MB log shows I have a pup virus and ?

cjinca · November 25, 2013

Hi,

I noticed in the past week that it seemed by shopping/searching was being tracked. Superantispyware and Avira weren't detecting or warning me of anything so I downloaded MB and it found the following two entries (log). From what I've read, they will reappear in next log. Much thanks in advance - Carol

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

Database version: v2013.11.25.06

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 7.0.5730.13

Carol :: CAROL-C6985B789 [administrator]

11/25/2013 12:02:36 PM

mbam-log-2013-11-25 (12-02-36).txt

Scan type: Full scan (C:\|)

Scan options disabled: P2P

Objects scanned: 262070

Time elapsed: 1 hour(s), 19 minute(s), 43 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 1

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} (PUP.Optional.Wajam) -> Quarantined and deleted successfully.

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Documents and Settings\Carol\My Documents\Downloads\SoftonicDownloader_for_potplayer.exe (PUP.Optional.Softonic.A) -> Quarantined and deleted successfully.

(end)

MrCharlie · November 26, 2013

Welcome to the forum, please start HERE

Post back the 2 logs here.....DDS.txt and Attach.txt

(please don't put logs in code or quotes and use the default font)

General P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.
Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
2. If you have illegal/cracked software, cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.
Failure to remove such software will result in your topic being closed and no further assistance being provided.

<====><====><====><====><====><====><====><====>

Next................

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes and use the default font)

MrC

Note:

Please read all of my instructions completely including these.

Make sure system restore is turned on and running

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

cjinca · November 26, 2013

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 7.0.6000.17123
Run by Carol at 20:59:10 on 2013-11-25
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.652 [GMT -8:00]
.
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ================
.
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Secunia\PSI\PSIA.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Secunia\PSI\psi_tray.exe
C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k bthsvcs
.
============== Pseudo HJT Report ===============
.

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Evernote extension: {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - c:\program files\evernote\evernote\EvernoteIE.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [igfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [sigmatelSysTrayApp] c:\program files\sigmatel\c-major audio\wdm\stsystra.exe
mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
StartupFolder: c:\docume~1\carol\startm~1\programs\startup\everno~1.lnk - c:\program files\evernote\evernote\EvernoteClipper.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Clip Image - c:\program files\evernote\evernote\\evernoteieres\Clip.html?clipAction=4
IE: Clip selection - c:\program files\evernote\evernote\\evernoteieres\Clip.html?clipAction=3
IE: Clip this page - c:\program files\evernote\evernote\\evernoteieres\Clip.html?clipAction=1
IE: Clip URL - c:\program files\evernote\evernote\\evernoteieres\Clip.html?clipAction=0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: New Note - c:\program files\evernote\evernote\\evernoteieres\NewNote.html
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - c:\program files\evernote\evernote\\evernoteieres\AddNote.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: c:\program files\avira\antivir desktop\avsda.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.

TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{8389E5FD-302F-4E89-83B7-1E83919036F3} : DHCPNameServer = 209.18.47.61 209.18.47.62
Notify: crypt32chain - <no file>
Notify: cryptnet - <no file>
Notify: cscdll - <no file>
Notify: dimsntfy - <no file>
Notify: igfxcui - <no file>
Notify: NavLogon - <no file>
Notify: ScCertProp - <no file>
Notify: Schedule - <no file>
Notify: sclgntfy - <no file>
Notify: SensLogn - <no file>
Notify: termsrv - <no file>
Notify: WgaLogon - <no file>
Notify: wlballoon - <no file>
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\31.0.1650.57\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
Hosts: 127.0.0.1   www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\carol\application data\mozilla\firefox\profiles\mr3d5y6u.default\
FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\carol\application data\mozilla\firefox\profiles\mr3d5y6u.default\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\amazon\mp3 downloader\npAmazonMP3DownloaderPlugin.dll
FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\google\update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_152.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.incredibar_i.newTab - false

FF - user.js: extensions.incredibar_i.id - fce76db600000000000000197e685c2b
FF - user.js: extensions.incredibar_i.instlDay - 15718
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1413:55:17
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6PQVIuvZW7
FF - user.js: extensions.incredibar_i.upn2n - 92544266996123055
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10665
FF - user.js: extensions.incredibar_i.ppd - t213
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2013-8-9 37352]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2013-5-23 119056]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2013-8-9 440376]
R2 AntiVirService;Avira Real-Time Protection;c:\program files\avira\antivir desktop\avguard.exe [2013-8-9 440376]
R2 AntiVirWebService;Avira Web Protection;c:\program files\avira\antivir desktop\avwebgrd.exe [2013-8-9 1164360]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2013-8-9 90400]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-10-13 994360]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2011-10-13 399416]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
.
=============== Created Last 30 ================
.
2013-11-25 19:58:29   --------   d-----w-   c:\documents and settings\carol\application data\Malwarebytes
2013-11-25 19:57:57   --------   d-----w-   c:\documents and settings\all users\application data\Malwarebytes
2013-11-25 19:57:55   22856   ----a-w-   c:\windows\system32\drivers\mbam.sys
2013-11-25 19:57:55   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2013-11-24 21:18:32   159744   ----a-w-   c:\program files\internet explorer\plugins\npqtplugin7.dll
2013-11-24 21:18:32   159744   ----a-w-   c:\program files\internet explorer\plugins\npqtplugin6.dll
2013-11-24 21:18:32   159744   ----a-w-   c:\program files\internet explorer\plugins\npqtplugin5.dll
2013-11-24 21:18:31   159744   ----a-w-   c:\program files\internet explorer\plugins\npqtplugin4.dll
2013-11-24 21:11:32   --------   d-----w-   c:\documents and settings\carol\local settings\application data\Apple
2013-11-24 21:05:56   --------   d-----w-   c:\documents and settings\carol\local settings\application data\Apple Computer
2013-11-23 17:31:04   --------   d-----w-   c:\program files\GmailDefaultMaker
2013-11-19 00:24:26   86016   ----a-w-   c:\windows\unvise32.exe
2013-11-19 00:23:23   159744   ----a-w-   c:\program files\internet explorer\plugins\npqtplugin3.dll
2013-11-19 00:23:23   159744   ----a-w-   c:\program files\internet explorer\plugins\npqtplugin2.dll
2013-11-19 00:23:23   159744   ----a-w-   c:\program files\internet explorer\plugins\npqtplugin.dll
2013-11-19 00:20:36   --------   d-----w-   c:\program files\DOES IT BELONG ELI
2013-11-18 16:51:59   194560   ----a-w-   c:\program files\mozilla firefox\maintenanceservice_installer.exe
2013-11-14 16:59:52   --------   d-----w-   c:\program files\MSXML 4.0
.
==================== Find3M ====================
.
2013-11-19 15:00:24   90400   ----a-w-   c:\windows\system32\drivers\avgntflt.sys
2013-11-19 15:00:24   37352   ----a-w-   c:\windows\system32\drivers\avkmgr.sys
2013-11-14 18:25:35   692616   ----a-w-   c:\windows\system32\FlashPlayerApp.exe
2013-11-14 18:25:32   71048   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
.
============= FINISH: 21:00:34.37 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 4/18/2011 9:10:21 PM
System Uptime: 11/25/2013 2:09:45 PM (7 hours ago)
.
Motherboard: Dell Inc. | | 0NF743
Processor: Intel® Core2 CPU T5500 @ 1.66GHz | Microprocessor | 1664/166mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 75 GiB total, 47.866 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {36FC9E60-C465-11CF-8056-444553540000}
Description: USB Root Hub
Device ID: USB\ROOT_HUB\4&1BD54F44&0
Manufacturer: (Standard USB Host Controller)
Name: USB Root Hub
PNP Device ID: USB\ROOT_HUB\4&1BD54F44&0
Service: usbhub
.
Class GUID: {36FC9E60-C465-11CF-8056-444553540000}
Description: USB Root Hub
Device ID: USB\ROOT_HUB\4&2E367667&0
Manufacturer: (Standard USB Host Controller)
Name: USB Root Hub
PNP Device ID: USB\ROOT_HUB\4&2E367667&0
Service: usbhub
.
Class GUID: {36FC9E60-C465-11CF-8056-444553540000}
Description: USB Root Hub
Device ID: USB\ROOT_HUB\4&2D5F77FB&0
Manufacturer: (Standard USB Host Controller)
Name: USB Root Hub
PNP Device ID: USB\ROOT_HUB\4&2D5F77FB&0
Service: usbhub
.
Class GUID: {36FC9E60-C465-11CF-8056-444553540000}
Description: USB Root Hub
Device ID: USB\ROOT_HUB\4&1CAC4DB0&0
Manufacturer: (Standard USB Host Controller)
Name: USB Root Hub
PNP Device ID: USB\ROOT_HUB\4&1CAC4DB0&0
Service: usbhub
.
Class GUID: {36FC9E60-C465-11CF-8056-444553540000}
Description: USB Root Hub
Device ID: USB\ROOT_HUB20\4&258010AF&0
Manufacturer: (Standard USB Host Controller)
Name: USB Root Hub
PNP Device ID: USB\ROOT_HUB20\4&258010AF&0
Service: usbhub
.
==== System Restore Points ===================
.
RP305: 9/6/2013 9:20:29 AM - System Checkpoint
RP306: 9/7/2013 9:20:50 AM - System Checkpoint
RP307: 9/8/2013 11:17:27 AM - System Checkpoint
RP308: 9/9/2013 1:14:42 PM - System Checkpoint
RP309: 9/10/2013 1:56:26 PM - System Checkpoint
RP310: 9/11/2013 3:43:16 PM - System Checkpoint
RP311: 9/12/2013 3:58:17 PM - System Checkpoint
RP312: 9/14/2013 2:29:52 AM - System Checkpoint
RP313: 9/15/2013 2:36:39 AM - System Checkpoint
RP314: 9/16/2013 3:36:42 AM - System Checkpoint
RP315: 9/17/2013 4:40:07 AM - System Checkpoint
RP316: 9/18/2013 4:33:38 PM - System Checkpoint
RP317: 9/19/2013 5:25:08 PM - System Checkpoint
RP318: 9/20/2013 7:10:36 PM - System Checkpoint
RP319: 9/22/2013 10:53:22 AM - System Checkpoint
RP320: 9/23/2013 1:03:04 PM - System Checkpoint
RP321: 9/24/2013 1:17:10 PM - System Checkpoint
RP322: 9/25/2013 2:05:42 PM - System Checkpoint
RP323: 9/26/2013 3:02:31 PM - System Checkpoint
RP324: 9/27/2013 3:16:52 PM - System Checkpoint
RP325: 9/28/2013 4:02:32 PM - System Checkpoint
RP326: 9/29/2013 5:02:46 PM - System Checkpoint
RP327: 9/30/2013 6:16:17 PM - System Checkpoint
RP328: 10/1/2013 6:20:44 PM - System Checkpoint
RP329: 10/2/2013 7:20:52 PM - System Checkpoint
RP330: 10/3/2013 7:24:52 PM - System Checkpoint
RP331: 10/4/2013 10:16:52 PM - System Checkpoint
RP332: 10/6/2013 2:16:54 AM - System Checkpoint
RP333: 10/7/2013 7:10:21 AM - Removed Evernote v. 4.6.7
RP334: 10/7/2013 7:13:14 AM - Installed Evernote v. 5.0.2
RP335: 10/8/2013 9:03:57 AM - System Checkpoint
RP336: 10/9/2013 9:23:34 AM - System Checkpoint
RP337: 10/10/2013 9:56:09 AM - System Checkpoint
RP338: 10/11/2013 12:58:30 PM - System Checkpoint
RP339: 10/12/2013 1:40:56 PM - System Checkpoint
RP340: 10/14/2013 7:57:51 AM - System Checkpoint
RP341: 10/15/2013 10:39:39 AM - Software Distribution Service 3.0
RP342: 10/16/2013 10:53:53 AM - System Checkpoint
RP343: 10/17/2013 10:57:15 AM - System Checkpoint
RP344: 10/17/2013 2:43:47 PM - Installed Java 7 Update 45
RP345: 10/18/2013 2:51:42 PM - System Checkpoint
RP346: 10/19/2013 3:37:16 PM - System Checkpoint
RP347: 10/20/2013 3:54:56 PM - System Checkpoint
RP348: 10/21/2013 6:07:54 PM - System Checkpoint
RP349: 10/22/2013 6:11:51 PM - System Checkpoint
RP350: 10/23/2013 7:10:41 PM - System Checkpoint
RP351: 10/24/2013 7:59:29 PM - System Checkpoint
RP352: 10/25/2013 8:01:55 AM - Removed Evernote v. 5.0.2
RP353: 10/25/2013 8:03:07 AM - Installed Evernote v. 5.0.3
RP354: 10/26/2013 8:04:43 AM - System Checkpoint
RP355: 10/27/2013 8:37:04 AM - System Checkpoint
RP356: 10/28/2013 9:25:21 AM - System Checkpoint
RP357: 10/29/2013 11:26:22 AM - System Checkpoint
RP358: 10/30/2013 12:45:42 PM - System Checkpoint
RP359: 10/31/2013 1:24:17 PM - System Checkpoint
RP360: 11/1/2013 1:55:00 PM - System Checkpoint
RP361: 11/2/2013 4:24:04 PM - System Checkpoint
RP362: 11/3/2013 3:59:29 PM - System Checkpoint
RP363: 11/4/2013 4:11:29 PM - System Checkpoint
RP364: 11/5/2013 7:46:01 PM - System Checkpoint
RP365: 11/6/2013 8:45:26 PM - System Checkpoint
RP366: 11/7/2013 9:45:18 PM - System Checkpoint
RP367: 11/9/2013 10:20:19 AM - System Checkpoint
RP368: 11/10/2013 11:01:52 AM - System Checkpoint
RP369: 11/11/2013 11:58:30 AM - System Checkpoint
RP370: 11/12/2013 12:47:48 PM - System Checkpoint
RP371: 11/13/2013 1:30:59 PM - System Checkpoint
RP372: 11/14/2013 8:59:48 AM - Installed MSXML 4.0 SP3 Parser
RP373: 11/15/2013 9:50:04 AM - System Checkpoint
RP374: 11/16/2013 2:06:14 PM - System Checkpoint
RP375: 11/17/2013 3:12:35 PM - System Checkpoint
RP376: 11/18/2013 8:10:43 PM - System Checkpoint
RP377: 11/20/2013 2:21:52 AM - System Checkpoint
RP378: 11/21/2013 11:50:12 PM - System Checkpoint
RP379: 11/23/2013 2:18:44 AM - System Checkpoint
RP380: 11/24/2013 3:10:24 AM - System Checkpoint
RP381: 11/24/2013 1:15:56 PM - Installed QuickTime
RP382: 11/25/2013 2:34:00 PM - System Checkpoint
.
==== Installed Programs ======================
.
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.05)
Amazon MP3 Downloader 1.0.15
Apple Application Support
Apple Software Update
Avira Free Antivirus
Broadcom 440x 10/100 Integrated Controller
CleanUp!
Compatibility Pack for the 2007 Office system
Conexant HDA D110 MDC V.92 Modem
Does It Belong
Dropbox
DW WLAN Card Utility
Evernote v. 5.0.3
Foxit Reader
Garmin Express
GmailDefaultMaker version 3.0.1.0
Google Chrome
Google Update Helper
High Definition Audio Driver Package - KB888111
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB981793)
Intel® Graphics Media Accelerator Driver
LiveUpdate 3.1 (Symantec Corporation)
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel Viewer
Microsoft Office File Validation Add-In
Microsoft Office Professional Edition 2003
Microsoft Office Word Viewer 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mozilla Firefox 25.0.1 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP3 Parser
QuickTime
Secunia PSI (2.0.0.4003)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB2497640)
Security Update for Windows Internet Explorer 7 (KB2530548)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2559049)
Security Update for Windows Internet Explorer 7 (KB2586448)
Security Update for Windows Internet Explorer 7 (KB2618444)
Security Update for Windows Internet Explorer 7 (KB2647516)
Security Update for Windows Internet Explorer 7 (KB2675157)
Security Update for Windows Internet Explorer 7 (KB2699988)
Security Update for Windows Internet Explorer 7 (KB2722913)
Security Update for Windows Internet Explorer 7 (KB2744842)
Security Update for Windows Internet Explorer 7 (KB2761465)
Security Update for Windows Internet Explorer 7 (KB2792100)
Security Update for Windows Internet Explorer 7 (KB2797052)
Security Update for Windows Internet Explorer 7 (KB2799329)
Security Update for Windows Internet Explorer 7 (KB2809289)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
SigmaTel Audio
SUPERAntiSpyware
Update for Windows XP (KB2345886)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VLC media player 2.1.1
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
Yahoo! Messenger
Yahoo! Software Update
.
==== Event Viewer Messages From Past Week ========
.
11/25/2013 2:02:54 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
11/21/2013 6:49:43 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Netman service.
11/21/2013 11:29:41 PM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 00197E685C2B. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
11/19/2013 9:11:46 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Dnscache service.
11/19/2013 7:08:40 AM, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Type with the following error: Access is denied.
11/19/2013 7:03:52 AM, error: Service Control Manager [7031] - The Avira Real-Time Protection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
11/19/2013 7:03:50 AM, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
11/18/2013 4:18:53 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the AntiVirSchedulerService service.
.
==== End Of File ===========================

cjinca · November 26, 2013

Mr.Charlie, I forgot to say thanks. Thanks! And... wanting to make sure I'm understanding directions - am I to proceed with RogueKiller etc. and post results here in this thread OR create an entirely new topic?

The following is what I'm not sure I understand:

Please Copy & Paste the contents of the following logs in your next reply: DDS.txt and Attach.txt
You can ignore the note about zipping the Attach.txt file in most cases.

Then post a new topic here.

cjinca · November 26, 2013

RogueKiller V8.7.9 [Nov 25 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Carol [Admin rights]
Mode : Scan -- Date : 11/25/2013 21:22:04
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 1 ¤¤¤
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
[Address] SSDT[25] : NtClose @ 0x805BC538 -> HOOKED (Unknown @ 0xF7BAFEB4)
[Address] SSDT[41] : NtCreateKey @ 0x80624160 -> HOOKED (Unknown @ 0xF7BAFE6E)
[Address] SSDT[50] : NtCreateSection @ 0x805AB3D0 -> HOOKED (Unknown @ 0xF7BAFEBE)
[Address] SSDT[53] : NtCreateThread @ 0x805D1038 -> HOOKED (Unknown @ 0xF7BAFE64)
[Address] SSDT[63] : NtDeleteKey @ 0x806245FC -> HOOKED (Unknown @ 0xF7BAFE73)
[Address] SSDT[65] : NtDeleteValueKey @ 0x806247CC -> HOOKED (Unknown @ 0xF7BAFE7D)
[Address] SSDT[68] : NtDuplicateObject @ 0x805BE010 -> HOOKED (Unknown @ 0xF7BAFEAF)
[Address] SSDT[98] : NtLoadKey @ 0x80626384 -> HOOKED (Unknown @ 0xF7BAFE82)
[Address] SSDT[122] : NtOpenProcess @ 0x805CB456 -> HOOKED (Unknown @ 0xF7BAFE50)
[Address] SSDT[128] : NtOpenThread @ 0x805CB6E2 -> HOOKED (Unknown @ 0xF7BAFE55)
[Address] SSDT[177] : NtQueryValueKey @ 0x80622384 -> HOOKED (Unknown @ 0xF7BAFED7)
[Address] SSDT[193] : NtReplaceKey @ 0x80626234 -> HOOKED (Unknown @ 0xF7BAFE8C)
[Address] SSDT[200] : NtRequestWaitReplyPort @ 0x805A2D7E -> HOOKED (Unknown @ 0xF7BAFEC8)
[Address] SSDT[204] : NtRestoreKey @ 0x80625B40 -> HOOKED (Unknown @ 0xF7BAFE87)
[Address] SSDT[213] : NtSetContextThread @ 0x805D2C1A -> HOOKED (Unknown @ 0xF7BAFEC3)
[Address] SSDT[237] : NtSetSecurityObject @ 0x805C0636 -> HOOKED (Unknown @ 0xF7BAFECD)
[Address] SSDT[247] : NtSetValueKey @ 0x806226D2 -> HOOKED (Unknown @ 0xF7BAFE78)
[Address] SSDT[255] : NtSystemDebugControl @ 0x80618134 -> HOOKED (Unknown @ 0xF7BAFED2)
[Address] Shadow SSDT[549] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0xF7BAFEE6)
[Address] Shadow SSDT[552] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0xF7BAFEEB)
[inline] EAT @explorer.exe (?_Clocptr@_Locimp@locale@std@@0PAV123@A) : MSVCP60.dll -> HOOKED (Unknown @ 0x5E0E398D)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1       localhost
127.0.0.1   www.007guard.com
127.0.0.1   007guard.com
127.0.0.1   008i.com
127.0.0.1   www.008k.com
127.0.0.1   008k.com
127.0.0.1   www.00hq.com
127.0.0.1   00hq.com
127.0.0.1   010402.com
127.0.0.1   www.032439.com
127.0.0.1   032439.com
127.0.0.1   www.0scan.com
127.0.0.1   0scan.com
127.0.0.1   www.1000gratisproben.com
127.0.0.1   1000gratisproben.com
127.0.0.1   1001namen.com
127.0.0.1   www.1001namen.com
127.0.0.1   100888290cs.com
127.0.0.1   www.100888290cs.com
127.0.0.1   www.100sexlinks.com
[...]

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) TOSHIBA MK8052GSX +++++
--- User ---
[MBR] 095c6d58f81ca8f1bd641d3d62ab19d4
[bSP] 3cae8aba215647525a6ec3a4d4eaee3d : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76316 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_11252013_212204.txt >>

MrCharlie · November 26, 2013

You did it correctly, it says in my instructions:

Post back the 2 logs here

Welcome to the forum, please start HERE
Post back the 2 logs here.....DDS.txt and Attach.txt
(please don't put logs in code or quotes and use the default font)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Give this a try first:

Lets clean out any adware/spyware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

Make sure you click on download buttons that look like this, not "sponsored ad links":

Double click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator
Click on the Scan button.
AdwCleaner will begin...be patient as the scan may take some time to complete.
When it's done you'll see: Pending: Please uncheck elements you don't want removed.
Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
Look over the log especially under Files/Folders for any program you want to save.
If there's a program you may want to save, just uncheck it from AdwCleaner.
If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
If you're ready to clean it all up.....click the Clean button.
After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
Copy and paste the contents of that logfile in your next reply.
A copy of that logfile will also be saved in the C:\AdwCleaner folder.
Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
To restore an item that has been deleted:
Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

Then..................

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

cjinca · November 26, 2013

Thanks Charlie. I will run MB next. I did not opt to save anything as it was all greek to me.

If you see anything in this clean up report that you think might be critical for me to keep, please let me know -I've read that I can remove those from quarantine.

Also, I did note that Mozilla was referenced in report more than Chrome - not sure if this comment is useful to you or not, but problem most likely occurred in Chrome and it seems to have affected Chrome more than Firefox (slower, more ads/tracking, etc in Chrome). THANK YOU!

Lastly, is this a virus that would compromise saved passwords or break in to banking sites for my info?

# AdwCleaner v3.013 - Report created 26/11/2013 at 14:43:41
# Updated 24/11/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Carol - CAROL-C6985B789
# Running from : C:\Documents and Settings\Carol\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

File Deleted : C:\Documents and Settings\Carol\Application Data\Mozilla\Firefox\Profiles\mr3d5y6u.default\user.js

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536

***** [ Browsers ] *****

-\\ Internet Explorer v7.0.6000.17123

-\\ Mozilla Firefox v25.0.1 (en-US)

[ File : C:\Documents and Settings\Carol\Application Data\Mozilla\Firefox\Profiles\mr3d5y6u.default\prefs.js ]

Line Deleted : user_pref("extensions.incredibar.actvtyRptTime", "1358125646045");
Line Deleted : user_pref("extensions.incredibar.admin", false);
Line Deleted : user_pref("extensions.incredibar.afd-1a2d3abe806f9951da73a33d41fcfc9c", "%7B%22items%22%3A%5B%7B%22id%22%3A%22lWtma6%252BabmFvpG5lblNmZmZiVmyda2Vsp2toa1ZnZmZnU2%252Bu%22%2C%20%22r%22%3A%2225.41%22%2C%[...]
Line Deleted : user_pref("extensions.incredibar.afd-1a2d3abe806f9951da73a33d41fcfc9c_wid", "2521; expires=Mon, 14 Jan 2013 07:07:28 GMT");
Line Deleted : user_pref("extensions.incredibar.aflt", "orgnl");
Line Deleted : user_pref("extensions.incredibar.afterInstallRpt", "sent");
Line Deleted : user_pref("extensions.incredibar.cntry", "US");
Line Deleted : user_pref("extensions.incredibar.dfltLng", "EN");
Line Deleted : user_pref("extensions.incredibar.dfltSrch", false);
Line Deleted : user_pref("extensions.incredibar.dfltlng", "en");
Line Deleted : user_pref("extensions.incredibar.dfltsrch", "false");
Line Deleted : user_pref("extensions.incredibar.did", "10665");
Line Deleted : user_pref("extensions.incredibar.envrmnt", "production");
Line Deleted : user_pref("extensions.incredibar.excTlbr", false);
Line Deleted : user_pref("extensions.incredibar.hdrMd5", "C3F1FE6B1CE694F8483DA24A4390AE9E");
Line Deleted : user_pref("extensions.incredibar.hmpg", false);
Line Deleted : user_pref("extensions.incredibar.hrdid", "fce76db600000000000000197e685c2b");
Line Deleted : user_pref("extensions.incredibar.id", "fce76db600000000000000197e685c2b");
Line Deleted : user_pref("extensions.incredibar.installerproductid", "26");
Line Deleted : user_pref("extensions.incredibar.instlDay", "15718");
Line Deleted : user_pref("extensions.incredibar.instlRef", "");
Line Deleted : user_pref("extensions.incredibar.instlday", "15718");
Line Deleted : user_pref("extensions.incredibar.instlref", "");
Line Deleted : user_pref("extensions.incredibar.isDcmntCmplt", false);
Line Deleted : user_pref("extensions.incredibar.isdcmntcmplt", "false");
Line Deleted : user_pref("extensions.incredibar.keywordurl", "");
Line Deleted : user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.1413:55:17");
Line Deleted : user_pref("extensions.incredibar.mntrvrsn", "1.2.0");
Line Deleted : user_pref("extensions.incredibar.newTab", false);
Line Deleted : user_pref("extensions.incredibar.newtab", "false");
Line Deleted : user_pref("extensions.incredibar.newtaburl", "");
Line Deleted : user_pref("extensions.incredibar.noFFXTlbr", false);
Line Deleted : user_pref("extensions.incredibar.ppd", "t213");
Line Deleted : user_pref("extensions.incredibar.prdct", "incredibar");
Line Deleted : user_pref("extensions.incredibar.productid", "26");
Line Deleted : user_pref("extensions.incredibar.prtnrId", "Incredibar");
Line Deleted : user_pref("extensions.incredibar.prtnrid", "Incredibar");
Line Deleted : user_pref("extensions.incredibar.sg", "none");
Line Deleted : user_pref("extensions.incredibar.smplGrp", "none");
Line Deleted : user_pref("extensions.incredibar.smplgrp", "none");
Line Deleted : user_pref("extensions.incredibar.srch", "");
Line Deleted : user_pref("extensions.incredibar.srchprvdr", "");
Line Deleted : user_pref("extensions.incredibar.tlbrId", "base");

Line Deleted : user_pref("extensions.incredibar.tlbrid", "base");

Line Deleted : user_pref("extensions.incredibar.upn2", "6PQVIuvZW7");
Line Deleted : user_pref("extensions.incredibar.upn2n", "92544266996123055");
Line Deleted : user_pref("extensions.incredibar.vrsn", "1.5.11.14");
Line Deleted : user_pref("extensions.incredibar.vrsnTs", "1.5.11.1413:55:17");
Line Deleted : user_pref("extensions.incredibar.vrsni", "1.5.11.14");
Line Deleted : user_pref("extensions.incredibar.vrsnts", "1.5.11.1413:55:17");
Line Deleted : user_pref("extensions.incredibar_i.aflt", "orgnl");
Line Deleted : user_pref("extensions.incredibar_i.dfltLng", "");
Line Deleted : user_pref("extensions.incredibar_i.did", "10665");
Line Deleted : user_pref("extensions.incredibar_i.excTlbr", false);
Line Deleted : user_pref("extensions.incredibar_i.id", "fce76db600000000000000197e685c2b");
Line Deleted : user_pref("extensions.incredibar_i.installerproductid", "26");
Line Deleted : user_pref("extensions.incredibar_i.instlDay", "15718");
Line Deleted : user_pref("extensions.incredibar_i.instlRef", "");
Line Deleted : user_pref("extensions.incredibar_i.ms_url_id", "");
Line Deleted : user_pref("extensions.incredibar_i.newTab", false);
Line Deleted : user_pref("extensions.incredibar_i.ppd", "t213");
Line Deleted : user_pref("extensions.incredibar_i.prdct", "incredibar");
Line Deleted : user_pref("extensions.incredibar_i.productid", "26");
Line Deleted : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
Line Deleted : user_pref("extensions.incredibar_i.smplGrp", "none");
Line Deleted : user_pref("extensions.incredibar_i.tlbrId", "base");

Line Deleted : user_pref("extensions.incredibar_i.upn2", "6PQVIuvZW7");
Line Deleted : user_pref("extensions.incredibar_i.upn2n", "92544266996123055");
Line Deleted : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
Line Deleted : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1413:55:17");
Line Deleted : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
Line Deleted : user_pref("id_igivetoolbar.variables.tracking_enabled_template", "%3Chtml%3E%0D%0A%3Chead%3E%0D%0A%09%0D%0A%0D%0A%09%3Cscript%20language%3D%22javascript%22%3E%20%0D%0A%09%09//%20This%20JS%20code%20imp[...]

-\\ Google Chrome v31.0.1650.57

[ File : C:\Documents and Settings\LocalService\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

[ File : C:\Documents and Settings\Carol\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage
Deleted : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [8704 octets] - [26/11/2013 09:32:54]
AdwCleaner[s0].txt - [8811 octets] - [26/11/2013 14:43:41]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [8871 octets] ##########

cjinca · November 26, 2013

MB detected nothing

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.11.26.12

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.13
Carol :: CAROL-C6985B789 [administrator]

11/26/2013 3:03:10 PM
mbam-log-2013-11-26 (15-03-10).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 214640
Time elapsed: 11 minute(s), 40 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

MrCharlie · November 26, 2013

If you see anything in this clean up report that you think might be critical for me to keep, please let me know -I've read that I can remove those from quarantine.

No, it's all adware

Also, I did note that Mozilla was referenced in report more than Chrome - not sure if this comment is useful to you or not, but problem most likely occurred in Chrome and it seems to have affected Chrome more than Firefox (slower, more ads/tracking, etc in Chrome). THANK YOU!

Lastly, is this a virus that would compromise saved passwords or break in to banking sites for my info?

No

----------------------------------------------------

So how is it???

MrC

cjinca · November 27, 2013

I'm not sure -to check it out, I opened amazon, facebook, my calendar etc in both Chrome and Firefox. In Chrome, Facebook is displaying sponsored ads and they "just happen to be" items/interests that I've looked for over the recent weeks (LA Clippers Basketball and a vacuum I just bought). Gmail has an 'ad' link for "Remove Malware - Free". I never intentionally open any of that stuff and I'm not sure if what I'm seeing is normal or if it is due to there still be some remnant of malware/virus.

Should I just proceed as usual, and keep a close eye on virus/malware/spyware reports over the next few days?

Thanks, Carol

MrCharlie · November 27, 2013

It sounds normal but lets take a closer looks.

Please download Farbar Recovery Scan Tool and save it to a folder. (use correct version for your system.....Which system am I using?)

Please make sure you click download buttons that look like this, not "sponsored ad links":

Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

MrC

cjinca · November 27, 2013

I wasn't too clear - FB in Chrome shows ads but they are not appearing in Firefox. Rather, they are suggesting music pages that I might like based on what my 'friends' have liked. Same thing for Firefox - no ads in Gmail, only ads showing in Chrome/Gmail.

MrCharlie · November 27, 2013

I have AdBlock and F.B. Purity (for FB) installed to clean up those ads

AdBlock <---you'll have to Google for it and use the one for your browser(s).

F.B. Purity :
http://www.fbpurity.com/

Let me know...MrC

cjinca · November 27, 2013

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 25-11-2013 01

Ran by Carol at 2013-11-26 17:25:27

Running from C:\Documents and Settings\Carol\Desktop

Boot Mode: Normal

==========================================================

==================== Security Center ========================

AV: Avira Desktop (Disabled - Up to date) {AD166499-45F9-482A-A743-FDD3350758C7}

==================== Installed Programs ======================

Adobe Flash Player 11 Plugin (Version: 11.9.900.152)

Adobe Reader XI (11.0.05) (Version: 11.0.05)

Amazon MP3 Downloader 1.0.15 (Version: 1.0.15)

Apple Application Support (Version: 2.1.5)

Apple Software Update (Version: 2.1.3.127)

Avira Free Antivirus (Version: 14.0.1.749)

Broadcom 440x 10/100 Integrated Controller (Version: 8.03.09)

CleanUp!

Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)

Does It Belong

Dropbox (HKCU Version: 2.0.22)

DW WLAN Card Utility (Version: 5.60.18.9)

Evernote v. 5.0.3 (Version: 5.0.3.1614)

Foxit Reader (Version: 6.0.3.524)

Garmin Express (Version: 2.1.5)

GmailDefaultMaker version 3.0.1.0 (Version: 3.0.1.0)

Google Chrome (Version: 31.0.1650.57)

Google Update Helper (Version: 1.3.21.165)

High Definition Audio Driver Package - KB888111 (Version: 20040219.000000)

Intel® Graphics Media Accelerator Driver

LiveUpdate 3.1 (Symantec Corporation) (Version: 3.1.0.99)

Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)

Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Office Excel Viewer (Version: 12.0.6612.1000)

Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)

Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0)

Microsoft Office Word Viewer 2003 (Version: 11.0.8173.0)

Microsoft Silverlight (Version: 5.1.20913.0)

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)

Mozilla Firefox 25.0.1 (x86 en-US) (Version: 25.0.1)

Mozilla Maintenance Service (Version: 25.0.1)

MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)

QuickTime (Version: 7.71.80.42)

Secunia PSI (2.0.0.4003) (Version: 2.0.0.4003)

SigmaTel Audio (Version: 5.10.5210.0)

SUPERAntiSpyware (Version: 5.6.1020)

Update for Windows XP (KB2345886) (Version: 1)

Update for Windows XP (KB2541763) (Version: 1)

Update for Windows XP (KB2607712) (Version: 1)

Update for Windows XP (KB2616676) (Version: 1)

Update for Windows XP (KB2641690) (Version: 1)

Update for Windows XP (KB2718704) (Version: 1)

Update for Windows XP (KB2736233) (Version: 1)

Update for Windows XP (KB951978) (Version: 1)

Update for Windows XP (KB955759) (Version: 1)

Update for Windows XP (KB967715) (Version: 1)

Update for Windows XP (KB968389) (Version: 1)

Update for Windows XP (KB971029) (Version: 1)

Update for Windows XP (KB971737) (Version: 1)

Update for Windows XP (KB973687) (Version: 1)

Update for Windows XP (KB973815) (Version: 1)

VLC media player 2.1.1 (Version: 2.1.1)

WebFldrs XP (Version: 9.50.7523)

Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)

Windows Internet Explorer 7 (Version: 20070813.185237)

Windows Media Format 11 runtime

Windows Media Player 11

Windows XP Service Pack 3 (Version: 20080414.031525)

Yahoo! Messenger

Yahoo! Software Update

==================== Restore Points =========================

06-09-2013 16:20:29 System Checkpoint

07-09-2013 16:20:50 System Checkpoint

08-09-2013 18:17:27 System Checkpoint

09-09-2013 20:14:42 System Checkpoint

10-09-2013 20:56:26 System Checkpoint

11-09-2013 22:43:16 System Checkpoint

12-09-2013 22:58:17 System Checkpoint

14-09-2013 09:29:52 System Checkpoint

15-09-2013 09:36:39 System Checkpoint

16-09-2013 10:36:42 System Checkpoint

17-09-2013 11:40:07 System Checkpoint

18-09-2013 23:33:38 System Checkpoint

20-09-2013 00:25:08 System Checkpoint

21-09-2013 02:10:36 System Checkpoint

22-09-2013 17:53:22 System Checkpoint

23-09-2013 20:03:04 System Checkpoint

24-09-2013 20:17:10 System Checkpoint

25-09-2013 21:05:42 System Checkpoint

26-09-2013 22:02:31 System Checkpoint

27-09-2013 22:16:52 System Checkpoint

28-09-2013 23:02:32 System Checkpoint

30-09-2013 00:02:46 System Checkpoint

01-10-2013 01:16:17 System Checkpoint

02-10-2013 01:20:44 System Checkpoint

03-10-2013 02:20:52 System Checkpoint

04-10-2013 02:24:52 System Checkpoint

05-10-2013 05:16:52 System Checkpoint

06-10-2013 09:16:54 System Checkpoint

07-10-2013 14:10:21 Removed Evernote v. 4.6.7

07-10-2013 14:13:14 Installed Evernote v. 5.0.2

08-10-2013 16:03:57 System Checkpoint

09-10-2013 16:23:34 System Checkpoint

10-10-2013 16:56:09 System Checkpoint

11-10-2013 19:58:30 System Checkpoint

12-10-2013 20:40:56 System Checkpoint

14-10-2013 14:57:51 System Checkpoint

15-10-2013 17:39:39 Software Distribution Service 3.0

16-10-2013 17:53:53 System Checkpoint

17-10-2013 17:57:15 System Checkpoint

17-10-2013 21:43:47 Installed Java 7 Update 45

18-10-2013 21:51:42 System Checkpoint

19-10-2013 22:37:16 System Checkpoint

20-10-2013 22:54:56 System Checkpoint

22-10-2013 01:07:54 System Checkpoint

23-10-2013 01:11:51 System Checkpoint

24-10-2013 02:10:41 System Checkpoint

25-10-2013 02:59:29 System Checkpoint

25-10-2013 15:01:55 Removed Evernote v. 5.0.2

25-10-2013 15:03:07 Installed Evernote v. 5.0.3

26-10-2013 15:04:43 System Checkpoint

27-10-2013 15:37:04 System Checkpoint

28-10-2013 16:25:21 System Checkpoint

29-10-2013 18:26:22 System Checkpoint

30-10-2013 19:45:42 System Checkpoint

31-10-2013 20:24:17 System Checkpoint

01-11-2013 20:55:00 System Checkpoint

02-11-2013 23:24:04 System Checkpoint

03-11-2013 23:59:29 System Checkpoint

05-11-2013 00:11:29 System Checkpoint

06-11-2013 03:46:01 System Checkpoint

07-11-2013 04:45:26 System Checkpoint

08-11-2013 05:45:18 System Checkpoint

09-11-2013 18:20:19 System Checkpoint

10-11-2013 19:01:52 System Checkpoint

11-11-2013 19:58:30 System Checkpoint

12-11-2013 20:47:48 System Checkpoint

13-11-2013 21:30:59 System Checkpoint

14-11-2013 16:59:48 Installed MSXML 4.0 SP3 Parser

15-11-2013 17:50:04 System Checkpoint

16-11-2013 22:06:14 System Checkpoint

17-11-2013 23:12:35 System Checkpoint

19-11-2013 04:10:43 System Checkpoint

20-11-2013 10:21:52 System Checkpoint

22-11-2013 07:50:12 System Checkpoint

23-11-2013 10:18:44 System Checkpoint

24-11-2013 11:10:24 System Checkpoint

24-11-2013 21:15:56 Installed QuickTime

25-11-2013 22:34:00 System Checkpoint

26-11-2013 23:42:48 System Checkpoint

==================== Hosts content: ==========================

2004-08-03 17:07 - 2013-01-14 08:54 - 00445005 ____N C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost

127.0.0.1 www.007guard.com

127.0.0.1 007guard.com

127.0.0.1 008i.com

127.0.0.1 www.008k.com

127.0.0.1 008k.com

127.0.0.1 www.00hq.com

127.0.0.1 00hq.com

127.0.0.1 010402.com

127.0.0.1 www.032439.com

127.0.0.1 032439.com

127.0.0.1 www.0scan.com

127.0.0.1 0scan.com

127.0.0.1 www.1000gratisproben.com

127.0.0.1 1000gratisproben.com

127.0.0.1 1001namen.com

127.0.0.1 www.1001namen.com

127.0.0.1 100888290cs.com

127.0.0.1 www.100888290cs.com

127.0.0.1 www.100sexlinks.com

127.0.0.1 100sexlinks.com

127.0.0.1 www.10sek.com

127.0.0.1 10sek.com

127.0.0.1 www.1-2005-search.com

127.0.0.1 1-2005-search.com

127.0.0.1 www.123fporn.info

127.0.0.1 123fporn.info

127.0.0.1 123haustiereundmehr.com

127.0.0.1 www.123haustiereundmehr.com

There are 1000 more lines.

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 7304a6ca-1881-4040-959d-869b230b9195.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task df513495-11cc-466f-bdc6-d296469001be.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

==================== Loaded Modules (whitelisted) =============

2011-04-18 21:38 - 2009-10-07 14:01 - 00757760 _____ () C:\WINDOWS\System32\bcm1xsup.dll

2013-08-09 07:37 - 2013-08-08 12:02 - 00394824 _____ () C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll

2011-04-18 21:38 - 2009-10-07 14:01 - 00143360 _____ () C:\WINDOWS\system32\preflib.dll

2013-09-26 12:50 - 2013-09-26 12:50 - 00433664 _____ () C:\Program Files\Evernote\Evernote\libxml2.dll

2013-09-26 12:49 - 2013-09-26 12:49 - 00315392 _____ () C:\Program Files\Evernote\Evernote\libtidy.dll

2012-06-16 07:25 - 2012-05-25 03:25 - 00921600 _____ () C:\Program Files\Yahoo!\Messenger\yui.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

==================== Faulty Device Manager Devices =============

Name: USB Root Hub

Description: USB Root Hub

Class Guid: {36FC9E60-C465-11CF-8056-444553540000}

Manufacturer: (Standard USB Host Controller)

Service: usbhub

Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)

Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.

Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.

Name: USB Root Hub

Description: USB Root Hub

Class Guid: {36FC9E60-C465-11CF-8056-444553540000}

Manufacturer: (Standard USB Host Controller)

Service: usbhub

Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)

Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.

Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.

Name: USB Root Hub

Description: USB Root Hub

Class Guid: {36FC9E60-C465-11CF-8056-444553540000}

Manufacturer: (Standard USB Host Controller)

Service: usbhub

Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)

Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.

Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.

Name: USB Root Hub

Description: USB Root Hub

Class Guid: {36FC9E60-C465-11CF-8056-444553540000}

Manufacturer: (Standard USB Host Controller)

Service: usbhub

Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)

Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.

Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.

Name: USB Root Hub

Description: USB Root Hub

Class Guid: {36FC9E60-C465-11CF-8056-444553540000}

Manufacturer: (Standard USB Host Controller)

Service: usbhub

Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)

Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.

Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.

==================== Event log errors: =========================

Application errors:

==================

Error: (11/19/2013 08:04:19 PM) (Source: Application Hang) (User: )

Description: Hanging application AcroRd32.exe, version 11.0.4.63, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (11/19/2013 08:03:01 PM) (Source: Application Hang) (User: )

Description: Hanging application WINWORD.EXE, version 11.0.8350.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (11/19/2013 08:42:00 AM) (Source: Application Error) (User: )

Description: Faulting application 8029_0.exe, version 1.0.0.1, faulting module quicktimeinternetextras.qtx, version 4.1.1.28, fault address 0x00078a0a.

Processing media-specific event for [8029_0.exe!ws!]

Error: (11/18/2013 08:18:09 AM) (Source: Application Hang) (User: )

Description: Hanging application firefox.exe, version 25.0.0.5046, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (11/17/2013 06:53:13 PM) (Source: Application Hang) (User: )

Description: Hanging application AcroRd32.exe, version 11.0.4.63, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (11/17/2013 06:46:27 PM) (Source: Application Hang) (User: )

Description: Hanging application AcroRd32.exe, version 11.0.4.63, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (11/17/2013 06:43:15 PM) (Source: Application Hang) (User: )

Description: Hanging application AcroRd32.exe, version 11.0.4.63, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (11/17/2013 06:43:15 PM) (Source: Application Hang) (User: )

Description: Hanging application AcroRd32.exe, version 11.0.4.63, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (11/17/2013 05:55:28 PM) (Source: Application Hang) (User: )

Description: Fault bucket -376624149.

Error: (11/17/2013 05:54:39 PM) (Source: Application Hang) (User: )

Description: Hanging application Evernote.exe, version 5.0.3.1614, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

System errors:

=============

Error: (11/26/2013 03:08:37 PM) (Source: 0) (User: )