 mptelemetry1. System errors: ============= Error: (06/29/2014 03:13:47 PM) (Source: Microsoft Antimalware) (EventID: 2041) (User: ) Description: The support for your operating system has expired. Running %%860 on an out of support operating system is not an adequate solution to protect against threats. Error: (06/29/2014 03:13:47 PM) (Source: Microsoft Antimalware) (EventID: 2041) (User: ) Description: The support for your operating system has expired. Running %%860 on an out of support operating system is not an adequate solution to protect against threats. Error: (06/29/2014 03:12:31 PM) (Source: Microsoft Antimalware) (EventID: 2041) (User: ) Description: The support for your operating system has expired. Running %%860 on an out of support operating system is not an adequate solution to protect against threats. Error: (06/29/2014 10:47:24 AM) (Source: Microsoft Antimalware) (EventID: 2041) (User: ) Description: The support for your operating system has expired. Running %%860 on an out of support operating system is not an adequate solution to protect against threats. Error: (06/29/2014 10:47:24 AM) (Source: Microsoft Antimalware) (EventID: 2041) (User: ) Description: The support for your operating system has expired. Running %%860 on an out of support operating system is not an adequate solution to protect against threats. Error: (06/29/2014 10:45:58 AM) (Source: Microsoft Antimalware) (EventID: 2041) (User: ) Description: The support for your operating system has expired. Running %%860 on an out of support operating system is not an adequate solution to protect against threats. Error: (06/29/2014 10:45:57 AM) (Source: Microsoft Antimalware) (EventID: 2041) (User: ) Description: The support for your operating system has expired. Running %%860 on an out of support operating system is not an adequate solution to protect against threats. Error: (06/28/2014 06:44:35 PM) (Source: PlugPlayManager) (EventID: 11) (User: ) Description: The device Root\LEGACY_MPKSL67241785\0000 disappeared from the system without first being prepared for removal. Error: (06/28/2014 03:13:46 PM) (Source: Microsoft Antimalware) (EventID: 2041) (User: ) Description: The support for your operating system has expired. Running %%860 on an out of support operating system is not an adequate solution to protect against threats. Error: (06/28/2014 03:13:46 PM) (Source: Microsoft Antimalware) (EventID: 2041) (User: ) Description: The support for your operating system has expired. Running %%860 on an out of support operating system is not an adequate solution to protect against threats. Microsoft Office Sessions: ========================= Error: (01/28/2009 00:56:14 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 368 seconds with 360 seconds of active time. This session ended with a crash. ==================== Memory info =========================== Percentage of memory in use: 36% Total physical RAM: 3069.54 MB Available physical RAM: 1946.87 MB Total Pagefile: 4954.55 MB Available Pagefile: 4023.99 MB Total Virtual: 2047.88 MB Available Virtual: 1935.43 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:74.41 GB) (Free:52.02 GB) NTFS ==>[Drive with boot components (Windows XP)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows XP) (Size: 75 GB) (Disk ID: 41AB2316) Partition 1: (Not Active) - (Size=86 MB) - (Type=DE) Partition 2: (Active) - (Size=74 GB) - (Type=07 NTFS) ==================== End Of Log ============================
  11. chequebook
    Hi Maniac, Problem not fixed. I got 3 redirects, Antivirus Microsoft Security Essentials suddenlty stopped and was blocked. I quickly started Malwarebytes scan 1 item found before scan finished taskbar items started disappearing, IE explorer shut down. Safe Mode reboot Black Screen, cursor over Start shows Programs Empty, Adminstrative Tools Empty, Recycle Bin is only item on Desktop. :-(
  12. chequebook
    Hi Maniac, I did as you suggested, sent another inquiry to Dr. Web Sir Vladimir Martyanov, I have a Win XP Pro computer. I have followed instructions given to me by Malwarebytes.org Forum. ( http://forums.malwarebytes.org/index.php?showtopic=114579 ) I have given you the results of the 3 runs, and the commandline params used. I can tell you each instruction that Malwarebytes.org has instructed me to do. ALL FOLDERS that has a file in it have gotten the file "HOW TO DECRYPT FILES.txt" in it. File types, doc, docx, xls, xlsx, txt, pdf, html, htm, jpg, gif, png, mp3, etc. have gotten the "EnCiPhErEd" extension behind it (filename.EnCiPhErEd) The Ransomeware has disabled Microsoft Security Essentials AV. The Ransomeware has affected important critical system files. Documents and Settings i386 Program Files WINDOWS Administrative Tools Do I understand you correct to go into ALL FOLDERS, delete all decrypted files and start the tool again? The third run decrypted 27754 files. Thank you for you help. his short reply: Do you need wrongly decrypted files? If no you should delete them and start the tool with the right key.
  13. chequebook
    Every Folder that has a file in it have gotten the file "HOW TO DECRYPT FILES.txt" in it. doc, docx, xls, xlsx, txt, pdf, html, htm, jpg, gif, png, mp3, etc have gotten the "EnCiPhErEd" extension behind it (filename.EnCiPhErEd) Documents and Settings i386 Program Files WINDOWS Administrative Tools WINDOWS folder, Administrative Tools folder, i386 folder, Does this mean that I have to go thru every folder to delete, possible 28,000 + files?
  14. chequebook
    Maniac, Update I went to drweb, filled out the form. Submitted a encrypted file. Described what the problem is. I used your tool (te94decrypt.exe), using the command C:\te94decrypt.exe -k 85 Did not decrypt my files. The result of the first run decrypted 28173 files. The result of the second run decrypted 27754 files. There has been no positive results from both scans. Dr. Web instructions: Vladimir Martyanov, a virus analyst from Dr.Web instructions: Download ftp://ftp.drweb.com/pub/drweb/tools/te94decrypt.exe Start it with commandline params -k 153 Report to the Police. Sent Vladimir run result of third run: First run decrypted 28173 files commandline C:\te94decrypt.exe -k 85 Second run decripted 27754 files commandline C:\te94decrypt.exe -k 85 Third run decrypted 26779 files commandline C:\te94decrypt.exe -k 153 Third run 4 files, keeps the original filename encrypted , filename.EnCiPhErEd, filename.(0) encrypted, filename.(1) opens. Vladimir reply: Vladimir Martyanov You have this problem beacause you tried to use our tool before our advice. You should delete all decrypted files and start the tool again. Report to your LOCAL police.
  15. chequebook
    Hi Maniac, Some progress doc Word was unable to read this document. It may be corrupt. Cannot open & Repair. .doc(0)Word was unable to read this document. It may be corrupt. Cannot open & Repair. .doc(1) Word doc opens, and is good. .doc.EnCiPhErEd Word was unable to read this document. I me be corrupt. Cannot open & Repair. .pdf There was an error opening this document. The file is damaged and could not be repaired. .pdf(0) Windows cannot open this file .pdf(1) Windows cannot open this file .pdf.EnCiPhErEd opened encryped .xls Excel found unreadable content. .txt opens in EditPad Pro editor looks like foreign language .txt(0) Windows cannot open this file, Select the program from a list, attempt to open in txt editor, encrypted file. .txt(1) Windows cannot open this file. When I used Select the program from a list. Opened in EditPad Pro text editor, and good. .txt.EnCiPhErd, encrypted file. Do you want me to check all file types and give you a summary. Thank you again.
  16. chequebook
    Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Database version: v2012.08.22.07 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Roberta :: JOYCE [administrator] 8/22/2012 1:19:13 PM mbam-log-2012-08-22 (13-19-13).txt Scan type: Full scan (C:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 357894 Time elapsed: 32 minute(s), 52 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  17. chequebook
    Rkill 2.3.0 by Lawrence Abrams (Grinler) http://www.bleepingcomputer.com/ Copyright 2008-2012 BleepingComputer.com More Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html Program started at: 08/22/2012 01:15:16 PM in x86 mode. Windows Version: Windows XP Service Pack 3 Checking for Windows services to stop. * No malware services found to stop. Checking for processes to terminate. * C:\WINDOWS\System32\bcmwltry.exe (PID: 1848) [WD-HEUR] * C:\WINDOWS\system32\WLTRAY.exe (PID: 248) [WD-HEUR] 2 proccesses terminated! Checking Registry for malware related settings. * No issues found in the Registry. Resetting .EXE, .COM, & .BAT associations in the Windows Registry. * HKLM\Software\Classes\.com "@" has been changed to ComFile! * HKLM\Software\Classes\.com "@"was reset to comfile! Performing miscellaneous checks. * Windows Firewall Disabled [HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] "EnableFirewall" = dword:00000000 * Windows Firewall Disabled [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = dword:00000000 Checking Windows Service Integrity: * DHCP Client (Dhcp) is not Running. Startup Type set to: Automatic * RpcSs => %SystemRoot%\system32\svchost.exe -k rpcss [incorrect ImagePath] Searching for Missing Digital Signatures: * C:\WINDOWS\System32\drivers\mqac.sys [NoSig] +-> C:\WINDOWS\$hf_mig$\KB937894\SP2QFE\mqac.sys : 72,960 : 07/06/2007 00:52 AM : d92fce6729ee150a15a7cdbc433f390e [Pos Repl] +-> C:\WINDOWS\$hf_mig$\KB971032\SP2QFE\mqac.sys : 91,776 : 06/22/2009 00:30 AM : 9229e191fe206628be17d1e67a5faed9 [Pos Repl] +-> C:\WINDOWS\$NtUninstallKB971032$\mqac.sys : 72,960 : 07/06/2007 00:05 AM : 157a32ddc6a019a4e31b19d604d2f127 [Pos Repl] +-> C:\WINDOWS\ServicePackFiles\i386\mqac.sys : 92,544 : 04/13/2008 00:39 AM : 70c14f5cca5cf73f8a645c73a01d8726 [Pos Repl] +-> C:\WINDOWS\system32\dllcache\mqac.sys : 91,776 : 06/22/2009 00:48 AM : eee50bf24caeedb515a8f3b22756d3bb [Pos Repl] Program finished at: 08/22/2012 01:15:41 PM Execution time: 0 hours(s), 0 minute(s), and 25 seconds(s)
  18. chequebook
    Maniac, I want to make sure you know that Malwarebytes is already installed. Malwarebytes 1.62.0.1300 Current database version: v2012.08.22.05 Fingerprints loaded: 313891 Quarantine total items: 25 My concern is the 25 items currently in Quarantine do not escape. Please confirm that you want me to also install Malwarebytes on desktop?
  19. chequebook
    Maniac, I used tool (te94decrypt.exe), using the command C: \ te94decrypt.exe -k 153 Did not decrypt my files. The result of the first run decrypted 28173 files. The result of the second run decrypted 27754 files. The result of the third run decrypted 26779 files. There has been one positive result from third scan. I now have 4 of the same files in Word, PDF, Text, jpg, html Original File Name.doc, Type Microsoft Office Word Document Original File Name.doc(0), Type DOC(0) File Original File Name.doc.EnCiPhErEd, Type ENCIPHERED File Original File Name.doc(1), Type DOC(1) File I can open this file extension. I cannot open txt, docx, xls, pdf, jpg, html Do you know how I contact the police at drweb.com? Thank you,
  20. chequebook
    Yikes sorry typo :-( I am scanning with commandlilne params -k 153 Maniac, I submitted file and received this response Scanning now, with commandline params -K185 Download ftp://ftp.drweb.com/pub/drweb/tools/te94decrypt.exe Start it with commandline params -k 153 Report to the Police
  21. chequebook
    Maniac, I submitted file and received this response Scanning now, with commandline params -K185 Download ftp://ftp.drweb.com/pub/drweb/tools/te94decrypt.exe Start it with commandline params -k 153 Report to the Police.
  22. chequebook
    Scanned decrypted 27754 files (My 1st scan 28173) I now have 3 of the same files in Word, PDF, Text, jpg, html Original File Name.doc, Type Microsoft Office Word Document Original File Name.doc(0), Type DOC(0) File Original File Name.doc.EnCiPhErEd, Type ENCIPHERED File
  23. chequebook
    Maniac, Previous Instructions...The link you posted is? Malware prevention reference by Maurice Naggar "Fot those interested in security and malware prevention { I expect all of us here }, I want to recommend a reference I just recently found. It has the typical heads-up tips, but has the added benefit of having some excellent screen captures / screen snipets ! The one I believe you will find most interesting, is the tab on "Scareware". The screen captures are the added benefit if you've not seen similar ones before. The resource main page is at http://www.malwarevault.com/index.html See the tab "Scareware" http://www.malwareva.../scareware.html and the tab "Prevention Tips" http://www.malwareva...prevention.html I find it well organized. What do you think? I expect most of our regulars here already know the Qs and Ps already. But even so, hopefully some will find the screen snippets of benefit."
  24. chequebook
    Hi Maniac, Thank you for your support in continuing to help me resolve what is wrong with my pc. The link you referred me to requires a un-encrypted file, and an encrypted couterpart for the scan to be able to run. When I open un-encrypted Word doc, Word was unable to read, also tried to do Open and Repair and did not work. Also un-encrypted text, and PDF files are corrupt. I tried several files and did not find one that is not corrupt. Please give me further instruction, I don't know what to do. Thank you, 1.Download the Sophos Ransomware Decrypter Tool: http://downloads.sophos.com/misc/RansomDecrypter.zip 2.Extract the contents of the Zip file into a folder of your choice. A file called RansomDecrypter.exe will be extracted. 3.Launch the application RansomDecrypter.exe, read and accept the End-User License Agreement. 4.Click Start Scan, this will prompt you to locate a copy of an un-encrypted file that is larger than 4KB. Once the file has been located and selected click Open. Note: The file you choose must also have an encrypted counterpart for the scan to be able to run. 5.The next prompt will ask for a copy of the same file selected previously but in an encrypted state, this file will normally follow the format of locked-<original filename>.<random 4 character extension>. Once located, click Open once again. 6.If successful, another prompt will appear, click OK. 7.Select a location where you would like the tool to scan for encrypted files, if you are unsure where the files are, you should start with the C: drive under My Computer. Note: The tool will intentionally skip locations where the malware does not encrypt files. 8.On completion a summary will appear stating how many files were scanned and how many were unlocked. A log file with the results is also created in the same location as the tool as RansomDecrypter-1.0.0.3-YYYY-MM-DD_HH_MM.txt.
  25. chequebook
    <p><font face="Courier New">Hi Maniac,</font></p> <p><font face="Courier New">Thank you for your support in continuing to help me resolve what is wrong with my pc.</font></p> <p><font face="Courier New">The link you referred me to requires a un-encrypted file, and an encrypted couterpart for the scan to be able to run.<br /> When I open un-encrypted Word doc, Word was unable to read, also tried to do Open and Repair and did not work.<br /> Also un-encrypted text, and un-encrypted PDF files are corrupt. I tried several files and did not find one that is not corrupt. Please give me further instruction, I don't know what to do.</font></p> <p><font face="Courier New">Thank you, </font></p> <p> </p> <ol> <li>Download the Sophos Ransomware Decrypter Tool:<br /> <a href="http://downloads.sophos.com/misc/RansomDecrypter.zip">http://downloads.sophos.com/misc/RansomDecrypter.zip</a></li> <li>Extract the contents of the Zip file into a folder of your choice.<br /> A file called <code>RansomDecrypter.exe</code> will be extracted.</li> <li>Launch the application <code>RansomDecrypter.exe</code>, read and accept the End-User License Agreement.</li> <li>Click Start Scan, this will prompt you to locate a copy of an un-encrypted file that is larger than 4KB. Once the file has been located and selected click Open.<br /> <strong>Note: The file you choose must also have an encrypted counterpart for the scan to be able to run.</strong></li> <li>The next prompt will ask for a copy of the same file selected previously but in an encrypted state, this file will normally follow the format of<code> locked-<original filename>.<random 4 character extension></code>. Once located, click Open once again.</li> <li>If successful, another prompt will appear, click OK.</li> <li>Select a location where you would like the tool to scan for encrypted files, if you are unsure where the files are, you should start with the C: drive under My Computer.<br /> <strong>Note: The tool will intentionally skip locations where the malware does not encrypt files.</strong></li> <li>On completion a summary will appear stating how many files were scanned and how many were unlocked. A log file with the results is also created in the same location as the tool as <code>RansomDecrypter-1.0.0.3-YYYY-MM-DD_HH_MM.txt</code></li> </ol>
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.