Jump to content

Recommended Posts

Last Friday, the pc locked up while in Internet Explorer.

When tried to run Malwarebytes, it said that it couldn't run due to software permissions and to check the Event Viewer.

Event Viewer was not easily accessible from the Tools menu any longer.

Ran eventvwr.msc...got it to open.  Did see an event ID 866. Software Restriction Policy.

Normally, the pc runs Mcafee VirusScan Enterprise & Antispyware Enterprise 8.8.  That too has been disable and when I try to start it up, I get the same type of message that it cannot run due to software permissions.

Microsoft Security Essentials was installed and scanned the pc.  Two items were found and deleted.

Wanted to try Malwarebytes again for a complete scan, still receiving the same error regarding software permissions.  As well as with McAfee product.  The user account has full administrative rights.

 

I think this pc is still infected....any assistance would be appreciated!!!

 

Link to post
Share on other sites

Hello and post-32477-1261866970.gif

 

P2P/Piracy Warning:

 

   

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Kevin..

Link to post
Share on other sites

Please download RKill from here: http://www.bleepingcomputer.com/download/rkill/

 

There are three buttons to choose from with different names on, select the first one and save it to your desktop.

 

  • Double-click on the Rkill desktop icon to run the tool.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • A log pops up at the end of the run. This log file is located at C:\rkill.log. Please post this in your next reply.
  • If you do not see the black box flash on the screen delete the icon from the desktop and go back to the link for the download, select the next button and try to run the tool again, continue to repeat this process using the remaining buttons until the tool runs. You will find further links if you scroll down the page with other names, try them one at a time.
  • If the tool does not run from any of the links provided, please let me know.

 

Next,

 

Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from the following link :-

 

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

  • Ensure that Combofix is saved directly to the Desktop <--- Very important
     
  • Disable all security programs as they will have a negative effect on Combofix, instructions available here  http://www.bleepingcomputer.com/forums/topic114351.html if required. Be aware the list may not have all programs listed, if you need more help please ask.
     
  • Close any open browsers and any other programs you might have running
     
  • Double click the combofix.gif icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
     
  • Instructions for running Combofix available here http://www.bleepingcomputer.com/combofix/how-to-use-combofix if required.
     
  • If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
     
  • When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

 

****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

 

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.

Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read here  http://thespykiller.co.uk/index.php?page=20 why  disabling autoruns is recommended.

 

*EXTRA NOTES*


    If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
    If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
    If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

 

Post the log in next reply please...

 

Kevin

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-01-2014

 

Ran by lynn (administrator) on GX780-2TNHMM1 on 21-01-2014 14:27:29

 

Running from S:\mis\MalwarebytesHELP-LynnPC

 

Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)

 

Internet Explorer Version 8

 

Boot Mode: Normal

 

 

 

The only official download link for FRST:

 

Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/

 

Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/

 

Download link from any site other than Bleeping Computer is unpermitted or outdated.

 

See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

 

 

==================== Processes (Whitelisted) ===================

 

 

 

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe

 

(Wave Systems Corp.) C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe

 

(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe

 

(McAfee, Inc.) C:\Program Files\McAfee\Common Framework\FrameworkService.exe

 

(McAfee, Inc.) C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe

 

(McAfee, Inc.) C:\WINDOWS\system32\mfevtps.exe

 

(McAfee, Inc.) C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe

 

(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe

 

(McAfee, Inc.) C:\Program Files\McAfee\Common Framework\naPrdMgr.exe

 

(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

 

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

 

(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe

 

(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer.exe

 

(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\tv_w32.exe

 

(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe

 

(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe

 

(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe

 

(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe

 

(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

 

(Wave Systems Corp.) C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe

 

(Dell Inc.) C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe

 

(Broadcom Corporation) C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe

 

(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

 

(Business Technical Consulting) C:\Program Files\VizManager\VizManager.exe

 

(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe

 

(Brother Industries, Ltd.) C:\Program Files\Brother\ControlCenter2\brctrcen.exe

 

(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe

 

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

 

(Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msnmsgr.exe

 

(Microsoft Corporation) C:\WINDOWS\system32\regsvr32.exe

 

(Wave Systems Corp.) C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe

 

(Microsoft Corporation) C:\Program Files\Windows Desktop Search\WindowsSearch.exe

 

(Macrovision Europe Ltd.) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

 

(Microsoft Corporation) C:\Program Files\Windows Live\Toolbar\wltuser.exe

 

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

 

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

 

(McAfee, Inc.) C:\Program Files\McAfee\VirusScan Enterprise\mcupdate.exe

 

(McAfee, Inc.) C:\Program Files\McAfee\Common Framework\McScript_InUse.exe

 

 

 

 

 

==================== Registry (Whitelisted) ==================

 

 

 

HKLM\...\Run: [soundMAXPnP] - C:\Program Files\Analog Devices\Core\smax4pnp.exe [1044480 2009-06-22] (Analog Devices, Inc.)

 

HKLM\...\Run: [iAStorIcon] - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)

 

HKLM\...\Run: [WavXMgr] - C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe [159616 2010-04-14] (Wave Systems Corp.)

 

HKLM\...\Run: [DellControlPoint] - C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe [657920 2009-11-02] (Dell Inc.)

 

HKLM\...\Run: [uSCService] - C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe [34232 2010-04-05] (Broadcom Corporation)

 

HKLM\...\Run: [PDVDDXSrv] - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2009-12-29] (CyberLink Corp.)

 

HKLM\...\Run: [McAfeeUpdaterUI] - C:\Program Files\McAfee\Common Framework\udaterui.exe [161088 2011-01-12] (McAfee, Inc.)

 

HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [35760 2010-06-19] (Adobe Systems Incorporated)

 

HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-01-03] (Adobe Systems Incorporated)

 

HKLM\...\Run: [VizManager] - C:\Program Files\VizManager\VizManager.exe [221184 2008-11-06] (Business Technical Consulting)

 

HKLM\...\Run: [Acrobat Assistant 8.0] - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [624248 2007-05-10] (Adobe Systems Inc.)

 

HKLM\...\Run: [] - [x]

 

HKLM\...\Run: [ControlCenter2.0] - C:\Program Files\Brother\ControlCenter2\brctrcen.exe [995328 2006-03-13] (Brother Industries, Ltd.)

 

HKLM\...\Run: [shStatEXE] - C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE [215360 2011-01-12] (McAfee, Inc.)

 

HKLM\...\Run: [HP Software Update] - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)

 

HKLM\...\Run: [AS2014] - C:\Documents and Settings\All Users\Application Data\6sVs3nrg\6sVs3nrg.exe

 

HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation)

 

HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION

 

HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION

 

HKLM Group Policy restriction on software: C:\Program Files\Malwarebytes' Anti-Malware <====== ATTENTION

 

HKLM Group Policy restriction on software: C:\Program Files\McAfee <====== ATTENTION

 

HKLM\...\Winlogon: [userinit] C:\WINDOWS\system32\userinit.exe,,C:\Documents and Settings\All Users\Application Data\6sVs3nrg\6sVs3nrg.exe -sm,

 

HKLM\...\Policies\Explorer: [NoControlPanel] 0

 

HKCU\...\Run: [VizManager] - [x]

 

HKCU\...\Run: [msnmsgr] - C:\Program Files\Windows Live\Messenger\msnmsgr.exe [3883856 2009-07-26] (Microsoft Corporation)

 

HKCU\...\Run: [Efqttion] - regsvr32.exe "C:\Documents and Settings\lynn.RSC\Local Settings\Application Data\Efqttion\ep0lvra1.dll" <===== ATTENTION

 

HKCU\...\Run: [AdobeUpdater] - C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe [2356088 2010-08-09] (Adobe Systems Incorporated)

 

HKU\Administrator\...\Run: [VizManager] - [x]

 

HKU\billie\...\Run: [VizManager] - [x]

 

HKU\rick\...\Run: [VizManager] - [x]

 

Lsa: [Authentication Packages] msv1_0 wvauth

 

Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TdmNotify.lnk

 

ShortcutTarget: TdmNotify.lnk -> C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe (Wave Systems Corp.)

 

Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk

 

ShortcutTarget: Windows Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)

 

 

 

==================== Internet (Whitelisted) ====================

 

 

 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USREL/1

 

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =  http://www.bing.com

 

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USREL/1

 

HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com/sphome.aspx

 

HKLM\Software\Microsoft\Internet Explorer\Main,Help_Page = http://support.dell.com/support/index.aspx?c=us&l=en&s=gen

 

BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

 

BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File

 

BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110303145622.dll (McAfee, Inc.)

 

BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

 

BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

 

BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

 

BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

 

BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

 

Toolbar: HKLM - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

 

Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

 

Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\Windows\system32\browseui.dll (Microsoft Corporation)

 

Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\Windows\system32\SHELL32.dll (Microsoft Corporation)

 

Toolbar: HKCU - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

 

Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

 

DPF: {460324E8-CFB4-4357-85EF-CE3EBFE23A62} http://rsc4:8080/businessobjects/enterprise11/desktoplaunch/viewers/crystalreportviewers11/ActiveXControls/ActiveXViewer.cab

 

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1281023297079

 

DPF: {88DD90B6-C770-4CFF-B7A4-3AFD16BB8824} http://rsc5:8080/CrystalReports/crystalreportviewers/ActiveXControls/PrintControl.cab

 

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

 

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

 

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

 

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.webex.com/client/WBXclient-T28L10NSP9-15980/webex/ieatgpc.cab

 

Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

 

Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

 

ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)

 

Tcpip\Parameters: [DhcpNameServer] 151.106.100.47 151.106.100.45

 

 

 

Chrome:

 

=======

 

 

CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\24.0.1312.52\PepperFlash\pepflashplayer.dll No File

 

CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer

 

CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll No File

 

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\24.0.1312.52\pdf.dll No File

 

CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)

 

CHR Plugin: (Java Deployment Toolkit 6.0.200.2) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)

 

CHR Plugin: (Java Platform SE 6 U20) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

 

CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)

 

CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))

 

CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)

 

CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File

 

CHR Plugin: (Windows Live\u00AE Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

 

CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File

 

CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

 

CHR Extension: (Google Docs) - C:\Documents and Settings\lynn.RSC\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-01-17]

 

CHR Extension: (Google Drive) - C:\Documents and Settings\lynn.RSC\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-01-17]

 

CHR Extension: (YouTube) - C:\Documents and Settings\lynn.RSC\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-01-17]

 

CHR Extension: (Google Search) - C:\Documents and Settings\lynn.RSC\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-01-17]

 

CHR Extension: (Gmail) - C:\Documents and Settings\lynn.RSC\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-01-17]

 

 

 

========================== Services (Whitelisted) =================

 

 

 

R2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [153376 2010-07-23] (Sun Microsystems, Inc.)

 

R2 McAfeeFramework; C:\Program Files\McAfee\Common Framework\FrameworkService.exe [120128 2011-01-12] (McAfee, Inc.)

 

R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [159320 2011-03-03] (McAfee, Inc.)

 

R2 McTaskManager; C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe [209760 2011-01-12] (McAfee, Inc.)

 

R2 mfevtp; C:\WINDOWS\system32\mfevtps.exe [145936 2011-03-03] (McAfee, Inc.)

 

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)

 

S3 SecureStorageService; C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe [1032192 2010-02-03] (Wave Systems Corp.)

 

S2 tcsd_win32.exe; C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1273856 2008-11-12] ()

 

R2 TdmService; C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe [1164648 2010-03-29] (Wave Systems Corp.)

 

S3 InforVisualDrillback; "C:/Infor/VISUAL Enterprise/VISUAL Manufacturing/http2vm.exe" -p 9090 -n InforVisualDrillback webserversrvc [x]

 

 

 

==================== Drivers (Whitelisted) ====================

 

 

 

S4 abp480n5; C:\Windows\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)

 

R3 e1kexpress; C:\Windows\System32\DRIVERS\e1k5132.sys [166568 2009-11-05] (Intel Corporation)

 

R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [116104 2011-03-03] (McAfee, Inc.)

 

R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [171296 2011-03-03] (McAfee, Inc.)

 

R3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [58456 2011-03-03] (McAfee, Inc.)

 

R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [436728 2011-03-03] (McAfee, Inc.)

 

S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [85152 2011-03-03] (McAfee, Inc.)

 

R1 mfetdi2k; C:\Windows\System32\drivers\mfetdi2k.sys [88544 2011-03-03] (McAfee, Inc.)

 

R1 mfetdik; C:\Windows\System32\drivers\mfetdik.sys [52168 2009-06-08] (McAfee, Inc.)

 

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)

 

R1 MpKslb43b905d; c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C76DC08D-8884-47D5-A9AA-DB5C15112B5C}\MpKslb43b905d.sys [40392 2014-01-21] (Microsoft Corporation)

 

S3 NAL; C:\WINDOWS\system32\Drivers\iqvw32.sys [30880 2009-10-14] (Intel Corporation )

 

R0 PBADRV; C:\Windows\System32\DRIVERS\PBADRV.sys [26608 2008-06-04] (Dell Inc)

 

R0 SFAUDIO; C:\Windows\System32\drivers\sfaudio.sys [24064 2008-03-28] (Sonic Focus, Inc)

 

R2 WavxDMgr; C:\Windows\System32\DRIVERS\WavxDMgr.sys [233856 2010-01-19] (Wave Systems Corp.)

 

U3 mfeavfk01; No ImagePath

 

S1 mferkdk; \??\C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys [x]

 

U1 WS2IFSL;

 

 

 

==================== NetSvcs (Whitelisted) ===================

 

 

 

 

 

==================== One Month Created Files and Folders ========

 

 

 

2014-01-21 14:24 - 2014-01-21 14:24 - 00000000 ____D C:\FRST

 

2014-01-20 08:36 - 2014-01-20 08:36 - 00001700 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk

 

2014-01-20 08:36 - 2014-01-20 08:36 - 00000000 ____D C:\Program Files\Microsoft Security Client

 

2014-01-20 08:35 - 2014-01-20 08:36 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2808679$

 

2014-01-20 08:35 - 2014-01-20 08:35 - 00010880 _____ C:\WINDOWS\KB2632503-IE8.log

 

2014-01-20 08:35 - 2014-01-20 08:35 - 00010655 _____ C:\WINDOWS\KB2492386.log

 

2014-01-20 08:35 - 2014-01-20 08:35 - 00010071 _____ C:\WINDOWS\KB2598845-IE8.log

 

2014-01-20 08:35 - 2014-01-20 08:35 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2492386$

 

2014-01-20 08:34 - 2014-01-20 08:36 - 00014111 _____ C:\WINDOWS\KB2808679.log

 

2014-01-20 08:33 - 2011-08-16 04:45 - 00006144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iecompat.dll

 

2014-01-20 08:33 - 2011-03-11 08:10 - 00225262 ____C C:\WINDOWS\system32\dllcache\msimain.sdb

 

2014-01-20 08:22 - 2014-01-20 08:22 - 00000788 _____ C:\Documents and Settings\Administrator\Desktop\Windows Media Player.lnk

 

2014-01-20 08:22 - 2014-01-20 08:22 - 00000000 __SHD C:\Documents and Settings\Administrator\IETldCache

 

2014-01-20 08:22 - 2014-01-20 08:22 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe

 

2014-01-20 08:22 - 2014-01-20 08:22 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Adobe

 

2014-01-17 16:35 - 2014-01-19 01:32 - 00231584 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe

 

2014-01-17 16:24 - 2014-01-21 06:43 - 00000384 ____H C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job

 

2014-01-17 16:14 - 2014-01-20 08:36 - 00001945 _____ C:\WINDOWS\epplauncher.mif

 

2014-01-17 12:06 - 2014-01-17 12:13 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\6sVs3nrg

 

2014-01-17 12:06 - 2014-01-17 12:06 - 00000000 ____D C:\Documents and Settings\lynn.RSC\Local Settings\Application Data\Efqttion

 

2014-01-15 14:35 - 2014-01-15 14:35 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2914368$

 

2014-01-15 14:34 - 2014-01-15 14:35 - 00006460 _____ C:\WINDOWS\KB2914368.log

 

 

 

==================== One Month Modified Files and Folders =======

 

 

 

2014-01-21 14:24 - 2014-01-21 14:24 - 00000000 ____D C:\FRST

 

2014-01-21 14:22 - 2010-08-05 12:43 - 00000109 _____ C:\WINDOWS\cdlli40.INI

 

2014-01-21 13:48 - 2013-11-20 08:55 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job

 

2014-01-21 13:45 - 2010-08-05 04:56 - 00000136 _____ C:\WINDOWS\system32\config\netlogon.ftl

 

2014-01-21 13:02 - 2010-08-06 07:26 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\pdf995

 

2014-01-21 11:48 - 2008-04-25 15:28 - 01540902 _____ C:\WINDOWS\WindowsUpdate.log

 

2014-01-21 06:43 - 2014-01-17 16:24 - 00000384 ____H C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job

 

2014-01-21 06:40 - 2008-04-25 03:17 - 00000000 ____D C:\WINDOWS\security

 

2014-01-21 06:38 - 2008-04-25 03:22 - 00608280 _____ C:\WINDOWS\system32\PerfStringBackup.INI

 

2014-01-21 06:35 - 2011-02-22 06:56 - 00000000 ____D C:\Documents and Settings\lynn.RSC\Tracing

 

2014-01-21 06:34 - 2010-08-05 04:57 - 00000000 _____ C:\Documents and Settings\lynn.RSC\Local Settings\Application Data\WavXMapDrive.bat

 

2014-01-21 06:34 - 2008-04-25 10:16 - 00001158 _____ C:\WINDOWS\system32\wpa.dbl

 

2014-01-21 06:34 - 2008-04-25 03:25 - 00000259 _____ C:\WINDOWS\wiadebug.log

 

2014-01-21 06:33 - 2008-04-25 15:32 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT

 

2014-01-21 06:33 - 2008-04-25 03:25 - 00000049 _____ C:\WINDOWS\wiaservc.log

 

2014-01-20 16:31 - 2010-08-05 04:57 - 00000178 ___SH C:\Documents and Settings\lynn.RSC\ntuser.ini

 

2014-01-20 16:31 - 2008-04-25 15:32 - 00032428 _____ C:\WINDOWS\SchedLgU.Txt

 

2014-01-20 15:13 - 2012-06-18 14:05 - 00000000 ____D C:\QUARANTINE

 

2014-01-20 08:36 - 2014-01-20 08:36 - 00001700 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk

 

2014-01-20 08:36 - 2014-01-20 08:36 - 00000000 ____D C:\Program Files\Microsoft Security Client

 

2014-01-20 08:36 - 2014-01-20 08:35 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2808679$

 

2014-01-20 08:36 - 2014-01-20 08:34 - 00014111 _____ C:\WINDOWS\KB2808679.log

 

2014-01-20 08:36 - 2014-01-17 16:14 - 00001945 _____ C:\WINDOWS\epplauncher.mif

 

2014-01-20 08:36 - 2008-04-25 03:22 - 01586988 _____ C:\WINDOWS\iis6.log

 

2014-01-20 08:36 - 2008-04-25 03:22 - 01418006 _____ C:\WINDOWS\FaxSetup.log

 

2014-01-20 08:36 - 2008-04-25 03:22 - 00688338 _____ C:\WINDOWS\ocgen.log

 

2014-01-20 08:36 - 2008-04-25 03:22 - 00650629 _____ C:\WINDOWS\tsoc.log

 

2014-01-20 08:36 - 2008-04-25 03:22 - 00478262 _____ C:\WINDOWS\comsetup.log

 

2014-01-20 08:36 - 2008-04-25 03:22 - 00443148 _____ C:\WINDOWS\msmqinst.log

 

2014-01-20 08:36 - 2008-04-25 03:22 - 00289301 _____ C:\WINDOWS\ntdtcsetup.log

 

2014-01-20 08:36 - 2008-04-25 03:22 - 00246460 _____ C:\WINDOWS\netfxocm.log

 

2014-01-20 08:36 - 2008-04-25 03:22 - 00097480 _____ C:\WINDOWS\MedCtrOC.log

 

2014-01-20 08:36 - 2008-04-25 03:22 - 00078036 _____ C:\WINDOWS\ocmsn.log

 

2014-01-20 08:36 - 2008-04-25 03:22 - 00070958 _____ C:\WINDOWS\tabletoc.log

 

2014-01-20 08:36 - 2008-04-25 03:22 - 00070655 _____ C:\WINDOWS\msgsocm.log

 

2014-01-20 08:36 - 2008-04-25 03:22 - 00001374 _____ C:\WINDOWS\imsins.log

 

2014-01-20 08:35 - 2014-01-20 08:35 - 00010880 _____ C:\WINDOWS\KB2632503-IE8.log

 

2014-01-20 08:35 - 2014-01-20 08:35 - 00010655 _____ C:\WINDOWS\KB2492386.log

 

2014-01-20 08:35 - 2014-01-20 08:35 - 00010071 _____ C:\WINDOWS\KB2598845-IE8.log

 

2014-01-20 08:35 - 2014-01-20 08:35 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2492386$

 

2014-01-20 08:35 - 2010-08-05 12:07 - 00000000 ____D C:\WINDOWS\ie8updates

 

2014-01-20 08:35 - 2009-11-03 16:26 - 00000000 ___HD C:\WINDOWS\$hf_mig$

 

2014-01-20 08:35 - 2009-11-03 16:08 - 00131027 _____ C:\WINDOWS\updspapi.log

 

2014-01-20 08:35 - 2008-04-25 03:22 - 00001374 _____ C:\WINDOWS\imsins.BAK

 

2014-01-20 08:25 - 2008-04-25 15:32 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini

 

2014-01-20 08:22 - 2014-01-20 08:22 - 00000788 _____ C:\Documents and Settings\Administrator\Desktop\Windows Media Player.lnk

 

2014-01-20 08:22 - 2014-01-20 08:22 - 00000000 __SHD C:\Documents and Settings\Administrator\IETldCache

 

2014-01-20 08:22 - 2014-01-20 08:22 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe

 

2014-01-20 08:22 - 2014-01-20 08:22 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Adobe

 

2014-01-20 08:22 - 2010-07-23 10:34 - 00000000 _____ C:\Documents and Settings\Administrator\Local Settings\Application Data\WavXMapDrive.bat

 

2014-01-20 08:22 - 2010-07-23 10:25 - 00038184 _____ C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

 

2014-01-20 08:22 - 2008-04-25 15:32 - 00000805 _____ C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Explorer.lnk

 

2014-01-20 08:22 - 2008-04-25 15:32 - 00000794 _____ C:\Documents and Settings\Administrator\Start Menu\Programs\Windows Media Player.lnk

 

2014-01-20 08:22 - 2008-04-25 15:32 - 00000740 _____ C:\Documents and Settings\Administrator\Start Menu\Programs\Outlook Express.LNK

 

2014-01-20 08:22 - 2008-04-25 15:32 - 00000000 ___RD C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories

 

2014-01-20 08:22 - 2008-04-25 15:32 - 00000000 ____D C:\Documents and Settings\Administrator

 

2014-01-20 08:22 - 2008-04-25 15:26 - 00010182 _____ C:\WINDOWS\wmsetup.log

 

2014-01-20 08:15 - 2012-05-09 12:22 - 00000786 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

 

2014-01-20 08:15 - 2010-10-01 08:21 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware

 

2014-01-20 08:15 - 2010-10-01 08:21 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware

 

2014-01-19 01:32 - 2014-01-17 16:35 - 00231584 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe

 

2014-01-17 12:13 - 2014-01-17 12:06 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\6sVs3nrg

 

2014-01-17 12:06 - 2014-01-17 12:06 - 00000000 ____D C:\Documents and Settings\lynn.RSC\Local Settings\Application Data\Efqttion

 

2014-01-15 14:37 - 2013-08-14 15:20 - 00000000 ____D C:\WINDOWS\system32\MRT

 

2014-01-15 14:37 - 2010-08-05 12:12 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Microsoft Help

 

2014-01-15 14:35 - 2014-01-15 14:35 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2914368$

 

2014-01-15 14:35 - 2014-01-15 14:34 - 00006460 _____ C:\WINDOWS\KB2914368.log

 

2014-01-15 14:35 - 2010-08-05 11:48 - 83425928 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

 

2014-01-13 15:39 - 2010-08-05 12:15 - 00065536 _____ C:\WINDOWS\system32\config\ODiag.evt

 

2014-01-10 12:42 - 2013-06-13 11:44 - 00000000 ____T C:\Documents and Settings\lynn.RSC\Desktop\tracking

Link to post
Share on other sites

Sorry, I was having trouble with the paste of the "partial" log.

I checked the c:\frst\logs directory and there are not any files in there.

 

Here is the rkill.log...so do I continue with combofix.exe?  I will await your instructions...sorry about the delay in response.Rkill 2.6.5 by Lawrence Abrams (Grinler)

 

http://www.bleepingcomputer.com/

 

Copyright 2008-2014 BleepingComputer.com

 

More Information about Rkill can be found at this link:

 

http://www.bleepingcomputer.com/forums/topic308364.html

 

 

Program started at: 01/21/2014 03:32:36 PM in x86 mode.

 

Windows Version: Microsoft Windows XP Service Pack 3

 

 

Checking for Windows services to stop:

 

 

* No malware services found to stop.

 

 

Checking for processes to terminate:

 

 

* No malware processes found to kill.

 

 

Checking Registry for malware related settings:

 

 

* No issues found in the Registry.

 

 

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

 

 

Performing miscellaneous checks:

 

 

* Reparse Point/Junctions Found (Most likely legitimate)!

 

 

     * C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a => C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492 [Dir]

 

 

Checking Windows Service Integrity:

 

 

* Security Center (wscsvc) is not Running.

 

   Startup Type set to: Disabled

 

 

Searching for Missing Digital Signatures:

 

 

* No issues found.

 

 

Checking HOSTS File:

 

 

* HOSTS file entries found:

 

 

  127.0.0.1       localhost

 

 

Program finished at: 01/21/2014 03:33:09 PM

 

Execution time: 0 hours(s), 0 minute(s), and 33 seconds(s)

Link to post
Share on other sites

I GOT IT this time!!!  I'll await further instructions...thank you!!

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-01-2014

 

Ran by lynn (administrator) on GX780-2TNHMM1 on 21-01-2014 16:20:44

 

Running from C:\Documents and Settings\lynn.RSC\Desktop

 

Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)

 

Internet Explorer Version 8

 

Boot Mode: Normal

 

 

The only official download link for FRST:

 

Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/

 

Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/

 

Download link from any site other than Bleeping Computer is unpermitted or outdated.

 

See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

 

==================== Processes (Whitelisted) ===================

 

 

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe

 

(Wave Systems Corp.) C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe

 

(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe

 

(McAfee, Inc.) C:\Program Files\McAfee\Common Framework\FrameworkService.exe

 

(McAfee, Inc.) C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe

 

(McAfee, Inc.) C:\WINDOWS\system32\mfevtps.exe

 

(McAfee, Inc.) C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe

 

(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe

 

(McAfee, Inc.) C:\Program Files\McAfee\Common Framework\naPrdMgr.exe

 

(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

 

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

 

(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe

 

(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer.exe

 

(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\tv_w32.exe

 

(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe

 

(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe

 

(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe

 

(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe

 

(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

 

(Wave Systems Corp.) C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe

 

(Dell Inc.) C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe

 

(Broadcom Corporation) C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe

 

(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

 

(Business Technical Consulting) C:\Program Files\VizManager\VizManager.exe

 

(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe

 

(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe

 

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

 

(Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msnmsgr.exe

 

(Microsoft Corporation) C:\WINDOWS\system32\regsvr32.exe

 

(Wave Systems Corp.) C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe

 

(Microsoft Corporation) C:\Program Files\Windows Desktop Search\WindowsSearch.exe

 

(Macrovision Europe Ltd.) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

 

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

 

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

 

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

 

(Microsoft Corporation) C:\Program Files\Windows Live\Toolbar\wltuser.exe

 

 

 

==================== Registry (Whitelisted) ==================

 

 

HKLM\...\Run: [soundMAXPnP] - C:\Program Files\Analog Devices\Core\smax4pnp.exe [1044480 2009-06-22] (Analog Devices, Inc.)

 

HKLM\...\Run: [iAStorIcon] - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)

 

HKLM\...\Run: [WavXMgr] - C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe [159616 2010-04-14] (Wave Systems Corp.)

 

HKLM\...\Run: [DellControlPoint] - C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe [657920 2009-11-02] (Dell Inc.)

 

HKLM\...\Run: [uSCService] - C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe [34232 2010-04-05] (Broadcom Corporation)

 

HKLM\...\Run: [PDVDDXSrv] - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2009-12-29] (CyberLink Corp.)

 

HKLM\...\Run: [McAfeeUpdaterUI] - C:\Program Files\McAfee\Common Framework\udaterui.exe [161088 2011-01-12] (McAfee, Inc.)

 

HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [35760 2010-06-19] (Adobe Systems Incorporated)

 

HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-01-03] (Adobe Systems Incorporated)

 

HKLM\...\Run: [VizManager] - C:\Program Files\VizManager\VizManager.exe [221184 2008-11-06] (Business Technical Consulting)

 

HKLM\...\Run: [Acrobat Assistant 8.0] - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [624248 2007-05-10] (Adobe Systems Inc.)

 

HKLM\...\Run: [] - [x]

 

HKLM\...\Run: [ControlCenter2.0] - C:\Program Files\Brother\ControlCenter2\brctrcen.exe [995328 2006-03-13] (Brother Industries, Ltd.)

 

HKLM\...\Run: [shStatEXE] - C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE [215360 2011-01-12] (McAfee, Inc.)

 

HKLM\...\Run: [HP Software Update] - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)

 

HKLM\...\Run: [AS2014] - C:\Documents and Settings\All Users\Application Data\6sVs3nrg\6sVs3nrg.exe

 

HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation)

 

HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION

 

HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION

 

HKLM Group Policy restriction on software: C:\Program Files\Malwarebytes' Anti-Malware <====== ATTENTION

 

HKLM Group Policy restriction on software: C:\Program Files\McAfee <====== ATTENTION

 

HKLM\...\Winlogon: [userinit] C:\WINDOWS\system32\userinit.exe,,C:\Documents and Settings\All Users\Application Data\6sVs3nrg\6sVs3nrg.exe -sm,

 

HKLM\...\Policies\Explorer: [NoControlPanel] 0

 

HKCU\...\Run: [VizManager] - [x]

 

HKCU\...\Run: [msnmsgr] - C:\Program Files\Windows Live\Messenger\msnmsgr.exe [3883856 2009-07-26] (Microsoft Corporation)

 

HKCU\...\Run: [Efqttion] - regsvr32.exe "C:\Documents and Settings\lynn.RSC\Local Settings\Application Data\Efqttion\ep0lvra1.dll" <===== ATTENTION

 

HKCU\...\Run: [AdobeUpdater] - C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe [2356088 2010-08-09] (Adobe Systems Incorporated)

 

HKU\Administrator\...\Run: [VizManager] - [x]

 

HKU\billie\...\Run: [VizManager] - [x]

 

HKU\rick\...\Run: [VizManager] - [x]

 

Lsa: [Authentication Packages] msv1_0 wvauth

 

Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TdmNotify.lnk

 

ShortcutTarget: TdmNotify.lnk -> C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe (Wave Systems Corp.)

 

Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk

 

ShortcutTarget: Windows Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)

 

 

==================== Internet (Whitelisted) ====================

 

 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USREL/1

 

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =  http://www.bing.com

 

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USREL/1

 

HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com/sphome.aspx

 

HKLM\Software\Microsoft\Internet Explorer\Main,Help_Page = http://support.dell.com/support/index.aspx?c=us&l=en&s=gen

 

BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

 

BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File

 

BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110303145622.dll (McAfee, Inc.)

 

BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

 

BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

 

BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

 

BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

 

BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

 

Toolbar: HKLM - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

 

Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

 

Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\Windows\system32\browseui.dll (Microsoft Corporation)

 

Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\Windows\system32\SHELL32.dll (Microsoft Corporation)

 

Toolbar: HKCU - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

 

Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

 

DPF: {460324E8-CFB4-4357-85EF-CE3EBFE23A62} http://rsc4:8080/businessobjects/enterprise11/desktoplaunch/viewers/crystalreportviewers11/ActiveXControls/ActiveXViewer.cab

 

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1281023297079

 

DPF: {88DD90B6-C770-4CFF-B7A4-3AFD16BB8824} http://rsc5:8080/CrystalReports/crystalreportviewers/ActiveXControls/PrintControl.cab

 

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

 

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

 

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

 

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.webex.com/client/WBXclient-T28L10NSP9-15980/webex/ieatgpc.cab

 

Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

 

Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

 

ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)

 

Tcpip\Parameters: [DhcpNameServer] 151.106.100.47 151.106.100.45

 

 

Chrome:

 

=======

 

 

CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\24.0.1312.52\PepperFlash\pepflashplayer.dll No File

 

CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer

 

CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll No File

 

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\24.0.1312.52\pdf.dll No File

 

CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)

 

CHR Plugin: (Java Deployment Toolkit 6.0.200.2) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)

 

CHR Plugin: (Java Platform SE 6 U20) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

 

CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)

 

CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))

 

CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)

 

CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File

 

CHR Plugin: (Windows Live\u00AE Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

 

CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File

 

CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

 

CHR Extension: (Google Docs) - C:\Documents and Settings\lynn.RSC\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-01-17]

 

CHR Extension: (Google Drive) - C:\Documents and Settings\lynn.RSC\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-01-17]

 

CHR Extension: (YouTube) - C:\Documents and Settings\lynn.RSC\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-01-17]

 

CHR Extension: (Google Search) - C:\Documents and Settings\lynn.RSC\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-01-17]

 

CHR Extension: (Gmail) - C:\Documents and Settings\lynn.RSC\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-01-17]

 

 

========================== Services (Whitelisted) =================

 

 

R2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [153376 2010-07-23] (Sun Microsystems, Inc.)

 

R2 McAfeeFramework; C:\Program Files\McAfee\Common Framework\FrameworkService.exe [120128 2011-01-12] (McAfee, Inc.)

 

R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [159320 2011-03-03] (McAfee, Inc.)

 

R2 McTaskManager; C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe [209760 2011-01-12] (McAfee, Inc.)

 

R2 mfevtp; C:\WINDOWS\system32\mfevtps.exe [145936 2011-03-03] (McAfee, Inc.)

 

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)

 

S3 SecureStorageService; C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe [1032192 2010-02-03] (Wave Systems Corp.)

 

S2 tcsd_win32.exe; C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1273856 2008-11-12] ()

 

R2 TdmService; C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe [1164648 2010-03-29] (Wave Systems Corp.)

 

S3 InforVisualDrillback; "C:/Infor/VISUAL Enterprise/VISUAL Manufacturing/http2vm.exe" -p 9090 -n InforVisualDrillback webserversrvc [x]

 

 

==================== Drivers (Whitelisted) ====================

 

 

S4 abp480n5; C:\Windows\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)

 

R3 e1kexpress; C:\Windows\System32\DRIVERS\e1k5132.sys [166568 2009-11-05] (Intel Corporation)

 

R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [116104 2011-03-03] (McAfee, Inc.)

 

R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [171296 2011-03-03] (McAfee, Inc.)

 

R3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [58456 2011-03-03] (McAfee, Inc.)

 

R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [436728 2011-03-03] (McAfee, Inc.)

 

S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [85152 2011-03-03] (McAfee, Inc.)

 

R1 mfetdi2k; C:\Windows\System32\drivers\mfetdi2k.sys [88544 2011-03-03] (McAfee, Inc.)

 

R1 mfetdik; C:\Windows\System32\drivers\mfetdik.sys [52168 2009-06-08] (McAfee, Inc.)

 

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)

 

R1 MpKslb43b905d; c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C76DC08D-8884-47D5-A9AA-DB5C15112B5C}\MpKslb43b905d.sys [40392 2014-01-21] (Microsoft Corporation)

 

S3 NAL; C:\WINDOWS\system32\Drivers\iqvw32.sys [30880 2009-10-14] (Intel Corporation )

 

R0 PBADRV; C:\Windows\System32\DRIVERS\PBADRV.sys [26608 2008-06-04] (Dell Inc)

 

R0 SFAUDIO; C:\Windows\System32\drivers\sfaudio.sys [24064 2008-03-28] (Sonic Focus, Inc)

 

R2 WavxDMgr; C:\Windows\System32\DRIVERS\WavxDMgr.sys [233856 2010-01-19] (Wave Systems Corp.)

 

U3 mfeavfk01; No ImagePath

 

S1 mferkdk; \??\C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys [x]

 

U1 WS2IFSL;

 

 

==================== NetSvcs (Whitelisted) ===================

 

 

 

==================== One Month Created Files and Folders ========

 

 

2014-01-21 16:20 - 2014-01-21 16:20 - 00017330 _____ C:\Documents and Settings\lynn.RSC\Desktop\FRST.txt

 

2014-01-21 16:19 - 2014-01-21 13:51 - 01222144 _____ (Farbar) C:\Documents and Settings\lynn.RSC\Desktop\FRST.exe

 

2014-01-21 15:32 - 2014-01-21 15:33 - 00002720 _____ C:\Documents and Settings\lynn.RSC\Desktop\Rkill.txt

 

2014-01-21 15:27 - 2014-01-21 15:27 - 05172786 _____ (Swearware) C:\Documents and Settings\lynn.RSC\Desktop\ComboFix.exe

 

2014-01-21 15:25 - 2014-01-21 15:25 - 01933048 _____ (Bleeping Computer, LLC) C:\Documents and Settings\lynn.RSC\Desktop\rkill.exe

 

2014-01-21 15:22 - 2014-01-21 15:22 - 00686264 _____ C:\Documents and Settings\lynn.RSC\Desktop\ZipOpenerSetup.exe

 

2014-01-21 14:24 - 2014-01-21 14:24 - 00000000 ____D C:\FRST

 

2014-01-20 08:36 - 2014-01-20 08:36 - 00001700 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk

 

2014-01-20 08:36 - 2014-01-20 08:36 - 00000000 ____D C:\Program Files\Microsoft Security Client

 

2014-01-20 08:35 - 2014-01-20 08:36 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2808679$

 

2014-01-20 08:35 - 2014-01-20 08:35 - 00010880 _____ C:\WINDOWS\KB2632503-IE8.log

 

2014-01-20 08:35 - 2014-01-20 08:35 - 00010655 _____ C:\WINDOWS\KB2492386.log

 

2014-01-20 08:35 - 2014-01-20 08:35 - 00010071 _____ C:\WINDOWS\KB2598845-IE8.log

 

2014-01-20 08:35 - 2014-01-20 08:35 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2492386$

 

2014-01-20 08:34 - 2014-01-20 08:36 - 00014111 _____ C:\WINDOWS\KB2808679.log

 

2014-01-20 08:33 - 2011-08-16 04:45 - 00006144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iecompat.dll

 

2014-01-20 08:33 - 2011-03-11 08:10 - 00225262 ____C C:\WINDOWS\system32\dllcache\msimain.sdb

 

2014-01-20 08:22 - 2014-01-20 08:22 - 00000788 _____ C:\Documents and Settings\Administrator\Desktop\Windows Media Player.lnk

 

2014-01-20 08:22 - 2014-01-20 08:22 - 00000000 __SHD C:\Documents and Settings\Administrator\IETldCache

 

2014-01-20 08:22 - 2014-01-20 08:22 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe

 

2014-01-20 08:22 - 2014-01-20 08:22 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Adobe

 

2014-01-17 16:35 - 2014-01-19 01:32 - 00231584 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe

 

2014-01-17 16:24 - 2014-01-21 06:43 - 00000384 ____H C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job

 

2014-01-17 16:14 - 2014-01-20 08:36 - 00001945 _____ C:\WINDOWS\epplauncher.mif

 

2014-01-17 12:06 - 2014-01-17 12:13 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\6sVs3nrg

 

2014-01-17 12:06 - 2014-01-17 12:06 - 00000000 ____D C:\Documents and Settings\lynn.RSC\Local Settings\Application Data\Efqttion

 

2014-01-15 14:35 - 2014-01-15 14:35 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2914368$

 

2014-01-15 14:34 - 2014-01-15 14:35 - 00006460 _____ C:\WINDOWS\KB2914368.log

 

 

==================== One Month Modified Files and Folders =======

 

 

2014-01-21 16:20 - 2014-01-21 16:20 - 00017330 _____ C:\Documents and Settings\lynn.RSC\Desktop\FRST.txt

 

2014-01-21 15:48 - 2013-11-20 08:55 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job

 

2014-01-21 15:33 - 2014-01-21 15:32 - 00002720 _____ C:\Documents and Settings\lynn.RSC\Desktop\Rkill.txt

 

2014-01-21 15:31 - 2010-08-05 04:56 - 00000136 _____ C:\WINDOWS\system32\config\netlogon.ftl

 

2014-01-21 15:27 - 2014-01-21 15:27 - 05172786 _____ (Swearware) C:\Documents and Settings\lynn.RSC\Desktop\ComboFix.exe

 

2014-01-21 15:25 - 2014-01-21 15:25 - 01933048 _____ (Bleeping Computer, LLC) C:\Documents and Settings\lynn.RSC\Desktop\rkill.exe

 

2014-01-21 15:22 - 2014-01-21 15:22 - 00686264 _____ C:\Documents and Settings\lynn.RSC\Desktop\ZipOpenerSetup.exe

 

2014-01-21 14:24 - 2014-01-21 14:24 - 00000000 ____D C:\FRST

 

2014-01-21 14:22 - 2010-08-05 12:43 - 00000109 _____ C:\WINDOWS\cdlli40.INI

 

2014-01-21 13:51 - 2014-01-21 16:19 - 01222144 _____ (Farbar) C:\Documents and Settings\lynn.RSC\Desktop\FRST.exe

 

2014-01-21 13:02 - 2010-08-06 07:26 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\pdf995

 

2014-01-21 11:48 - 2008-04-25 15:28 - 01540902 _____ C:\WINDOWS\WindowsUpdate.log

 

2014-01-21 06:43 - 2014-01-17 16:24 - 00000384 ____H C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job

 

2014-01-21 06:40 - 2008-04-25 03:17 - 00000000 ____D C:\WINDOWS\security

 

2014-01-21 06:38 - 2008-04-25 03:22 - 00608280 _____ C:\WINDOWS\system32\PerfStringBackup.INI

 

2014-01-21 06:35 - 2011-02-22 06:56 - 00000000 ____D C:\Documents and Settings\lynn.RSC\Tracing

 

2014-01-21 06:34 - 2010-08-05 04:57 - 00000000 _____ C:\Documents and Settings\lynn.RSC\Local Settings\Application Data\WavXMapDrive.bat

 

2014-01-21 06:34 - 2008-04-25 10:16 - 00001158 _____ C:\WINDOWS\system32\wpa.dbl

 

2014-01-21 06:34 - 2008-04-25 03:25 - 00000259 _____ C:\WINDOWS\wiadebug.log

 

2014-01-21 06:33 - 2008-04-25 15:32 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT

 

2014-01-21 06:33 - 2008-04-25 03:25 - 00000049 _____ C:\WINDOWS\wiaservc.log

 

2014-01-20 16:31 - 2010-08-05 04:57 - 00000178 ___SH C:\Documents and Settings\lynn.RSC\ntuser.ini

 

2014-01-20 16:31 - 2008-04-25 15:32 - 00032428 _____ C:\WINDOWS\SchedLgU.Txt

 

2014-01-20 15:13 - 2012-06-18 14:05 - 00000000 ____D C:\QUARANTINE

 

2014-01-20 08:36 - 2014-01-20 08:36 - 00001700 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk

 

2014-01-20 08:36 - 2014-01-20 08:36 - 00000000 ____D C:\Program Files\Microsoft Security Client

 

2014-01-20 08:36 - 2014-01-20 08:35 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2808679$

 

2014-01-20 08:36 - 2014-01-20 08:34 - 00014111 _____ C:\WINDOWS\KB2808679.log

 

2014-01-20 08:36 - 2014-01-17 16:14 - 00001945 _____ C:\WINDOWS\epplauncher.mif

 

2014-01-20 08:36 - 2008-04-25 03:22 - 01586988 _____ C:\WINDOWS\iis6.log

 

2014-01-20 08:36 - 2008-04-25 03:22 - 01418006 _____ C:\WINDOWS\FaxSetup.log

 

2014-01-20 08:36 - 2008-04-25 03:22 - 00688338 _____ C:\WINDOWS\ocgen.log

 

2014-01-20 08:36 - 2008-04-25 03:22 - 00650629 _____ C:\WINDOWS\tsoc.log

 

2014-01-20 08:36 - 2008-04-25 03:22 - 00478262 _____ C:\WINDOWS\comsetup.log

 

2014-01-20 08:36 - 2008-04-25 03:22 - 00443148 _____ C:\WINDOWS\msmqinst.log

 

2014-01-20 08:36 - 2008-04-25 03:22 - 00289301 _____ C:\WINDOWS\ntdtcsetup.log

 

2014-01-20 08:36 - 2008-04-25 03:22 - 00246460 _____ C:\WINDOWS\netfxocm.log

 

2014-01-20 08:36 - 2008-04-25 03:22 - 00097480 _____ C:\WINDOWS\MedCtrOC.log

 

2014-01-20 08:36 - 2008-04-25 03:22 - 00078036 _____ C:\WINDOWS\ocmsn.log

 

2014-01-20 08:36 - 2008-04-25 03:22 - 00070958 _____ C:\WINDOWS\tabletoc.log

 

2014-01-20 08:36 - 2008-04-25 03:22 - 00070655 _____ C:\WINDOWS\msgsocm.log

 

2014-01-20 08:36 - 2008-04-25 03:22 - 00001374 _____ C:\WINDOWS\imsins.log

 

2014-01-20 08:35 - 2014-01-20 08:35 - 00010880 _____ C:\WINDOWS\KB2632503-IE8.log

 

2014-01-20 08:35 - 2014-01-20 08:35 - 00010655 _____ C:\WINDOWS\KB2492386.log

 

2014-01-20 08:35 - 2014-01-20 08:35 - 00010071 _____ C:\WINDOWS\KB2598845-IE8.log

 

2014-01-20 08:35 - 2014-01-20 08:35 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2492386$

 

2014-01-20 08:35 - 2010-08-05 12:07 - 00000000 ____D C:\WINDOWS\ie8updates

 

2014-01-20 08:35 - 2009-11-03 16:26 - 00000000 ___HD C:\WINDOWS\$hf_mig$

 

2014-01-20 08:35 - 2009-11-03 16:08 - 00131027 _____ C:\WINDOWS\updspapi.log

 

2014-01-20 08:35 - 2008-04-25 03:22 - 00001374 _____ C:\WINDOWS\imsins.BAK

 

2014-01-20 08:25 - 2008-04-25 15:32 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini

 

2014-01-20 08:22 - 2014-01-20 08:22 - 00000788 _____ C:\Documents and Settings\Administrator\Desktop\Windows Media Player.lnk

 

2014-01-20 08:22 - 2014-01-20 08:22 - 00000000 __SHD C:\Documents and Settings\Administrator\IETldCache

 

2014-01-20 08:22 - 2014-01-20 08:22 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe

 

2014-01-20 08:22 - 2014-01-20 08:22 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Adobe

 

2014-01-20 08:22 - 2010-07-23 10:34 - 00000000 _____ C:\Documents and Settings\Administrator\Local Settings\Application Data\WavXMapDrive.bat

 

2014-01-20 08:22 - 2010-07-23 10:25 - 00038184 _____ C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

 

2014-01-20 08:22 - 2008-04-25 15:32 - 00000805 _____ C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Explorer.lnk

 

2014-01-20 08:22 - 2008-04-25 15:32 - 00000794 _____ C:\Documents and Settings\Administrator\Start Menu\Programs\Windows Media Player.lnk

 

2014-01-20 08:22 - 2008-04-25 15:32 - 00000740 _____ C:\Documents and Settings\Administrator\Start Menu\Programs\Outlook Express.LNK

 

2014-01-20 08:22 - 2008-04-25 15:32 - 00000000 ___RD C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories

 

2014-01-20 08:22 - 2008-04-25 15:32 - 00000000 ____D C:\Documents and Settings\Administrator

 

2014-01-20 08:22 - 2008-04-25 15:26 - 00010182 _____ C:\WINDOWS\wmsetup.log

 

2014-01-20 08:15 - 2012-05-09 12:22 - 00000786 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

 

2014-01-20 08:15 - 2010-10-01 08:21 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware

 

2014-01-20 08:15 - 2010-10-01 08:21 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware

 

2014-01-19 01:32 - 2014-01-17 16:35 - 00231584 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe

 

2014-01-17 12:13 - 2014-01-17 12:06 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\6sVs3nrg

 

2014-01-17 12:06 - 2014-01-17 12:06 - 00000000 ____D C:\Documents and Settings\lynn.RSC\Local Settings\Application Data\Efqttion

 

2014-01-15 14:37 - 2013-08-14 15:20 - 00000000 ____D C:\WINDOWS\system32\MRT

 

2014-01-15 14:37 - 2010-08-05 12:12 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Microsoft Help

 

2014-01-15 14:35 - 2014-01-15 14:35 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2914368$

 

2014-01-15 14:35 - 2014-01-15 14:34 - 00006460 _____ C:\WINDOWS\KB2914368.log

 

2014-01-15 14:35 - 2010-08-05 11:48 - 83425928 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

 

2014-01-13 15:39 - 2010-08-05 12:15 - 00065536 _____ C:\WINDOWS\system32\config\ODiag.evt

 

2014-01-10 12:42 - 2013-06-13 11:44 - 00000000 ____T C:\Documents and Settings\lynn.RSC\Desktop\tracking

 

 

Some content of TEMP:

 

====================

 

C:\Documents and Settings\lynn.RSC\Local Settings\Temp\11389981945285.exe

 

C:\Documents and Settings\lynn.RSC\Local Settings\Temp\ngpsodgr.exe

 

C:\Documents and Settings\lynn.RSC\Local Settings\Temp\ose00000.exe

 

C:\Documents and Settings\lynn.RSC\Local Settings\Temp\setup_wm.exe

 

C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-fc653c9a.exe

 

 

 

==================== Bamital & volsnap Check =================

 

 

C:\Windows\explorer.exe => MD5 is legit

 

C:\Windows\System32\winlogon.exe => MD5 is legit

 

C:\Windows\System32\svchost.exe => MD5 is legit

 

C:\Windows\System32\services.exe => MD5 is legit

 

C:\Windows\System32\User32.dll => MD5 is legit

 

C:\Windows\System32\userinit.exe => MD5 is legit

 

C:\Windows\System32\rpcss.dll => MD5 is legit

 

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

 

 

==================== End Of Log ============================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 21-01-2014

 

Ran by lynn at 2014-01-21 16:21:19

 

Running from C:\Documents and Settings\lynn.RSC\Desktop

 

Boot Mode: Normal

 

==========================================================

 

 

 

==================== Security Center ========================

 

 

AV: Microsoft Security Essentials (Disabled - Up to date) {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

 

 

==================== Installed Programs ======================

 

 

32 Bit HP CIO Components Installer (Version: 7.1.4 - Hewlett-Packard) Hidden

 

Adobe Acrobat  8 Standard (Version: 8.1.0 - Adobe Systems) Hidden

 

Adobe Acrobat 8.1.0 Standard (Version: 8.1.0 - Adobe Systems)

 

Adobe Flash Player 11 ActiveX (Version: 11.9.900.170 - Adobe Systems Incorporated)

 

Adobe Reader 9.3.3 (Version: 9.3.3 - Adobe Systems Incorporated)

 

BioAPI Framework (Version: 1.0.1 - Dell Inc.) Hidden

 

Brother MFL-Pro Suite (Version: 1.00.000 - )

 

Cisco WebEx Meetings (Version:  - Cisco WebEx LLC)

 

Coupon Printer for Windows (Version: 5.0.0.1 - Coupons.com Incorporated) <==== ATTENTION

 

DCP32MMWrapper (Version: 1.6.461.83 - Broadcom Corporation) Hidden

 

Dell Backup and Recovery Manager (Version: 1.2.3 - Dell, Inc.)

 

Dell Control Point (Version: 1.6.461.83 - Broadcom Corporation) Hidden

 

Dell ControlPoint Security Manager (Version: 1.6.461.83 - Dell Inc.)

 

Dell Embassy Trust Suite by Wave Systems (Version: 03.05.03.000 - Wave Systems Corp) Hidden

 

Dell Security Device Driver Pack (Version: 1.4.055 - Dell Inc.)

 

Document Manager Lite (Version: 06.09.00.159 - Wave Systems Corp.) Hidden

 

EMBASSY Security Center (Version: 04.00.00.101 - Wave Systems Corp) Hidden

 

EMBASSY Security Setup (Version: 04.00.00.090 - Wave Systems Corp) Hidden

 

ESC Home Page Plugin (Version: 04.00.00.018 - Wave Systems Corp) Hidden

 

Gemalto (Version: 01.01.00.0000 - Wave Systems Corp) Hidden

 

Gupta Runtime 4.0 (Version: 4.00 - Gupta Corp)

 

HP LaserJet Professional M1530 MFP Series (Version:  - Hewlett-Packard)

 

HP Update (Version: 5.002.006.003 - Hewlett-Packard)

 

Intel® Graphics Media Accelerator Driver (Version:  - Intel Corporation)

 

Intel® Network Connections 14.8.43.0 (Version: 14.8.43.0 - Dell)

 

Intel® Rapid Storage Technology (Version: 9.6.0.1014 - Intel Corporation)

 

Java Auto Updater (Version: 2.0.2.1 - Sun Microsystems, Inc.) Hidden

 

Java 6 Update 20 (Version: 6.0.200 - Sun Microsystems, Inc.)

 

Junk Mail filter update (Version: 14.0.8089.726 - Microsoft Corporation) Hidden

 

Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300 - Malwarebytes Corporation)

 

McAfee Agent (Version: 4.5.0.1810 - McAfee, Inc.)

 

McAfee VirusScan Enterprise (Version: 8.8.00000 - McAfee, Inc.)

 

Microsoft .NET Framework 1.1 (Version:  - )

 

Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden

 

Microsoft .NET Framework 1.1 Security Update (KB2698023) (Version:  - )

 

Microsoft .NET Framework 1.1 Security Update (KB2833941) (Version:  - )

 

Microsoft .NET Framework 1.1 Security Update (KB979906) (Version:  - )

 

Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729 - Microsoft Corporation)

 

Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729 - Microsoft Corporation)

 

Microsoft .NET Framework 3.5 SP1 (Version:  - Microsoft Corporation)

 

Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden

 

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)

 

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden

 

Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden

 

Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden

 

Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft)

 

Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden

 

Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

 

Microsoft Office File Validation Add-In (Version: 14.0.5130.5003 - Microsoft Corporation)

 

Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

 

Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

 

Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

 

Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

 

Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

 

Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

 

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden

 

Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

 

Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

 

Microsoft Office Standard 2007 (Version: 12.0.6612.1000 - Microsoft Corporation)

 

Microsoft Office Standard 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

 

Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

 

Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) Hidden

 

Microsoft Security Essentials (Version: 4.4.304.0 - Microsoft Corporation)

 

Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)

 

Microsoft Software Update for Web Folders  (English) 12 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

 

Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000 - Microsoft Corporation)

 

Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0 - Microsoft Corporation)

 

Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0 - Microsoft Corporation)

 

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053 - Microsoft Corporation)

 

Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001 - Microsoft Corporation)

 

MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden

 

MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0 - Microsoft Corporation)

 

MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0 - Microsoft Corporation)

 

MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0 - Microsoft Corporation)

 

MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0 - Microsoft Corporation)

 

MSXML 4.0 SP3 Parser (KB973685) (Version: 4.30.2107.0 - Microsoft Corporation)

 

MSXML 6.0 Parser (KB927977) (Version: 6.00.3890.0 - Microsoft Corporation)

 

NTRU TCG Software Stack (Version: 2.1.29 - NTRU Cryptosystems) Hidden

 

OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden

 

Pdf995 (Version:  - )

 

PowerDVD DX (Version: 8.3.6029 - CyberLink Corp.)

 

Preboot Manager (Version: 03.00.00.154 - Wave Systems Corp.) Hidden

 

Private Information Manager (Version: 06.04.00.065 - Wave Systems Corp.) Hidden

 

ScanSoft PaperPort Viewer 7.0 (Version:  - )

 

Security Wizards (Version: 01.07.00.026 - Your Company Name) Hidden

 

Segoe UI (Version: 14.0.4327.805 - Microsoft Corp) Hidden

 

Snapshot Viewer (Version:  - )

 

SO32MMWrapper (Version: 1.6.461.83 - Broadcom Corporation) Hidden

 

ST Microelectronics TPM Driver Installer (Version: 1.04.15 - Dell Inc.) Hidden

 

TeamViewer 8 (Version: 8.0.22298 - TeamViewer)

 

Trusted Drive Manager (Version: 3.3.3.104 - Wave Systems Corp.) Hidden

 

Update for 2007 Microsoft Office System (KB967642) (Version:  - Microsoft)

 

Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1 - Microsoft Corporation)

 

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (Version:  - Microsoft)

 

Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (Version:  - Microsoft)

 

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (Version:  - Microsoft)

 

Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (Version:  - Microsoft)

 

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition (Version:  - Microsoft)

 

Update for Windows Internet Explorer 8 (KB2598845) (Version: 1 - Microsoft Corporation)

 

Update for Windows Internet Explorer 8 (KB2632503) (Version: 1 - Microsoft Corporation)

 

Update for Windows Internet Explorer 8 (KB976662) (Version: 1 - Microsoft Corporation)

 

Update for Windows XP (KB2141007) (Version: 1 - Microsoft Corporation)

 

Update for Windows XP (KB2345886) (Version: 1 - Microsoft Corporation)

 

Update for Windows XP (KB2467659) (Version: 1 - Microsoft Corporation)

 

Update for Windows XP (KB2492386) (Version: 1 - Microsoft Corporation)

 

Update for Windows XP (KB2541763) (Version: 1 - Microsoft Corporation)

 

Update for Windows XP (KB2607712) (Version: 1 - Microsoft Corporation)

 

Update for Windows XP (KB2616676) (Version: 1 - Microsoft Corporation)

 

Update for Windows XP (KB2641690) (Version: 1 - Microsoft Corporation)

 

Update for Windows XP (KB2661254-v2) (Version: 2 - Microsoft Corporation)

 

Update for Windows XP (KB2718704) (Version: 1 - Microsoft Corporation)

 

Update for Windows XP (KB2736233) (Version: 1 - Microsoft Corporation)

 

Update for Windows XP (KB2749655) (Version: 1 - Microsoft Corporation)

 

Update for Windows XP (KB2808679) (Version: 1 - Microsoft Corporation)

 

Update for Windows XP (KB2863058) (Version: 1 - Microsoft Corporation)

 

Update for Windows XP (KB2904266) (Version: 1 - Microsoft Corporation)

 

Update for Windows XP (KB898461) (Version: 1 - Microsoft Corporation)

 

Update for Windows XP (KB951618-v2) (Version: 2 - Microsoft Corporation)

 

Update for Windows XP (KB951978) (Version: 1 - Microsoft Corporation) Hidden

 

Update for Windows XP (KB955759) (Version: 1 - Microsoft Corporation)

 

Update for Windows XP (KB961503) (Version: 1 - Microsoft Corporation)

 

Update for Windows XP (KB967715) (Version: 1 - Microsoft Corporation)

 

Update for Windows XP (KB968389) (Version: 1 - Microsoft Corporation)

 

Update for Windows XP (KB971029) (Version: 1 - Microsoft Corporation)

 

Update for Windows XP (KB971737) (Version: 1 - Microsoft Corporation)

 

Update for Windows XP (KB973687) (Version: 1 - Microsoft Corporation)

 

Update for Windows XP (KB973815) (Version: 1 - Microsoft Corporation)

 

Update for Windows XP (KB980182) (Version: 1 - Microsoft Corporation) Hidden

 

UPEK TouchChip Fingerprint Reader (Version: 1.2.0 - Dell Inc.) Hidden

 

VISUAL Enterprise 6.5.4 SP3 (Version: 1.02.0000 - Infor Global Solutions) Hidden

 

VISUAL Enterprise 652 (Version: 6.5.2 - Infor Global Solutions) Hidden

 

VizManager 2.2 (Version: 2.2.1 - Business Technical Consulting)

 

Wave Infrastructure Installer (Version: 07.01.30.0022 - Wave Systems Corp) Hidden

 

Wave Support Software (Version: 05.10.00.073 - Wave Systems Corp) Hidden

 

WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden

 

Windows Driver Package - Dell Inc. PBADRV System  (09/11/2009 1.0.1.6) (Version: 09/11/2009 1.0.1.6 - Dell Inc.)

 

Windows Driver Package - STMicroelectronics (stmtpm) System  (05/24/2007 1.00.04.15) (Version: 05/24/2007 1.00.04.15 - STMicroelectronics)

 

Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0 - Microsoft Corporation)

 

Windows Genuine Advantage Validation Tool (KB892130) (Version:  - Microsoft Corporation)

 

Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2 - Microsoft Corporation)

 

Windows Internet Explorer 8 (Version: 20090308.140743 - Microsoft Corporation)

 

Windows Live Call (Version: 14.0.8064.0206 - Microsoft Corporation) Hidden

 

Windows Live Communications Platform (Version: 14.0.8064.206 - Microsoft Corporation) Hidden

 

Windows Live Essentials (Version: 14.0.8089.0726 - Microsoft Corporation)

 

Windows Live Essentials (Version: 14.0.8089.726 - Microsoft Corporation) Hidden

 

Windows Live Mail (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden

 

Windows Live Messenger (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden

 

Windows Live Photo Gallery (Version: 14.0.8081.709 - Microsoft Corporation) Hidden

 

Windows Live Sign-in Assistant (Version: 5.000.818.5 - Microsoft Corporation)

 

Windows Live Sync (Version: 14.0.8089.726 - Microsoft Corporation)

 

Windows Live Toolbar (Version: 14.0.8064.206 - Microsoft Corporation) Hidden

 

Windows Live Upload Tool (Version: 14.0.8014.1029 - Microsoft Corporation)

 

Windows Live Writer (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden

 

Windows Management Framework Core (Version:  - Microsoft Corporation)

 

Windows Presentation Foundation (Version: 3.0.6920.0 - Microsoft Corporation) Hidden

 

Windows Rights Management Client Backwards Compatibility SP2 (Version: 5.2.95 - Microsoft)

 

Windows Rights Management Client with Service Pack 2 (Version: 5.2.95 - Microsoft)

 

Windows Search 4.0 (Version: 04.00.6001.503 - Microsoft Corporation)

 

XML Paper Specification Shared Components Pack 1.0 (Version:  - Microsoft Corporation) Hidden

 

 

==================== Restore Points  =========================

 

 

24-10-2013 14:44:06 System Checkpoint

 

25-10-2013 20:16:16 System Checkpoint

 

25-10-2013 20:59:40 Software Distribution Service 3.0

 

28-10-2013 19:57:59 Software Distribution Service 3.0

 

29-10-2013 21:33:47 System Checkpoint

 

30-10-2013 21:34:16 System Checkpoint

 

04-11-2013 18:23:08 System Checkpoint

 

06-11-2013 18:35:49 System Checkpoint

 

12-11-2013 15:41:18 System Checkpoint

 

13-11-2013 18:06:51 System Checkpoint

 

13-11-2013 22:37:37 Software Distribution Service 3.0

 

15-11-2013 15:47:11 System Checkpoint

 

18-11-2013 18:06:13 System Checkpoint

 

19-11-2013 21:48:41 System Checkpoint

 

21-11-2013 15:51:12 System Checkpoint

 

22-11-2013 15:56:45 System Checkpoint

 

25-11-2013 18:34:55 System Checkpoint

 

27-11-2013 19:51:50 System Checkpoint

 

03-12-2013 17:23:50 System Checkpoint

 

04-12-2013 18:09:51 System Checkpoint

 

05-12-2013 23:03:48 System Checkpoint

 

09-12-2013 14:38:56 System Checkpoint

 

10-12-2013 15:38:57 System Checkpoint

 

12-12-2013 21:00:31 Software Distribution Service 3.0

 

13-12-2013 21:07:25 Software Distribution Service 3.0

 

16-12-2013 15:30:40 System Checkpoint

 

19-12-2013 15:34:34 System Checkpoint

 

20-12-2013 18:18:43 System Checkpoint

 

23-12-2013 17:17:53 System Checkpoint

 

24-12-2013 17:18:59 System Checkpoint

 

25-12-2013 18:18:58 System Checkpoint

 

26-12-2013 19:18:59 System Checkpoint

 

27-12-2013 20:19:00 System Checkpoint

 

28-12-2013 21:19:00 System Checkpoint

 

29-12-2013 22:19:00 System Checkpoint

 

30-12-2013 23:19:01 System Checkpoint

 

01-01-2014 00:19:00 System Checkpoint

 

09-01-2014 17:09:55 System Checkpoint

 

13-01-2014 18:15:24 System Checkpoint

 

14-01-2014 21:31:14 Software Distribution Service 3.0

 

15-01-2014 20:34:43 Software Distribution Service 3.0

 

17-01-2014 15:56:36 System Checkpoint

 

18-01-2014 16:05:31 System Checkpoint

 

19-01-2014 17:05:31 System Checkpoint

 

20-01-2014 14:35:30 Software Distribution Service 3.0

 

20-01-2014 14:51:02 Software Distribution Service 3.0

 

21-01-2014 15:41:35 System Checkpoint

 

 

==================== Hosts content: ==========================

 

 

2008-04-25 10:16 - 2008-04-14 06:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts

 

127.0.0.1       localhost

 

 

==================== Scheduled Tasks (whitelisted) =============

 

 

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

 

Task: C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job => c:\Program Files\Microsoft Security Client\MpCmdRun.exe

 

 

==================== Loaded Modules (whitelisted) =============

 

 

2010-08-06 07:26 - 2010-08-06 07:26 - 00051716 _____ () C:\WINDOWS\system32\pdf995mon.dll

 

2007-04-18 19:30 - 2007-04-18 19:30 - 00393216 _____ () C:\Program Files\McAfee\Common Framework\cryptocme2.dll

 

2007-04-18 19:30 - 2007-04-18 19:30 - 00471040 _____ () C:\Program Files\McAfee\Common Framework\ccme_base.dll

 

2011-01-12 16:05 - 2011-01-12 16:05 - 00065536 _____ () C:\Program Files\McAfee\Common Framework\boost_thread-vc80-mt-1_32.dll

 

2010-08-06 08:36 - 2002-11-26 12:43 - 00106496 ____N () C:\WINDOWS\system32\BrMuSNMP.dll

 

2013-08-14 15:22 - 2013-08-14 15:22 - 00170496 _____ () C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\IsdiInterop\4079dbc25270ec50501b2fa37009b1bb\IsdiInterop.ni.dll

 

2010-07-23 10:27 - 2010-03-03 19:08 - 00058880 _____ () C:\Program Files\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll

 

2014-01-17 12:06 - 2014-01-17 12:06 - 00797184 _____ () C:\Documents and Settings\lynn.RSC\Local Settings\Application Data\Efqttion\ep0lvra1.dll

 

2007-05-10 23:50 - 2007-05-10 23:50 - 00017024 _____ () C:\Program Files\Adobe\Acrobat 8.0\Acrobat\viewerps.dll

 

2008-04-25 10:16 - 2008-04-14 06:00 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll

 

2008-04-25 10:16 - 2008-04-14 06:00 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll

 

2010-01-19 11:44 - 2010-01-19 11:44 - 00249856 _____ () C:\WINDOWS\system32\wxvault.dll

 

2010-03-02 11:46 - 2010-03-02 11:46 - 00010752 _____ () C:\WINDOWS\system32\Wavx_ESC_Logging.dll

 

2008-11-12 12:24 - 2008-11-12 12:24 - 00004608 _____ () C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\TspPopup_ENU.dll

 

2008-04-25 10:16 - 2013-01-02 00:49 - 01292288 _____ () C:\WINDOWS\system32\quartz.dll

 

 

==================== Alternate Data Streams (whitelisted) =========

 

 

 

==================== Safe Mode (whitelisted) ===================

 

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

 

 

==================== Faulty Device Manager Devices =============

 

 

 

==================== Event log errors: =========================

 

 

Application errors:

 

==================

 

Error: (01/21/2014 02:25:44 PM) (Source: Application Error) (User: )

 

Description: Faulting application frst.exe, version 0.0.0.0, faulting module frst.exe, version 0.0.0.0, fault address 0x00020016.

 

Processing media-specific event for [frst.exe!ws!]

 

 

Error: (01/21/2014 07:25:32 AM) (Source: Application Hang) (User: )

 

Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

 

 

Error: (01/21/2014 06:38:42 AM) (Source: MPSampleSubmission) (User: )

 

Description: EventType mptelemetry, P1 2152759308, P2 unspecified, P3 scanfile, P4 4.4.304.0, P5 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P6 unspecified, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

 

 

Error: (01/20/2014 06:43:27 AM) (Source: MPSampleSubmission) (User: )

 

Description: EventType mptelemetry, P1 80070490, P2 remediation, P3 remediationfailuretelemetry, P4 1.1.10201.0, P5 mpengine, P6 0, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

 

 

 

System errors:

 

=============

 

Error: (01/20/2014 08:30:25 AM) (Source: DCOM) (User: RSC)

 

Description: DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""

 

in order to run the server:

 

{E60687F7-01A1-40AA-86AC-DB1CBF673334}

 

 

Error: (01/20/2014 08:29:15 AM) (Source: DCOM) (User: RSC)

 

Description: DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""

 

in order to run the server:

 

{E60687F7-01A1-40AA-86AC-DB1CBF673334}

 

 

Error: (01/20/2014 08:26:08 AM) (Source: NETLOGON) (User: )

 

Description: No Domain Controller is available for domain RSC due to the following:

 

%%1311.

 

 

Make sure that the computer is connected to the network and try

 

again. If the problem persists, please contact your domain administrator.

 

 

Error: (01/20/2014 08:20:36 AM) (Source: DCOM) (User: RSC)

 

Description: DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""

 

in order to run the server:

 

{E60687F7-01A1-40AA-86AC-DB1CBF673334}

 

 

Error: (01/20/2014 08:05:04 AM) (Source: DCOM) (User: RSC)

 

Description: DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""

 

in order to run the server:

 

{E60687F7-01A1-40AA-86AC-DB1CBF673334}

 

 

Error: (01/20/2014 06:53:26 AM) (Source: Microsoft Antimalware) (User: )

 

Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

 

 

New Signature Version:

 

 

Previous Signature Version: 1.165.2152.0

 

 

Update Source: %NT AUTHORITY59

 

 

Update Stage: 4.2.0223.00

 

 

Source Path: 4.2.0223.01

 

 

Signature Type: %NT AUTHORITY602

 

 

Update Type: %NT AUTHORITY604

 

 

User: NT AUTHORITY\SYSTEM

 

 

Current Engine Version: %NT AUTHORITY605

 

 

Previous Engine Version: %NT AUTHORITY606

 

 

Error code: %NT AUTHORITY607

 

 

Error description: %NT AUTHORITY608

 

 

Error: (01/20/2014 06:53:26 AM) (Source: DCOM) (User: NT AUTHORITY)

 

Description: DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""

 

in order to run the server:

 

{E60687F7-01A1-40AA-86AC-DB1CBF673334}

 

 

Error: (01/20/2014 06:53:26 AM) (Source: DCOM) (User: NT AUTHORITY)

 

Description: DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""

 

in order to run the server:

 

{E60687F7-01A1-40AA-86AC-DB1CBF673334}

 

 

Error: (01/19/2014 05:12:09 PM) (Source: Microsoft Antimalware) (User: )

 

Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

 

 

New Signature Version:

 

 

Previous Signature Version: 1.165.2152.0

 

 

Update Source: %NT AUTHORITY59

 

 

Update Stage: 4.2.0223.00

 

 

Source Path: 4.2.0223.01

 

 

Signature Type: %NT AUTHORITY602

 

 

Update Type: %NT AUTHORITY604

 

 

User: NT AUTHORITY\SYSTEM

 

 

Current Engine Version: %NT AUTHORITY605

 

 

Previous Engine Version: %NT AUTHORITY606

 

 

Error code: %NT AUTHORITY607

 

 

Error description: %NT AUTHORITY608

 

 

Error: (01/19/2014 05:12:09 PM) (Source: DCOM) (User: NT AUTHORITY)

 

Description: DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""

 

in order to run the server:

 

{E60687F7-01A1-40AA-86AC-DB1CBF673334}

 

 

 

Microsoft Office Sessions:

 

=========================

 

Error: (01/13/2014 07:38:52 AM) (Source: Microsoft Office 12 Sessions)(User: )

 

Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3230 seconds with 660 seconds of active time.  This session ended with a crash.

 

 

Error: (01/07/2014 11:06:33 AM) (Source: Microsoft Office 12 Sessions)(User: )

 

Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 15806 seconds with 1260 seconds of active time.  This session ended with a crash.

 

 

Error: (12/16/2013 10:40:23 AM) (Source: Microsoft Office 12 Sessions)(User: )

 

Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 15173 seconds with 3060 seconds of active time.  This session ended with a crash.

 

 

Error: (08/03/2013 06:08:06 PM) (Source: Microsoft Office 12 Sessions)(User: )

 

Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 48 seconds with 0 seconds of active time.  This session ended with a crash.

 

 

Error: (02/08/2013 05:30:36 AM) (Source: Microsoft Office 12 Sessions)(User: )

 

Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 58434 seconds with 240 seconds of active time.  This session ended with a crash.

 

 

Error: (11/15/2012 01:59:49 PM) (Source: Microsoft Office 12 Sessions)(User: )

 

Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 27558 seconds with 3960 seconds of active time.  This session ended with a crash.

 

 

Error: (06/05/2012 01:23:31 PM) (Source: Microsoft Office 12 Sessions)(User: )

 

Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 29910 seconds with 4440 seconds of active time.  This session ended with a crash.

 

 

Error: (05/21/2012 05:43:53 AM) (Source: Microsoft Office 12 Sessions)(User: )

 

Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2049 seconds with 540 seconds of active time.  This session ended with a crash.

 

 

Error: (09/29/2011 08:49:19 AM) (Source: Microsoft Office 12 Sessions)(User: )

 

Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 11566 seconds with 1020 seconds of active time.  This session ended with a crash.

 

 

Error: (04/04/2011 06:08:40 AM) (Source: Microsoft Office 12 Sessions)(User: )

 

Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 3180 seconds with 840 seconds of active time.  This session ended with a crash.

 

 

 

==================== Memory info ===========================

 

 

Percentage of memory in use: 27%

 

Total physical RAM: 3291.52 MB

 

Available physical RAM: 2381.87 MB

 

Total Pagefile: 5173.85 MB

 

Available Pagefile: 4051.45 MB

 

Total Virtual: 2047.88 MB

 

Available Virtual: 1847.77 MB

 

 

==================== Drives ================================

 

 

Drive c: (OS) (Fixed) (Total:148.97 GB) (Free:120.45 GB) NTFS ==>[Drive with boot components (Windows XP)]

 

Drive m: () (Network) (Total:250 GB) (Free:169.62 GB)

 

Drive n: (Data) (Network) (Total:1114.71 GB) (Free:869 GB) NTFS

 

Drive o: (Data) (Network) (Total:1114.71 GB) (Free:869 GB) NTFS

 

Drive p: (Data) (Network) (Total:1114.71 GB) (Free:869 GB) NTFS

 

Drive q: (Data) (Network) (Total:1114.71 GB) (Free:869 GB) NTFS

 

Drive r: (Data) (Network) (Total:1114.71 GB) (Free:869 GB) NTFS

 

Drive s: (Data) (Network) (Total:1114.71 GB) (Free:869 GB) NTFS

 

Drive t: (Data) (Network) (Total:1114.71 GB) (Free:869 GB) NTFS

 

Drive v: (Backup) (Network) (Total:528.49 GB) (Free:336.9 GB) NTFS

 

Drive x: (Data) (Network) (Total:1114.71 GB) (Free:869 GB) NTFS

 

 

==================== MBR & Partition Table ==================

 

 

========================================================

 

Disk: 0 (Size: 149 GB) (Disk ID: A42D04A3)

 

Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)

 

Partition 2: (Active) - (Size=149 GB) - (Type=07 NTFS)

 

 

==================== End Of Log ============================

Link to post
Share on other sites

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.


The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Next,

 

Run Malwarebytes,  Open > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Full scan

Make sure that everything is checked, and click Remove Selected on any found items.

 

Post the produced logs

 

Kevin

 

fixlist.txt

Link to post
Share on other sites

Hi Kevin,

Here's the logs from today....thank you, thank you for your help with this!!  Will be rebooting after I post the logs and then I will check back here.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 21-01-2014

 

Ran by lynn at 2014-01-22 13:51:55 Run:1

 

Running from C:\Documents and Settings\lynn.RSC\Desktop

 

Boot Mode: Normal

 

 

==============================================

 

 

Content of fixlist:

 

*****************

 

Start

 

HKLM\...\Run: [AS2014] - C:\Documents and Settings\All Users\Application Data\6sVs3nrg\6sVs3nrg.exe

 

C:\Documents and Settings\All Users\Application Data\6sVs3nrg

 

HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION

 

HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION

 

HKLM Group Policy restriction on software: C:\Program Files\Malwarebytes' Anti-Malware <====== ATTENTION

 

HKLM Group Policy restriction on software: C:\Program Files\McAfee <====== ATTENTION

 

HKLM\...\Winlogon: [userinit] C:\WINDOWS\system32\userinit.exe,,C:\Documents and Settings\All Users\Application Data\6sVs3nrg\6sVs3nrg.exe -sm,

 

HKCU\...\Run: [Efqttion] - regsvr32.exe "C:\Documents and Settings\lynn.RSC\Local Settings\Application Data\Efqttion\ep0lvra1.dll" <===== ATTENTION

 

C:\Documents and Settings\lynn.RSC\Local Settings\Application Data\Efqttion

 

C:\Documents and Settings\lynn.RSC\Local Settings\Temp\11389981945285.exe

 

C:\Documents and Settings\lynn.RSC\Local Settings\Temp\ngpsodgr.exe

 

C:\Documents and Settings\lynn.RSC\Local Settings\Temp\ose00000.exe

 

C:\Documents and Settings\lynn.RSC\Local Settings\Temp\setup_wm.exe

 

C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-fc653c9a.exe

 

U3 mfeavfk01; No ImagePath

 

S1 mferkdk; \??\C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys [x]

 

U1 WS2IFSL;

 

End

 

*****************

 

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\AS2014 => Value deleted successfully.

 

C:\Documents and Settings\All Users\Application Data\6sVs3nrg => Moved successfully.

 

HKLM => Group Policy Restriction on software restored successfully.

 

HKLM => Group Policy Restriction on software restored successfully.

 

HKLM => Group Policy Restriction on software restored successfully.

 

HKLM => Group Policy Restriction on software restored successfully.

 

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Userinit => Value was restored successfully.

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Efqttion => Value deleted successfully.

 

C:\Documents and Settings\lynn.RSC\Local Settings\Application Data\Efqttion => Moved successfully.

 

C:\Documents and Settings\lynn.RSC\Local Settings\Temp\11389981945285.exe => Moved successfully.

 

C:\Documents and Settings\lynn.RSC\Local Settings\Temp\ngpsodgr.exe => Moved successfully.

 

C:\Documents and Settings\lynn.RSC\Local Settings\Temp\ose00000.exe => Moved successfully.

 

C:\Documents and Settings\lynn.RSC\Local Settings\Temp\setup_wm.exe => Moved successfully.

 

C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-fc653c9a.exe => Moved successfully.

 

mfeavfk01 => Service deleted successfully.

 

mferkdk => Unable to delete service

 

WS2IFSL => Service deleted successfully.

 

 

==== End of Fixlog ====

 

 

Malwarebytes Anti-Malware 1.75.0.1300

 

www.malwarebytes.org

 

 

Database version: v2014.01.22.09

 

 

Windows XP Service Pack 3 x86 NTFS

 

Internet Explorer 8.0.6001.18702

 

lynn :: GX780-2TNHMM1 [administrator]

 

 

1/22/2014 1:54:46 PM

 

mbam-log-2014-01-22 (13-54-46).txt

 

 

Scan type: Full scan (C:\|)

 

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

 

Scan options disabled: P2P

 

Objects scanned: 412153

 

Time elapsed: 1 hour(s), 10 minute(s), 3 second(s)

 

 

Memory Processes Detected: 0

 

(No malicious items detected)

 

 

Memory Modules Detected: 0

 

(No malicious items detected)

 

 

Registry Keys Detected: 0

 

(No malicious items detected)

 

 

Registry Values Detected: 1

 

HKCU\Control Panel\don't load|wscui.cpl (Hijack.SecurityCenter) -> Data: No -> Quarantined and deleted successfully.

 

 

Registry Data Items Detected: 3

 

HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

 

HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

 

HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

 

 

Folders Detected: 0

 

(No malicious items detected)

 

 

Files Detected: 3

 

C:\FRST\Quarantine\11389981945285.exe (Trojan.Ransom.ED) -> Quarantined and deleted successfully.

 

C:\FRST\Quarantine\ngpsodgr.exe (Trojan.Ransom.ED) -> Quarantined and deleted successfully.

 

C:\FRST\Quarantine\Efqttion\ep0lvra1.dll (VirTool.Vbcrypt) -> Delete on reboot.

 

 

(end)

Link to post
Share on other sites

Thanks for those logs, We still need to run an online AV scan to ensure there are no remnants of any infection left on your system that we may have missed. This scan is very thorough and well worth running, it can take several hours please be patient and let it complete:

Run Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go to Eset web page http://www.eset.com/us/online-scanner/ to run an online scan from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    Click Start
  • When asked, allow the add/on to be installed
    Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
  • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
    Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish



When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found


If threats were found

  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish



close program

copy and paste the report in next reply
 

Next,

 

Download Security Check by screen317 from either of the following:
http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe
Save it to your Desktop. (If your security alerts either accept the alert, or turn the security off while Secuirity Check runs)
Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.
 

Let me see those logs, also give an update on any remaining issues or concerns....

 

Thanks,

 

Kevin

Link to post
Share on other sites

The online scan from ESET = no threats found

The screen317 log file:

 Results of screen317's Security Check version 0.99.79 

 

Windows XP Service Pack 3 x86 (UAC is disabled!) 

 

Internet Explorer 8 

 

``````````````Antivirus/Firewall Check:``````````````

 

Windows Security Center service is not running! This report may not be accurate!

 

Windows Firewall Enabled! 

 

Microsoft Security Essentials  

 

Antivirus up to date! 

 

`````````Anti-malware/Other Utilities Check:`````````

 

Malwarebytes Anti-Malware version 1.75.0.1300 

 

Java 6 Update 20 

 

Java version out of Date!

 

Adobe Reader 9 Adobe Reader out of Date!

 

````````Process Check: objlist.exe by Laurent```````` 

 

Microsoft Security Essentials MSMpEng.exe

 

Microsoft Security Essentials msseces.exe

 

McAfee VirusScan Enterprise SHSTAT.EXE 

 

`````````````````System Health check`````````````````

 

Total Fragmentation on Drive C:: 19% Defragment your hard drive soon! (Do NOT defrag if SSD!)

 

````````````````````End of Log``````````````````````

 

 

 

Everything seems to be running pretty good now.  The McAfee virus software enabled itself and is not active in the background.

The Malwarebytes program can open and run on demand.

 

Thank you for your persistance in solving this issue!!!

Link to post
Share on other sites

Before we clean up it is essential to update Adobe and Java.....

 

Adobe Reader is outdated...

Visit http://get.adobe.com/uk/reader/otherversions/ and download the latest version of Acrobat Reader

 

Step 1 - Select your Operating System.

Step 2 - Select your Langauge.

Step 3 - Select latest version.

 

Untick the option for any security scanner or toolbar if offered.

 

Download and install.

 

Having the latest updates ensures there are no security vulnerabilities in your system.

 

Next,

 

Your Java javaicon.gif is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please follow these steps to remove older version of Java components and upgrade the application.

 

Upgrading Java:

 

Go to http://java.com/en/ and click on "Do I have Java"

It will check your current version and then offer to update to the latest version

Watch for and make sure you untick the box next to whatever free program they prompt you to install during the installation, unless you want it.

 

***Note: Check in Programs and Features (or Add/Remove Programs if you are an XP user) to make certain there are no old versions of Java still installed, if so - remove them.

 

Let me know if those updates complete, if so i`ll post clean up information....

 

Kevin

Link to post
Share on other sites

  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.