-
November 28th, 2014, 01:19 AM
#31
Farbar Service Scanner Version: 21-07-2014
Ran by Kevin (administrator) on 27-11-2014 at 21:19:00
Running from "C:\Users\Kevin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OJDUIKD5"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Disabled Policy:
========================
Security Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
Other Services:
==============
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcsvc.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
**** End of log ****
-
November 28th, 2014, 02:55 PM
#32
2014-11-28 05:36:26.899 Sophos Virus Removal Tool version 2.5.3
2014-11-28 05:36:26.899 Copyright (c) 2009-2014 Sophos Limited. All rights reserved.
2014-11-28 05:36:26.899 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.
2014-11-28 05:36:26.899 Windows version 6.0 SP 2.0 Service Pack 2 build 6002 SM=0x300 PT=0x1 WOW64
2014-11-28 05:36:26.900 Checking for updates...
2014-11-28 05:36:29.788 Update progress: proxy server not available
2014-11-28 05:36:43.048 Option all = no
2014-11-28 05:36:43.048 Option recurse = yes
2014-11-28 05:36:43.048 Option archive = no
2014-11-28 05:36:43.048 Option service = yes
2014-11-28 05:36:43.048 Option confirm = yes
2014-11-28 05:36:43.048 Option sxl = yes
2014-11-28 05:36:43.051 Option max-data-age = 35
2014-11-28 05:36:43.051 Option EnableSafeClean = yes
2014-11-28 05:36:43.906 Downloading updates...
2014-11-28 05:36:43.906 Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0
2014-11-28 05:36:43.906 Update progress: [I49502] Found supplement SAVIW32 LATEST
2014-11-28 05:36:43.906 Update progress: [I49502] Found supplement IDE505 LATEST
2014-11-28 05:36:43.906 Update progress: [I49502] Found supplement IDE506 LATEST
2014-11-28 05:36:43.906 Update progress: [I49502] Found supplement IDE507 LATEST
2014-11-28 05:36:43.906 Update progress: [I49502] Found supplement IDE508 LATEST
2014-11-28 05:36:43.906 Update progress: [I49502] Found supplement IDE509 LATEST
2014-11-28 05:36:43.906 Update progress: [I49502] Found supplement IDE510 LATEST
2014-11-28 05:36:43.906 Update progress: [I49502] Found supplement IDE511 LATEST
2014-11-28 05:36:43.906 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
2014-11-28 05:36:43.906 Update progress: [I19463] Syncing product SAVIW32 46
2014-11-28 05:36:47.085 Update progress: [I19463] Syncing product IDE505 175
2014-11-28 05:36:49.307 Installing updates...
2014-11-28 05:36:51.346 Option vdl-logging = yes
2014-11-28 05:36:52.546 Component SVRTcli.exe version 2.5
2014-11-28 05:36:52.546 Component control.dll version 2.5
2014-11-28 05:36:52.547 Component SVRTservice.exe version 2.5
2014-11-28 05:36:52.547 Component engine\osdp.dll version 1.44.1.2171
2014-11-28 05:36:52.547 Component engine\veex.dll version 3.56.0.2171
2014-11-28 05:36:52.547 Component engine\savi.dll version 8.1.4.2171
2014-11-28 05:36:52.547 Component rkdisk.dll version 1.5.30.0
2014-11-28 05:36:52.547 Version info: Product version 2.5
2014-11-28 05:36:52.547 Version info: Detection engine 3.56.0
2014-11-28 05:36:52.547 Version info: Detection data 5.04
2014-11-28 05:36:52.547 Version info: Build date 7/29/2014
2014-11-28 05:36:52.548 Version info: Data files added 1012
2014-11-28 05:36:52.548 Version info: Last successful update (not yet updated)
2014-11-28 05:36:52.908 Update progress: [I19463] Syncing product IDE506 201
2014-11-28 05:36:52.909 Update progress: [I19463] Syncing product IDE507 162
2014-11-28 05:36:52.909 Update progress: [I19463] Syncing product IDE508 184
2014-11-28 05:36:52.909 Update progress: [I19463] Syncing product IDE509 177
2014-11-28 05:36:52.909 Update progress: [I19463] Syncing product IDE510 115
2014-11-28 05:36:52.909 Update progress: [I19463] Syncing product IDE511 1
2014-11-28 05:37:29.375 Update successful
2014-11-28 05:37:49.456 Option all = no
2014-11-28 05:37:49.456 Option recurse = yes
2014-11-28 05:37:49.456 Option archive = no
2014-11-28 05:37:49.456 Option service = yes
2014-11-28 05:37:49.456 Option confirm = yes
2014-11-28 05:37:49.456 Option sxl = yes
2014-11-28 05:37:49.459 Option max-data-age = 35
2014-11-28 05:37:49.459 Option EnableSafeClean = yes
2014-11-28 05:37:49.543 Option vdl-logging = yes
2014-11-28 05:37:49.550 Component SVRTcli.exe version 2.5
2014-11-28 05:37:49.551 Component control.dll version 2.5
2014-11-28 05:37:49.551 Component SVRTservice.exe version 2.5
2014-11-28 05:37:49.551 Component engine\osdp.dll version 1.44.1.2171
2014-11-28 05:37:49.551 Component engine\veex.dll version 3.56.0.2171
2014-11-28 05:37:49.552 Component engine\savi.dll version 8.1.4.2171
2014-11-28 05:37:49.552 Component rkdisk.dll version 1.5.30.0
2014-11-28 05:37:49.552 Version info: Product version 2.5
2014-11-28 05:37:49.555 Version info: Detection engine 3.56.0
2014-11-28 05:37:49.555 Version info: Detection data 5.04G
2014-11-28 05:37:49.555 Version info: Build date 7/29/2014
2014-11-28 05:37:49.556 Version info: Data files added 1012
2014-11-28 05:37:49.556 Version info: Last successful update 11/27/2014 9:37:29 PM
2014-11-28 06:47:48.336 Could not open C:\hiberfil.sys
2014-11-28 06:48:53.760 Could not open C:\pagefile.sys
2014-11-28 06:58:36.021 >>> Virus 'Troj/Agent-AJPK' found in file C:\ProgramData\Comodo\Cis\Quarantine\data\{3E1DC5A1-021E-4BAE-822E-D9EC1F3E25F6}
2014-11-28 06:58:36.021 >>> Virus 'Troj/Agent-AJPK' found in file HKU\S-1-5-21-1883070484-2313114216-2368761245-1000\Software\Microsoft\Internet Explorer\Download\CheckExeSignatures
2014-11-28 06:58:36.022 >>> Virus 'Troj/Agent-AJPK' found in file HKU\S-1-5-21-1883070484-2313114216-2368761245-1000\Software\Microsoft\Internet Explorer\Download\CheckExeSignatures
2014-11-28 06:58:36.022 >>> Virus 'Troj/Agent-AJPK' found in file HKU\S-1-5-21-1883070484-2313114216-2368761245-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-28 06:58:36.022 >>> Virus 'Troj/Agent-AJPK' found in file HKU\S-1-5-21-1883070484-2313114216-2368761245-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-28 06:58:36.022 >>> Virus 'Troj/Agent-AJPK' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-28 06:58:50.873 >>> Virus 'Mal/FakeAvCn-B' found in file C:\ProgramData\lCcFf01803\lCcFf01803
2014-11-28 06:58:50.874 >>> Virus 'Mal/FakeAvCn-B' found in file HKU\S-1-5-21-1883070484-2313114216-2368761245-1000\Software\Microsoft\Internet Explorer\Download\CheckExeSignatures
2014-11-28 06:58:50.874 >>> Virus 'Mal/FakeAvCn-B' found in file HKU\S-1-5-21-1883070484-2313114216-2368761245-1000\Software\Microsoft\Internet Explorer\Download\CheckExeSignatures
2014-11-28 06:58:50.874 >>> Virus 'Mal/FakeAvCn-B' found in file HKU\S-1-5-21-1883070484-2313114216-2368761245-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-28 06:58:50.874 >>> Virus 'Mal/FakeAvCn-B' found in file HKU\S-1-5-21-1883070484-2313114216-2368761245-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-28 06:58:50.874 >>> Virus 'Mal/FakeAvCn-B' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-28 06:59:55.911 Could not open C:\System Volume Information\{0d1076a6-765d-11e4-9186-002268474731}{3808876b-c176-4e48-b7ae-04046e6cc752}
2014-11-28 06:59:55.911 Could not open C:\System Volume Information\{0e3f88a7-72cd-11e4-ac8d-002268474731}{3808876b-c176-4e48-b7ae-04046e6cc752}
2014-11-28 06:59:55.912 Could not open C:\System Volume Information\{0e3f88c5-72cd-11e4-ac8d-002268474731}{3808876b-c176-4e48-b7ae-04046e6cc752}
2014-11-28 06:59:55.912 Could not open C:\System Volume Information\{2f186a11-73f5-11e4-aa1d-002268474731}{3808876b-c176-4e48-b7ae-04046e6cc752}
2014-11-28 06:59:55.913 Could not open C:\System Volume Information\{2f186a3a-73f5-11e4-aa1d-002268474731}{3808876b-c176-4e48-b7ae-04046e6cc752}
2014-11-28 06:59:55.913 Could not open C:\System Volume Information\{2f186a85-73f5-11e4-aa1d-002268474731}{3808876b-c176-4e48-b7ae-04046e6cc752}
2014-11-28 06:59:55.914 Could not open C:\System Volume Information\{2f186a90-73f5-11e4-aa1d-002268474731}{3808876b-c176-4e48-b7ae-04046e6cc752}
2014-11-28 06:59:55.914 Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
2014-11-28 06:59:55.915 Could not open C:\System Volume Information\{c9349966-72e2-11e4-b2b5-002268474731}{3808876b-c176-4e48-b7ae-04046e6cc752}
2014-11-28 06:59:55.915 Could not open C:\System Volume Information\{d3656418-738f-11e4-9073-002268474731}{3808876b-c176-4e48-b7ae-04046e6cc752}
2014-11-28 06:59:55.916 Could not open C:\System Volume Information\{d365648e-738f-11e4-9073-002268474731}{3808876b-c176-4e48-b7ae-04046e6cc752}
2014-11-28 06:59:55.916 Could not open C:\System Volume Information\{e3883727-76be-11e4-80e0-002268474731}{3808876b-c176-4e48-b7ae-04046e6cc752}
2014-11-28 07:01:41.504 >>> Virus 'Mal/JNLP-A' found in file C:\Users\Kevin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\428de01-22356c1f
2014-11-28 07:01:41.505 >>> Virus 'Mal/JNLP-A' found in file HKU\S-1-5-21-1883070484-2313114216-2368761245-1000\Software\Microsoft\Internet Explorer\Download\CheckExeSignatures
2014-11-28 07:01:41.505 >>> Virus 'Mal/JNLP-A' found in file HKU\S-1-5-21-1883070484-2313114216-2368761245-1000\Software\Microsoft\Internet Explorer\Download\CheckExeSignatures
2014-11-28 07:01:41.505 >>> Virus 'Mal/JNLP-A' found in file HKU\S-1-5-21-1883070484-2313114216-2368761245-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-28 07:01:41.505 >>> Virus 'Mal/JNLP-A' found in file HKU\S-1-5-21-1883070484-2313114216-2368761245-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-28 07:01:41.506 >>> Virus 'Mal/JNLP-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-28 07:01:50.895 >>> Virus 'Mal/JNLP-A' found in file C:\Users\Kevin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\49302a29-753427d9
2014-11-28 07:01:50.896 >>> Virus 'Mal/JNLP-A' found in file HKU\S-1-5-21-1883070484-2313114216-2368761245-1000\Software\Microsoft\Internet Explorer\Download\CheckExeSignatures
2014-11-28 07:01:50.896 >>> Virus 'Mal/JNLP-A' found in file HKU\S-1-5-21-1883070484-2313114216-2368761245-1000\Software\Microsoft\Internet Explorer\Download\CheckExeSignatures
2014-11-28 07:01:50.896 >>> Virus 'Mal/JNLP-A' found in file HKU\S-1-5-21-1883070484-2313114216-2368761245-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-28 07:01:50.896 >>> Virus 'Mal/JNLP-A' found in file HKU\S-1-5-21-1883070484-2313114216-2368761245-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-28 07:01:50.897 >>> Virus 'Mal/JNLP-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-28 07:01:57.298 >>> Virus 'Mal/JNLP-A' found in file C:\Users\Kevin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\5462e229-773c07e0
2014-11-28 07:01:57.298 >>> Virus 'Mal/JNLP-A' found in file HKU\S-1-5-21-1883070484-2313114216-2368761245-1000\Software\Microsoft\Internet Explorer\Download\CheckExeSignatures
2014-11-28 07:01:57.299 >>> Virus 'Mal/JNLP-A' found in file HKU\S-1-5-21-1883070484-2313114216-2368761245-1000\Software\Microsoft\Internet Explorer\Download\CheckExeSignatures
2014-11-28 07:01:57.299 >>> Virus 'Mal/JNLP-A' found in file HKU\S-1-5-21-1883070484-2313114216-2368761245-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-28 07:01:57.299 >>> Virus 'Mal/JNLP-A' found in file HKU\S-1-5-21-1883070484-2313114216-2368761245-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-28 07:01:57.299 >>> Virus 'Mal/JNLP-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-28 07:02:03.888 >>> Virus 'Mal/JNLP-A' found in file C:\Users\Kevin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\41e92d2a-26dc9fed
2014-11-28 07:02:03.889 >>> Virus 'Mal/JNLP-A' found in file HKU\S-1-5-21-1883070484-2313114216-2368761245-1000\Software\Microsoft\Internet Explorer\Download\CheckExeSignatures
2014-11-28 07:02:03.889 >>> Virus 'Mal/JNLP-A' found in file HKU\S-1-5-21-1883070484-2313114216-2368761245-1000\Software\Microsoft\Internet Explorer\Download\CheckExeSignatures
2014-11-28 07:02:03.889 >>> Virus 'Mal/JNLP-A' found in file HKU\S-1-5-21-1883070484-2313114216-2368761245-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-28 07:02:03.890 >>> Virus 'Mal/JNLP-A' found in file HKU\S-1-5-21-1883070484-2313114216-2368761245-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-28 07:02:03.890 >>> Virus 'Mal/JNLP-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-28 07:02:10.922 >>> Virus 'Mal/JNLP-A' found in file C:\Users\Kevin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\2de400b7-61370f36
2014-11-28 07:02:10.922 >>> Virus 'Mal/JNLP-A' found in file HKU\S-1-5-21-1883070484-2313114216-2368761245-1000\Software\Microsoft\Internet Explorer\Download\CheckExeSignatures
2014-11-28 07:02:10.922 >>> Virus 'Mal/JNLP-A' found in file HKU\S-1-5-21-1883070484-2313114216-2368761245-1000\Software\Microsoft\Internet Explorer\Download\CheckExeSignatures
2014-11-28 07:02:10.923 >>> Virus 'Mal/JNLP-A' found in file HKU\S-1-5-21-1883070484-2313114216-2368761245-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-28 07:02:10.923 >>> Virus 'Mal/JNLP-A' found in file HKU\S-1-5-21-1883070484-2313114216-2368761245-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-28 07:02:10.923 >>> Virus 'Mal/JNLP-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-28 07:02:20.426 >>> Virus 'Mal/Generic-S' found in file C:\Users\Kevin\AppData\LocalLow\xgfubgq.dll
2014-11-28 07:02:20.426 >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1883070484-2313114216-2368761245-1000\Software\Microsoft\Internet Explorer\Download\CheckExeSignatures
2014-11-28 07:02:20.427 >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1883070484-2313114216-2368761245-1000\Software\Microsoft\Internet Explorer\Download\CheckExeSignatures
2014-11-28 07:02:20.427 >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1883070484-2313114216-2368761245-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-28 07:02:20.427 >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1883070484-2313114216-2368761245-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-28 07:02:20.428 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-28 07:50:17.409 Could not open LOGICAL:0006:00000000
2014-11-28 07:50:17.425 Could not open G:\
2014-11-28 07:50:17.433 Could not open LOGICAL:0007:00000000
2014-11-28 07:50:17.449 Could not open H:\
2014-11-28 07:50:17.464 Could not open LOGICAL:0008:00000000
2014-11-28 07:50:17.480 Could not open I:\
2014-11-28 07:50:17.489 Could not open LOGICAL:0009:00000000
2014-11-28 07:50:17.505 Could not open J:\
2014-11-28 07:50:17.575 Could not open PHYSICAL:0081:0000:0000:0001
2014-11-28 07:50:17.590 Could not open PHYSICAL:0082:0000:0000:0001
2014-11-28 07:50:17.606 Could not open PHYSICAL:0083:0000:0000:0001
2014-11-28 07:50:17.622 Could not open PHYSICAL:0084:0000:0000:0001
2014-11-28 07:50:17.644 The following items will be cleaned up:
2014-11-28 07:50:17.644 Troj/Agent-AJPK
2014-11-28 07:50:17.644 Mal/FakeAvCn-B
2014-11-28 07:50:17.644 Mal/JNLP-A
2014-11-28 07:50:17.644 Mal/Generic-S
2014-11-28 14:30:56.465 Threat 'Troj/Agent-AJPK' has been cleaned up.
2014-11-28 14:30:56.470 File "C:\ProgramData\Comodo\Cis\Quarantine\data\{3E1DC5A1-021E-4BAE-822E-D9EC1F3E25F6}" belongs to 'Troj/Agent-AJPK'.
2014-11-28 14:30:56.470 File "C:\ProgramData\Comodo\Cis\Quarantine\data\{3E1DC5A1-021E-4BAE-822E-D9EC1F3E25F6}" has been cleaned up.
2014-11-28 14:30:56.470 Registry value "HKU\S-1-5-21-1883070484-2313114216-2368761245-1000\Software\Microsoft\Internet Explorer\Download\CheckExeSignatures" belongs to 'Troj/Agent-AJPK'.
2014-11-28 14:30:56.471 Registry value "HKU\S-1-5-21-1883070484-2313114216-2368761245-1000\Software\Microsoft\Internet Explorer\Download\CheckExeSignatures" has been cleaned up.
2014-11-28 14:30:56.471 Registry value "HKU\S-1-5-21-1883070484-2313114216-2368761245-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect" belongs to 'Troj/Agent-AJPK'.
2014-11-28 14:30:56.471 Registry value "HKU\S-1-5-21-1883070484-2313114216-2368761245-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect" has been cleaned up.
2014-11-28 14:30:56.471 Registry value "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect" belongs to 'Troj/Agent-AJPK'.
2014-11-28 14:30:56.471 Registry value "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect" has been cleaned up.
2014-11-28 14:30:56.472 Removal successful
2014-11-28 14:31:01.915 Threat 'Mal/FakeAvCn-B' has been cleaned up.
2014-11-28 14:31:01.915 File "C:\ProgramData\lCcFf01803\lCcFf01803" belongs to malware 'Mal/FakeAvCn-B'.
2014-11-28 14:31:01.915 File "C:\ProgramData\lCcFf01803\lCcFf01803" has been cleaned up.
2014-11-28 14:31:01.915 Removal successful
2014-11-28 14:31:28.671 Threat 'Mal/JNLP-A' has been cleaned up.
2014-11-28 14:31:28.671 File "C:\Users\Kevin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\428de01-22356c1f" belongs to malware 'Mal/JNLP-A'.
2014-11-28 14:31:28.671 File "C:\Users\Kevin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\428de01-22356c1f" has been cleaned up.
2014-11-28 14:31:28.671 File "C:\Users\Kevin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\49302a29-753427d9" belongs to malware 'Mal/JNLP-A'.
2014-11-28 14:31:28.671 File "C:\Users\Kevin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\49302a29-753427d9" has been cleaned up.
2014-11-28 14:31:28.672 File "C:\Users\Kevin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\5462e229-773c07e0" belongs to malware 'Mal/JNLP-A'.
2014-11-28 14:31:28.672 File "C:\Users\Kevin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\5462e229-773c07e0" has been cleaned up.
2014-11-28 14:31:28.672 File "C:\Users\Kevin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\41e92d2a-26dc9fed" belongs to malware 'Mal/JNLP-A'.
2014-11-28 14:31:28.672 File "C:\Users\Kevin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\41e92d2a-26dc9fed" has been cleaned up.
2014-11-28 14:31:28.672 File "C:\Users\Kevin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\2de400b7-61370f36" belongs to malware 'Mal/JNLP-A'.
2014-11-28 14:31:28.672 File "C:\Users\Kevin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\2de400b7-61370f36" has been cleaned up.
2014-11-28 14:31:28.672 Removal successful
2014-11-28 14:31:34.425 Threat 'Mal/Generic-S' has been cleaned up.
2014-11-28 14:31:34.425 File "C:\Users\Kevin\AppData\LocalLow\xgfubgq.dll" belongs to malware 'Mal/Generic-S'.
2014-11-28 14:31:34.425 File "C:\Users\Kevin\AppData\LocalLow\xgfubgq.dll" has been cleaned up.
2014-11-28 14:31:34.425 Removal successful
2014-11-28 14:31:34.475 Contents of SafeClean bin directory:
2014-11-28 14:31:34.475 {
2014-11-28 14:31:34.475 RecordID : "0000000000000001",
2014-11-28 14:31:34.475 ItemType : "1",
2014-11-28 14:31:34.475 Location : "C:\ProgramData\Comodo\Cis\Quarantine\data\",
2014-11-28 14:31:34.475 FileName : "{3E1DC5A1-021E-4BAE-822E-D9EC1F3E25F6}",
2014-11-28 14:31:34.475 ThreatName : "Troj/Agent-AJPK",
2014-11-28 14:31:34.475 Checksum : "b738107795741d2e09e0e3ebd31d53a33fc87c6f20168173204e131f38492074",
2014-11-28 14:31:34.475 TimeStamp : "Fri Nov 28 06:30:48 2014"
2014-11-28 14:31:34.475 }
2014-11-28 14:31:34.475 {
2014-11-28 14:31:34.475 RecordID : "0000000000000002",
2014-11-28 14:31:34.475 ItemType : "1",
2014-11-28 14:31:34.475 Location : "C:\ProgramData\lCcFf01803\",
2014-11-28 14:31:34.475 FileName : "lCcFf01803",
2014-11-28 14:31:34.475 ThreatName : "Mal/FakeAvCn-B",
2014-11-28 14:31:34.475 Checksum : "430e4a7f7e9fc3dc36a70c6e30a94909fe4f747446c2beaa1bcf9aa7cc6a8192",
2014-11-28 14:31:34.475 TimeStamp : "Fri Nov 28 06:30:56 2014"
2014-11-28 14:31:34.476 }
2014-11-28 14:31:34.476 {
2014-11-28 14:31:34.476 RecordID : "0000000000000003",
2014-11-28 14:31:34.476 ItemType : "1",
2014-11-28 14:31:34.476 Location : "C:\Users\Kevin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\",
2014-11-28 14:31:34.476 FileName : "428de01-22356c1f",
2014-11-28 14:31:34.476 ThreatName : "Mal/JNLP-A",
2014-11-28 14:31:34.476 Checksum : "40706d19280f11d56d68a20bb3294019a710b293a32947acf4d52b35d5173e1e",
2014-11-28 14:31:34.476 TimeStamp : "Fri Nov 28 06:31:01 2014"
2014-11-28 14:31:34.476 }
2014-11-28 14:31:34.476 {
2014-11-28 14:31:34.476 RecordID : "0000000000000004",
2014-11-28 14:31:34.476 ItemType : "1",
2014-11-28 14:31:34.476 Location : "C:\Users\Kevin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\",
2014-11-28 14:31:34.476 FileName : "49302a29-753427d9",
2014-11-28 14:31:34.476 ThreatName : "Mal/JNLP-A",
2014-11-28 14:31:34.476 Checksum : "ad48832aaf1264ef605dc2e49c92aee28608aee05d9500c21ddac31180ee5c9f",
2014-11-28 14:31:34.476 TimeStamp : "Fri Nov 28 06:31:01 2014"
2014-11-28 14:31:34.476 }
2014-11-28 14:31:34.477 {
2014-11-28 14:31:34.477 RecordID : "0000000000000005",
2014-11-28 14:31:34.477 ItemType : "1",
2014-11-28 14:31:34.477 Location : "C:\Users\Kevin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\",
2014-11-28 14:31:34.477 FileName : "5462e229-773c07e0",
2014-11-28 14:31:34.477 ThreatName : "Mal/JNLP-A",
2014-11-28 14:31:34.477 Checksum : "dc9c68486815be968558fe1af36a6194f7b391121bfcf8a7ca6214f6cae7b370",
2014-11-28 14:31:34.477 TimeStamp : "Fri Nov 28 06:31:01 2014"
2014-11-28 14:31:34.477 }
2014-11-28 14:31:34.477 {
2014-11-28 14:31:34.477 RecordID : "0000000000000006",
2014-11-28 14:31:34.477 ItemType : "1",
2014-11-28 14:31:34.477 Location : "C:\Users\Kevin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\",
2014-11-28 14:31:34.477 FileName : "41e92d2a-26dc9fed",
2014-11-28 14:31:34.477 ThreatName : "Mal/JNLP-A",
2014-11-28 14:31:34.477 Checksum : "4abc4866a6a7ff0ebda643d3fb5a40fd0c1f7b50906262b5a1d90c8b38eb7033",
2014-11-28 14:31:34.477 TimeStamp : "Fri Nov 28 06:31:01 2014"
2014-11-28 14:31:34.477 }
2014-11-28 14:31:34.477 {
2014-11-28 14:31:34.477 RecordID : "0000000000000007",
2014-11-28 14:31:34.478 ItemType : "1",
2014-11-28 14:31:34.478 Location : "C:\Users\Kevin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\",
2014-11-28 14:31:34.478 FileName : "2de400b7-61370f36",
2014-11-28 14:31:34.478 ThreatName : "Mal/JNLP-A",
2014-11-28 14:31:34.478 Checksum : "eadd6a2bbe99cc60b6b59bcbe2f45c6dbef8278862a563ebf126aecceae14a69",
2014-11-28 14:31:34.478 TimeStamp : "Fri Nov 28 06:31:01 2014"
2014-11-28 14:31:34.478 }
2014-11-28 14:31:34.478 {
2014-11-28 14:31:34.478 RecordID : "0000000000000008",
2014-11-28 14:31:34.478 ItemType : "1",
2014-11-28 14:31:34.478 Location : "C:\Users\Kevin\AppData\LocalLow\",
2014-11-28 14:31:34.478 FileName : "xgfubgq.dll",
2014-11-28 14:31:34.478 ThreatName : "Mal/Generic-S",
2014-11-28 14:31:34.478 Checksum : "fd792df2df0de3695276fe7c9ba795ab032fe47ccf6470904386c8e8cc0bd8f1",
2014-11-28 14:31:34.478 TimeStamp : "Fri Nov 28 06:31:28 2014"
2014-11-28 14:31:34.478 }
2014-11-28 14:35:22.151 Scan completed.
2014-11-28 14:35:22.151
------------------------------------------------------------
2014-11-28 18:41:24.198 Sophos Virus Removal Tool version 2.5.3
2014-11-28 18:41:24.198 Copyright (c) 2009-2014 Sophos Limited. All rights reserved.
2014-11-28 18:41:24.199 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.
2014-11-28 18:41:24.199 Windows version 6.0 SP 2.0 Service Pack 2 build 6002 SM=0x300 PT=0x1 WOW64
2014-11-28 18:41:24.199 Checking for updates...
2014-11-28 18:41:26.721 Update progress: proxy server not available
2014-11-28 18:42:06.253 Option all = no
2014-11-28 18:42:06.253 Option recurse = yes
2014-11-28 18:42:06.253 Option archive = no
2014-11-28 18:42:06.253 Option service = yes
2014-11-28 18:42:06.253 Option confirm = yes
2014-11-28 18:42:06.253 Option sxl = yes
2014-11-28 18:42:06.256 Option max-data-age = 35
2014-11-28 18:42:06.256 Option EnableSafeClean = yes
2014-11-28 18:42:06.405 Option vdl-logging = yes
2014-11-28 18:42:06.709 Component SVRTcli.exe version 2.5
2014-11-28 18:42:06.709 Component control.dll version 2.5
2014-11-28 18:42:06.709 Component SVRTservice.exe version 2.5
2014-11-28 18:42:06.709 Component engine\osdp.dll version 1.44.1.2171
2014-11-28 18:42:06.709 Component engine\veex.dll version 3.56.0.2171
2014-11-28 18:42:06.710 Component engine\savi.dll version 8.1.4.2171
2014-11-28 18:42:07.009 Component rkdisk.dll version 1.5.30.0
2014-11-28 18:42:07.010 Version info: Product version 2.5
2014-11-28 18:42:07.012 Version info: Detection engine 3.56.0
2014-11-28 18:42:07.012 Version info: Detection data 5.04G
2014-11-28 18:42:07.013 Version info: Build date 7/29/2014
2014-11-28 18:42:07.013 Version info: Data files added 1012
2014-11-28 18:42:07.013 Version info: Last successful update 11/27/2014 9:37:29 PM
2014-11-28 18:42:12.944 Downloading updates...
2014-11-28 18:42:12.945 Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0
2014-11-28 18:42:12.945 Update progress: [I49502] Found supplement SAVIW32 LATEST
2014-11-28 18:42:12.945 Update progress: [I49502] Found supplement IDE505 LATEST
2014-11-28 18:42:12.945 Update progress: [I49502] Found supplement IDE506 LATEST
2014-11-28 18:42:12.945 Update progress: [I49502] Found supplement IDE507 LATEST
2014-11-28 18:42:12.945 Update progress: [I49502] Found supplement IDE508 LATEST
2014-11-28 18:42:12.945 Update progress: [I49502] Found supplement IDE509 LATEST
2014-11-28 18:42:12.945 Update progress: [I49502] Found supplement IDE510 LATEST
2014-11-28 18:42:12.945 Update progress: [I49502] Found supplement IDE511 LATEST
2014-11-28 18:42:12.945 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
2014-11-28 18:42:12.945 Update progress: [I19463] Syncing product SAVIW32 46
2014-11-28 18:42:12.945 Update progress: [I19463] Syncing product IDE505 175
2014-11-28 18:42:20.572 Update progress: [I19463] Syncing product IDE506 201
2014-11-28 18:42:20.573 Update progress: [I19463] Syncing product IDE507 162
2014-11-28 18:42:20.573 Update progress: [I19463] Syncing product IDE508 184
2014-11-28 18:42:20.573 Update progress: [I19463] Syncing product IDE509 177
2014-11-28 18:42:20.573 Update progress: [I19463] Syncing product IDE510 119
2014-11-28 18:42:21.002 Installing updates...
2014-11-28 18:42:22.311 Update progress: [I19463] Syncing product IDE511 1
2014-11-28 18:42:22.449 Update successful
2014-11-28 18:42:37.316 Option all = no
2014-11-28 18:42:37.316 Option recurse = yes
2014-11-28 18:42:37.316 Option archive = no
2014-11-28 18:42:37.316 Option service = yes
2014-11-28 18:42:37.316 Option confirm = yes
2014-11-28 18:42:37.316 Option sxl = yes
2014-11-28 18:42:37.319 Option max-data-age = 35
2014-11-28 18:42:37.319 Option EnableSafeClean = yes
2014-11-28 18:42:37.407 Option vdl-logging = yes
2014-11-28 18:42:37.428 Component SVRTcli.exe version 2.5
2014-11-28 18:42:37.428 Component control.dll version 2.5
2014-11-28 18:42:37.428 Component SVRTservice.exe version 2.5
2014-11-28 18:42:37.428 Component engine\osdp.dll version 1.44.1.2171
2014-11-28 18:42:37.429 Component engine\veex.dll version 3.56.0.2171
2014-11-28 18:42:37.429 Component engine\savi.dll version 8.1.4.2171
2014-11-28 18:42:37.430 Component rkdisk.dll version 1.5.30.0
2014-11-28 18:42:37.430 Version info: Product version 2.5
2014-11-28 18:42:37.433 Version info: Detection engine 3.56.0
2014-11-28 18:42:37.433 Version info: Detection data 5.04G
2014-11-28 18:42:37.433 Version info: Build date 7/29/2014
2014-11-28 18:42:37.433 Version info: Data files added 1016
2014-11-28 18:42:37.433 Version info: Last successful update 11/28/2014 10:42:22 AM
2014-11-28 18:43:05.565 Scan completed.
2014-11-28 18:43:05.565
------------------------------------------------------------
2014-11-28 18:43:40.155 Sophos Virus Removal Tool version 2.5.3
2014-11-28 18:43:40.155 Copyright (c) 2009-2014 Sophos Limited. All rights reserved.
2014-11-28 18:43:40.155 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.
2014-11-28 18:43:40.155 Windows version 6.0 SP 2.0 Service Pack 2 build 6002 SM=0x300 PT=0x1 WOW64
2014-11-28 18:43:40.156 Checking for updates...
2014-11-28 18:43:42.653 Update progress: proxy server not available
2014-11-28 18:43:44.902 Update not required
2014-11-28 18:43:55.080 Option all = no
2014-11-28 18:43:55.080 Option recurse = yes
2014-11-28 18:43:55.080 Option archive = no
2014-11-28 18:43:55.080 Option service = yes
2014-11-28 18:43:55.080 Option confirm = yes
2014-11-28 18:43:55.080 Option sxl = yes
2014-11-28 18:43:55.083 Option max-data-age = 35
2014-11-28 18:43:55.083 Option EnableSafeClean = yes
2014-11-28 18:43:55.163 Option vdl-logging = yes
2014-11-28 18:43:55.170 Component SVRTcli.exe version 2.5
2014-11-28 18:43:55.170 Component control.dll version 2.5
2014-11-28 18:43:55.171 Component SVRTservice.exe version 2.5
2014-11-28 18:43:55.171 Component engine\osdp.dll version 1.44.1.2171
2014-11-28 18:43:55.171 Component engine\veex.dll version 3.56.0.2171
2014-11-28 18:43:55.171 Component engine\savi.dll version 8.1.4.2171
2014-11-28 18:43:55.172 Component rkdisk.dll version 1.5.30.0
2014-11-28 18:43:55.172 Version info: Product version 2.5
2014-11-28 18:43:55.175 Version info: Detection engine 3.56.0
2014-11-28 18:43:55.175 Version info: Detection data 5.04G
2014-11-28 18:43:55.175 Version info: Build date 7/29/2014
2014-11-28 18:43:55.175 Version info: Data files added 1016
2014-11-28 18:43:55.175 Version info: Last successful update 11/28/2014 10:42:22 AM
2014-11-28 18:44:38.626 Scan completed.
2014-11-28 18:44:38.626
-
November 28th, 2014, 09:19 PM
#33
Update Adobe Flash Player: http://get.adobe.com/flashplayer/
Make sure you UN-check Yes, install McAfee Security Scan Plus
NOTE 1: Beginning with Adobe Flash Version 11.3, the universal installer includes the 32-bit and 64-bit versions of the Flash Player.
NOTE 2: While installing make sure you UN-check any extra garbage which wants to install alongside.
=================================
Your computer is clean
1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.
Double-click Delfix.exe to start the tool.
Make sure the following items are checked:
- Activate UAC (optional; some users prefer to keep it off)
- Remove disinfection tools
- Create registry backup
- Purge System Restore
- Reset system settings
Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.
2. Make sure Windows Updates are current.
3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!
4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)
5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.
6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.
7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).
8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.
9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.
10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.
11. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tuto...r-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/foru.../#entry3187642
12. Please, let me know, how your computer is doing.
-
December 1st, 2014, 12:08 AM
#34
Again, thank you so much for the time spent helping with this, truly amazing! Computer is running pretty good, no real issues other than am unable to get the Windows updates to actually update. Said they have failed, seem to be alot of the .NET ones.
Other than that things seem to be in good shape.
-
December 1st, 2014, 12:20 AM
#35
In this forum, we make sure, your computer is free of malware and your computer is clean
Because the access to malware forum is very limited, your best option is to create new topic about your current issue, at Windows section.
You'll get more attention.
Good luck
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|