Jump to content

Recommended Posts

Hi Guys;

I just wanted to take a moment and thank you for your help in this matter. My Sony vaio with vista biz os has picked up the white screen virus. I am able to go into safe mode and ran antimalwarebytes which did remove one pup. adbundle. I then went into safemode with command prompt and entered explorere in and under run i ran %appdata%. this showed only two programs i was not familer with in addition to the folders. They were other.ico and other.res. I did not remove them as I was not sure of there use and what was using them. So i contacted you and ran dds and here are the two logs from that scan.

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Business 
Boot Device: \Device\HarddiskVolume1
Install Date: 10/19/2012 7:03:55 PM
System Uptime: 11/25/2013 12:52:47 PM (1 hours ago)
.
Motherboard: Sony Corporation |  | VAIO
Processor: Intel® Core2 Duo CPU     P7350  @ 2.00GHz | N/A | 1994/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 363.4 GiB free.
D: is FIXED (NTFS) - 0 GiB total, 0.093 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.7)
ATI Catalyst Install Manager
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility64
CCC Help English
EasyBCD 2.0
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel PROSet Wireless
Intel® PROSet/Wireless WiFi Software
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Security Client
Microsoft Security Essentials
Microsoft Visual C++ 2005 Redistributable (x64)
Mozilla Firefox 24.0 (x86 en-US)
Mozilla Maintenance Service
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188)
Setting Utility Series
Skins
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
VAIO Control Center
VAIO Event Service
VAIO Power Management
.
==== End Of File ===========================
 
and now for the next one
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 MINIMAL
Internet Explorer: 9.0.8112.16520
Run by user1 at 13:25:10 on 2013-11-25
Microsoft® Windows Vista™ Business   6.0.6002.2.1252.1.1033.18.4062.3518 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\explorer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uWinlogon: Shell = explorer.exe,C:\Users\user1\AppData\Roaming\Other.res
mWinlogon: Userinit = userinit.exe,
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{A3C70DDE-03FC-40DF-87CC-FBEE092B6204} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{EB68EF47-9B73-4C42-9A99-8C3683C035F9} : DHCPNameServer = 192.168.0.1
Notify: VESWinlogon - VESWinlogon.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [Windows Defender] C:\Program Files (x86)\Windows Defender\MSASCui.exe -hide
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-mPolicies-Explorer: NoActiveDesktop = dword:1
x64-mPolicies-Explorer: NoActiveDesktopChanges = dword:1
x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
x64-mPolicies-System: EnableUIADesktopToggle = dword:0
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\w2z6ldcr.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll
.
============= SERVICES / DRIVERS ===============
.
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\System32\drivers\SFEP.sys [2012-10-20 11392]
S0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-9-27 248240]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
S2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 134944]
S2 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2012-10-20 411496]
S3 NETw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw5v64.sys [2008-8-28 4745216]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-7-20 1022632]
S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk60x64.sys [2012-10-20 391680]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-4-11 89920]
.
=============== File Associations ===============
.
FileExt: .js: JSFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
.
==================== Find3M  ====================
.
2013-11-23 07:07:14 94720 ----a-r- C:\Users\user1\AppData\Roaming\Other.res
2013-11-19 10:21:41 267936 ------w- C:\Windows\System32\MpSigStub.exe
2013-11-14 09:00:37 82896128 ----a-w- C:\Windows\System32\mrt.exe
2013-10-13 15:58:41 17847296 ----a-w- C:\Windows\System32\mshtml.dll
2013-10-13 15:09:57 10926080 ----a-w- C:\Windows\System32\ieframe.dll
2013-10-13 14:55:42 2334720 ----a-w- C:\Windows\System32\jscript9.dll
2013-10-13 14:48:43 1346560 ----a-w- C:\Windows\System32\urlmon.dll
2013-10-13 14:47:43 1392128 ----a-w- C:\Windows\System32\wininet.dll
2013-10-13 14:46:53 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-10-13 14:46:27 237056 ----a-w- C:\Windows\System32\url.dll
2013-10-13 14:44:28 85504 ----a-w- C:\Windows\System32\jsproxy.dll
2013-10-13 14:42:38 816640 ----a-w- C:\Windows\System32\jscript.dll
2013-10-13 14:42:36 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-10-13 14:42:11 599040 ----a-w- C:\Windows\System32\vbscript.dll
2013-10-13 14:39:50 2147840 ----a-w- C:\Windows\System32\iertutil.dll
2013-10-13 14:38:57 729088 ----a-w- C:\Windows\System32\msfeeds.dll
2013-10-13 14:36:11 96768 ----a-w- C:\Windows\System32\mshtmled.dll
2013-10-13 14:35:12 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-10-13 14:29:31 248320 ----a-w- C:\Windows\System32\ieui.dll
2013-10-13 10:42:12 12344832 ----a-w- C:\Windows\SysWow64\mshtml.dll
2013-10-13 10:08:04 9739264 ----a-w- C:\Windows\SysWow64\ieframe.dll
2013-10-13 09:48:06 1806848 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-10-13 09:37:03 1104896 ----a-w- C:\Windows\SysWow64\urlmon.dll
2013-10-13 09:35:52 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-10-13 09:35:38 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-10-13 09:33:57 231936 ----a-w- C:\Windows\SysWow64\url.dll
2013-10-13 09:32:00 65024 ----a-w- C:\Windows\SysWow64\jsproxy.dll
2013-10-13 09:30:20 717824 ----a-w- C:\Windows\SysWow64\jscript.dll
2013-10-13 09:30:14 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-10-13 09:29:02 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-10-13 09:27:43 607744 ----a-w- C:\Windows\SysWow64\msfeeds.dll
2013-10-13 09:27:40 1796096 ----a-w- C:\Windows\SysWow64\iertutil.dll
2013-10-13 09:26:08 73216 ----a-w- C:\Windows\SysWow64\mshtmled.dll
2013-10-13 09:25:39 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-10-13 09:20:51 176640 ----a-w- C:\Windows\SysWow64\ieui.dll
2013-10-11 04:23:42 462848 ----a-w- C:\Windows\System32\IKEEXT.DLL
2013-10-11 04:23:21 781824 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
2013-10-11 02:07:57 596480 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
2013-10-08 19:51:37 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-08 19:51:37 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-10-03 15:03:41 389632 ----a-w- C:\Windows\System32\gdi32.dll
2013-10-03 15:02:58 1278976 ----a-w- C:\Windows\System32\crypt32.dll
2013-10-03 12:46:36 304128 ----a-w- C:\Windows\SysWow64\gdi32.dll
2013-10-03 12:45:45 993792 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-09-27 15:53:06 248240 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2013-09-27 15:53:06 134944 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2013-09-04 02:31:51 404992 ----a-w- C:\Windows\System32\drivers\afd.sys
2013-08-29 07:48:37 2775552 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 13:25:58.65 ===============
 
I look forward to your reply.
Sincerely
Michael Gulsby

 

Link to post
Share on other sites

Welcome to the forum, see if you can do this:

Please download Farbar Recovery Scan Tool and save it to a folder. (use correct version for your system.....Which system am I using?)

Please make sure you click download buttons that look like this, not "sponsored ad links":

bleep-crop.jpg

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
MrC
Link to post
Share on other sites

Here are the post Mr. C. Thanks for getting back with me so quickly.

M.

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-11-2013 01
Ran by user1 at 2013-11-25 20:18:01
Running from C:\Users\user1\Desktop
Boot Mode: Safe Mode (minimal)
==========================================================
 
 
==================== Security Center ========================
 
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
 
==================== Installed Programs ======================
 
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Adobe Reader X (10.1.7) (x32 Version: 10.1.7)
ATI Catalyst Install Manager (Version: 3.0.710.0)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center Core Implementation (x32 Version: 2009.0302.2147.39080)
Catalyst Control Center Graphics Full Existing (x32 Version: 2009.0302.2147.39080)
Catalyst Control Center Graphics Full New (x32 Version: 2009.0302.2147.39080)
Catalyst Control Center Graphics Light (x32 Version: 2009.0302.2147.39080)
Catalyst Control Center Graphics Previews Common (x32 Version: 2009.0302.2147.39080)
Catalyst Control Center Graphics Previews Vista (x32 Version: 2009.0302.2147.39080)
Catalyst Control Center InstallProxy (x32 Version: 2009.0302.2147.39080)
Catalyst Control Center Localization All (x32 Version: 2009.0302.2147.39080)
CCC Help English (x32 Version: 2009.0302.2146.39080)
ccc-core-static (x32 Version: 2009.0302.2147.39080)
ccc-utility64 (Version: 2009.0302.2147.39080)
EasyBCD 2.0 (x32 Version: 2.0)
Google Chrome (x32 Version: 31.0.1650.57)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0)
Google Toolbar for Internet Explorer (x32 Version: 7.5.4601.54)
Google Update Helper (x32 Version: 1.3.21.165)
Intel PROSet Wireless
Intel® PROSet/Wireless WiFi Software (Version: 12.01.1000)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Office PowerPoint Viewer 2007 (English) (x32 Version: 12.0.6612.1000)
Microsoft Security Client (Version: 4.4.0304.0)
Microsoft Security Essentials (Version: 4.4.304.0)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Mozilla Firefox 24.0 (x86 en-US) (x32 Version: 24.0)
Mozilla Maintenance Service (x32 Version: 24.0)
Setting Utility Series (x32 Version: 4.3.0.14120)
Skins (x32 Version: 2009.0302.2147.39080)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
VAIO Control Center (x32 Version: 3.3.0.12240)
VAIO Event Service (x32 Version: 4.3.0.13190)
VAIO Power Management (x32 Version: 3.3.0.12190)
 
==================== Restore Points  =========================
 
17-10-2013 05:07:10 Scheduled Checkpoint
19-10-2013 22:08:22 Windows Update
22-10-2013 05:00:00 Scheduled Checkpoint
26-10-2013 03:09:10 Windows Update
27-10-2013 05:00:00 Scheduled Checkpoint
28-10-2013 05:00:01 Scheduled Checkpoint
29-10-2013 05:00:00 Scheduled Checkpoint
29-10-2013 14:49:07 Windows Update
30-10-2013 05:00:01 Scheduled Checkpoint
31-10-2013 05:00:01 Scheduled Checkpoint
01-11-2013 05:00:00 Scheduled Checkpoint
02-11-2013 05:00:01 Scheduled Checkpoint
02-11-2013 14:49:07 Windows Update
03-11-2013 05:00:00 Scheduled Checkpoint
04-11-2013 06:01:54 Scheduled Checkpoint
05-11-2013 06:00:01 Scheduled Checkpoint
05-11-2013 23:57:58 Windows Update
07-11-2013 06:00:01 Scheduled Checkpoint
08-11-2013 06:00:00 Scheduled Checkpoint
09-11-2013 06:00:01 Scheduled Checkpoint
09-11-2013 23:58:43 Windows Update
11-11-2013 06:00:01 Scheduled Checkpoint
12-11-2013 06:00:01 Scheduled Checkpoint
13-11-2013 08:51:48 Scheduled Checkpoint
13-11-2013 23:58:56 Windows Update
14-11-2013 09:00:12 Windows Update
15-11-2013 06:00:00 Scheduled Checkpoint
16-11-2013 06:00:01 Scheduled Checkpoint
17-11-2013 22:04:32 Windows Update
19-11-2013 06:00:01 Scheduled Checkpoint
19-11-2013 09:00:10 Windows Update
20-11-2013 06:00:00 Scheduled Checkpoint
21-11-2013 06:00:01 Scheduled Checkpoint
23-11-2013 00:03:33 Windows Update
 
==================== Hosts content: ==========================
 
2006-11-02 06:34 - 2006-09-18 15:37 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {0B2D5B3F-9FB6-4082-9F0F-B186F82535AB} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => C:\Windows\System32\pla.dll [2008-01-20] (Microsoft Corporation)
Task: {0E75AB6C-7583-40A7-A812-E00FF3DEC1A6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-12] (Google Inc.)
Task: {21AC5EB5-B0FF-4668-908D-2F7F8BB40CD6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-08] (Adobe Systems Incorporated)
Task: {556ED8B7-D2D0-453F-97C1-D84C33838F20} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\System32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
Task: {66E11425-1D54-4324-BF69-29840D864FF2} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {76ADA224-6A7D-4E7A-BE9C-D5D51A5FB701} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {97B1B3CA-47D6-4D2B-903C-2652048D0033} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-12] (Google Inc.)
Task: {F37610AF-F823-4108-81D4-5B2E7546F5F8} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {FF53BC52-F368-4962-9C27-0DB2DFB9032C} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\System32\gatherWirelessInfo.vbs [2008-01-20] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="1"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "UseAlternateShell"="1"
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/25/2013 08:10:42 PM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
 
Error: (11/25/2013 01:22:10 PM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
 
Error: (11/25/2013 00:51:48 PM) (Source: EventSystem) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
 
Error: (11/25/2013 00:51:31 PM) (Source: Application Error) (User: )
Description: Faulting application Explorer.EXE, version 6.0.6002.18005, time stamp 0x49e02a1e, faulting module ntdll.dll, version 6.0.6002.18881, time stamp 0x51da3d16, exception code 0xc0000005, fault offset 0x00000000000180b0,
process id 0xce0, application start time 0xExplorer.EXE0.
 
Error: (11/25/2013 11:22:00 AM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
 
Error: (11/23/2013 07:43:25 AM) (Source: EventSystem) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
 
Error: (11/23/2013 01:19:33 AM) (Source: EventSystem) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
 
Error: (11/23/2013 01:09:09 AM) (Source: Application Error) (User: )
Description: Faulting application Explorer.EXE, version 6.0.6002.18005, time stamp 0x49e02a1e, faulting module ntdll.dll, version 6.0.6002.18881, time stamp 0x51da3d16, exception code 0xc0000005, fault offset 0x0000000000046dda,
process id 0xfa24, application start time 0xExplorer.EXE0.
 
Error: (11/23/2013 01:08:50 AM) (Source: EventSystem) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
 
Error: (11/21/2013 10:57:19 AM) (Source: Application Error) (User: )
Description: Faulting application SoundRecorder.exe, version 6.0.6001.18000, time stamp 0x47919e35, faulting module ntdll.dll, version 6.0.6002.18881, time stamp 0x51da3d16, exception code 0xc0000374, fault offset 0x00000000000acb17,
process id 0x3e8c, application start time 0xSoundRecorder.exe0.
 
 
System errors:
=============
Error: (11/25/2013 08:11:20 PM) (Source: Service Control Manager) (User: )
Description: Network List ServiceNetwork Location Awareness%%1068
 
Error: (11/25/2013 08:11:19 PM) (Source: DCOM) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
 
Error: (11/25/2013 08:11:19 PM) (Source: DCOM) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}
 
Error: (11/25/2013 08:11:17 PM) (Source: Service Control Manager) (User: )
Description: Network List ServiceNetwork Location Awareness%%1068
 
Error: (11/25/2013 08:10:44 PM) (Source: Service Control Manager) (User: )
Description: Network List ServiceNetwork Location Awareness%%1068
 
Error: (11/25/2013 08:10:44 PM) (Source: Service Control Manager) (User: )
Description: Network List ServiceNetwork Location Awareness%%1068
 
Error: (11/25/2013 08:10:43 PM) (Source: DCOM) (User: )
Description: 1068netprofm{A47979D2-C419-11D9-A5B4-001185AD2B89}
 
Error: (11/25/2013 08:10:43 PM) (Source: DCOM) (User: )
Description: 1068netman{BA126AD1-2166-11D1-B1D0-00805FC1270E}
 
Error: (11/25/2013 08:10:42 PM) (Source: DCOM) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error: (11/25/2013 08:10:39 PM) (Source: Service Control Manager) (User: )
Description: AFD
CSC
DfsC
MpFilter
NetBIOS
netbt
nsiproxy
PSched
RasAcd
rdbss
Smb
spldr
tdx
Wanarpv6
 
 
Microsoft Office Sessions:
=========================
Error: (11/25/2013 08:10:42 PM) (Source: EventSystem)(User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
 
Error: (11/25/2013 01:22:10 PM) (Source: EventSystem)(User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
 
Error: (11/25/2013 00:51:48 PM) (Source: EventSystem)(User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
 
Error: (11/25/2013 00:51:31 PM) (Source: Application Error)(User: )
Description: Explorer.EXE6.0.6002.1800549e02a1entdll.dll6.0.6002.1888151da3d16c000000500000000000180b0ce001ceea0f5744a984
 
Error: (11/25/2013 11:22:00 AM) (Source: EventSystem)(User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
 
Error: (11/23/2013 07:43:25 AM) (Source: EventSystem)(User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
 
Error: (11/23/2013 01:19:33 AM) (Source: EventSystem)(User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
 
Error: (11/23/2013 01:09:09 AM) (Source: Application Error)(User: )
Description: Explorer.EXE6.0.6002.1800549e02a1entdll.dll6.0.6002.1888151da3d16c00000050000000000046ddafa2401cee81ae3e714e8
 
Error: (11/23/2013 01:08:50 AM) (Source: EventSystem)(User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
 
Error: (11/21/2013 10:57:19 AM) (Source: Application Error)(User: )
Description: SoundRecorder.exe6.0.6001.1800047919e35ntdll.dll6.0.6002.1888151da3d16c000037400000000000acb173e8c01cee6da8fcc6840
 
 
CodeIntegrity Errors:
===================================
  Date: 2013-11-25 12:28:08.916
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22665_none_0f8a7609380d6a12\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-11-25 12:28:08.838
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22665_none_0f8a7609380d6a12\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-11-25 12:28:08.760
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22665_none_0f8a7609380d6a12\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-11-25 12:28:08.682
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22665_none_0f8a7609380d6a12\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-11-25 12:28:08.619
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22665_none_0f8a7609380d6a12\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-11-25 12:28:08.526
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22665_none_0f8a7609380d6a12\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-11-25 12:28:08.385
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_0fabe61737f42f96\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-11-25 12:28:08.323
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_0fabe61737f42f96\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-11-25 12:28:08.245
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_0fabe61737f42f96\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-11-25 12:28:08.167
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_0fabe61737f42f96\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 16%
Total physical RAM: 4062.11 MB
Available physical RAM: 3401.82 MB
Total Pagefile: 8299.52 MB
Available Pagefile: 7749.66 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:465.64 GB) (Free:363.27 GB) NTFS
Drive d: (System Reserved) (Fixed) (Total:0.12 GB) (Free:0.09 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive g: () (Removable) (Total:3.66 GB) (Free:3.42 GB) FAT
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: CDC555A7)
Partition 1: (Active) - (Size=124 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (Size: 4 GB) (Disk ID: 0E0EFFC3)
No partition Table on disk 2.
 
==================== End Of Log ============================
 
and the second one
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-11-2013 01
Ran by user1 (administrator) on USER1-PC on 25-11-2013 20:17:11
Running from C:\Users\user1\Desktop
Windows Vista Business Service Pack 2 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Safe Mode (minimal)
 
==================== Processes (Whitelisted) =================
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKCU\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKCU\...\Winlogon: [shell] explorer.exe,C:\Users\user1\AppData\Roaming\Other.res [94720 2013-11-23] () <==== ATTENTION 
MountPoints2: {50a070eb-2084-11e2-b5e0-002433753a7a} - G:\RunClubSanDisk.exe
HKLM-x32\...\Run: [startCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2009-03-02] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: HKLM-x32 {02CF1781-EA91-4FA5-A200-646E8241987C} http://esupport.sony.com/VaioInfo.CAB
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
 
FireFox:
========
FF ProfilePath: C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\w2z6ldcr.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
 
Chrome: 
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (Google Search) - C:\Users\user1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\user1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
 
==================== Services (Whitelisted) =================
 
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-11-25 20:17 - 2013-11-25 20:17 - 00006215 _____ C:\Users\user1\Desktop\FRST.txt
2013-11-25 20:17 - 2013-11-25 20:17 - 00000000 ____D C:\FRST
2013-11-25 20:16 - 2013-11-25 20:15 - 01958474 _____ (Farbar) C:\Users\user1\Desktop\FRST64.exe
2013-11-25 13:29 - 2013-11-25 13:29 - 00009189 _____ C:\Users\user1\Documents\gulsby dds.txt
2013-11-25 13:29 - 2013-11-25 13:29 - 00003724 _____ C:\Users\user1\Documents\gulsby attach.txt
2013-11-25 13:27 - 2013-11-25 13:27 - 00003724 _____ C:\Users\user1\Desktop\attach.txt
2013-11-25 13:27 - 2013-11-25 13:25 - 00009189 _____ C:\Users\user1\Desktop\dds.txt
2013-11-25 13:24 - 2013-11-25 13:22 - 00688992 ____R (Swearware) C:\Users\user1\Desktop\dds.com
2013-11-25 12:06 - 2013-11-25 12:06 - 00000000 ____D C:\Users\user1\AppData\Roaming\Malwarebytes
2013-11-25 12:05 - 2013-11-25 12:05 - 00000948 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-11-25 12:05 - 2013-11-25 12:05 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-25 12:05 - 2013-11-25 12:05 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-25 12:05 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-11-23 10:07 - 2013-11-23 01:07 - 00094720 ____R C:\Users\user1\AppData\Roaming\Other.res
2013-11-23 03:11 - 2013-11-23 14:03 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0
2013-11-21 10:58 - 2013-11-21 10:59 - 00099269 _____ C:\Users\user1\Documents\Untitled.wma
2013-11-21 10:58 - 2013-11-21 10:58 - 00099269 _____ C:\Users\user1\Documents\Untitled (2).wma
2013-11-14 03:02 - 2013-10-13 09:58 - 17847296 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-14 03:02 - 2013-10-13 09:09 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-14 03:02 - 2013-10-13 08:55 - 02334720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-14 03:02 - 2013-10-13 08:48 - 01346560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-14 03:02 - 2013-10-13 08:47 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-14 03:02 - 2013-10-13 08:46 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-14 03:02 - 2013-10-13 08:46 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-14 03:02 - 2013-10-13 08:44 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-14 03:02 - 2013-10-13 08:42 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-14 03:02 - 2013-10-13 08:42 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-11-14 03:02 - 2013-10-13 08:42 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-14 03:02 - 2013-10-13 08:39 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-14 03:02 - 2013-10-13 08:38 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-14 03:02 - 2013-10-13 08:36 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-14 03:02 - 2013-10-13 08:35 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-14 03:02 - 2013-10-13 08:29 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-14 03:02 - 2013-10-13 04:42 - 12344832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-14 03:02 - 2013-10-13 04:08 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-14 03:02 - 2013-10-13 03:48 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-14 03:02 - 2013-10-13 03:37 - 01104896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-14 03:02 - 2013-10-13 03:35 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-11-14 03:02 - 2013-10-13 03:35 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-14 03:02 - 2013-10-13 03:33 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-11-14 03:02 - 2013-10-13 03:32 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-14 03:02 - 2013-10-13 03:30 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-14 03:02 - 2013-10-13 03:30 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-11-14 03:02 - 2013-10-13 03:29 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-11-14 03:02 - 2013-10-13 03:27 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-14 03:02 - 2013-10-13 03:27 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-14 03:02 - 2013-10-13 03:26 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-11-14 03:02 - 2013-10-13 03:25 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-14 03:02 - 2013-10-13 03:20 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-13 17:49 - 2013-10-10 22:23 - 00781824 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-13 17:49 - 2013-10-10 22:23 - 00462848 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-13 17:49 - 2013-10-10 20:29 - 00217074 _____ C:\Windows\system32\WFP.TMF
2013-11-13 17:49 - 2013-10-10 20:07 - 00596480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-13 17:49 - 2013-10-03 09:03 - 00389632 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-13 17:49 - 2013-10-03 09:02 - 01278976 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-13 17:49 - 2013-10-03 06:46 - 00304128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-13 17:49 - 2013-10-03 06:45 - 00993792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-13 17:49 - 2013-09-03 20:31 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
 
==================== One Month Modified Files and Folders =======
 
2013-11-25 20:17 - 2013-11-25 20:17 - 00006215 _____ C:\Users\user1\Desktop\FRST.txt
2013-11-25 20:17 - 2013-11-25 20:17 - 00000000 ____D C:\FRST
2013-11-25 20:15 - 2013-11-25 20:16 - 01958474 _____ (Farbar) C:\Users\user1\Desktop\FRST64.exe
2013-11-25 20:13 - 2006-11-02 06:46 - 00703388 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-25 20:08 - 2012-10-20 06:34 - 00000012 _____ C:\Windows\bthservsdp.dat
2013-11-25 20:08 - 2006-11-02 09:38 - 00024962 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-11-25 20:08 - 2006-11-02 09:38 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-25 20:08 - 2006-11-02 09:20 - 00006192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-25 20:08 - 2006-11-02 09:20 - 00006192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-25 13:29 - 2013-11-25 13:29 - 00009189 _____ C:\Users\user1\Documents\gulsby dds.txt
2013-11-25 13:29 - 2013-11-25 13:29 - 00003724 _____ C:\Users\user1\Documents\gulsby attach.txt
2013-11-25 13:27 - 2013-11-25 13:27 - 00003724 _____ C:\Users\user1\Desktop\attach.txt
2013-11-25 13:25 - 2013-11-25 13:27 - 00009189 _____ C:\Users\user1\Desktop\dds.txt
2013-11-25 13:22 - 2013-11-25 13:24 - 00688992 ____R (Swearware) C:\Users\user1\Desktop\dds.com
2013-11-25 13:03 - 2009-04-11 09:39 - 02053463 _____ C:\Windows\WindowsUpdate.log
2013-11-25 12:51 - 2013-07-12 16:47 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-25 12:51 - 2013-07-12 16:47 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-25 12:43 - 2008-01-20 19:50 - 00012060 _____ C:\Windows\PFRO.log
2013-11-25 12:43 - 2006-11-02 09:25 - 00035331 _____ C:\Windows\setupact.log
2013-11-25 12:06 - 2013-11-25 12:06 - 00000000 ____D C:\Users\user1\AppData\Roaming\Malwarebytes
2013-11-25 12:05 - 2013-11-25 12:05 - 00000948 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-11-25 12:05 - 2013-11-25 12:05 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-25 12:05 - 2013-11-25 12:05 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-23 20:11 - 2013-07-12 16:47 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-23 20:10 - 2006-11-02 09:20 - 00033792 _____ C:\Windows\system32\umstartup.etl
2013-11-23 14:03 - 2013-11-23 03:11 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0
2013-11-23 01:07 - 2013-11-23 10:07 - 00094720 ____R C:\Users\user1\AppData\Roaming\Other.res
2013-11-22 23:55 - 2013-10-07 23:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-22 06:49 - 2013-07-08 18:08 - 00003686 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{4A797E50-8861-447C-8FE2-9682E21DCFAC}
2013-11-21 10:59 - 2013-11-21 10:58 - 00099269 _____ C:\Users\user1\Documents\Untitled.wma
2013-11-21 10:58 - 2013-11-21 10:58 - 00099269 _____ C:\Users\user1\Documents\Untitled (2).wma
2013-11-19 04:21 - 2012-10-19 16:18 - 00267936 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2013-11-19 03:01 - 2012-10-19 16:15 - 00001945 _____ C:\Windows\epplauncher.mif
2013-11-19 03:00 - 2012-10-19 16:14 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-11-19 03:00 - 2012-10-19 16:14 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-11-15 10:13 - 2013-07-12 16:48 - 00002025 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-11-14 03:36 - 2006-11-02 07:33 - 00000000 ____D C:\Windows\rescache
2013-11-14 03:20 - 2013-07-12 13:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-14 03:01 - 2013-08-07 21:31 - 00000000 ____D C:\Windows\system32\MRT
2013-11-14 03:00 - 2006-11-02 06:35 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
 
Some content of TEMP:
====================
C:\Users\user1\AppData\Local\Temp\GLF3161.EXE
C:\Users\user1\AppData\Local\Temp\GLF5026.EXE
C:\Users\user1\AppData\Local\Temp\GLF6387.EXE
C:\Users\user1\AppData\Local\Temp\GLF653E.EXE
C:\Users\user1\AppData\Local\Temp\GLF6A5D.EXE
C:\Users\user1\AppData\Local\Temp\GLF91C7.EXE
C:\Users\user1\AppData\Local\Temp\GLF95BD.EXE
C:\Users\user1\AppData\Local\Temp\GLFA4BC.EXE
C:\Users\user1\AppData\Local\Temp\GLFA577.EXE
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-11-25 13:08
 
==================== End Of Log ============================
Link to post
Share on other sites

Please download the attached fixlist.txt and copy it to your flashdrive.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options. (as you did before)

Run FRST64 or FRST (which ever one you're using) and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

See if the computer boots normally now and if so..........run MBAR

If not...rescan with FRST and post the new log

Download Malwarebytes Anti-Rootkit from HERE

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt
To attach a log if needed:

Bottom right corner of this page.

reply1.jpg

New window that comes up.

replyer1.jpg

~~~~~~~~~~~~~~~~~~~~~~~

Note:

If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:

Internet access

Windows Update

Windows Firewall

If there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit and reboot. It's located in the Plugins folder which is in the MBAR folder.

Just run fixdamage.exe.

Verify that they are now functioning normally.

MrC

Link to post
Share on other sites

  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.