moneypak virus - no safe mode

[kevinccc]

I got the computer is blocked virus, says blocked by homeland security.  I found a couple threads on here about it so I'm hoping you can help please!!

 

Here are the logs

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:22-06-2014
Ran by SYSTEM on MINWINPC on 22-06-2014 23:55:31
Running from e:\
Platform: Windows Vista Home Premium (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-18] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4907008 2008-01-17] (Realtek Semiconductor)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [648072 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [iSUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2006-10-03] (Macrovision Corporation)
HKLM\...\Run: [dscactivate] => C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [16384 2007-11-15] ( )
HKLM\...\Run: [DellSupportCenter] => C:\Program Files\Dell Support Center\bin\sprtcmd.exe [206064 2008-08-13] (SupportSoft, Inc.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-05-09] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-09-27] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-10-03] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKU\Default\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Guest\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKU\Kevin\...\Run: [DellSupportCenter] => C:\Program Files\Dell Support Center\bin\sprtcmd.exe [206064 2008-08-13] (SupportSoft, Inc.)
HKU\Kevin\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-18] (Microsoft Corporation)
HKU\Kevin\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-18] (Microsoft Corporation)
Startup: C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\explorer.lnk
ShortcutTarget: explorer.lnk -> C:\ProgramData\89951605338EA3BF3676DBA9925956BF\eerfqva.cpp (Boris Krasnovskiy, George Hazan, Richard Hughes)

========================== Services (Whitelisted) =================

S2 AERTFilters; C:\Windows\system32\AERTSrv.exe [77824 2007-12-05] (Andrea Electronics Corporation)
S3 getPlus® Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [33752 2008-12-01] (NOS Microsystems Ltd.)
S2 MotoHelper; C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe [214896 2011-12-06] ()
S2 sprtsvc_dellsupportcenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [201968 2008-08-13] (SupportSoft, Inc.)
S2 Winmgmt; C:\ProgramData\89951605338EA3BF3676DBA9925956BF\eerfqva.cpp [188277 2014-06-20] (Boris Krasnovskiy, George Hazan, Richard Hughes)

==================== Drivers (Whitelisted) ====================

S3 motandroidusb; C:\Windows\System32\Drivers\motoandroid.sys [25856 2009-07-10] (Motorola)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 motccgp; system32\DRIVERS\motccgp.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 motmodem; system32\DRIVERS\motmodem.sys [X]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X]
S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X]
S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 USBAAPL; System32\Drivers\usbaapl.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-06-22 23:55 - 2014-06-22 23:55 - 00000000 ____D () C:\FRST
2014-06-22 19:45 - 2014-06-22 19:50 - 00003368 _____ () C:\ProgramData\RUNDLL32.EXE-3100-F.txt
2014-06-22 18:07 - 2014-06-22 18:07 - 00000498 _____ () C:\ProgramData\RUNDLL32.EXE-2640-F.txt
2014-06-22 10:30 - 2014-06-22 10:31 - 00000975 _____ () C:\ProgramData\RUNDLL32.EXE-3484-F.txt
2014-06-22 10:24 - 2014-06-22 10:26 - 00001326 _____ () C:\ProgramData\RUNDLL32.EXE-3324-F.txt
2014-06-22 10:21 - 2014-06-22 10:22 - 00001177 _____ () C:\ProgramData\RUNDLL32.EXE-3000-F.txt
2014-06-22 10:11 - 2014-06-22 10:17 - 00003816 _____ () C:\ProgramData\RUNDLL32.EXE-3172-F.txt
2014-06-20 16:23 - 2014-06-20 16:23 - 00013756 _____ () C:\Users\Kevin\Desktop\hs_err_pid3476.log
2014-06-20 16:23 - 2014-06-20 16:23 - 00000000 ____D () C:\ProgramData\89951605338EA3BF3676DBA9925956BF
2014-06-12 14:09 - 2014-05-28 08:48 - 12356608 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-06-12 14:09 - 2014-05-28 08:39 - 01810432 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2014-06-12 14:09 - 2014-05-28 08:38 - 09711104 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-06-12 14:09 - 2014-05-28 08:33 - 01106432 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-06-12 14:09 - 2014-05-28 08:32 - 01427968 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2014-06-12 14:09 - 2014-05-28 08:32 - 01129472 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2014-06-12 14:09 - 2014-05-28 08:31 - 00231936 _____ (Microsoft Corporation) C:\Windows\System32\url.dll
2014-06-12 14:09 - 2014-05-28 08:31 - 00065536 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2014-06-12 14:09 - 2014-05-28 08:30 - 01796096 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-06-12 14:09 - 2014-05-28 08:30 - 00717824 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2014-06-12 14:09 - 2014-05-28 08:30 - 00607744 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-06-12 14:09 - 2014-05-28 08:30 - 00421376 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2014-06-12 14:09 - 2014-05-28 08:30 - 00353792 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2014-06-12 14:09 - 2014-05-28 08:30 - 00142848 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2014-06-12 14:09 - 2014-05-28 08:30 - 00041472 _____ (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2014-06-12 14:09 - 2014-05-28 08:29 - 02382848 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-06-12 14:09 - 2014-05-28 08:29 - 00223232 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2014-06-12 14:09 - 2014-05-28 08:29 - 00073216 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2014-06-12 14:09 - 2014-05-28 08:29 - 00011776 _____ (Microsoft Corporation) C:\Windows\System32\mshta.exe
2014-06-12 14:09 - 2014-05-28 08:29 - 00010752 _____ (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2014-06-12 14:09 - 2014-05-28 08:28 - 00176640 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2014-06-12 14:09 - 2014-04-26 08:01 - 00502784 _____ (Microsoft Corporation) C:\Windows\System32\usp10.dll
2014-06-12 14:09 - 2014-04-04 18:42 - 00905664 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2014-06-12 14:09 - 2014-03-09 17:22 - 01401344 _____ (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2014-06-12 14:09 - 2014-03-09 17:22 - 01248768 _____ (Microsoft Corporation) C:\Windows\System32\msxml3.dll

==================== One Month Modified Files and Folders =======

2014-06-22 23:55 - 2014-06-22 23:55 - 00000000 ____D () C:\FRST
2014-06-22 19:50 - 2014-06-22 19:45 - 00003368 _____ () C:\ProgramData\RUNDLL32.EXE-3100-F.txt
2014-06-22 19:50 - 2008-01-17 00:12 - 01309449 _____ () C:\Windows\WindowsUpdate.log
2014-06-22 19:44 - 2012-09-05 17:48 - 00000000 ____D () C:\Temp
2014-06-22 19:44 - 2006-11-02 04:52 - 00058566 _____ () C:\Windows\setupact.log
2014-06-22 19:44 - 2006-11-02 04:47 - 00003696 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-22 19:44 - 2006-11-02 04:47 - 00003696 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-22 18:08 - 2008-01-17 00:22 - 00000012 _____ () C:\Windows\bthservsdp.dat
2014-06-22 18:07 - 2014-06-22 18:07 - 00000498 _____ () C:\ProgramData\RUNDLL32.EXE-2640-F.txt
2014-06-22 10:31 - 2014-06-22 10:30 - 00000975 _____ () C:\ProgramData\RUNDLL32.EXE-3484-F.txt
2014-06-22 10:26 - 2014-06-22 10:24 - 00001326 _____ () C:\ProgramData\RUNDLL32.EXE-3324-F.txt
2014-06-22 10:22 - 2014-06-22 10:21 - 00001177 _____ () C:\ProgramData\RUNDLL32.EXE-3000-F.txt
2014-06-22 10:17 - 2014-06-22 10:11 - 00003816 _____ () C:\ProgramData\RUNDLL32.EXE-3172-F.txt
2014-06-20 16:23 - 2014-06-20 16:23 - 00013756 _____ () C:\Users\Kevin\Desktop\hs_err_pid3476.log
2014-06-20 16:23 - 2014-06-20 16:23 - 00000000 ____D () C:\ProgramData\89951605338EA3BF3676DBA9925956BF
2014-06-12 23:02 - 2013-08-05 07:00 - 00000000 ____D () C:\Windows\System32\MRT
2014-06-12 23:01 - 2011-02-09 19:09 - 92708840 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2014-06-03 17:35 - 2008-08-25 06:51 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-28 08:48 - 2014-06-12 14:09 - 12356608 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-05-28 08:39 - 2014-06-12 14:09 - 01810432 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2014-05-28 08:38 - 2014-06-12 14:09 - 09711104 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-05-28 08:33 - 2014-06-12 14:09 - 01106432 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-05-28 08:32 - 2014-06-12 14:09 - 01427968 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2014-05-28 08:32 - 2014-06-12 14:09 - 01129472 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2014-05-28 08:31 - 2014-06-12 14:09 - 00231936 _____ (Microsoft Corporation) C:\Windows\System32\url.dll
2014-05-28 08:31 - 2014-06-12 14:09 - 00065536 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2014-05-28 08:30 - 2014-06-12 14:09 - 01796096 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-05-28 08:30 - 2014-06-12 14:09 - 00717824 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2014-05-28 08:30 - 2014-06-12 14:09 - 00607744 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-05-28 08:30 - 2014-06-12 14:09 - 00421376 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2014-05-28 08:30 - 2014-06-12 14:09 - 00353792 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2014-05-28 08:30 - 2014-06-12 14:09 - 00142848 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2014-05-28 08:30 - 2014-06-12 14:09 - 00041472 _____ (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2014-05-28 08:29 - 2014-06-12 14:09 - 02382848 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-05-28 08:29 - 2014-06-12 14:09 - 00223232 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2014-05-28 08:29 - 2014-06-12 14:09 - 00073216 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2014-05-28 08:29 - 2014-06-12 14:09 - 00011776 _____ (Microsoft Corporation) C:\Windows\System32\mshta.exe
2014-05-28 08:29 - 2014-06-12 14:09 - 00010752 _____ (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2014-05-28 08:28 - 2014-06-12 14:09 - 00176640 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll

Some content of TEMP:
====================
C:\Users\Kevin\AppData\Local\Temp\1403.dll
C:\Users\Kevin\AppData\Local\Temp\MSNAF54.exe

==================== Known DLLs (Whitelisted) ============

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points  =========================

Restore point made on: 2014-03-13 21:08:31
Restore point made on: 2014-03-14 06:20:35
Restore point made on: 2014-03-17 20:07:29
Restore point made on: 2014-03-18 20:50:38
Restore point made on: 2014-03-25 17:22:17
Restore point made on: 2014-04-01 11:26:51
Restore point made on: 2014-04-04 17:42:16
Restore point made on: 2014-04-08 19:51:54
Restore point made on: 2014-04-08 23:00:14
Restore point made on: 2014-04-13 15:11:18
Restore point made on: 2014-04-18 17:36:22
Restore point made on: 2014-04-22 04:53:55
Restore point made on: 2014-04-29 03:52:42
Restore point made on: 2014-05-02 23:00:34
Restore point made on: 2014-05-06 15:22:21
Restore point made on: 2014-05-14 11:45:45
Restore point made on: 2014-05-14 12:08:35
Restore point made on: 2014-05-20 11:52:17
Restore point made on: 2014-05-30 11:40:18
Restore point made on: 2014-06-03 07:59:07
Restore point made on: 2014-06-06 17:39:57
Restore point made on: 2014-06-12 14:00:50
Restore point made on: 2014-06-12 23:00:14
Restore point made on: 2014-06-17 17:23:17

==================== Memory info ===========================

Percentage of memory in use: 9%
Total physical RAM: 4093.69 MB
Available physical RAM: 3723.87 MB
Total Pagefile: 3959.2 MB
Available Pagefile: 3783.25 MB
Total Virtual: 2047.88 MB
Available Virtual: 1980.27 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:288.04 GB) (Free:202.67 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (USB20FD) (Removable) (Total:7.59 GB) (Free:7.57 GB) FAT32
Drive x: (RECOVERY) (Fixed) (Total:10 GB) (Free:5.65 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298 GB) (Disk ID: 10000000)
Partition 1: (Not Active) - (Size=47 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=288 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 8 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=8 GB) - (Type=0C)

LastRegBack: 2014-06-22 19:50

==================== End Of Log ============================

 

 

 

 

 

Farbar Recovery Scan Tool (x86) Version:22-06-2014
Ran by SYSTEM at 2014-06-22 23:59:26
Running from E:\
Boot Mode: Recovery

================== Search: "services.exe" ===================

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
[2009-09-16 15:54][2009-04-10 22:27] 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2008-06-26 16:10][2008-01-18 23:33] 0279040 ____A (Microsoft Corporation) 2B336AB6286D6C81FA02CBAB914E3C6C

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6000.16386_none_cd28fe6bd05df036\services.exe
[2006-11-02 00:35][2006-11-02 01:45] 0279552 ____A (Microsoft Corporation) 329CF3C97CE4C19375C8ABCABAE258B0

C:\Windows\System32\services.exe
[2009-09-16 15:54][2009-04-10 22:27] 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B

X:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6000.16386_none_cd28fe6bd05df036\services.exe
[2006-11-02 00:35][2006-11-02 01:45] 0279552 ____A (Microsoft Corporation) 329CF3C97CE4C19375C8ABCABAE258B0

X:\Windows\System32\services.exe
[2006-11-02 00:35][2006-11-02 01:45] 0279552 ____A (Microsoft Corporation) 329CF3C97CE4C19375C8ABCABAE258B0

=== End Of Search ===

 

 

[Psychotic]

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

• First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
• Perform everything in the correct order. Sometimes one step requires the previous one.
• If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
• Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
• Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
• If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
• Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
• My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 
 
 
Fix with FRST (Recovery Environment)

• Open notepad (Start =>All Programs => Accessories => Notepad).
• Please copy the entire contents of the code box below.
  (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt
  
  

  ShortcutTarget: explorer.lnk -> C:\ProgramData\89951605338EA3BF3676DBA9925956BF\eerfqva.cpp (Boris Krasnovskiy, George Hazan, Richard Hughes)S2 Winmgmt; C:\ProgramData\89951605338EA3BF3676DBA9925956BF\eerfqva.cpp [188277 2014-06-20] (Boris Krasnovskiy, George Hazan, Richard Hughes)C:\ProgramData\89951605338EA3BF3676DBA9925956BF2014-06-20 16:23 - 2014-06-20 16:23 - 00013756 _____ () C:\Users\Kevin\Desktop\hs_err_pid3476.log

  
  
  NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  
  Now please enter System Recovery Options again.
  
  
• Run frst.exe (on 64bit, run frst64.exe) and press the Fix button just once and wait.
• The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.
  

 

 

 

Now boot into windows!

 

 

Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)

• Run FRST.
• Don´t change one of the checkboxes and hit Scan.
• Logfiles are created on your desktop.
• Poste the FRST.txt and (after the first scan only!) the Addition.txt.
  

 
 
Scan with aswMBR

Please download aswMBR ( 4.5MB ) to your desktop.

• Double click the aswMBR.exe icon, and click Run.
• There will be a short delay before the next dialog box comes up. Please just wait a minute or two.
• When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
• Typically this is about a 100MB download so depending on your connection speed it can take a short while to download and become ready.
• Click the Scan button to start the scan once the update has finished downloading
• On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.
  

Note: There will also be a file on your desktop named MBR.dat do not delete this for now. It is an actual backup of the MBR (master boot record).

[kevinccc]

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:22-06-2014
Ran by SYSTEM at 2014-06-23 11:55:13 Run:1
Running from e:\
Boot Mode: Recovery

==============================================

Content of fixlist:
*****************
ShortcutTarget: explorer.lnk -> C:\ProgramData\89951605338EA3BF3676DBA9925956BF\eerfqva.cpp (Boris Krasnovskiy, George Hazan, Richard Hughes)

S2 Winmgmt; C:\ProgramData\89951605338EA3BF3676DBA9925956BF\eerfqva.cpp [188277 2014-06-20] (Boris Krasnovskiy, George Hazan, Richard Hughes)

C:\ProgramData\89951605338EA3BF3676DBA9925956BF
2014-06-20 16:23 - 2014-06-20 16:23 - 00013756 _____ () C:\Users\Kevin\Desktop\hs_err_pid3476.log
*****************

C:\ProgramData\89951605338EA3BF3676DBA9925956BF\eerfqva.cpp => Moved successfully.
Winmgmt => Service restored successfully.
C:\ProgramData\89951605338EA3BF3676DBA9925956BF => Moved successfully.
C:\Users\Kevin\Desktop\hs_err_pid3476.log => Moved successfully.

==== End of Fixlog ====

[kevinccc]

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:22-06-2014
Ran by Kevin (administrator) on KEVIN-PC on 23-06-2014 11:59:47
Running from C:\Users\Kevin\Pictures\ebay2\custom
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Andrea Electronics Corporation) C:\Windows\System32\AERTSrv.exe
() C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
(Sonic Solutions) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
(SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtsvc.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
() C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtcmd.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Avanquest Software ) C:\Program Files\Digital Line Detect\DLG.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4907008 2008-01-17] (Realtek Semiconductor)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [648072 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [iSUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2006-10-03] (Macrovision Corporation)
HKLM\...\Run: [dscactivate] => C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [16384 2007-11-15] ( )
HKLM\...\Run: [DellSupportCenter] => C:\Program Files\Dell Support Center\bin\sprtcmd.exe [206064 2008-08-13] (SupportSoft, Inc.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-09-27] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-10-03] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-1335336881-3465688775-2775186779-1000\...\Run: [DellSupportCenter] => C:\Program Files\Dell Support Center\bin\sprtcmd.exe [206064 2008-08-13] (SupportSoft, Inc.)
HKU\S-1-5-21-1335336881-3465688775-2775186779-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-1335336881-3465688775-2775186779-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-1335336881-3465688775-2775186779-1000\...\MountPoints2: {94fed6f3-92cd-11df-966a-001e4f4ca5e8} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE      .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
HKU\S-1-5-21-1335336881-3465688775-2775186779-1000\...\MountPoints2: {cca5283a-60b7-11e0-908f-001e4f4ca5e8} - G:\setup.exe -a
HKU\S-1-5-21-1335336881-3465688775-2775186779-1000\...\MountPoints2: {e8a36155-e3f2-11e2-9f35-001e4f4ca5e8} - F:\VZW_Software_upgrade_assistant.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
Startup: C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\explorer.lnk
ShortcutTarget: explorer.lnk -> C:\PROGRA~2\899516~1\eerfqva.cpp (No File)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w3/resources/VistaMSNPUplden-us.cab
DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsVista.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {A4150320-98EC-4DB6-9BFB-EBF4B6FBEB16} http://192.168.0.110/codebase/DVM_IPCam2.ocx
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-us.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\a4zz1ox3.default
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF user.js: detected! => C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\a4zz1ox3.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npnul32.dll (mozilla.org)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\answers.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\a4zz1ox3.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-02-16]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-03-13]

========================== Services (Whitelisted) =================

R2 AERTFilters; C:\Windows\system32\AERTSrv.exe [77824 2007-12-05] (Andrea Electronics Corporation)
S3 getPlus® Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [33752 2008-12-01] (NOS Microsystems Ltd.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 MotoHelper; C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe [214896 2011-12-06] ()
S3 RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [880640 2006-11-05] (Sonic Solutions) [File not signed]
R2 RoxWatch9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [159744 2006-11-05] (Sonic Solutions) [File not signed]
R2 sprtsvc_dellsupportcenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [201968 2008-08-13] (SupportSoft, Inc.)
S3 stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [73728 2006-09-14] (MicroVision Development, Inc.) [File not signed]

==================== Drivers (Whitelisted) ====================

S3 motandroidusb; C:\Windows\System32\Drivers\motoandroid.sys [25856 2009-07-10] (Motorola)
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [36592 2006-08-16] (Sonic Solutions) [File not signed]
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 motccgp; system32\DRIVERS\motccgp.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 motmodem; system32\DRIVERS\motmodem.sys [X]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X]
S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X]
S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 USBAAPL; System32\Drivers\usbaapl.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-06-23 03:55 - 2014-06-23 11:59 - 00000000 ____D () C:\FRST
2014-06-22 23:45 - 2014-06-22 23:50 - 00003368 _____ () C:\ProgramData\RUNDLL32.EXE-3100-F.txt
2014-06-22 22:07 - 2014-06-22 22:07 - 00000498 _____ () C:\ProgramData\RUNDLL32.EXE-2640-F.txt
2014-06-22 14:30 - 2014-06-22 14:31 - 00000975 _____ () C:\ProgramData\RUNDLL32.EXE-3484-F.txt
2014-06-22 14:24 - 2014-06-22 14:26 - 00001326 _____ () C:\ProgramData\RUNDLL32.EXE-3324-F.txt
2014-06-22 14:21 - 2014-06-22 14:22 - 00001177 _____ () C:\ProgramData\RUNDLL32.EXE-3000-F.txt
2014-06-22 14:11 - 2014-06-22 14:17 - 00003816 _____ () C:\ProgramData\RUNDLL32.EXE-3172-F.txt
2014-06-12 18:09 - 2014-05-28 12:48 - 12356608 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-12 18:09 - 2014-05-28 12:39 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-12 18:09 - 2014-05-28 12:38 - 09711104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-12 18:09 - 2014-05-28 12:33 - 01106432 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-12 18:09 - 2014-05-28 12:32 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-12 18:09 - 2014-05-28 12:32 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-12 18:09 - 2014-05-28 12:31 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-06-12 18:09 - 2014-05-28 12:31 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-12 18:09 - 2014-05-28 12:30 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-12 18:09 - 2014-05-28 12:30 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-06-12 18:09 - 2014-05-28 12:30 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-12 18:09 - 2014-05-28 12:30 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-12 18:09 - 2014-05-28 12:30 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-12 18:09 - 2014-05-28 12:30 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-12 18:09 - 2014-05-28 12:30 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-06-12 18:09 - 2014-05-28 12:29 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-12 18:09 - 2014-05-28 12:29 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-12 18:09 - 2014-05-28 12:29 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-12 18:09 - 2014-05-28 12:29 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-06-12 18:09 - 2014-05-28 12:29 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-06-12 18:09 - 2014-05-28 12:28 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-12 18:09 - 2014-04-26 12:01 - 00502784 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-12 18:09 - 2014-04-04 22:42 - 00905664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-12 18:09 - 2014-03-09 21:22 - 01401344 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-12 18:09 - 2014-03-09 21:22 - 01248768 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll

==================== One Month Modified Files and Folders =======

2014-06-23 12:01 - 2008-01-17 04:12 - 01317473 _____ () C:\Windows\WindowsUpdate.log
2014-06-23 11:59 - 2014-06-23 03:55 - 00000000 ____D () C:\FRST
2014-06-23 11:57 - 2012-09-05 21:48 - 00000000 ____D () C:\Temp
2014-06-23 11:57 - 2006-11-02 09:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-23 11:57 - 2006-11-02 08:47 - 00003696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-23 11:57 - 2006-11-02 08:47 - 00003696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-22 23:50 - 2014-06-22 23:45 - 00003368 _____ () C:\ProgramData\RUNDLL32.EXE-3100-F.txt
2014-06-22 23:44 - 2006-11-02 08:52 - 00058566 _____ () C:\Windows\setupact.log
2014-06-22 22:08 - 2008-01-17 04:22 - 00000012 _____ () C:\Windows\bthservsdp.dat
2014-06-22 22:08 - 2006-11-02 09:01 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-22 22:07 - 2014-06-22 22:07 - 00000498 _____ () C:\ProgramData\RUNDLL32.EXE-2640-F.txt
2014-06-22 14:31 - 2014-06-22 14:30 - 00000975 _____ () C:\ProgramData\RUNDLL32.EXE-3484-F.txt
2014-06-22 14:26 - 2014-06-22 14:24 - 00001326 _____ () C:\ProgramData\RUNDLL32.EXE-3324-F.txt
2014-06-22 14:22 - 2014-06-22 14:21 - 00001177 _____ () C:\ProgramData\RUNDLL32.EXE-3000-F.txt
2014-06-22 14:17 - 2014-06-22 14:11 - 00003816 _____ () C:\ProgramData\RUNDLL32.EXE-3172-F.txt
2014-06-13 03:02 - 2013-08-05 11:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-13 03:01 - 2011-02-09 23:09 - 92708840 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-03 21:35 - 2008-08-25 10:51 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-28 12:48 - 2014-06-12 18:09 - 12356608 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-28 12:39 - 2014-06-12 18:09 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-28 12:38 - 2014-06-12 18:09 - 09711104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-28 12:33 - 2014-06-12 18:09 - 01106432 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-28 12:32 - 2014-06-12 18:09 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-28 12:32 - 2014-06-12 18:09 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-28 12:31 - 2014-06-12 18:09 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-05-28 12:31 - 2014-06-12 18:09 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-28 12:30 - 2014-06-12 18:09 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-28 12:30 - 2014-06-12 18:09 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-05-28 12:30 - 2014-06-12 18:09 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-28 12:30 - 2014-06-12 18:09 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-28 12:30 - 2014-06-12 18:09 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-28 12:30 - 2014-06-12 18:09 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-28 12:30 - 2014-06-12 18:09 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-05-28 12:29 - 2014-06-12 18:09 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-28 12:29 - 2014-06-12 18:09 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-28 12:29 - 2014-06-12 18:09 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-28 12:29 - 2014-06-12 18:09 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-05-28 12:29 - 2014-06-12 18:09 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-05-28 12:28 - 2014-06-12 18:09 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

Some content of TEMP:
====================
C:\Users\Kevin\AppData\Local\Temp\1403.dll
C:\Users\Kevin\AppData\Local\Temp\MSNAF54.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-06-23 12:03

==================== End Of Log ============================

[kevinccc]

Additional scan result of Farbar Recovery Scan Tool (x86) Version:22-06-2014
Ran by Kevin at 2014-06-23 12:01:56
Running from C:\Users\Kevin\Pictures\ebay2\custom
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.)
Adobe AIR (Version: 1.0.8.4990 - Adobe Systems Inc.) Hidden
Adobe Flash Player 10 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 10.1.82.76 - Adobe Systems Incorporated)
Adobe Reader 9.2 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A92000000001}) (Version: 9.2.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM\...\Adobe Shockwave Player) (Version: 11.5.8.612 - Adobe Systems, Inc.)
Apple Application Support (HKLM\...\{A83279FD-CA4B-4206-9535-90974DE76654}) (Version: 2.1.5 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Browser Address Error Redirector (HKLM\...\{62230596-37E5-4618-A329-0D21F529A86F}) (Version: 1.00.0000 - Dell)
Conexant D850 PCI V.92 Modem (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1) (Version:  - )
Coupon Printer for Windows (HKLM\...\Coupon Printer for Windows5.0.0.0) (Version: 5.0.0.0 - Coupons.com Incorporated)
Dell DataSafe Online (HKLM\...\{4D3C9F4B-4B7D-4E5D-99B9-0123AB0D51ED}) (Version: 1.0.21 - Dell, Inc.)
Dell Getting Started Guide (HKLM\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Support Center (Support Software) (HKLM\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.2.08100 - Dell)
Digital Line Detect (HKLM\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.21 - BVRP Software, Inc)
Dynojet Display File Manager 1.0.3.2 (HKLM\...\Dynojet Display File Manager_is1) (Version:  - Dynojet Research, Inc.)
FastStone Photo Resizer 1.4 (HKLM\...\FastStone Photo Resizer) (Version: 1.4 - FastStone Soft.)
getPlus® for Adobe (HKLM\...\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}) (Version: 1.5.2.35 - NOS Microsystems Ltd.)
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
HP Deskjet 3050 J610 series Basic Device Software (HKLM\...\{0564C76B-8E1F-4157-8654-B0F9F308BEE9}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Deskjet 3050 J610 series Help (HKLM\...\{F7632A9B-661E-4FD9-B1A4-3B86BC99847F}) (Version: 140.0.63.63 - Hewlett Packard)
HP Deskjet 3050 J610 series Product Improvement Study (HKLM\...\{34E90074-C80C-4182-A995-65E88B5B56E0}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Driver Diagnostics (HKLM\...\{0EC7C406-B592-4686-BAC1-AD29A85EAE6A}) (Version: 1.03.0005 - Hewlett-Packard Company)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.3781 - HP Photo Creations Powered by RocketLife)
HP Update (HKLM\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
IP Camera (HKLM\...\IP Camera) (Version:  - )
Java SE Runtime Environment 6 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160000}) (Version: 1.6.0.0 - Sun Microsystems, Inc.)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft Office Excel Viewer (HKLM\...\{95120000-003F-0409-0000-0000000FF1CE}) (Version: 12.0.6219.1000 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.6506.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
MotoHelper 2.1.32 Driver 5.4.0 (HKLM\...\MotoHelper) (Version: 2.1.32 - Motorola)
MotoHelper MergeModules (Version: 1.0.0 - Motorola) Hidden
MotoHelper MergeModules (Version: 1.2.0 - Motorola) Hidden
Motorola Mobile Drivers Installation 5.4.0 (Version: 5.4.0 - Motorola Inc.) Hidden
Mozilla Firefox (3.0.1) (HKLM\...\Mozilla Firefox (3.0.1)) (Version: 3.0.1 (en-US) - Mozilla)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NetWaiting (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.44 - BVRP Software, Inc)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.4 - NVIDIA Corporation)
NVIDIANetworkDiagnostic (HKLM\...\InstallShield_{EFAD4066-CAF3-4B27-9669-12EED352C376}) (Version: 1.00.0000 - NVIDIA Corporation)
NVIDIANetworkDiagnostic (Version: 1.00.0000 - NVIDIA Corporation) Hidden
Power Commander Control Center 3.2.0 (Test Build 1) (HKLM\...\Power Commander 3 Usb_is1) (Version:  - Dynojet Research, Inc.)
Product Documentation Launcher (HKLM\...\{89CEAE14-DD0F-448E-9554-15781EC9DB24}) (Version: 1.00.0000 - Dell Inc.)
QuickTime (HKLM\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version:  - )
Roxio Creator Audio (HKLM\...\{83FFCFC7-88C6-41c6-8752-958A45325C82}) (Version: 3.3.0 - Roxio)
Roxio Creator BDAV Plugin (HKLM\...\{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}) (Version: 3.3.0 - Roxio)
Roxio Creator Copy (HKLM\...\{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}) (Version: 3.3.0 - Roxio)
Roxio Creator Data (HKLM\...\{0D397393-9B50-4c52-84D5-77E344289F87}) (Version: 3.3.0 - Roxio)
Roxio Creator DE (HKLM\...\{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}) (Version: 3.3.0 - Roxio)
Roxio Creator Tools (HKLM\...\{0394CDC8-FABD-4ed8-B104-03393876DFDF}) (Version: 3.3.0 - Roxio)
Roxio Express Labeler (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 2.1.0 - Roxio)
Roxio MyDVD DE (HKLM\...\{D639085F-4B6E-4105-9F37-A0DBB023E2FB}) (Version: 9.0.116 - Roxio, Inc.)
Roxio Update Manager (HKLM\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 3.0.0 - Roxio)
Sonic Activation Module (Version: 1.0 - Sonic Solutions) Hidden
Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
User's Guides (HKLM\...\{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}) (Version:  - )
Windows Mobile Device Center (HKLM\...\{904CCF62-818D-4675-BC76-D37EB399F917}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows Mobile Device Center Driver Update (HKLM\...\{E7044E25-3038-4A76-9064-344AC038043E}) (Version: 6.1.6965.0 - Microsoft Corporation)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )

==================== Restore Points  =========================

14-03-2014 05:08:28 Windows Update
14-03-2014 14:18:48 Windows Update
18-03-2014 04:07:08 Windows Update
19-03-2014 04:50:15 Windows Update
26-03-2014 01:21:59 Windows Update
01-04-2014 19:26:27 Windows Update
05-04-2014 01:41:50 Windows Update
09-04-2014 03:51:32 Windows Update
09-04-2014 07:00:11 Windows Update
13-04-2014 23:10:53 Windows Update
19-04-2014 01:35:56 Windows Update
22-04-2014 12:53:27 Windows Update
29-04-2014 11:52:17 Windows Update
03-05-2014 07:00:11 Windows Update
06-05-2014 23:21:56 Windows Update
14-05-2014 19:42:19 Windows Update
14-05-2014 20:08:32 Windows Update
20-05-2014 19:51:47 Windows Update
30-05-2014 19:39:56 Windows Update
03-06-2014 15:58:32 Windows Update
07-06-2014 01:39:32 Windows Update
12-06-2014 21:57:44 Windows Update
13-06-2014 07:00:11 Windows Update
18-06-2014 01:22:52 Windows Update

==================== Hosts content: ==========================

2006-11-02 06:23 - 2006-09-18 17:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1ce874daf2c95f3.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1ce874dafa85d73.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-12-06 17:00 - 2011-12-06 17:00 - 00214896 _____ () C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
2006-11-05 12:28 - 2006-11-05 12:28 - 04587520 ____R () C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\ROXIPP41.dll
2008-03-25 23:22 - 2007-09-20 18:34 - 00129024 _____ () C:\Program Files\WinRAR\rarext.dll
2011-12-06 17:00 - 2011-12-06 17:00 - 00784240 _____ () C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\Kevin\Documents\07001433.avi:TOC.WMV

==================== Safe Mode (whitelisted) ===================

==================== EXE Association (whitelisted) =============

==================== MSCONFIG/TASK MANAGER disabled items =========

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (06/19/2014 03:15:19 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\KEVIN\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\8AP5HUVH\LIKE[1].HTM> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog

Details:
 A device attached to the system is not functioning.   (0x8007001f)

Error: (06/19/2014 02:32:16 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\KEVIN\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\PVTVQV2R\AJS[4].JS> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog

Details:
 A device attached to the system is not functioning.   (0x8007001f)

Error: (06/19/2014 02:32:16 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\KEVIN\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\PVTVQV2R\AJS[4].JS> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog

Details:
 A device attached to the system is not functioning.   (0x8007001f)

Error: (06/19/2014 02:14:20 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\KEVIN\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\I5HN786T\P[1].GIF> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog

Details:
 A device attached to the system is not functioning.   (0x8007001f)

Error: (06/19/2014 02:13:57 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\KEVIN\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\8HH493O9\P[1].GIF> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog

Details:
 A device attached to the system is not functioning.   (0x8007001f)

Error: (06/19/2014 02:13:57 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\KEVIN\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\8HH493O9\P[1].GIF> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog

Details:
 A device attached to the system is not functioning.   (0x8007001f)

Error: (06/19/2014 02:13:39 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\KEVIN\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\61P8B258\P[1].GIF> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog

Details:
 A device attached to the system is not functioning.   (0x8007001f)

Error: (06/19/2014 02:12:53 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\KEVIN\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\I5HN786T\P[1].GIF> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog

Details:
 A device attached to the system is not functioning.   (0x8007001f)

Error: (06/19/2014 02:12:44 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\KEVIN\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\61P8B258\4[1].GIF> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog

Details:
 A device attached to the system is not functioning.   (0x8007001f)

Error: (06/19/2014 02:07:01 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\KEVIN\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\I5HN786T\__UTM[1].GIF> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog

Details:
 A device attached to the system is not functioning.   (0x8007001f)

System errors:
=============
Error: (06/23/2014 11:58:50 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Error: (06/23/2014 11:58:50 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: NVIDIA Display Driver Servicenvlddmkm%%1058

Error: (06/23/2014 11:57:14 AM) (Source: netbt) (EventID: 4321) (User: )
Description: The name "KEVIN-PC       :0" could not be registered on the interface with IP address 192.168.1.4.
The computer with the IP address 192.168.1.8 did not allow the name to be claimed by
this computer.

Error: (06/23/2014 11:57:13 AM) (Source: netbt) (EventID: 4321) (User: )
Description: The name "KEVIN-PC       :0" could not be registered on the interface with IP address 192.168.1.4.
The computer with the IP address 192.168.1.8 did not allow the name to be claimed by
this computer.

Error: (06/23/2014 11:57:13 AM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 412) (User: NT AUTHORITY)
Description: 2147942402

Error: (06/23/2014 11:57:12 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 11:50:06 PM on 6/22/2014 was unexpected.

Error: (06/22/2014 11:45:06 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error: (06/22/2014 11:44:19 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 412) (User: NT AUTHORITY)
Description: 2147942402

Error: (06/22/2014 10:07:11 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: NT AUTHORITY)
Description: 0x8000002a8SOFTWARE

Error: (06/22/2014 10:00:44 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

Microsoft Office Sessions:
=========================
Error: (06/19/2014 03:15:19 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Context:  Application, SystemIndex Catalog

Details:
 A device attached to the system is not functioning.   (0x8007001f)
C:\USERS\KEVIN\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\8AP5HUVH\LIKE[1].HTM

Error: (06/19/2014 02:32:16 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Context:  Application, SystemIndex Catalog

Details:
 A device attached to the system is not functioning.   (0x8007001f)
C:\USERS\KEVIN\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\PVTVQV2R\AJS[4].JS

Error: (06/19/2014 02:32:16 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Context:  Application, SystemIndex Catalog

Details:
 A device attached to the system is not functioning.   (0x8007001f)
C:\USERS\KEVIN\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\PVTVQV2R\AJS[4].JS

Error: (06/19/2014 02:14:20 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Context:  Application, SystemIndex Catalog

Details:
 A device attached to the system is not functioning.   (0x8007001f)
C:\USERS\KEVIN\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\I5HN786T\P[1].GIF

Error: (06/19/2014 02:13:57 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Context:  Application, SystemIndex Catalog

Details:
 A device attached to the system is not functioning.   (0x8007001f)
C:\USERS\KEVIN\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\8HH493O9\P[1].GIF

Error: (06/19/2014 02:13:57 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Context:  Application, SystemIndex Catalog

Details:
 A device attached to the system is not functioning.   (0x8007001f)
C:\USERS\KEVIN\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\8HH493O9\P[1].GIF

Error: (06/19/2014 02:13:39 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Context:  Application, SystemIndex Catalog

Details:
 A device attached to the system is not functioning.   (0x8007001f)
C:\USERS\KEVIN\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\61P8B258\P[1].GIF

Error: (06/19/2014 02:12:53 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Context:  Application, SystemIndex Catalog

Details:
 A device attached to the system is not functioning.   (0x8007001f)
C:\USERS\KEVIN\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\I5HN786T\P[1].GIF

Error: (06/19/2014 02:12:44 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Context:  Application, SystemIndex Catalog

Details:
 A device attached to the system is not functioning.   (0x8007001f)
C:\USERS\KEVIN\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\61P8B258\4[1].GIF

Error: (06/19/2014 02:07:01 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Context:  Application, SystemIndex Catalog

Details:
 A device attached to the system is not functioning.   (0x8007001f)
C:\USERS\KEVIN\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\I5HN786T\__UTM[1].GIF

CodeIntegrity Errors:
===================================
  Date: 2011-05-05 02:46:06.901
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\nvd3dum.dll because the set of per-page image hashes could not be found on the system.

  Date: 2011-05-05 02:46:06.733
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\nvd3dum.dll because the set of per-page image hashes could not be found on the system.

  Date: 2011-05-05 02:45:41.561
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\nvd3dum.dll because the set of per-page image hashes could not be found on the system.

  Date: 2011-05-05 02:45:41.402
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\nvd3dum.dll because the set of per-page image hashes could not be found on the system.

  Date: 2011-05-05 02:42:24.734
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\nvd3dum.dll because the set of per-page image hashes could not be found on the system.

  Date: 2011-05-05 02:42:24.576
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\nvd3dum.dll because the set of per-page image hashes could not be found on the system.

  Date: 2011-05-05 02:41:07.888
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\nvd3dum.dll because the set of per-page image hashes could not be found on the system.

  Date: 2011-05-05 02:41:07.707
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\nvd3dum.dll because the set of per-page image hashes could not be found on the system.

  Date: 2011-05-05 02:41:00.487
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\nvd3dum.dll because the set of per-page image hashes could not be found on the system.

  Date: 2011-05-05 02:41:00.297
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\nvd3dum.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Percentage of memory in use: 39%
Total physical RAM: 3581.57 MB
Available physical RAM: 2177.92 MB
Total Pagefile: 7351.62 MB
Available Pagefile: 6059.03 MB
Total Virtual: 2047.88 MB
Available Virtual: 1930.66 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:288.04 GB) (Free:202.66 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:5.65 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298 GB) (Disk ID: 10000000)
Partition 1: (Not Active) - (Size=47 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=288 GB) - (Type=07 NTFS)

==================== End Of Log ============================

[kevinccc]

I have to go to work.  I will post aswMBR log when I get home.  I thank you so much for all your help so far.

[kevinccc]

aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software
Run date: 2014-06-23 12:06:34
-----------------------------
12:06:34.434    OS Version: Windows 6.0.6002 Service Pack 2
12:06:34.434    Number of processors: 2 586 0x6B02
12:06:34.435    ComputerName: KEVIN-PC  UserName: Kevin
12:06:35.840    Initialize success
12:06:35.877    VM: initialized successfully
12:06:35.917    VM: Amd CPU virtualization not supported
12:09:09.800    AVAST engine defs: 14062300
12:09:12.534    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000004c
12:09:12.537    Disk 0 Vendor: SAMSUNG_ CP10 Size: 305245MB BusType: 6
12:09:12.685    Disk 0 MBR read successfully
12:09:12.688    Disk 0 MBR scan
12:09:12.693    Disk 0 Windows VISTA default MBR code
12:09:12.696    Disk 0 Partition 1 00     DE Dell Utility Dell 8.0       47 MB offset 63
12:09:12.710    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        10240 MB offset 98304
12:09:12.725    Disk 0 Partition 3 80 (A) 07    HPFS/NTFS NTFS       294956 MB offset 21069824
12:09:12.732    Disk 0 scanning sectors +625139712
12:09:12.795    Disk 0 scanning C:\Windows\system32\drivers
12:09:43.070    Service scanning
12:10:58.688    Modules scanning
12:12:01.051    Disk 0 trace - called modules:
12:12:01.067    ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys
12:12:01.072    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8692aaa0]
12:12:01.077    3 CLASSPNP.SYS[833a88b3] -> nt!IofCallDriver -> [0x8550d3f0]
12:12:01.082    5 acpi.sys[806116bc] -> nt!IofCallDriver -> \Device\0000004c[0x85efac90]
12:12:02.119    AVAST engine scan C:\Windows
12:12:07.833    AVAST engine scan C:\Windows\system32
12:15:14.064    AVAST engine scan C:\Windows\system32\drivers
12:15:28.925    AVAST engine scan C:\Users\Kevin
12:38:59.129    File: C:\Users\Kevin\AppData\Local\Temp\Low\60120669.exe  **INFECTED** Win32:LockScreen-YV [Trj]
12:46:22.004    File: C:\Users\Kevin\AppData\Local\Temp\Low\wpbt0.dll  **INFECTED** Win32:Reveton-MC [Trj]
13:01:48.663    AVAST engine scan C:\ProgramData
13:03:53.558    Scan finished successfully
22:10:19.079    Disk 0 MBR has been saved successfully to "C:\Users\Kevin\Desktop\MBR.dat"
22:10:19.084    The log file has been saved successfully to "C:\Users\Kevin\Desktop\aswMBR.txt"

 

[Psychotic]

Fix with FRST (normal mode)

WARNING: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
 

• Download the attached fixlist.txt and save it to the location where FRST is saved to.
• Run FRST.exe (on 64bit, run FRST64.exe) and press the Fix button just once and wait.
• The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply.

 

 

 

 

Full System Scan with Malwarebytes Antimalware
 

• If not existing, please download Malwarebytes Anti-Malware to your desktop.
• Double-click the setup file and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
• Click Finish.

If the program is already installed:

• Run Malwarebytes Antimalware
• On the Dashboard, click the 'Update Now >>' link
• After the update completes, click the 'Scan Now >>' button.
• Or, on the Dashboard, click the Scan Now >> button.
• If an update is available, click the Update Now button.
• A Threat Scan will begin.
• When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
• In most cases, a restart will be required.
• Wait for the prompt to restart the computer to appear, then click on Yes.

• After the restart once you are back at your desktop, open MBAM once more.
• Click on the History tab > Application Logs.
• Double click on the scan log which shows the Date and time of the scan just performed.
• Click 'Copy to Clipboard'
• Paste the contents of the clipboard into your reply.

 

fixlist.txt

[kevinccc]

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:22-06-2014
Ran by Kevin at 2014-06-24 11:46:59 Run:2
Running from C:\Users\Kevin\Pictures\ebay2\custom
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
AlternateDataStreams: C:\Users\Kevin\Documents\07001433.avi:TOC.WMV
Startup: C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\explorer.lnk
ShortcutTarget: explorer.lnk -> C:\PROGRA~2\899516~1\eerfqva.cpp (No File)
HKU\S-1-5-21-1335336881-3465688775-2775186779-1000\...\MountPoints2: {94fed6f3-92cd-11df-966a-001e4f4ca5e8} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE      .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn

.\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665
C:\Users\Kevin\AppData\Local\Temp\Low
*****************

C:\Users\Kevin\Documents\07001433.avi => ":TOC.WMV" ADS removed successfully.
C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\explorer.lnk => Moved successfully.
C:\PROGRA~2\899516~1\eerfqva.cpp not found.
'HKU\S-1-5-21-1335336881-3465688775-2775186779-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{94fed6f3-92cd-11df-966a-001e4f4ca5e8}' => Key deleted successfully.
'HKCR\CLSID\{94fed6f3-92cd-11df-966a-001e4f4ca5e8}'=> Key not found.
C:\Users\Kevin\AppData\Local\Temp\Low => Moved successfully.

==== End of Fixlog ====

[kevinccc]

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 6/24/2014
Scan Time: 11:50:39 AM
Logfile:
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.06.24.10
Rootkit Database: v2014.06.23.02
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows Vista Service Pack 2
CPU: x86
File System: NTFS
User: Kevin

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 287454
Time Elapsed: 9 min, 29 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 2
PUP.Optional.FunWebProducts.A, HKU\S-1-5-21-1335336881-3465688775-2775186779-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}, Quarantined, [0545205c2952fd39000adfa016ec5ea2],
Rogue.DeusCleaner, HKU\S-1-5-21-1335336881-3465688775-2775186779-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{3BA4271E-5C1E-48E2-B432-D8BF420DD31D}, Quarantined, [d7734735f388171f1084abbd15ed857b],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 2
Trojan.FakeMS.ED, C:\Users\Kevin\AppData\Local\Temp\1403.dll, Quarantined, [4505cbb14734f83e1abc77171ce5a060],
Rogue.Link, C:\Users\Kevin\Favorites\Free porn movie & picture galleries - Tiava.com.url, Quarantined, [8ebc04785526f34301067b8912f1ae52],

Physical Sectors: 0
(No malicious items detected)

(end)

[kevinccc]

Is my computer safe to use while we are still fixing it?  Do you think any of my passwords or anything like that were logged? 

[Psychotic]

None of the found malwares contains a keylogger but we should finish the removal process first.

 

 

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

• Turn off the real time scanner of any existing antivirus program while performing the online scan
• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the activex control to install
• Click Start
• Make sure that the option Remove found threats is unticked
• Click on Advanced Settings and ensure these options are ticked:
  • Scan for potentially unwanted applications
• Scan for potentially unsafe applications
• Enable Anti-Stealth Technology

[*]Click Scan[*]Wait for the scan to finish[*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.

[kevinccc]

C:\FRST\Quarantine\C\ProgramData\89951605338EA3BF3676DBA9925956BF\eerfqva.cpp.xBAD Win32/Reveton.AJ trojan
C:\FRST\Quarantine\C\Users\Kevin\AppData\Local\Temp\Low\60120669.exe Win32/LockScreen.APR trojan
C:\FRST\Quarantine\C\Users\Kevin\AppData\Local\Temp\Low\wpbt0.dll Win32/Reveton.N trojan
C:\Users\Kevin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\36899d17-14ee39ee a variant of Java/Exploit.CVE-2010-4452.K trojan
C:\Users\Kevin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\36899d17-31dffb94 a variant of Java/Exploit.CVE-2010-4452.K trojan
 

[Psychotic]

Then we can do the cleanup - if you are facing any issues, report that immediately.

Delete junk with adwCleaner


Please download AdwCleaner to your desktop.

• Run adwcleaner.exe
• Hit Scan and wait for the scan to finish.
• Confirm the message but don´t uncheck anything.
• Hit Clean
• When the run is finished, it will open up a text file
• Please post its contents within your next reply
• You´ll find the log file at C:\AdwCleaner[s1].txt also
  

Delete junk with JRT

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.
  

SecurityCheck

Reboot your system before starting!

Please download SecurityCheck: LINK1 LINK2

• Save it to your desktop, start it and follow the instructions in the window.
• After the scan finished the (checkup.txt) will open. Copy its content to your thread.
  

[kevinccc]

# AdwCleaner v3.213 - Report created 26/06/2014 at 11:52:26
# Updated 23/06/2014 by Xplode
# Operating System : Windows Vista Home Premium Service Pack 2 (32 bits)
# Username : Kevin - KEVIN-PC
# Running from : C:\Users\Kevin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CMKH0CWY\adwcleaner_3.213.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

File Deleted : C:\Program Files\Mozilla Firefox\.autoreg
File Deleted : C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\a4zz1ox3.default\user.js

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{13086CD4-88B6-45E3-9182-3BC2664199F7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1FCD7139-C2A3-49AD-8B9E-E82E48AE5DF6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{319FCB76-1568-4EFA-863B-B03A2B16EB5C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4796719D-2B92-47BC-920B-77BCDBDBCB6A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64A66B25-A70F-4373-95EF-3A1DB6040B3A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6FC5F7E0-D65A-465C-B8EE-A5F8E008D6DF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{731D436C-464C-4F29-BFB2-DE9C458535AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7C89C8A6-991C-4626-9E26-B12EB4D89C04}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEF00686-CAB8-4885-9CCB-78FF483041AA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FDA55C78-736E-4E8A-996C-4A80FC0396FB}

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16555

-\\ Mozilla Firefox v3.0.1 (en-US)

[ File : C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\lq9opgf2.default\prefs.js ]

[ File : C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\a4zz1ox3.default\prefs.js ]

*************************

AdwCleaner[R0].txt - [1907 octets] - [26/06/2014 11:43:23]
AdwCleaner[s0].txt - [1852 octets] - [26/06/2014 11:52:26]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1912 octets] ##########

[kevinccc]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows Vista Home Premium x86
Ran by Kevin on Thu 06/26/2014 at 11:59:11.99
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

 

~~~ Files

Successfully deleted: [File] "C:\Program Files\mozilla firefox\plugins\npcouponprinter.dll"
Successfully deleted: [File] "C:\Program Files\mozilla firefox\plugins\npmozcouponprinter.dll"

 

~~~ Folders

Successfully deleted: [Folder] "C:\Program Files\coupons"

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 06/26/2014 at 12:01:43.85
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[kevinccc]

 Results of screen317's Security Check version 0.99.85 
 Windows Vista Service Pack 2 x86 (UAC is disabled!) 
 Internet Explorer 9 
 Internet Explorer 8 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
 Windows Firewall Disabled! 
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Spybot - Search & Destroy
 Java SE Runtime Environment 6
 Java version out of Date!
 Adobe Flash Player 10 Flash Player out of Date!
 Adobe Reader 9 Adobe Reader out of Date!
 Mozilla Firefox (3.0.1) Firefox out of Date! 
````````Process Check: objlist.exe by Laurent```````` 
 Windows Defender MSASCui.exe
 Windows Defender MSASCui.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 1 %
````````````````````End of Log``````````````````````
 

[kevinccc]

You haven't replied, are we done?  Is there anything else I can scan for?

[Psychotic]

Your computer is clean now!

 

 

 

Adobe Reader out of date

Your Adobe Reader is outdated. We will fix this.

• Get the actual software from here. Important: Uncheck any optional software (for example Google Chrome, etc.) offered.
• Run setup and follow the instructions.
• Click upon Start-->control panel-->add/remove programs.
• Search for and remove any older reader versions.
  

 

 

 

Adobe Flash Player out of date

Your Adobe flash player is outdated. We will fix this.

• Get the actual player from here. Important: Uncheck any optional software (for example Google Chrome, etc.) offered.
• Click upon Start-->control panel-->add/remove programs.
• Search for and remove any older reader versions.
  

 

 

 

Mozilla Firefox out of date

Your Firefox browser is outdated. Please follow these instructions to update it:

• Get the actual firefox from here.
• Run setup and follow the instructions on your monitor.
• Report any problems you have with the update.
  

 

 

 

 

Java runtime Environment out of date

Your Java runtime environment is outdated. We will fix this.

• Get the actual JRE from here
• Save jxpiinstall.exe to your desktop
• Close all running programs, especially your browser(s)
• Run jxpiinstall.exe. This will download the newest JRE installer and install the software
• when finished, go to
  Start-->control panel-->add/remove programs and remove all older Java versions. (if existing)
• When finished, reboot your computer.

After the reboot

• Open control panel again and click the java symbol.
• Click Settings under Temporary Internet Files.
  The Temporary Files Settings dialog box appears.
• Click Delete Files.
  The Delete Temporary Files dialog box appears
• Click OK on Delete Temporary Files window.
• Click OK again.

 

 

 

 

Uninstall our tools using delfix

Please follow these steps in order:

1. In the case we used Defogger to turn off your CD emulation software. You can start it again and use the Enable button.
2. In the case we used Combofix. Deactivate your antivirus software once more, then rename the combofix.exe to uninstall.exe and run it one last time. You shall be noted that Combofix has been removed.
3. In any case please download delfix to your desktop.
   
   • Close all other programms and start delfix.
   • Please check all the boxes and run the tool.
   • delfix will now delete all found traces of our removal process
     

[*] If there is still something left please delete it manualy.

Delete System Restore Points

To ensure your System Restore Points are free of malware, we will delete all of them but the most recent or create a new one.

On Windows Vista: Please follow these instructions to delete all but the most common System Protection Restore Points.
On Windows 7/8: Please follow these instructions to delete all but the most common System Protection Restore Points.
On Windows XP: Please follow these instructions to delete all but the most common System Protection Restore Points.

 

 

 

Recommendations: How to protect yourself

• System Updates
  Please ensure to have automatic updates activated in your control panel.
  For further information and a tutorial, see this Microsoft Support article.
• Protection
  What you need is one (not more) virus scanner with background protection. Additionally I recommend a special malware scanner to run on demand weekly.
  Personally I am using avast! Antivirus Free Edition and Malwarebytes Anti-Malware. They offer good protection for free.
  
  • To keep your browser free of advertising, you may install the Adblock Plus browser extension.
    It will filter unwanted advertising out of the website´s content.
  • To protect yourself from accidentally visiting malicious web sites, install the Web of Trust (WOT) browser extension.
    It will display a green (safe), yellow (unknown) or red (potentially dangerous) icon for a visited website within your browser.
    In addition, before accessing a dangerous classified web site, a warning screen is displayed.
    

  
  [*]Up to date Software
  Keep your Windows and your third party software up to date. The easiest way to get infected is an outdated windows, followed by: browser(s) (including add-ons and plug-ins), Adobe Flash Player and Adobe Reader, Java Runtime Environment, your antivirus program and so on. These links may help you to check:
  

  • Secunia Personal Software Inspector - checks if your software has updates available.
  • SecurityCheck (by screen317) - scans your computer for most vulnerable outdated software.
  • Mozilla: Check your plugins - The webpage will tell you if you have outdated plugins running in your Firefox browser.
    

  [*]Backup
  Hardware issues, malware, fire, lightning strike: There is a long list of different ways to loose all your data. Back up your files regularly. Use the windows internal backup function or a third party tool and save your data onto an external hard drive, cloud storage, optical media like CDs or DVDs or (if available) a professional network backup system. [*]Behaviour
  The commonest error when using a computer is "error 80" - what means that the error is located about 80cm in front of the monitor. This is a common joke between IT support technicians but it shows that all the safety mechanisms won´t help if you aren´t careful enough.
  

  • While surfing the internet, don´t click on anything you don´t know. In the worst case, it infects your system with malware.
  • Watch your step in social networks! Many cyber criminals use them to spread malware, mine personal pata (to be sold to advertising companies, for example) or simply do damage to other users. Even if a received hyperlink within a message seems to be coming from one of your friends, have a closer look. In addition, don´t click everything.
  • When installing software, have a look to each of the setup windows and uncheck any additional toolbars or free programs that may be offered additionally. Most of today´s setup procedures contain potentially unwanted programs so keep them off your system.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
    They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
    

  
  
  

[kevinccc]

It will not let me create a new restore point, it says

 

Could not creat the scheduled task for the following reason:

Cannot create a file when that file already exists. (0x800700B7)

 

I checked under system restore, there are no restore points.

[Psychotic]

At which point did this error occur?

[kevinccc]

I click create to create a restore point (under system properties)... I type in a restore point name in the pop up and when I click create, that is when I get it.

[Psychotic]

Please run delfix as instructed and tell me the result.

[AdvancedSetup]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!