PDA

View Full Version : Win.32 downloader gen & PUPS opencandy


Phosforic
2014-02-17, 01:27
Hello, how are you? I ran Malwarebytes, found and removed 7files and 2folders for Opencandy, and finished with a reboot. Idk if the log saves automatically, but if it does and you need it posted, just let me know where to find it. I don't really have any symptoms besides problems with Microsoft Essentials updating, and on my external harddrive. I had found one day that there were multiplying files titled with strings of numbers and letters claiming to be microsoft hotfix. So i wiped the harddrive after not having been able to remove them, but also reinstalled OS altogether a while ago. But now it's happening again. Except the folder titles aren't as long, and can't be accessed at all, so idk if it's hot fix, but i did try removing the first one and now there are two.Also EHDD isn't running currently Here are logs, starting with SBSD results.




Win32.Downloader.gen: [SBI $82F4FAFD] Data (File, nothing done)
C:\END
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Properties.filedate=1391911698
Properties.filedatetext=2014-02-08 21:08:17

Log: Activity: ntbtlog.txt (Backup file, fixing failed)
C:\Windows\ntbtlog.txt

Log: Install: Directx.log (Backup file, fixing failed)
C:\Windows\Directx.log

Log: Install: setupact.log (Backup file, fixing failed)
C:\Windows\setupact.log

Log: Install: setupapi.log (Backup file, fixing failed)
C:\Windows\setupapi.log

Log: Install: DtcInstall.log (Backup file, fixing failed)
C:\Windows\DtcInstall.log

Log: Shutdown: System32\wbem\logs\wmiprov.log (Backup file, fixing failed)
C:\Windows\System32\wbem\logs\wmiprov.log

Internet Explorer: [SBI $1E8157BE] Typed URL list (3 files) (Registry key, fixed)
HKEY_USERS\S-1-5-21-4160350859-559485338-2964470023-1000\Software\Microsoft\Internet Explorer\TypedURLs

Internet Explorer: [SBI $0BC7B918] User agent (Registry change, fixing failed)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

Internet Explorer: [SBI $0BC7B918] User agent (Registry change, fixing failed)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

Adobe FlashPlayer Cookies: [SBI $E17C7B50] Text file () (File, fixed)
C:\Users\Innocent\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RRFUVA8F\skype.com\#ui\preferences.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Adobe FlashPlayer Cookies: [SBI $FF9960D7] Text file () (File, fixed)
C:\Users\Innocent\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RRFUVA8F\www.omegle.com\static\omegle.swf\omegle.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E

MS Direct3D: [SBI $C2A44980] Most recent application (Registry change, fixing failed)
HKEY_USERS\.DEFAULT\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS Direct3D: [SBI $C2A44980] Most recent application (Registry change, fixed)
HKEY_USERS\S-1-5-21-4160350859-559485338-2964470023-1000\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS Direct3D: [SBI $C2A44980] Most recent application (Registry change, fixing failed)
HKEY_USERS\S-1-5-18\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS DirectDraw: [SBI $EB49D5AF] Most recent application (Registry change, fixing failed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name

Windows Explorer: [SBI $2026AFB6] User Assistant history IE (1 files) (Registry key, fixed)
HKEY_USERS\S-1-5-21-4160350859-559485338-2964470023-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count

Windows Explorer: [SBI $6107D172] User Assistant history files (24 files) (Registry key, fixed)
HKEY_USERS\S-1-5-21-4160350859-559485338-2964470023-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count

Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry key, fixed)
HKEY_USERS\S-1-5-21-4160350859-559485338-2964470023-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs

Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry change, fixing failed)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\ComputerName

Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry change, fixing failed)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\ComputerName

Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry change, fixing failed)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\UniqueID

Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry change, fixing failed)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\UniqueID

Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry value, fixed)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry value, fixed)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

Cookie: [SBI $49804B54] Cookie (20) (Cookie, fixed)


Cache: [SBI $49804B54] Cache (451) (Cache, fixed)


History: [SBI $49804B54] History (21) (History, fixed)



--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2013-11-17 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2014-01-08 Includes\Adware-000.sbi (*)
2014-01-08 Includes\Adware-001.sbi (*)
2014-02-12 Includes\Adware-C.sbi (*)
2014-01-08 Includes\Adware.sbi (*)
2014-01-13 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2014-01-08 Includes\Dialer-000.sbi (*)
2014-01-08 Includes\Dialer-001.sbi (*)
2014-01-08 Includes\Dialer-C.sbi (*)
2014-01-08 Includes\Dialer.sbi (*)
2014-01-13 Includes\DialerC.sbi (*)
2013-04-11 Includes\HeavyDuty.sbi (*)
2014-01-08 Includes\Hijackers-000.sbi (*)
2014-01-08 Includes\Hijackers-001.sbi (*)
2014-01-08 Includes\Hijackers-C.sbi (*)
2014-01-08 Includes\Hijackers.sbi (*)
2014-01-13 Includes\HijackersC.sbi (*)
2014-01-08 Includes\iPhone-000.sbi (*)
2014-01-08 Includes\iPhone.sbi (*)
2014-01-08 Includes\Keyloggers-000.sbi (*)
2014-01-08 Includes\Keyloggers-C.sbi (*)
2014-01-08 Includes\Keyloggers.sbi (*)
2014-01-13 Includes\KeyloggersC.sbi (*)
2014-01-09 Includes\Malware-000.sbi (*)
2014-01-09 Includes\Malware-001.sbi (*)
2014-01-09 Includes\Malware-002.sbi (*)
2014-02-05 Includes\Malware-003.sbi (*)
2014-01-28 Includes\Malware-004.sbi (*)
2014-01-09 Includes\Malware-005.sbi (*)
2014-01-09 Includes\Malware-006.sbi (*)
2014-01-09 Includes\Malware-007.sbi (*)
2014-02-12 Includes\Malware-C.sbi (*)
2014-01-13 Includes\Malware.sbi (*)
2014-01-13 Includes\MalwareC.sbi (*)
2014-01-15 Includes\PUPS-000.sbi (*)
2014-01-15 Includes\PUPS-001.sbi (*)
2014-01-15 Includes\PUPS-002.sbi (*)
2014-02-12 Includes\PUPS-C.sbi (*)
2014-01-13 Includes\PUPS.sbi (*)
2014-01-13 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2014-01-08 Includes\Security-000.sbi (*)
2014-01-08 Includes\Security-C.sbi (*)
2014-01-08 Includes\Security.sbi (*)
2014-01-13 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2014-01-08 Includes\Spyware-000.sbi (*)
2014-01-08 Includes\Spyware-001.sbi (*)
2014-01-08 Includes\Spyware-C.sbi (*)
2014-01-08 Includes\Spyware.sbi (*)
2014-01-08 Includes\SpywareC.sbi (*)
2012-11-19 Includes\Tracks.uti (*)
2014-01-15 Includes\Trojans-000.sbi (*)
2014-01-15 Includes\Trojans-001.sbi (*)
2014-01-15 Includes\Trojans-002.sbi (*)
2014-01-15 Includes\Trojans-003.sbi (*)
2014-01-15 Includes\Trojans-004.sbi (*)
2014-01-15 Includes\Trojans-005.sbi (*)
2014-01-15 Includes\Trojans-006.sbi (*)
2014-01-15 Includes\Trojans-007.sbi (*)
2014-01-15 Includes\Trojans-008.sbi (*)
2014-01-15 Includes\Trojans-009.sbi (*)
2014-01-09 Includes\Trojans-020.sbi (*)
2014-01-09 Includes\Trojans-021.sbi (*)
2014-01-09 Includes\Trojans-022.sbi (*)
2014-01-09 Includes\Trojans-023.sbi (*)
2014-02-12 Includes\Trojans-C.sbi (*)
2014-01-15 Includes\Trojans-OG-000.sbi (*)
2014-01-15 Includes\Trojans-TD-000.sbi (*)
2014-01-15 Includes\Trojans-VM-000.sbi (*)
2014-01-15 Includes\Trojans-VM-001.sbi (*)
2014-01-15 Includes\Trojans-VM-002.sbi (*)
2014-01-15 Includes\Trojans-VM-003.sbi (*)
2014-01-15 Includes\Trojans-VM-004.sbi (*)
2014-01-15 Includes\Trojans-VM-005.sbi (*)
2014-01-15 Includes\Trojans-VM-006.sbi (*)
2014-01-15 Includes\Trojans-VM-007.sbi (*)
2014-01-15 Includes\Trojans-VM-008.sbi (*)
2014-01-15 Includes\Trojans-VM-009.sbi (*)
2014-01-15 Includes\Trojans-VM-010.sbi (*)
2014-01-15 Includes\Trojans-VM-011.sbi (*)
2014-01-15 Includes\Trojans-VM-012.sbi (*)
2014-01-15 Includes\Trojans-VM-013.sbi (*)
2014-01-15 Includes\Trojans-VM-014.sbi (*)
2014-01-15 Includes\Trojans-VM-015.sbi (*)
2014-01-15 Includes\Trojans-VM-016.sbi (*)
2014-01-15 Includes\Trojans-VM-017.sbi (*)
2014-01-15 Includes\Trojans-VM-018.sbi (*)
2014-01-15 Includes\Trojans-VM-019.sbi (*)
2014-01-15 Includes\Trojans-VM-020.sbi (*)
2014-01-15 Includes\Trojans-VM-021.sbi (*)
2014-01-15 Includes\Trojans-VM-022.sbi (*)
2014-01-15 Includes\Trojans-VM-023.sbi (*)
2014-01-15 Includes\Trojans-VM-024.sbi (*)
2014-01-13 Includes\Trojans-VM-025.sbi (*)
2014-01-13 Includes\Trojans-VM-026.sbi (*)
2014-01-15 Includes\Trojans-ZB-000.sbi (*)
2014-01-15 Includes\Trojans-ZL-000.sbi (*)
2014-01-09 Includes\Trojans.sbi (*)
2010-03-10 Includes\TrojansC-01.sbi (*)
2014-01-09 Includes\TrojansC-02.sbi (*)
2014-01-09 Includes\TrojansC-03.sbi (*)
2014-01-16 Includes\TrojansC-04.sbi (*)
2014-01-09 Includes\TrojansC-05.sbi (*)
2014-01-09 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll








DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16533
Run by Innocent at 18:55:00 on 2014-02-09
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1982.910 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Windows\SOUNDMAN.EXE
C:\Windows\System32\CtHelper.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [SpybotSnD] "c:\program files\spybot - search & destroy\SpybotSD.exe"
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [CTHelper] CTHELPER.EXE
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [DivXMediaServer] c:\program files\divx\divx media server\DivXMediaServer.exe
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
dRun: [DevconDefaultDB] c:\windows\system32\READREG /SILENT /FAIL=1
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{8C6E5373-7661-40C3-B825-A724224701D8} : DHCPNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\innocent\appdata\roaming\mozilla\firefox\profiles\4kejaizg.default\
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_12_0_0_44.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-9-27 214696]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2013-10-6 1153368]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-10-23 172192]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2013-6-18 104768]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2013-10-23 280288]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-9-11 770168]
.
=============== Created Last 30 ================
.
2014-02-09 23:02:51 7760024 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{842d8e37-dd64-495d-9e06-02f59b38d788}\mpengine.dll
2014-02-09 03:06:56 7760024 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2014-02-09 03:01:12 1248768 ----a-w- c:\windows\system32\msxml3.dll
2014-02-09 02:25:33 -------- d-----w- c:\program files\common files\DivX Shared
2014-02-09 02:18:39 -------- d-----w- c:\users\innocent\appdata\local\Skype
2014-02-09 02:18:12 -------- d-----r- c:\program files\Skype
2014-02-09 02:09:50 -------- d-----w- c:\program files\DivX
2014-02-09 02:07:12 -------- d-----w- c:\programdata\DivX
2014-01-31 17:19:28 -------- d-----w- c:\users\innocent\appdata\local\Macromedia
2014-01-30 23:38:27 -------- d-----w- c:\users\innocent\appdata\local\calibre-cache
2014-01-30 23:36:55 -------- d-----w- c:\users\innocent\appdata\roaming\calibre
.
==================== Find3M ====================
.
2014-02-05 08:56:17 1806848 ----a-w- c:\windows\system32\jscript9.dll
2014-02-05 08:50:39 1129472 ----a-w- c:\windows\system32\wininet.dll
2014-02-05 08:49:56 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2014-02-05 08:48:40 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2014-02-05 08:48:27 421376 ----a-w- c:\windows\system32\vbscript.dll
2014-02-05 08:47:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2014-01-31 17:18:18 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-01-31 17:18:18 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-01-19 07:32:23 231584 ------w- c:\windows\system32\MpSigStub.exe
2013-12-18 06:11:52 354656 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
2013-12-13 23:10:12 409600 ----a-w- c:\windows\system32\wrap_oal.dll
2013-12-13 23:10:12 114688 ----a-w- c:\windows\system32\OpenAL32.dll
.
============= FINISH: 18:55:37.51 ===============




aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2014-02-09 18:57:51
-----------------------------
18:57:51.186 OS Version: Windows 6.0.6002 Service Pack 2
18:57:51.186 Number of processors: 1 586 0x2F02
18:57:51.187 ComputerName: TRIFLING UserName: Innocent
18:57:51.974 Initialize success
19:16:00.599 AVAST engine defs: 14021600
19:16:08.052 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
19:16:08.052 Disk 0 Vendor: WDC_WD800JB-00FMA0 13.03G13 Size: 76319MB BusType: 3
19:16:08.286 Disk 0 MBR read successfully
19:16:08.302 Disk 0 MBR scan
19:16:08.333 Disk 0 Windows VISTA default MBR code
19:16:08.333 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 74300 MB offset 63
19:16:08.395 Disk 0 scanning sectors +152167680
19:16:08.505 Disk 0 scanning C:\Windows\system32\drivers
19:16:33.380 Service scanning
19:16:49.052 Service MpKsl39ba0ddd C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{842D8E37-DD64-495D-9E06-02F59B38D788}\MpKsl39ba0ddd.sys **LOCKED** 32
19:17:15.474 Modules scanning
19:17:34.320 Disk 0 trace - called modules:
19:17:34.336 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
19:17:34.867 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85d423c0]
19:17:34.867 3 CLASSPNP.SYS[82ba48b3] -> nt!IofCallDriver -> [0x84607918]
19:17:34.883 5 acpi.sys[8060f6bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0x84605390]
19:17:35.508 AVAST engine scan C:\Windows
19:17:42.523 AVAST engine scan C:\Windows\system32
19:23:02.055 AVAST engine scan C:\Windows\system32\drivers
19:23:25.617 AVAST engine scan C:\Users\Innocent
19:25:23.384 AVAST engine scan C:\ProgramData
19:26:15.196 Scan finished successfully
19:28:09.727 Disk 0 MBR has been saved successfully to "C:\Users\Innocent\Desktop\MBR.dat"
19:28:09.759 The log file has been saved successfully to "C:\Users\Innocent\Desktop\aswMBR.txt"
Juliet
2014-02-17, 12:53
Hi and welcome

This should bring up the MBAM log

Click on the Malwarebytes' Anti-Malware icon to launch the program.
o Click on the Logs tab.
o Click on the log at the bottom of those listed to highlight it. (If you have run the scanner more then once)
o Click Open. Copy and paste the log in your next reply.


~~~~~~~~~`

Please download Farbar Recovery Scan Tool (http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/)

(use correct version for your system.....Which system am I using? (http://support.microsoft.com/kb/827218))
and Tutorial http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/



Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
Press Scan button.
It will produce a log called FRST.txt in the same directory the tool is run from.
Please copy and paste log back here.
The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
Phosforic
2014-02-17, 14:11
Morning, and thanks.





Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.02.16.06

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Innocent :: TRIFLING [administrator]

2/9/2014 5:40:36 PM
mbam-log-2014-02-09 (17-40-36).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 218628
Time elapsed: 14 minute(s), 29 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 2
C:\Users\Innocent\AppData\Local\Temp\ct3288691 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Innocent\AppData\Local\Temp\ct3297861 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

Files Detected: 7
C:\Users\Innocent\Local Settings\Temporary Internet Files\Content.IE5\31C5RCPC\checktbexist[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Innocent\Local Settings\Temporary Internet Files\Content.IE5\KJPSZ99N\mism[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Innocent\AppData\Local\Temp\ct3288691\chromeid.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Innocent\AppData\Local\Temp\ct3288691\ism.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Innocent\AppData\Local\Temp\ct3288691\setup.ini.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Innocent\AppData\Local\Temp\ct3297861\chromeid.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Innocent\AppData\Local\Temp\ct3297861\setup.ini.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

(end)








Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-02-2014
Ran by Innocent (administrator) on TRIFLING on 10-02-2014 08:07:15
Running from C:\Users\Innocent\Downloads
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Safer Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor Corp.) C:\Windows\SOUNDMAN.EXE
(Creative Technology Ltd) C:\Windows\System32\CtHelper.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(AVAST Software) C:\Users\Innocent\Downloads\aswMBR.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [SpybotSnD] - C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe [5365592 2009-01-26] (Safer Networking Limited)
HKLM\...\Run: [SoundMan] - C:\Windows\SOUNDMAN.EXE [604704 2009-04-14] (Realtek Semiconductor Corp.)
HKLM\...\Run: [CTHelper] - C:\Windows\system32\CTHELPER.EXE [19456 2007-04-09] (Creative Technology Ltd)
HKLM\...\Run: [CTxfiHlp] - C:\Windows\system32\CTXFIHLP.EXE [19968 2007-04-09] (Creative Technology Ltd)
HKLM\...\Run: [DivXMediaServer] - C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-12-22] (DivX, LLC)
HKLM\...\Run: [DivXUpdate] - C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1861968 2013-11-14] ()
HKU\.DEFAULT\...\Run: [DevconDefaultDB] - C:\Windows\system32\READREG /SILENT /FAIL=1

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x8F7376B42CF8CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Innocent\AppData\Roaming\Mozilla\Firefox\Profiles\4kejaizg.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []

========================== Services (Whitelisted) =================

R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [280288 2013-10-23] (Microsoft Corporation)
R2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)

==================== Drivers (Whitelisted) ====================

R3 ALCXWDM; C:\Windows\System32\drivers\RTKVAC.SYS [4172832 2009-06-18] (Realtek Semiconductor Corp.)
R3 COMMONFX.DLL; C:\Windows\System32\COMMONFX.DLL [98600 2007-04-18] (Creative Technology Ltd)
S3 CT20XUT.DLL; C:\Windows\System32\CT20XUT.DLL [164608 2007-04-12] (Creative Technology Ltd.)
R3 CTAUDFX.DLL; C:\Windows\System32\CTAUDFX.DLL [546048 2007-04-12] (Creative Technology Ltd)
S3 ctdvda2k; C:\Windows\System32\drivers\ctdvda2k.sys [347128 2007-04-10] (Creative Technology Ltd)
S3 CTEAPSFX.DLL; C:\Windows\System32\CTEAPSFX.DLL [168192 2007-04-12] (Creative Technology Ltd)
S3 CTEDSPFX.DLL; C:\Windows\System32\CTEDSPFX.DLL [280320 2007-04-12] (Creative Technology Ltd)
S3 CTEDSPIO.DLL; C:\Windows\System32\CTEDSPIO.DLL [128768 2007-04-12] (Creative Technology Ltd)
S3 CTEDSPSY.DLL; C:\Windows\System32\CTEDSPSY.DLL [323328 2007-04-12] (Creative Technology Ltd)
S3 CTERFXFX.DLL; C:\Windows\System32\CTERFXFX.DLL [94976 2007-04-12] (Creative Technology Ltd)
S3 CTEXFIFX.DLL; C:\Windows\System32\CTEXFIFX.DLL [1317632 2007-04-12] (Creative Technology Ltd.)
S3 CTHWIUT.DLL; C:\Windows\System32\CTHWIUT.DLL [66816 2007-04-12] (Creative Technology Ltd.)
R3 CTSBLFX.DLL; C:\Windows\System32\CTSBLFX.DLL [560384 2007-04-12] (Creative Technology Ltd)
R3 ha10kx2k; C:\Windows\System32\drivers\ha10kx2k.sys [797992 2007-04-10] (Creative Technology Ltd)
S3 hap16v2k; C:\Windows\System32\drivers\hap16v2k.sys [163112 2007-04-10] (Creative Technology Ltd)
S3 hap17v2k; C:\Windows\System32\drivers\hap17v2k.sys [189736 2007-04-10] (Creative Technology Ltd)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2014-02-10] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
R1 MpKsl39ba0ddd; C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{842D8E37-DD64-495D-9E06-02F59B38D788}\MpKsl39ba0ddd.sys [40392 2014-02-09] (Microsoft Corporation)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
U3 aswMBR; \??\C:\Users\Innocent\AppData\Local\Temp\aswMBR.sys [X]
U3 mbr; \??\C:\Users\Innocent\AppData\Local\Temp\mbr.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-10 08:07 - 2014-02-10 08:07 - 00007815 _____ () C:\Users\Innocent\Downloads\FRST.txt
2014-02-10 08:07 - 2014-02-10 08:07 - 00000000 ____D () C:\FRST
2014-02-10 08:05 - 2014-02-10 08:06 - 01141248 _____ (Farbar) C:\Users\Innocent\Downloads\FRST.exe
2014-02-10 08:01 - 2014-02-10 08:01 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2014-02-09 19:28 - 2014-02-09 19:28 - 00002054 _____ () C:\Users\Innocent\Desktop\aswMBR.txt
2014-02-09 19:28 - 2014-02-09 19:28 - 00000512 _____ () C:\Users\Innocent\Desktop\MBR.dat
2014-02-09 18:55 - 2014-02-09 18:55 - 04745728 _____ (AVAST Software) C:\Users\Innocent\Downloads\aswMBR.exe
2014-02-09 18:55 - 2014-02-09 18:55 - 00008848 _____ () C:\Users\Innocent\Desktop\attach.txt
2014-02-09 18:55 - 2014-02-09 18:55 - 00007495 _____ () C:\Users\Innocent\Desktop\dds.txt
2014-02-09 18:54 - 2014-02-09 18:54 - 00688992 ____R (Swearware) C:\Users\Innocent\Downloads\dds.scr
2014-02-09 18:51 - 2014-02-09 18:51 - 00000000 ____D () C:\ProgramData\WindowsSearch
2014-02-09 18:36 - 2014-02-09 18:52 - 99805976 _____ (Microsoft Corporation) C:\Users\Innocent\Downloads\msert.exe
2014-02-09 03:02 - 2014-02-05 03:56 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-09 03:02 - 2014-02-05 03:53 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-09 03:02 - 2014-02-05 03:51 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-09 03:02 - 2014-02-05 03:50 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-09 03:02 - 2014-02-05 03:49 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-09 03:02 - 2014-02-05 03:49 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-09 03:02 - 2014-02-05 03:48 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-09 03:02 - 2014-02-05 03:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-09 03:02 - 2014-02-05 03:48 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-09 03:02 - 2014-02-05 03:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-09 03:02 - 2014-02-05 03:48 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-09 03:02 - 2014-02-05 03:47 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-09 03:02 - 2014-02-05 03:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-09 03:02 - 2014-02-05 03:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-09 03:02 - 2014-02-05 03:46 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-09 03:01 - 2014-02-05 03:58 - 12345344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-08 22:01 - 2013-12-04 21:12 - 01248768 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-08 21:31 - 2014-02-08 21:49 - 86846984 _____ (DivX, LLC) C:\Users\Innocent\Downloads\DivXInstaller(1).exe
2014-02-08 21:26 - 2014-02-08 21:26 - 00000932 _____ () C:\Users\Public\Desktop\DivX Converter.lnk
2014-02-08 21:26 - 2014-02-08 21:26 - 00000867 _____ () C:\Users\Public\Desktop\DivX Player.lnk
2014-02-08 21:26 - 2014-02-08 21:26 - 00000000 ____D () C:\Users\Innocent\AppData\Roaming\DivX
2014-02-08 21:25 - 2014-02-08 21:26 - 00000000 ____D () C:\Program Files\Common Files\DivX Shared
2014-02-08 21:18 - 2014-02-08 21:18 - 00000000 ___RD () C:\Program Files\Skype
2014-02-08 21:18 - 2014-02-08 21:18 - 00000000 ____D () C:\Users\Innocent\AppData\Local\Skype
2014-02-08 21:18 - 2014-02-08 21:18 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-02-08 21:09 - 2014-02-08 21:27 - 00000000 ____D () C:\Program Files\DivX
2014-02-08 21:08 - 2014-02-08 21:08 - 00000000 _____ () C:\END
2014-02-08 21:07 - 2014-02-08 21:27 - 00000000 ____D () C:\ProgramData\DivX
2014-02-08 21:06 - 2014-02-08 21:06 - 00993600 _____ (DivX, LLC) C:\Users\Innocent\Downloads\DivXInstaller.exe
2014-02-08 21:05 - 2014-02-08 21:06 - 01659552 _____ (Skype Technologies S.A.) C:\Users\Innocent\Downloads\SkypeSetup.exe
2014-01-31 12:19 - 2014-01-31 12:19 - 00000000 ____D () C:\Users\Innocent\AppData\Local\Macromedia
2014-01-30 18:41 - 2014-01-30 18:50 - 54356480 _____ () C:\Users\Innocent\Downloads\calibre-1.22.0.msi
2014-01-30 18:38 - 2014-01-30 18:38 - 00000000 ____D () C:\Users\Innocent\AppData\Local\calibre-cache
2014-01-30 18:37 - 2014-01-31 00:00 - 00000000 ____D () C:\Users\Innocent\Documents\Calibre Library
2014-01-30 18:36 - 2014-01-31 00:01 - 00000000 ____D () C:\Users\Innocent\AppData\Roaming\calibre

==================== One Month Modified Files and Folders =======

2014-02-10 08:07 - 2014-02-10 08:07 - 00007815 _____ () C:\Users\Innocent\Downloads\FRST.txt
2014-02-10 08:07 - 2014-02-10 08:07 - 00000000 ____D () C:\FRST
2014-02-10 08:06 - 2014-02-10 08:05 - 01141248 _____ (Farbar) C:\Users\Innocent\Downloads\FRST.exe
2014-02-10 08:05 - 2006-11-02 07:47 - 00004240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-10 08:05 - 2006-11-02 07:47 - 00004240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-10 08:01 - 2014-02-10 08:01 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2014-02-10 08:00 - 2009-04-11 07:37 - 01930734 _____ () C:\Windows\WindowsUpdate.log
2014-02-10 07:16 - 2013-10-08 06:57 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-09 20:50 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-02-09 19:28 - 2014-02-09 19:28 - 00002054 _____ () C:\Users\Innocent\Desktop\aswMBR.txt
2014-02-09 19:28 - 2014-02-09 19:28 - 00000512 _____ () C:\Users\Innocent\Desktop\MBR.dat
2014-02-09 18:55 - 2014-02-09 18:55 - 04745728 _____ (AVAST Software) C:\Users\Innocent\Downloads\aswMBR.exe
2014-02-09 18:55 - 2014-02-09 18:55 - 00008848 _____ () C:\Users\Innocent\Desktop\attach.txt
2014-02-09 18:55 - 2014-02-09 18:55 - 00007495 _____ () C:\Users\Innocent\Desktop\dds.txt
2014-02-09 18:54 - 2014-02-09 18:54 - 00688992 ____R (Swearware) C:\Users\Innocent\Downloads\dds.scr
2014-02-09 18:52 - 2014-02-09 18:36 - 99805976 _____ (Microsoft Corporation) C:\Users\Innocent\Downloads\msert.exe
2014-02-09 18:51 - 2014-02-09 18:51 - 00000000 ____D () C:\ProgramData\WindowsSearch
2014-02-09 18:46 - 2013-12-14 07:36 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-02-09 18:46 - 2013-12-14 07:36 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-09 18:05 - 2006-11-02 05:33 - 00758370 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-09 18:00 - 2006-11-02 08:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-09 17:59 - 2008-01-20 21:47 - 00063136 _____ () C:\Windows\PFRO.log
2014-02-09 17:59 - 2006-11-02 06:18 - 00000000 ___RD () C:\Windows\Offline Web Pages
2014-02-09 17:57 - 2006-11-02 08:01 - 00015456 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-02-09 03:49 - 2013-10-07 10:30 - 00000000 ____D () C:\Users\Innocent\AppData\Roaming\Skype
2014-02-09 03:41 - 2013-10-06 13:07 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-09 03:26 - 2006-11-02 05:24 - 85946576 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-02-08 21:49 - 2014-02-08 21:31 - 86846984 _____ (DivX, LLC) C:\Users\Innocent\Downloads\DivXInstaller(1).exe
2014-02-08 21:27 - 2014-02-08 21:09 - 00000000 ____D () C:\Program Files\DivX
2014-02-08 21:27 - 2014-02-08 21:07 - 00000000 ____D () C:\ProgramData\DivX
2014-02-08 21:26 - 2014-02-08 21:26 - 00000932 _____ () C:\Users\Public\Desktop\DivX Converter.lnk
2014-02-08 21:26 - 2014-02-08 21:26 - 00000867 _____ () C:\Users\Public\Desktop\DivX Player.lnk
2014-02-08 21:26 - 2014-02-08 21:26 - 00000000 ____D () C:\Users\Innocent\AppData\Roaming\DivX
2014-02-08 21:26 - 2014-02-08 21:25 - 00000000 ____D () C:\Program Files\Common Files\DivX Shared
2014-02-08 21:18 - 2014-02-08 21:18 - 00000000 ___RD () C:\Program Files\Skype
2014-02-08 21:18 - 2014-02-08 21:18 - 00000000 ____D () C:\Users\Innocent\AppData\Local\Skype
2014-02-08 21:18 - 2014-02-08 21:18 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-02-08 21:18 - 2013-10-07 10:30 - 00001878 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-02-08 21:18 - 2013-10-07 10:29 - 00000000 ____D () C:\ProgramData\Skype
2014-02-08 21:08 - 2014-02-08 21:08 - 00000000 _____ () C:\END
2014-02-08 21:06 - 2014-02-08 21:06 - 00993600 _____ (DivX, LLC) C:\Users\Innocent\Downloads\DivXInstaller.exe
2014-02-08 21:06 - 2014-02-08 21:05 - 01659552 _____ (Skype Technologies S.A.) C:\Users\Innocent\Downloads\SkypeSetup.exe
2014-02-05 03:58 - 2014-02-09 03:01 - 12345344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-05 03:56 - 2014-02-09 03:02 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-05 03:53 - 2014-02-09 03:02 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-05 03:51 - 2014-02-09 03:02 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-05 03:50 - 2014-02-09 03:02 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-05 03:49 - 2014-02-09 03:02 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-05 03:49 - 2014-02-09 03:02 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-05 03:48 - 2014-02-09 03:02 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-05 03:48 - 2014-02-09 03:02 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-05 03:48 - 2014-02-09 03:02 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-05 03:48 - 2014-02-09 03:02 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-05 03:48 - 2014-02-09 03:02 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-05 03:47 - 2014-02-09 03:02 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-05 03:47 - 2014-02-09 03:02 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-05 03:47 - 2014-02-09 03:02 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-05 03:46 - 2014-02-09 03:02 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-01-31 12:19 - 2014-01-31 12:19 - 00000000 ____D () C:\Users\Innocent\AppData\Local\Macromedia
2014-01-31 12:18 - 2013-10-08 06:57 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-01-31 12:18 - 2013-10-08 06:57 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-01-31 00:01 - 2014-01-30 18:36 - 00000000 ____D () C:\Users\Innocent\AppData\Roaming\calibre
2014-01-31 00:00 - 2014-01-30 18:37 - 00000000 ____D () C:\Users\Innocent\Documents\Calibre Library
2014-01-30 19:03 - 2013-10-20 17:20 - 00000841 _____ () C:\Users\Public\Desktop\calibre - E-book management.lnk
2014-01-30 19:03 - 2013-10-20 17:20 - 00000000 ____D () C:\Program Files\Calibre2
2014-01-30 18:50 - 2014-01-30 18:41 - 54356480 _____ () C:\Users\Innocent\Downloads\calibre-1.22.0.msi
2014-01-30 18:40 - 2006-11-02 07:52 - 00034773 _____ () C:\Windows\setupact.log
2014-01-30 18:38 - 2014-01-30 18:38 - 00000000 ____D () C:\Users\Innocent\AppData\Local\calibre-cache
2014-01-19 02:32 - 2013-10-07 01:24 - 00231584 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-10 06:07

==================== End Of Log ============================








Additional scan result of Farbar Recovery Scan Tool (x86) Version: 16-02-2014
Ran by Innocent at 2014-02-10 08:07:41
Running from C:\Users\Innocent\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

Active@ ISO Burner v 1.7 (Version: - )
Adobe Flash Player 12 ActiveX (Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (Version: 12.0.0.44 - Adobe Systems Incorporated)
BitTorrent (HKCU Version: 7.8.2.30182 - BitTorrent Inc.)
calibre (Version: 1.22.0 - Kovid Goyal)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (Version: 4.4.304.0 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001 - Microsoft Corporation)
Mozilla Firefox 27.0 (x86 en-US) (Version: 27.0 - Mozilla)
Mozilla Maintenance Service (Version: 27.0 - Mozilla)
NVIDIA Control Panel 307.83 (Version: 307.83 - NVIDIA Corporation) Hidden
NVIDIA Drivers (Version: - )
NVIDIA Graphics Driver 307.83 (Version: 307.83 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.109.706 - NVIDIA Corporation) Hidden
NVIDIA Update 1.10.8 (Version: 1.10.8 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.10.8 - NVIDIA Corporation) Hidden
Realtek AC'97 Audio (Version: - )
Skype™ 6.13 (Version: 6.13.104 - Skype Technologies S.A.)
Spybot - Search & Destroy (Version: 1.6.2 - Safer Networking Limited)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1 - Microsoft Corporation)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
Winamp (Version: 5.65 - Nullsoft, Inc)
Winamp Detector Plug-in (HKCU Version: 1.0.0.1 - Nullsoft, Inc)
WinRAR 5.00 (32-bit) (Version: 5.00.0 - win.rar GmbH)

==================== Restore Points =========================

30-01-2014 00:59:23 Windows Update
31-01-2014 00:01:32 Installed calibre
09-02-2014 03:02:02 Windows Update
09-02-2014 08:00:14 Windows Update
10-02-2014 02:29:47 Scheduled Checkpoint

==================== Hosts content: ==========================

2006-11-02 05:23 - 2014-02-09 17:49 - 00450649 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
Task: {4D541C66-CFA4-4849-8493-2909D5110D84} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-31] (Adobe Systems Incorporated)
Task: {5CC459B3-B196-4508-9D41-E15E13A5C0FC} - System32\Tasks\Spybot Update => C:\Program Files\Spybot - Search & Destroy\Update.exe
Task: {A728AE6B-5AB8-4223-AD3E-E6341441A01C} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => Rundll32.exe %windir%\system32\pla.dll,PlaConvertLogEntries
Task: {AA4C51F5-C189-420A-90B1-9DB8CB1B36F1} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2013-11-14 19:48 - 2013-11-14 19:48 - 01861968 _____ () C:\Program Files\DivX\DivX Update\DivXUpdate.exe
2013-11-14 19:49 - 2013-11-14 19:49 - 00100688 _____ () C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
2013-12-14 07:36 - 2014-01-28 01:54 - 03583600 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-01-31 12:18 - 2014-01-31 12:18 - 16287624 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_44.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/01/2014 00:15:13 AM) (Source: System Restore) (User: )
Description: The scheduled restore point could not be created. Additional information: (0x81000101).

Error: (02/01/2014 00:15:13 AM) (Source: System Restore) (User: )
Description: Failed to create restore point on volume (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Descripton = Scheduled Checkpoint; Hr = 0x81000101).

Error: (01/30/2014 11:31:18 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\INNOCENT\DOCUMENTS\CALIBRE LIBRARY\METADATA.DB-JOURNAL> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog


Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (01/30/2014 11:31:18 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\INNOCENT\DOCUMENTS\CALIBRE LIBRARY\METADATA.DB-JOURNAL> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog


Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (01/30/2014 07:11:54 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\INNOCENT\DOCUMENTS\CALIBRE LIBRARY\METADATA.DB-JOURNAL> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog


Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (12/14/2013 02:36:40 AM) (Source: Application Error) (User: )
Description: Faulting application MsMpEng.exe, version 4.4.304.0, time stamp 0x5268454d, faulting module ntdll.dll, version 6.0.6002.18881, time stamp 0x51da3e27, exception code 0xc0000005, fault offset 0x0004a1ed,
process id 0x378, application start time 0xMsMpEng.exe0.


System errors:
=============
Error: (02/10/2014 02:28:38 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 0.0.0.0

Update Source: %NT AUTHORITY51

Update Stage: 4.4.0304.00

Source Path: 4.4.0304.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (02/10/2014 02:28:38 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.165.4198.0

Update Source: %NT AUTHORITY51

Update Stage: 4.4.0304.00

Source Path: 4.4.0304.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (02/10/2014 02:28:38 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.165.4198.0

Update Source: %NT AUTHORITY51

Update Stage: 4.4.0304.00

Source Path: 4.4.0304.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (02/10/2014 02:28:38 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.165.4198.0

Update Source: %NT AUTHORITY59

Update Stage: 4.4.0304.00

Source Path: 4.4.0304.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (02/09/2014 06:15:25 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: 0x80070643Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.165.4198.0){D61999D2-012D-42A4-B9D1-81D589D2767B}201

Error: (02/09/2014 06:14:15 PM) (Source: Microsoft Antimalware) (User: )
Description: %Trifling60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 0.0.0.0

Update Source: %Trifling51

Update Stage: 4.4.0304.00

Source Path: 4.4.0304.01

Signature Type: %Trifling602

Update Type: %Trifling604

User: Trifling\Innocent

Current Engine Version: %Trifling605

Previous Engine Version: %Trifling606

Error code: %Trifling607

Error description: %Trifling608

Error: (02/09/2014 06:14:14 PM) (Source: Microsoft Antimalware) (User: )
Description: %Trifling60 has encountered an error trying to update the engine.

New Engine Version:

Previous Engine Version:

Engine Type: %Trifling604

User: Trifling\Innocent

Error Code: %Trifling601

Error description: %Trifling602

Error: (02/09/2014 06:14:14 PM) (Source: Microsoft Antimalware) (User: )
Description: %Trifling60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version:

Update Source: %Trifling15

Update Stage: 4.4.0304.00

Source Path: 4.4.0304.01

Signature Type: %Trifling602

Update Type: %Trifling604

User: Trifling\Innocent

Current Engine Version: %Trifling605

Previous Engine Version: %Trifling606

Error code: %Trifling607

Error description: %Trifling608

Error: (02/09/2014 06:12:38 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.165.4198.0

Update Source: %NT AUTHORITY59

Update Stage: 4.4.0304.00

Source Path: 4.4.0304.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (02/09/2014 06:12:34 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update the engine.

New Engine Version:

Previous Engine Version:

Engine Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Error Code: %NT AUTHORITY601

Error description: %NT AUTHORITY602


Microsoft Office Sessions:
=========================
Error: (02/01/2014 00:15:13 AM) (Source: System Restore)(User: )
Description: 0x81000101

Error: (02/01/2014 00:15:13 AM) (Source: System Restore)(User: )
Description: C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreationScheduled Checkpoint0x81000101

Error: (01/30/2014 11:31:18 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog


Details:
A device attached to the system is not functioning. (0x8007001f)
C:\USERS\INNOCENT\DOCUMENTS\CALIBRE LIBRARY\METADATA.DB-JOURNAL

Error: (01/30/2014 11:31:18 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog


Details:
A device attached to the system is not functioning. (0x8007001f)
C:\USERS\INNOCENT\DOCUMENTS\CALIBRE LIBRARY\METADATA.DB-JOURNAL

Error: (01/30/2014 07:11:54 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog


Details:
A device attached to the system is not functioning. (0x8007001f)
C:\USERS\INNOCENT\DOCUMENTS\CALIBRE LIBRARY\METADATA.DB-JOURNAL

Error: (12/14/2013 02:36:40 AM) (Source: Application Error)(User: )
Description: MsMpEng.exe4.4.304.05268454dntdll.dll6.0.6002.1888151da3e27c00000050004a1ed37801cef858da0069d6


CodeIntegrity Errors:
===================================
Date: 2013-12-14 07:02:02.247
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-12-14 07:02:02.056
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-12-14 07:02:01.860
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-12-14 07:02:01.696
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-12-14 07:02:01.585
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-12-14 07:02:01.472
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-12-14 07:02:01.264
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_b34d67897fc6850f\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-12-14 07:02:01.153
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_b34d67897fc6850f\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-12-14 07:02:01.039
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_b34d67897fc6850f\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-12-14 07:02:00.928
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_b34d67897fc6850f\tcpip.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 67%
Total physical RAM: 1981.82 MB
Available physical RAM: 640.03 MB
Total Pagefile: 4202.21 MB
Available Pagefile: 2353.98 MB
Total Virtual: 2047.88 MB
Available Virtual: 1908.6 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:72.56 GB) (Free:34.53 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 75 GB) (Disk ID: 0A240A24)
Partition 1: (Active) - (Size=73 GB) - (Type=07 NTFS)

==================== End Of Log ============================
Juliet
2014-02-17, 14:49
http://imageshack.us/a/img841/7292/thisisujrt.gif
Please download Junkware Removal Tool (http://www.bleepingcomputer.com/download/junkware-removal-tool/) to your desktop.
Shut down your protection software now to avoid potential conflicts. Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator". The tool will open and start scanning your system. Please be patient as this can take a while to complete depending on your system's specifications. On completion, a log (JRT.txt) is saved to your desktop and will automatically open. Post the contents of JRT.txt into your next message.
Phosforic
2014-02-17, 17:20
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.1 (02.04.2014:1)
OS: Windows Vista (TM) Home Premium x86
Ran by Innocent on Mon 02/10/2014 at 11:16:45.99
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit



~~~ Files

Successfully deleted: [File] "C:\end"



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Innocent\AppData\Roaming\mozilla\firefox\profiles\4kejaizg.default\minidumps [1 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 02/10/2014 at 11:19:14.31
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Juliet
2014-02-17, 19:30
Successfully deleted: [File] "C:\end" <-- This is what I wanted to see.

How's your computer?
Phosforic
2014-02-18, 00:42
Honestly, no different. My cd drive light is constantly blinking.. I hadn't really noticed any symptoms. except that I downloaded 'Enhancer' from the Winamp website, ran it, and it only opoened and closed cmd. Which seems like backdoor trojan? idk, that's what made me do a scan. What is the malware trying to accomplish anyway?
Juliet
2014-02-18, 01:44
So far from what we've run doesn't show any significant infection.

What we should do from this point is run another tool. Something can always be hidden from the eye.


Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

How to use ComboFix (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)

Download ComboFix from here:
Link 1 (http://www.bleepingcomputer.com/download/combofix/)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
Link 3 (http://subs.geekstogo.com/ComboFix.exe)

Place ComboFix.exe on your Desktop <--Important

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
You can get help on disabling your protection programs here (http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/490111-how-disable-your-security-applications.html)
Double click on ComboFix.exe & follow the prompts.
You may be asked to install or update the Recovery Console (http://en.wikipedia.org/wiki/Recovery_Console) (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)
Your desktop may go blank. This is normal. It will return when ComboFix is done. Combofix may need to reboot your computer more than once to do its job this is normal.
When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

---------------------------------------------------------------------------------------------
Ensure your AntiVirus and AntiSpyware applications are re-enabled.

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.
---------------------------------------------------------------------------------------------
If there are Internet issues after running ComboFix:
Internet Explorer:
Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" and check to "Automatically detect settings". Also clear any proxy address and port. ok, apply (only if applicable), ok.
Firefox:
Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection. "No Proxy" should be selected, unless you have one set up yourself.
Chrome:
Select -> Tools menu -> then "Options", then go to "Change Proxy Settings", then "LAN Settings" , then take out the check mark for "Use a proxy server for your LAN" if set, unless you set this up yourself.
Safari
Launch Safari
Go to general settings menu
Then in Preferences/ Advanced
Then on line click Proxies change settings ...
Click Internet Options, then click the Connections tab, click Network Settings.
Disable option (uncheck) for the use of proxy server ...
Phosforic
2014-02-18, 06:17
Huh.. Well here's combofix





ComboFix 14-02-16.01 - Innocent 02/11/2014 0:04.1.1 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1982.1236 [GMT -5:00]
Running from: c:\users\Innocent\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2014-01-11 to 2014-02-11 )))))))))))))))))))))))))))))))
.
.
2014-02-11 05:10 . 2014-02-11 05:10 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-02-11 05:10 . 2014-02-11 05:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-02-10 13:07 . 2014-02-10 13:07 -------- d-----w- C:\FRST
2014-02-09 23:51 . 2014-02-09 23:51 -------- d-----w- c:\programdata\WindowsSearch
2014-02-09 23:02 . 2013-12-16 06:54 7760024 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{842D8E37-DD64-495D-9E06-02F59B38D788}\mpengine.dll
2014-02-09 03:06 . 2013-12-16 06:54 7760024 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-02-09 03:01 . 2013-12-05 02:12 1248768 ----a-w- c:\windows\system32\msxml3.dll
2014-02-09 02:26 . 2014-02-09 02:26 -------- d-----w- c:\users\Innocent\AppData\Roaming\DivX
2014-02-09 02:25 . 2014-02-09 02:26 -------- d-----w- c:\program files\Common Files\DivX Shared
2014-02-09 02:18 . 2014-02-09 02:18 -------- d-----w- c:\users\Innocent\AppData\Local\Skype
2014-02-09 02:18 . 2014-02-09 02:18 -------- d-----w- c:\program files\Common Files\Skype
2014-02-09 02:18 . 2014-02-09 02:18 -------- d-----r- c:\program files\Skype
2014-02-09 02:09 . 2014-02-09 02:27 -------- d-----w- c:\program files\DivX
2014-02-09 02:07 . 2014-02-09 02:27 -------- d-----w- c:\programdata\DivX
2014-01-31 17:19 . 2014-01-31 17:19 -------- d-----w- c:\users\Innocent\AppData\Local\Macromedia
2014-01-30 23:38 . 2014-01-30 23:38 -------- d-----w- c:\users\Innocent\AppData\Local\calibre-cache
2014-01-30 23:36 . 2014-01-31 05:01 -------- d-----w- c:\users\Innocent\AppData\Roaming\calibre
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-31 17:18 . 2013-10-08 11:57 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-01-31 17:18 . 2013-10-08 11:57 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-01-19 07:32 . 2013-10-07 06:24 231584 ------w- c:\windows\system32\MpSigStub.exe
2013-12-18 06:11 . 2013-12-18 06:11 354656 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
2013-12-13 23:10 . 2013-10-06 18:55 409600 ----a-w- c:\windows\system32\wrap_oal.dll
2013-12-13 23:10 . 2013-10-06 18:55 114688 ----a-w- c:\windows\system32\OpenAL32.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 948440]
"SpybotSnD"="c:\program files\Spybot - Search & Destroy\SpybotSD.exe" [2009-01-26 5365592]
"SoundMan"="SOUNDMAN.EXE" [2009-04-14 604704]
"CTHelper"="CTHELPER.EXE" [2007-04-09 19456]
"CTxfiHlp"="CTXFIHLP.EXE" [2007-04-09 19968]
"DivXMediaServer"="c:\program files\DivX\DivX Media Server\DivXMediaServer.exe" [2013-12-23 450560]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2013-11-15 1861968]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DevconDefaultDB"="c:\windows\system32\READREG" [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2014-02-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-08 17:18]
.
.
------- Supplementary Scan -------
.
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Innocent\AppData\Roaming\Mozilla\Firefox\Profiles\4kejaizg.default\
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-02-11 00:10
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?
CTxfiHlp = CTXFIHLP.EXE?
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2014-02-11 00:12:26
ComboFix-quarantined-files.txt 2014-02-11 05:12
.
Pre-Run: 40,901,648,384 bytes free
Post-Run: 40,827,961,344 bytes free
.
- - End Of File - - 338064439D8DFAD9C3ADFBE9199E00F4
5C616939100B85E558DA92B899A0FC36
Juliet
2014-02-18, 11:39
Download the latest version of TDSSKiller from here (http://media.kaspersky.com/utilities/VirusUtilities/EN/tdsskiller.exe) and save it to your Desktop.




Doubleclick on TDSSKiller.exe to run the application
https://dl.dropbox.com/u/73555776/tdss%20start.JPG

Then click on Change parameters.

https://dl.dropbox.com/u/73555776/tdss%20Change%20param.JPG

Check the boxes beside Verify Driver Digital Signature, Detect TDLFS file system and Use KSN to scan objects , then click OK.

Click the Start Scan button.


If a suspicious object is detected, the default action will be Skip, click on Continue.

https://dl.dropbox.com/u/73555776/tdss%20threat.JPG

If malicious objects are found, they will show in the Scan results and offer three (3) options.
Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Get the report by selecting Reports

https://dl.dropbox.com/u/73555776/tdss%20report.JPG

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


Please copy and paste its contents on your next reply.
Juliet
2014-02-23, 13:21
It's been 6 days now, you still need help?
Juliet
2014-02-25, 11:43
Glad we could help. :)http://i204.photobucket.com/albums/bb106/Juliet702/sparkle.gif

Since this issue appears resolved ... this Topic is closed.