Trying to remove 'Dept of Justice' Trojan!

Carsus · Oct 9, 2013

Was not able to run the OTR or aswMBR scans as the Dept of Justice Trojan grabs screen the moment system is half-through loading.
Was not able to load Safe Mode originally, and stopped trying after loading Kaspersky Rescue (which is still running as I write this).

Was worried Windows was damaged at first but appears to load fine until DOJ takes over. All over internal devices appear fine.

Read with great interest Kuttus's posts to Pepper1 who appeared to have the same issue with hers, perhaps even the same virus?

Was actually going to follow Kuttus's advice but realize every situation is probably unique, so will wait to hear back before attempting anything else.
I deeply appreciate whatever help/advice you can offer. Many years ago ran into a similar problem and turned to a great organization called CastleCops (sadly now gone) that saved my.. um.. bacon that day))

Carsus

kuttus · Oct 9, 2013

Hi and welcome to the malwaretips.com forums!

I'm Kuttus and I am going to try to assist you with your problem. Please take note of the below:

I will start working on your malware issues, this may or may not, solve other issues you have with your machine.
The fixes are specific to your problem and should only be used for this issue on this machine!
The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
If you don't know, stop and ask! Don't keep going on.
Please reply to this thread. Do not start a new topic.
Refrain from running self fixes as this will hinder the malware removal process.
It may prove beneficial if you print of the following instructions or save them to notepad as I post them.

Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

Before we start:
Please be aware that removing malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.
<hr />

Hi Carsus,

May I know the Operating System you are using on the computer?

Carsus · Oct 10, 2013

Hi Kuttus,

Op system is Windows XP.

Here is interesting note: Kaspersky Rescue finally finished scanning at 5:00am this morning and found several instances of Trojan "Backdoor.win32.zaccess.eesd" plus an object named "KTOP/INSTALL/{DF38E91D.. }/", the full name being fairly long - both were successfully deleted. This is in addition to Trojan discovered yesterday, "HEUR Win32.generic", only quarantined by Kaspersky!

Waiting for your instructions before restarting system.

Thanks for help!

kuttus · Oct 10, 2013

Please print these instruction out so that you know what you are doing

Download OTLPENet.exe to your desktop
Download Farbar Recovery Scan Tool and save it to a flash drive.
Download List Parts and save it to the flash drive also.
Ensure that you have a blank CD in the drive
Double click OTLPENet.exe and this will then open imgburn to burn the file to CD
Reboot your system using the boot CD you just created.
Note If you do not know how to set your computer to boot from CD follow the steps here
Wait for the CD to detect your hardware and load the operating system
Your system should now display a Reatogo desktop
Note as you are running from CD it is not exactly speedy
Insert the USB with FRST
Locate the flash drive with FRST and double click
The tool will start to run.
When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
Next click List Parts and then click Scan
It will make a log Results.txt on the flash drive. Please copy and paste it to your reply.

Carsus · Oct 10, 2013

Thank you, Kuttus! .
Will start working on it now.

kuttus · Oct 10, 2013

Okay. Let me know when you are ready..

Carsus · Oct 11, 2013

File created by FRST:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-10-2013
Ran by SYSTEM on REATOGO on 11-10-2013 10:17:15
Running from D:\
Microsoft Windows XP (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDCPL] - C:\Windows\RTHDCPL.EXE [16858624 2007-11-30] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Alcmtr] - C:\Windows\ALCMTR.EXE [69632 2005-05-03] (Realtek Semiconductor Corp.)
HKLM\...\Run: [UpdateLBPShortCut] - C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2008-02-21] (CyberLink Corp.)
HKLM\...\Run: [CLMLServer] - C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe [104936 2008-07-18] (CyberLink)
HKLM\...\Run: [UpdateP2GoShortCut] - C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [210216 2008-09-24] (CyberLink Corp.)
HKLM\...\Run: [UpdatePPShortCut] - C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.)
HKLM\...\Run: [UpdatePSTShortCut] - C:\Program Files\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe [210216 2008-10-20] (CyberLink Corp.)
HKLM\...\Run: [nwiz] - C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [1657376 2009-08-06] ()
HKLM\...\Run: [NvMediaCenter] - RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [Nikon Transfer Monitor] - C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe [479232 2009-05-29] (Nikon Corporation)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] - C:\Windows\KHALMNPR.EXE [55824 2009-06-17] (Logitech, Inc.)
HKLM\...\Run: [BDRegion] - C:\Program Files\Cyberlink\Shared Files\brs.exe [75048 2009-09-04] (cyberlink)
HKLM\...\Run: [RemoteControl] - C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [87336 2009-04-16] (Cyberlink Corp.)
HKLM\...\Run: [LanguageShortcut] - C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [62760 2009-04-16] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [SwitchBoard] - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS5ServiceManager] - C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [402432 2010-07-22] (Adobe Systems Incorporated)
HKLM\...\Run: [AppleSyncNotifier] - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-11-02] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [UserFaultCheck] - %systemroot%\system32\dumprep 0 -u
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [Nikon Message Center 2] - C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe [571392 2011-10-30] (Nikon Corporation)
HKLM\...\Run: [mcui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [1278064 2013-03-13] (McAfee, Inc.)
HKLM\...\Run: [LWS] - C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\qttask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [WindowsInfo] - "C:\Documents and Settings\B. J. Buchanan\Templates\WindowsInfo.exe"
HKLM\...\Run: [KernelFaultCheck] - %systemroot%\system32\dumprep 0 -k
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\B. J. Buchanan\...\Run: [LightScribe Control Panel] - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [ 2008-07-30] (Hewlett-Packard Company)
HKU\B. J. Buchanan\...\Run: [NortonUpdateAgent] - C:\Documents and Settings\All Users\Application Data\Norton\NUA.exe [ 2011-04-05] (Symantec Corporation)
HKU\B. J. Buchanan\...\Run: [AdobeBridge] - [x]
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logo Calibration Loader.lnk
ShortcutTarget: Logo Calibration Loader.lnk -> C:\Program Files\GretagMacbeth\i1\Eye-One Match 3\CalibrationLoader\CalibrationLoader.exe (LOGO Kommunikations- und Drucktechnik GmbH & Co. KG)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microtek Scanner Finder.lnk
ShortcutTarget: Microtek Scanner Finder.lnk -> C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe ()
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ProfileReminder.lnk
ShortcutTarget: ProfileReminder.lnk -> C:\Program Files\GretagMacbeth\i1\Eye-One Match 3\ProfileReminder.exe (LOGO Kommunikations- und Drucktechnik GmbH & Co. KG)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
ShortcutTarget: Windows Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\WINDOWS\system32\CbFsMntNtf3.dll (EldoS Corporation)

========================== Services (Whitelisted) =================

S2 CCALib8; C:\Program Files\Canon\CAL\CALMAIN.exe [96370 2007-01-31] (Canon Inc.)
S2 mcmscsvc; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)
S2 McNaiAnn; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)
S2 McNASvc; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [279048 2012-11-16] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)
S2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [203840 2013-02-19] (McAfee, Inc.)
S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [169320 2013-02-19] (McAfee, Inc.)
S2 mfevtp; C:\WINDOWS\system32\mfevtps.exe [172416 2013-02-19] (McAfee, Inc.)
S3 OKI OPHC DCS Loader; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\OPHCLDCS.EXE [24576 2005-05-10] (Oki Data Corporation)
S2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf"

==================== Drivers (Whitelisted) ====================

S1 cbfs3; C:\WINDOWS\system32\drivers\cbfs3.sys [296592 2011-11-04] (EldoS Corporation)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [60920 2013-02-19] (McAfee, Inc.)
S0 CLBStor; C:\Windows\System32\Drivers\CLBStor.sys [10368 2008-10-20] (Cyberlink Co.,Ltd.)
S2 CLBUDFR; C:\Windows\System32\Drivers\CLBUDFR.sys [154368 2008-10-20] (CyberLink Corporation.)
S3 eyeonedp; C:\Windows\System32\DRIVERS\eyeonedp.sys [44344 2003-11-27] ()
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [133416 2013-02-19] (McAfee, Inc.)
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [235264 2013-02-19] (McAfee, Inc.)
S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [65928 2013-02-19] (McAfee, Inc.)
S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [363080 2013-02-19] (McAfee, Inc.)
S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [565888 2013-02-19] (McAfee, Inc.)
S3 mfendisk; C:\Windows\System32\DRIVERS\mfendisk.sys [84904 2013-02-19] (McAfee, Inc.)
S3 mfendiskmp; C:\Windows\System32\DRIVERS\mfendisk.sys [84904 2013-02-19] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [92632 2013-02-19] (McAfee, Inc.)
S1 mfetdi2k; C:\Windows\System32\drivers\mfetdi2k.sys [91640 2013-02-19] (McAfee, Inc.)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
S2 PDIHWCTL; C:\WINDOWS\system32\drivers\pdihwctl.sys [14416 2006-05-11] (Portrait Displays, Inc.)
S3 yukonwxp; C:\Windows\System32\DRIVERS\yk51x86.sys [285824 2007-11-29] (Marvell)
S2 {95808DC4-FA4A-4C74-92FE-5B863F82066B}; C:\Program Files\CyberLink\PowerDVD\000.fcl [87536 2009-09-04] (CyberLink Corp.)
S2 ASPI32; No ImagePath
S4 IntelIde; No ImagePath
S1 WS2IFSL;

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-10-11 10:17 - 2013-10-11 10:17 - 00000000 ____D C:\FRST
2013-10-09 14:32 - 2013-10-09 14:32 - 00090112 _____ C:\Windows\Minidump\Mini100913-03.dmp
2013-10-09 09:51 - 2013-10-09 09:51 - 00090112 _____ C:\Windows\Minidump\Mini100913-02.dmp
2013-10-09 09:48 - 2013-10-09 09:47 - 00090112 _____ C:\Windows\Minidump\Mini100913-01.dmp
2013-10-09 09:47 - 2013-10-09 14:32 - 00000000 ____D C:\Windows\Minidump
2013-10-09 05:43 - 2013-10-09 05:43 - 00000294 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Odessa_Mermaid Tamara I am cheerful person and I had no day in my l....url
2013-10-09 02:59 - 2013-10-09 02:59 - 00000000 __SHD C:\found.000
2013-10-08 22:06 - 2013-10-11 05:04 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0
2013-10-08 08:31 - 2013-10-08 08:31 - 00000280 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Yulia, age 25, Nikolayev - Jump4love.url
2013-10-08 08:31 - 2013-10-08 08:31 - 00000280 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Natalia, age 30, Nikolaev - Jump4love.url
2013-10-07 14:57 - 2013-10-07 14:57 - 00000234 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Sexy milfs, horny moms, hot housewives, mature pussy closeups, milf sex, sexy mom porn @ 40 Something Magazine free gallery (2).url
2013-10-07 14:57 - 2013-10-07 14:57 - 00000204 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Arkida karups private collection, karup teens, kpc, amateurs @ KarupsPCx Arkida.url
2013-10-07 14:56 - 2013-10-07 14:56 - 00000276 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Cornelia » Mature Housewives » mature women, sexy milfs, housewives from All Over 30 » Gallery Index.url
2013-10-07 14:56 - 2013-10-07 14:56 - 00000228 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Chrissy - » Amateurs » karups hometown amateurs, karupsha, real amateur teens Gallery Index.url
2013-10-07 14:56 - 2013-10-07 14:56 - 00000218 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Lori » Amateurs » karups hometown amateurs, karupsha, real amateur teens Gallery Index.url
2013-10-07 14:56 - 2013-10-07 14:56 - 00000202 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Nessa-bj- karups private collection, karup teens, kpc, amateurs @ KarupsPCx Nessa-bj- (2).url
2013-10-07 14:55 - 2013-10-07 14:55 - 00000592 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Brooke » Amateurs » karups hometown amateurs, karupsha, real amateur teens Gallery Index (2).url
2013-10-07 14:55 - 2013-10-07 14:55 - 00000216 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Ivy » Amateurs » karups hometown amateurs, karupsha, real amateur teens Gallery Index.url
2013-10-07 14:08 - 2013-10-07 14:08 - 00000306 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Miss_Universe Anna I am romantic and kind person. I like sweets ....url
2013-10-07 14:08 - 2013-10-07 14:08 - 00000306 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Laila_Arafel Aliona From the first sight at me you will realize t....url
2013-10-06 10:25 - 2013-10-06 10:25 - 00000277 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Olga, age 35, Kiev - Jump4love.url
2013-10-06 10:24 - 2013-10-06 10:24 - 00000280 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Svetlana, age 38, Odessa - Jump4love.url
2013-10-06 10:24 - 2013-10-06 10:24 - 00000277 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Ludmila, age 27, Nikolaev - Jump4love.url
2013-10-05 12:48 - 2013-10-05 12:48 - 00000280 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Irina, age 28, Nikolaev - Jump4love.url
2013-10-05 12:48 - 2013-10-05 12:48 - 00000277 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Vicktoriya, age 24, Nikolaev - Jump4love.url
2013-10-05 12:48 - 2013-10-05 12:48 - 00000277 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Valeria, age 27, Nikolaev - Jump4love (2).url
2013-10-05 12:47 - 2013-10-05 12:47 - 00000280 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Yana , age 20, Smila - Jump4love.url
2013-10-05 12:47 - 2013-10-05 12:47 - 00000280 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Elena, age 26, Kharkov - Jump4love.url
2013-10-05 12:45 - 2013-10-05 12:45 - 00000280 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Tonya, age 20, Nikolaev - Jump4love.url
2013-10-05 12:45 - 2013-10-05 12:45 - 00000280 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Irina, age 34, Nikolaev - Jump4love.url
2013-10-05 12:45 - 2013-10-05 12:45 - 00000280 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Aliona, age 22, Nikolayev - Jump4love.url
2013-10-02 06:36 - 2013-10-02 06:36 - 00000280 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Julia, age 21, Kyiv - Jump4love.url
2013-10-01 15:58 - 2013-10-01 15:58 - 00000847 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Hard teen dick stretches a lovely mature pussy in a wild #####ing session. ##### Moms Around..url
2013-10-01 15:58 - 2013-10-01 15:58 - 00000487 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Sex-starved mature wife lets her lover come out and give her good pounding. Boys Love Matures..url
2013-10-01 15:58 - 2013-10-01 15:58 - 00000483 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Sassy big titted mature dildo drilling hairy hole. Older Woman Sex..url
2013-09-29 21:42 - 2013-09-29 21:42 - 00000184 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Juliya, age 21, Sumy - Jump4love.url
2013-09-29 21:41 - 2013-09-29 21:41 - 00000280 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Yulia, age 21, Kharkov - Jump4love.url
2013-09-29 21:41 - 2013-09-29 21:41 - 00000280 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Victoria, age 25, Kharkov - Jump4love.url
2013-09-29 21:41 - 2013-09-29 21:41 - 00000280 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Maria, age 20, Nikolaev - Jump4love.url
2013-09-29 21:41 - 2013-09-29 21:41 - 00000184 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Svetlana, age 22, Kyiv - Jump4love.url
2013-09-29 21:41 - 2013-09-29 21:41 - 00000184 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Anastasiya, age 19, Varvarovka - Jump4love.url
2013-09-29 21:40 - 2013-09-29 21:40 - 00000280 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Yana, age 19, Nikolaev - Jump4love.url
2013-09-29 21:40 - 2013-09-29 21:40 - 00000280 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Ekaterina, age 18, Nikopol - Jump4love.url
2013-09-29 21:40 - 2013-09-29 21:40 - 00000280 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Diana, age 20, Zaporozhye - Jump4love.url
2013-09-29 21:40 - 2013-09-29 21:40 - 00000277 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Marina, age 21, Nikolaev - Jump4love.url
2013-09-29 21:39 - 2013-09-29 21:39 - 00000280 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Victoria, age 22, Nikopol - Jump4love.url
2013-09-27 13:39 - 2013-09-27 13:39 - 00000184 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Oksana, age 23, Nikolaev - Jump4love.url
2013-09-27 13:39 - 2013-09-27 13:39 - 00000184 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Anna, age 24, Kharkov - Jump4love (2).url
2013-09-24 17:02 - 2013-09-24 17:02 - 00000184 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Irina, age 21, Kremenchug - Jump4love.url
2013-09-24 17:01 - 2013-09-24 17:01 - 00000184 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Ekaterina, age 26, Dnepropetrovsk - Jump4love.url
2013-09-24 17:01 - 2013-09-24 17:01 - 00000184 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Anastasia, age 23, Kherson - Jump4love.url
2013-09-24 17:00 - 2013-09-24 17:00 - 00000184 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Natalia, age 25, Odessa - Jump4love.url
2013-09-24 16:32 - 2013-09-24 16:32 - 00000184 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Victoria, age 19, Nikolaev - Jump4love.url
2013-09-24 16:32 - 2013-09-24 16:32 - 00000182 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Julia, age 20, Nikolaev - Jump4love.url
2013-09-24 06:03 - 2013-09-24 06:03 - 00000184 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Olga, age 22, Voznesensk - Jump4love.url
2013-09-23 10:13 - 2013-09-23 10:13 - 00000184 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Elena, age 24, Kiev - Jump4love.url
2013-09-23 10:13 - 2013-09-23 10:13 - 00000184 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Elena , age 20, Kherson - Jump4love.url
2013-09-22 09:40 - 2013-09-22 09:40 - 00000184 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Tatiana, age 21, Yalta,Gurzuf - Jump4love.url
2013-09-22 09:40 - 2013-09-22 09:40 - 00000184 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Anna, age 21, Kherson - Jump4love.url
2013-09-22 09:40 - 2013-09-22 09:40 - 00000184 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Anastasia, age 20, Slavyansk - Jump4love.url
2013-09-22 09:40 - 2013-09-22 09:40 - 00000182 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Elena, age 31, Nikolaev - Jump4love.url
2013-09-22 09:39 - 2013-09-22 09:39 - 00000184 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Valeria, age 20, Odessa - Jump4love.url
2013-09-21 09:12 - 2013-09-21 09:12 - 00000182 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Tatyana, age 25, Simferopol - Jump4love.url
2013-09-21 09:11 - 2013-09-21 09:11 - 00000184 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Anna, age 25, Poltava - Jump4love.url
2013-09-21 09:11 - 2013-09-21 09:11 - 00000184 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Anastasia, age 19, Nikopol - Jump4love.url
2013-09-21 09:11 - 2013-09-21 09:11 - 00000184 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Alena, age 19, Nikolaev - Jump4love.url
2013-09-21 09:10 - 2013-09-21 09:10 - 00000184 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Julia, age 18, Nikolaev - Jump4love.url
2013-09-21 09:10 - 2013-09-21 09:10 - 00000184 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Ekaterina, age 21, Cherkassy - Jump4love.url
2013-09-21 09:10 - 2013-09-21 09:10 - 00000182 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Oksana, age 33, Kherson - Jump4love.url
2013-09-21 09:10 - 2013-09-21 09:10 - 00000182 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Evgenia, age 27, Mariupol - Jump4love.url
2013-09-21 09:09 - 2013-09-21 09:09 - 00000184 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Victoria, age 25, Nikolaev - Jump4love.url
2013-09-21 09:09 - 2013-09-21 09:09 - 00000184 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Karina, age 21, Poltava - Jump4love.url
2013-09-21 09:09 - 2013-09-21 09:09 - 00000184 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Anna, age 24, Hmelnitskiy - Jump4love.url
2013-09-21 09:09 - 2013-09-21 09:09 - 00000182 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Natalya, age 26, Nikolaev - Jump4love.url
2013-09-21 09:09 - 2013-09-21 09:09 - 00000182 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Elena, age 26, Nikolaev - Jump4love.url
2013-09-21 09:08 - 2013-09-21 09:08 - 00000184 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Margarita, age 20, Kharkov - Jump4love.url
2013-09-21 09:08 - 2013-09-21 09:08 - 00000184 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Julia, age 26, Kremenchug - Jump4love.url
2013-09-21 09:07 - 2013-09-21 09:07 - 00000184 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Irina, age 27, Nikolaev - Jump4love.url
2013-09-21 09:07 - 2013-09-21 09:07 - 00000184 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Inna, age 24, Nikolaev - Jump4love.url
2013-09-21 09:07 - 2013-09-21 09:07 - 00000184 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Daria, age 19, Nikolaev - Jump4love.url
2013-09-21 09:07 - 2013-09-21 09:07 - 00000184 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Bozjena, age 22, Odessa - Jump4love.url
2013-09-21 09:07 - 2013-09-21 09:07 - 00000184 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Alina, age 21, Kherson - Jump4love.url
2013-09-21 09:00 - 2013-09-21 09:00 - 00000184 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Karina, age 20, Nikolaev - Jump4love.url
2013-09-21 09:00 - 2013-09-21 09:00 - 00000182 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Valeria, age 27, Nikolaev - Jump4love.url
2013-09-21 08:59 - 2013-09-21 08:59 - 00000184 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Olga, age 23, Poltava - Jump4love.url
2013-09-21 08:59 - 2013-09-21 08:59 - 00000184 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Olga , age 28, Nikolaev - Jump4love.url
2013-09-21 08:59 - 2013-09-21 08:59 - 00000184 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Anna, age 24, Kharkov - Jump4love.url
2013-09-21 08:59 - 2013-09-21 08:59 - 00000182 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Julia, age 21, Poltava - Jump4love.url

==================== One Month Modified Files and Folders =======

2013-10-11 10:17 - 2013-10-11 10:17 - 00000000 ____D C:\FRST
2013-10-11 05:04 - 2013-10-08 22:06 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0
2013-10-09 14:34 - 2010-01-01 16:15 - 01040182 _____ C:\Windows\setupapi.log
2013-10-09 14:33 - 2010-01-01 16:19 - 00000159 _____ C:\Windows\wiadebug.log
2013-10-09 14:33 - 2008-04-14 08:00 - 00000617 _____ C:\Windows\win.ini
2013-10-09 14:32 - 2013-10-09 14:32 - 00090112 _____ C:\Windows\Minidump\Mini100913-03.dmp
2013-10-09 14:32 - 2013-10-09 09:47 - 00000000 ____D C:\Windows\Minidump
2013-10-09 09:51 - 2013-10-09 09:51 - 00090112 _____ C:\Windows\Minidump\Mini100913-02.dmp
2013-10-09 09:47 - 2013-10-09 09:48 - 00090112 _____ C:\Windows\Minidump\Mini100913-01.dmp
2013-10-09 09:47 - 2010-09-18 20:51 - 00000000 ____D C:\Program Files\Google
2013-10-09 09:47 - 2010-09-18 20:51 - 00000000 ____D C:\Documents and Settings\B. J. Buchanan\Local Settings\Application Data\Google
2013-10-09 05:43 - 2013-10-09 05:43 - 00000294 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Odessa_Mermaid Tamara I am cheerful person and I had no day in my l....url
2013-10-09 03:12 - 2010-01-01 21:35 - 00032438 _____ C:\Windows\SchedLgU.Txt
2013-10-09 03:03 - 2010-01-01 21:31 - 01377957 _____ C:\Windows\WindowsUpdate.log
2013-10-09 03:03 - 2010-01-01 16:19 - 00000049 _____ C:\Windows\wiaservc.log
2013-10-09 03:02 - 2009-08-06 10:44 - 00248739 _____ C:\Windows\System32\NvApps.xml
2013-10-09 03:02 - 2008-04-14 08:00 - 00013646 _____ C:\Windows\System32\wpa.dbl
2013-10-09 02:59 - 2013-10-09 02:59 - 00000000 __SHD C:\found.000
2013-10-08 09:16 - 2010-09-13 14:19 - 00126464 _____ C:\Documents and Settings\B. J. Buchanan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-10-08 08:31 - 2013-10-08 08:31 - 00000280 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Yulia, age 25, Nikolayev - Jump4love.url
2013-10-08 08:31 - 2013-10-08 08:31 - 00000280 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Natalia, age 30, Nikolaev - Jump4love.url
2013-10-07 14:57 - 2013-10-07 14:57 - 00000234 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Sexy milfs, horny moms, hot housewives, mature pussy closeups, milf sex, sexy mom porn @ 40 Something Magazine free gallery (2).url
2013-10-07 14:57 - 2013-10-07 14:57 - 00000204 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Arkida karups private collection, karup teens, kpc, amateurs @ KarupsPCx Arkida.url
2013-10-07 14:56 - 2013-10-07 14:56 - 00000276 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Cornelia » Mature Housewives » mature women, sexy milfs, housewives from All Over 30 » Gallery Index.url
2013-10-07 14:56 - 2013-10-07 14:56 - 00000228 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Chrissy - » Amateurs » karups hometown amateurs, karupsha, real amateur teens Gallery Index.url
2013-10-07 14:56 - 2013-10-07 14:56 - 00000218 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Lori » Amateurs » karups hometown amateurs, karupsha, real amateur teens Gallery Index.url
2013-10-07 14:56 - 2013-10-07 14:56 - 00000202 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Nessa-bj- karups private collection, karup teens, kpc, amateurs @ KarupsPCx Nessa-bj- (2).url
2013-10-07 14:55 - 2013-10-07 14:55 - 00000592 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Brooke » Amateurs » karups hometown amateurs, karupsha, real amateur teens Gallery Index (2).url
2013-10-07 14:55 - 2013-10-07 14:55 - 00000216 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Ivy » Amateurs » karups hometown amateurs, karupsha, real amateur teens Gallery Index.url
2013-10-07 14:08 - 2013-10-07 14:08 - 00000306 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Miss_Universe Anna I am romantic and kind person. I like sweets ....url
2013-10-07 14:08 - 2013-10-07 14:08 - 00000306 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Laila_Arafel Aliona From the first sight at me you will realize t....url
2013-10-06 10:25 - 2013-10-06 10:25 - 00000277 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Olga, age 35, Kiev - Jump4love.url
2013-10-06 10:24 - 2013-10-06 10:24 - 00000280 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Svetlana, age 38, Odessa - Jump4love.url
2013-10-06 10:24 - 2013-10-06 10:24 - 00000277 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Ludmila, age 27, Nikolaev - Jump4love.url
2013-10-05 12:48 - 2013-10-05 12:48 - 00000280 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Irina, age 28, Nikolaev - Jump4love.url
2013-10-05 12:48 - 2013-10-05 12:48 - 00000277 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Vicktoriya, age 24, Nikolaev - Jump4love.url
2013-10-05 12:48 - 2013-10-05 12:48 - 00000277 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Valeria, age 27, Nikolaev - Jump4love (2).url
2013-10-05 12:47 - 2013-10-05 12:47 - 00000280 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Yana , age 20, Smila - Jump4love.url
2013-10-05 12:47 - 2013-10-05 12:47 - 00000280 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Elena, age 26, Kharkov - Jump4love.url
2013-10-05 12:45 - 2013-10-05 12:45 - 00000280 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Tonya, age 20, Nikolaev - Jump4love.url
2013-10-05 12:45 - 2013-10-05 12:45 - 00000280 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Irina, age 34, Nikolaev - Jump4love.url
2013-10-05 12:45 - 2013-10-05 12:45 - 00000280 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Aliona, age 22, Nikolayev - Jump4love.url
2013-10-04 19:10 - 2010-09-18 20:53 - 00001813 _____ C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2013-10-04 14:09 - 2010-01-12 22:08 - 00017476 _____ C:\Windows\System32\OPC3200N.cah
2013-10-03 12:49 - 2010-01-07 22:00 - 00000020 ____H C:\Documents and Settings\All Users\Application Data\PKP_DLbx.DAT
2013-10-02 06:36 - 2013-10-02 06:36 - 00000280 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Julia, age 21, Kyiv - Jump4love.url
2013-10-01 15:58 - 2013-10-01 15:58 - 00000847 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Hard teen dick stretches a lovely mature pussy in a wild #####ing session. ##### Moms Around..url
2013-10-01 15:58 - 2013-10-01 15:58 - 00000487 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Sex-starved mature wife lets her lover come out and give her good pounding. Boys Love Matures..url
2013-10-01 15:58 - 2013-10-01 15:58 - 00000483 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Sassy big titted mature dildo drilling hairy hole. Older Woman Sex..url
2013-09-30 05:42 - 2010-01-01 22:06 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-09-29 21:42 - 2013-09-29 21:42 - 00000184 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Juliya, age 21, Sumy - Jump4love.url
2013-09-29 21:41 - 2013-09-29 21:41 - 00000280 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Yulia, age 21, Kharkov - Jump4love.url
2013-09-29 21:41 - 2013-09-29 21:41 - 00000280 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Victoria, age 25, Kharkov - Jump4love.url
2013-09-29 21:41 - 2013-09-29 21:41 - 00000280 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Maria, age 20, Nikolaev - Jump4love.url
2013-09-29 21:41 - 2013-09-29 21:41 - 00000184 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Svetlana, age 22, Kyiv - Jump4love.url
2013-09-29 21:41 - 2013-09-29 21:41 - 00000184 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Anastasiya, age 19, Varvarovka - Jump4love.url
2013-09-29 21:40 - 2013-09-29 21:40 - 00000280 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Yana, age 19, Nikolaev - Jump4love.url
2013-09-29 21:40 - 2013-09-29 21:40 - 00000280 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Ekaterina, age 18, Nikopol - Jump4love.url
2013-09-29 21:40 - 2013-09-29 21:40 - 00000280 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Diana, age 20, Zaporozhye - Jump4love.url
2013-09-29 21:40 - 2013-09-29 21:40 - 00000277 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Marina, age 21, Nikolaev - Jump4love.url
2013-09-29 21:39 - 2013-09-29 21:39 - 00000280 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Victoria, age 22, Nikopol - Jump4love.url
2013-09-27 13:39 - 2013-09-27 13:39 - 00000184 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Oksana, age 23, Nikolaev - Jump4love.url
2013-09-27 13:39 - 2013-09-27 13:39 - 00000184 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Anna, age 24, Kharkov - Jump4love (2).url
2013-09-24 17:02 - 2013-09-24 17:02 - 00000184 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Irina, age 21, Kremenchug - Jump4love.url
2013-09-24 17:01 - 2013-09-24 17:01 - 00000184 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Ekaterina, age 26, Dnepropetrovsk - Jump4love.url
2013-09-24 17:01 - 2013-09-24 17:01 - 00000184 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Anastasia, age 23, Kherson - Jump4love.url
2013-09-24 17:00 - 2013-09-24 17:00 - 00000184 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Natalia, age 25, Odessa - Jump4love.url
2013-09-24 16:32 - 2013-09-24 16:32 - 00000184 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Victoria, age 19, Nikolaev - Jump4love.url
2013-09-24 16:32 - 2013-09-24 16:32 - 00000182 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Julia, age 20, Nikolaev - Jump4love.url
2013-09-24 06:03 - 2013-09-24 06:03 - 00000184 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Olga, age 22, Voznesensk - Jump4love.url
2013-09-23 10:13 - 2013-09-23 10:13 - 00000184 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Elena, age 24, Kiev - Jump4love.url
2013-09-23 10:13 - 2013-09-23 10:13 - 00000184 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Elena , age 20, Kherson - Jump4love.url
2013-09-22 09:40 - 2013-09-22 09:40 - 00000184 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Tatiana, age 21, Yalta,Gurzuf - Jump4love.url
2013-09-22 09:40 - 2013-09-22 09:40 - 00000184 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Anna, age 21, Kherson - Jump4love.url
2013-09-22 09:40 - 2013-09-22 09:40 - 00000184 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Anastasia, age 20, Slavyansk - Jump4love.url
2013-09-22 09:40 - 2013-09-22 09:40 - 00000182 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Elena, age 31, Nikolaev - Jump4love.url
2013-09-22 09:39 - 2013-09-22 09:39 - 00000184 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Valeria, age 20, Odessa - Jump4love.url
2013-09-21 09:12 - 2013-09-21 09:12 - 00000182 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Tatyana, age 25, Simferopol - Jump4love.url
2013-09-21 09:11 - 2013-09-21 09:11 - 00000184 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Anna, age 25, Poltava - Jump4love.url
2013-09-21 09:11 - 2013-09-21 09:11 - 00000184 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Anastasia, age 19, Nikopol - Jump4love.url
2013-09-21 09:11 - 2013-09-21 09:11 - 00000184 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Alena, age 19, Nikolaev - Jump4love.url
2013-09-21 09:10 - 2013-09-21 09:10 - 00000184 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Julia, age 18, Nikolaev - Jump4love.url
2013-09-21 09:10 - 2013-09-21 09:10 - 00000184 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Ekaterina, age 21, Cherkassy - Jump4love.url
2013-09-21 09:10 - 2013-09-21 09:10 - 00000182 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Oksana, age 33, Kherson - Jump4love.url
2013-09-21 09:10 - 2013-09-21 09:10 - 00000182 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Evgenia, age 27, Mariupol - Jump4love.url
2013-09-21 09:09 - 2013-09-21 09:09 - 00000184 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Victoria, age 25, Nikolaev - Jump4love.url
2013-09-21 09:09 - 2013-09-21 09:09 - 00000184 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Karina, age 21, Poltava - Jump4love.url
2013-09-21 09:09 - 2013-09-21 09:09 - 00000184 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Anna, age 24, Hmelnitskiy - Jump4love.url
2013-09-21 09:09 - 2013-09-21 09:09 - 00000182 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Natalya, age 26, Nikolaev - Jump4love.url
2013-09-21 09:09 - 2013-09-21 09:09 - 00000182 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Elena, age 26, Nikolaev - Jump4love.url
2013-09-21 09:08 - 2013-09-21 09:08 - 00000184 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Margarita, age 20, Kharkov - Jump4love.url
2013-09-21 09:08 - 2013-09-21 09:08 - 00000184 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Julia, age 26, Kremenchug - Jump4love.url
2013-09-21 09:07 - 2013-09-21 09:07 - 00000184 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Irina, age 27, Nikolaev - Jump4love.url
2013-09-21 09:07 - 2013-09-21 09:07 - 00000184 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Inna, age 24, Nikolaev - Jump4love.url
2013-09-21 09:07 - 2013-09-21 09:07 - 00000184 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Daria, age 19, Nikolaev - Jump4love.url
2013-09-21 09:07 - 2013-09-21 09:07 - 00000184 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Bozjena, age 22, Odessa - Jump4love.url
2013-09-21 09:07 - 2013-09-21 09:07 - 00000184 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Alina, age 21, Kherson - Jump4love.url
2013-09-21 09:00 - 2013-09-21 09:00 - 00000184 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Karina, age 20, Nikolaev - Jump4love.url
2013-09-21 09:00 - 2013-09-21 09:00 - 00000182 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Valeria, age 27, Nikolaev - Jump4love.url
2013-09-21 08:59 - 2013-09-21 08:59 - 00000184 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Olga, age 23, Poltava - Jump4love.url
2013-09-21 08:59 - 2013-09-21 08:59 - 00000184 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Olga , age 28, Nikolaev - Jump4love.url
2013-09-21 08:59 - 2013-09-21 08:59 - 00000184 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Anna, age 24, Kharkov - Jump4love.url
2013-09-21 08:59 - 2013-09-21 08:59 - 00000182 _____ C:\Documents and Settings\B. J. Buchanan\Desktop\Julia, age 21, Poltava - Jump4love.url
2013-09-19 19:50 - 2012-06-27 08:41 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-09-19 19:50 - 2012-06-27 08:41 - 00071048 ____C (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl

ZeroAccess:
C:\Windows\assembly\GAC\Desktop.ini

Files to move or delete:
====================
ZeroAccess:
C:\Documents and Settings\B. J. Buchanan\Local Settings\Application Data\Google\Desktop\Install
ZeroAccess:
C:\Program Files\Google\Desktop\Install

Some content of TEMP:
====================
C:\Documents and Settings\B. J. Buchanan\Local Settings\Temp\jre-7u13-windows-i586-iftw.exe
C:\Documents and Settings\B. J. Buchanan\Local Settings\Temp\jre-7u17-windows-i586-iftw.exe
C:\Documents and Settings\B. J. Buchanan\Local Settings\Temp\jre-7u21-windows-i586-iftw.exe
C:\Documents and Settings\B. J. Buchanan\Local Settings\Temp\jre-7u25-windows-i586-iftw.exe
C:\Documents and Settings\B. J. Buchanan\Local Settings\Temp\jre-7u9-windows-i586-iftw.exe
C:\Documents and Settings\B. J. Buchanan\Local Settings\Temp\ose00000.exe
C:\Documents and Settings\B. J. Buchanan\Local Settings\Temp\setup_wm.exe

==================== Known DLLs (Whitelisted) ============

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points (XP) =====================

RP: -> 2013-10-08 18:22 - 020480 _restore{7A310BF1-C477-4B07-A4A6-1AD546608259}\RP1272

RP: -> 2013-10-07 17:11 - 020480 _restore{7A310BF1-C477-4B07-A4A6-1AD546608259}\RP1271

RP: -> 2013-10-06 16:04 - 020480 _restore{7A310BF1-C477-4B07-A4A6-1AD546608259}\RP1270

RP: -> 2013-10-05 14:16 - 020480 _restore{7A310BF1-C477-4B07-A4A6-1AD546608259}\RP1269

RP: -> 2013-10-04 13:29 - 020480 _restore{7A310BF1-C477-4B07-A4A6-1AD546608259}\RP1268

RP: -> 2013-10-03 13:24 - 020480 _restore{7A310BF1-C477-4B07-A4A6-1AD546608259}\RP1267

RP: -> 2013-10-02 13:11 - 020480 _restore{7A310BF1-C477-4B07-A4A6-1AD546608259}\RP1266

RP: -> 2013-10-01 12:46 - 020480 _restore{7A310BF1-C477-4B07-A4A6-1AD546608259}\RP1265

RP: -> 2013-09-30 12:44 - 020480 _restore{7A310BF1-C477-4B07-A4A6-1AD546608259}\RP1264

RP: -> 2013-09-29 10:58 - 020480 _restore{7A310BF1-C477-4B07-A4A6-1AD546608259}\RP1263

RP: -> 2013-10-28 23:42 - 020480 _restore{7A310BF1-C477-4B07-A4A6-1AD546608259}\RP1262

RP: -> 2013-09-28 05:36 - 020480 _restore{7A310BF1-C477-4B07-A4A6-1AD546608259}\RP1261

RP: -> 2013-09-27 04:37 - 020480 _restore{7A310BF1-C477-4B07-A4A6-1AD546608259}\RP1260

RP: -> 2013-09-26 03:37 - 020480 _restore{7A310BF1-C477-4B07-A4A6-1AD546608259}\RP1259

RP: -> 2013-09-25 03:01 - 020480 _restore{7A310BF1-C477-4B07-A4A6-1AD546608259}\RP1258

RP: -> 2013-09-24 02:02 - 020480 _restore{7A310BF1-C477-4B07-A4A6-1AD546608259}\RP1257

RP: -> 2013-09-23 01:02 - 020480 _restore{7A310BF1-C477-4B07-A4A6-1AD546608259}\RP1256

RP: -> 2013-09-22 00:41 - 020480 _restore{7A310BF1-C477-4B07-A4A6-1AD546608259}\RP1255

RP: -> 2013-09-21 00:25 - 020480 _restore{7A310BF1-C477-4B07-A4A6-1AD546608259}\RP1254

RP: -> 2013-09-19 23:30 - 020480 _restore{7A310BF1-C477-4B07-A4A6-1AD546608259}\RP1253

RP: -> 2013-09-18 22:41 - 020480 _restore{7A310BF1-C477-4B07-A4A6-1AD546608259}\RP1252

RP: -> 2013-09-17 22:10 - 020480 _restore{7A310BF1-C477-4B07-A4A6-1AD546608259}\RP1251

RP: -> 2013-09-16 21:34 - 020480 _restore{7A310BF1-C477-4B07-A4A6-1AD546608259}\RP1250

RP: -> 2013-09-15 20:45 - 020480 _restore{7A310BF1-C477-4B07-A4A6-1AD546608259}\RP1249

RP: -> 2013-09-14 17:50 - 020480 _restore{7A310BF1-C477-4B07-A4A6-1AD546608259}\RP1248

RP: -> 2013-09-13 17:13 - 020480 _restore{7A310BF1-C477-4B07-A4A6-1AD546608259}\RP1247

RP: -> 2013-09-12 16:13 - 020480 _restore{7A310BF1-C477-4B07-A4A6-1AD546608259}\RP1246

RP: -> 2013-09-11 15:06 - 020480 _restore{7A310BF1-C477-4B07-A4A6-1AD546608259}\RP1245

RP: -> 2013-09-10 14:03 - 020480 _restore{7A310BF1-C477-4B07-A4A6-1AD546608259}\RP1244

RP: -> 2013-09-09 13:13 - 020480 _restore{7A310BF1-C477-4B07-A4A6-1AD546608259}\RP1243

RP: -> 2013-09-08 13:06 - 020480 _restore{7A310BF1-C477-4B07-A4A6-1AD546608259}\RP1242

RP: -> 2013-09-07 12:24 - 020480 _restore{7A310BF1-C477-4B07-A4A6-1AD546608259}\RP1241

RP: -> 2013-09-06 11:13 - 020480 _restore{7A310BF1-C477-4B07-A4A6-1AD546608259}\RP1240

RP: -> 2013-09-05 11:04 - 020480 _restore{7A310BF1-C477-4B07-A4A6-1AD546608259}\RP1239

RP: -> 2013-09-04 10:55 - 020480 _restore{7A310BF1-C477-4B07-A4A6-1AD546608259}\RP1238

RP: -> 2013-09-03 10:38 - 020480 _restore{7A310BF1-C477-4B07-A4A6-1AD546608259}\RP1237

RP: -> 2013-09-02 09:33 - 020480 _restore{7A310BF1-C477-4B07-A4A6-1AD546608259}\RP1236

RP: -> 2013-09-01 07:54 - 020480 _restore{7A310BF1-C477-4B07-A4A6-1AD546608259}\RP1235

RP: -> 2013-08-31 00:22 - 020480 _restore{7A310BF1-C477-4B07-A4A6-1AD546608259}\RP1234

RP: -> 2013-08-29 23:45 - 020480 _restore{7A310BF1-C477-4B07-A4A6-1AD546608259}\RP1233

RP: -> 2013-08-28 23:14 - 020480 _restore{7A310BF1-C477-4B07-A4A6-1AD546608259}\RP1232

RP: -> 2013-08-27 22:50 - 020480 _restore{7A310BF1-C477-4B07-A4A6-1AD546608259}\RP1231

RP: -> 2013-08-26 22:38 - 020480 _restore{7A310BF1-C477-4B07-A4A6-1AD546608259}\RP1230

RP: -> 2013-08-25 22:18 - 020480 _restore{7A310BF1-C477-4B07-A4A6-1AD546608259}\RP1229

RP: -> 2013-08-24 21:53 - 020480 _restore{7A310BF1-C477-4B07-A4A6-1AD546608259}\RP1228

RP: -> 2013-08-23 20:59 - 020480 _restore{7A310BF1-C477-4B07-A4A6-1AD546608259}\RP1227

RP: -> 2013-08-22 20:37 - 020480 _restore{7A310BF1-C477-4B07-A4A6-1AD546608259}\RP1226

RP: -> 2013-08-21 18:51 - 020480 _restore{7A310BF1-C477-4B07-A4A6-1AD546608259}\RP1225

RP: -> 2013-08-20 18:24 - 020480 _restore{7A310BF1-C477-4B07-A4A6-1AD546608259}\RP1224

RP: -> 2013-08-19 18:22 - 020480 _restore{7A310BF1-C477-4B07-A4A6-1AD546608259}\RP1223

RP: -> 2013-08-18 18:19 - 020480 _restore{7A310BF1-C477-4B07-A4A6-1AD546608259}\RP1222

RP: -> 2013-08-17 17:04 - 020480 _restore{7A310BF1-C477-4B07-A4A6-1AD546608259}\RP1221

RP: -> 2013-08-16 15:15 - 020480 _restore{7A310BF1-C477-4B07-A4A6-1AD546608259}\RP1220

RP: -> 2013-08-15 13:05 - 020480 _restore{7A310BF1-C477-4B07-A4A6-1AD546608259}\RP1219

RP: -> 2013-08-14 12:53 - 020480 _restore{7A310BF1-C477-4B07-A4A6-1AD546608259}\RP1218

RP: -> 2013-08-13 11:31 - 020480 _restore{7A310BF1-C477-4B07-A4A6-1AD546608259}\RP1217

RP: -> 2013-08-12 09:51 - 020480 _restore{7A310BF1-C477-4B07-A4A6-1AD546608259}\RP1216

RP: -> 2013-08-11 06:38 - 020480 _restore{7A310BF1-C477-4B07-A4A6-1AD546608259}\RP1215

RP: -> 2013-08-10 00:55 - 020480 _restore{7A310BF1-C477-4B07-A4A6-1AD546608259}\RP1214

RP: -> 2013-08-09 00:07 - 020480 _restore{7A310BF1-C477-4B07-A4A6-1AD546608259}\RP1213

RP: -> 2013-08-08 00:03 - 020480 _restore{7A310BF1-C477-4B07-A4A6-1AD546608259}\RP1212

RP: -> 2013-08-06 23:16 - 020480 _restore{7A310BF1-C477-4B07-A4A6-1AD546608259}\RP1211

RP: -> 2013-08-05 22:18 - 020480 _restore{7A310BF1-C477-4B07-A4A6-1AD546608259}\RP1210

RP: -> 2013-08-04 21:14 - 020480 _restore{7A310BF1-C477-4B07-A4A6-1AD546608259}\RP1209

RP: -> 2013-08-03 21:07 - 020480 _restore{7A310BF1-C477-4B07-A4A6-1AD546608259}\RP1208

RP: -> 2009-03-31 00:18 - 020480 _restore{7A310BF1-C477-4B07-A4A6-1AD546608259}\RP1207

RP: -> 2013-08-03 02:11 - 020480 _restore{7A310BF1-C477-4B07-A4A6-1AD546608259}\RP1206

RP: -> 2013-08-02 01:12 - 020480 _restore{7A310BF1-C477-4B07-A4A6-1AD546608259}\RP1205

RP: -> 2013-08-01 01:01 - 020480 _restore{7A310BF1-C477-4B07-A4A6-1AD546608259}\RP1204

RP: -> 2013-07-31 00:13 - 020480 _restore{7A310BF1-C477-4B07-A4A6-1AD546608259}\RP1203

RP: -> 2013-07-29 23:14 - 020480 _restore{7A310BF1-C477-4B07-A4A6-1AD546608259}\RP1202

RP: -> 2013-07-28 22:27 - 020480 _restore{7A310BF1-C477-4B07-A4A6-1AD546608259}\RP1201

RP: -> 2013-07-27 19:26 - 020480 _restore{7A310BF1-C477-4B07-A4A6-1AD546608259}\RP1200

RP: -> 2013-07-26 19:00 - 020480 _restore{7A310BF1-C477-4B07-A4A6-1AD546608259}\RP1199

RP: -> 2013-07-25 18:01 - 020480 _restore{7A310BF1-C477-4B07-A4A6-1AD546608259}\RP1198

RP: -> 2013-07-24 17:27 - 020480 _restore{7A310BF1-C477-4B07-A4A6-1AD546608259}\RP1197

RP: -> 2013-07-23 17:03 - 020480 _restore{7A310BF1-C477-4B07-A4A6-1AD546608259}\RP1196

RP: -> 2013-07-22 16:47 - 020480 _restore{7A310BF1-C477-4B07-A4A6-1AD546608259}\RP1195

RP: -> 2013-07-21 15:56 - 020480 _restore{7A310BF1-C477-4B07-A4A6-1AD546608259}\RP1194

RP: -> 2013-07-20 15:33 - 020480 _restore{7A310BF1-C477-4B07-A4A6-1AD546608259}\RP1193

RP: -> 2013-07-19 15:19 - 020480 _restore{7A310BF1-C477-4B07-A4A6-1AD546608259}\RP1192

RP: -> 2013-07-18 14:19 - 020480 _restore{7A310BF1-C477-4B07-A4A6-1AD546608259}\RP1191

RP: -> 2013-07-17 14:06 - 020480 _restore{7A310BF1-C477-4B07-A4A6-1AD546608259}\RP1190

RP: -> 2013-07-16 13:25 - 020480 _restore{7A310BF1-C477-4B07-A4A6-1AD546608259}\RP1189

RP: -> 2013-07-15 12:08 - 020480 _restore{7A310BF1-C477-4B07-A4A6-1AD546608259}\RP1188

RP: -> 2013-07-14 11:30 - 020480 _restore{7A310BF1-C477-4B07-A4A6-1AD546608259}\RP1187

RP: -> 2013-07-13 10:42 - 020480 _restore{7A310BF1-C477-4B07-A4A6-1AD546608259}\RP1186

RP: -> 2013-07-12 10:33 - 020480 _restore{7A310BF1-C477-4B07-A4A6-1AD546608259}\RP1185

RP: -> 2013-07-12 10:33 - 020480 _restore{7A310BF1-C477-4B07-A4A6-1AD546608259}\RP1184

RP: -> 2013-07-11 18:40 - 020480 _restore{7A310BF1-C477-4B07-A4A6-1AD546608259}\RP1183

==================== Memory info ===========================

Percentage of memory in use: 8%
Total physical RAM: 3326.11 MB
Available physical RAM: 3045.46 MB
Total Pagefile: 3149.28 MB
Available Pagefile: 3072.81 MB
Total Virtual: 2047.88 MB
Available Virtual: 1993.16 MB

==================== Drives ================================

Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS
Drive c: () (Fixed) (Total:931.5 GB) (Free:182.94 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (HITMANPRO) (Removable) (Total:14.99 GB) (Free:14.99 GB) FAT32
Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 15 GB) (Disk ID: D783B488)
Partition 1: (Active) - (Size=15 GB) - (Type=0B)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 932 GB) (Disk ID: EE17EE17)
Partition 1: (Active) - (Size=932 GB) - (Type=07 NTFS)

==================== End Of Log ============================

List Parts file:
ListParts by Farbar Version: 10-05-2013
Ran by SYSTEM (administrator) on 11-10-2013 at 10:20:22
Windows XP (X86)
Running From: D:\
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 6%
Total physical RAM: 3326.11 MB
Available physical RAM: 3094.44 MB
Total Pagefile: 3149.28 MB
Available Pagefile: 3084.54 MB
Total Virtual: 2047.88 MB
Available Virtual: 2007.38 MB

======================= Partitions =========================

1 Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS
2 Drive c: () (Fixed) (Total:931.5 GB) (Free:182.94 GB) NTFS ==>[Drive with boot components (Windows XP)]
3 Drive d: (HITMANPRO) (Removable) (Total:14.99 GB) (Free:14.99 GB) FAT32
4 Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 1 Online 932 GB 0 B

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 932 GB 32 KB
======================================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 932 GB Healthy
======================================================================================================
============================== MBR Partition Table ==================

==============================
Partitions of Disk 1:
===============
Disk ID: EE17EE17
Partition 1: (Active) - (Size=932 GB) - (Type=07 NTFS)

****** End Of Log ******

FYI, ran Kaspersky a second time yesterday and came back clean!
From reading posts here though not convinced DOJ has been removed, but have not tried to boot yet.
When I do try do you recommend disconnecting from internet just to be safe?

Carsus · Oct 11, 2013

Hi

Tried booting system with internet disconnected and an interesting thing happened:
First tried to enter safe mode with prompt (for curiosity) and could not?!
Then allowed system to load OS and it actually came up! Noticed the desktop icons blink a couple days, what it did before loading DOJ, but for about 30 seconds had partial control of desktop!
Deleted all of the porn shortcuts, and a moment later a window popped up saying application "SDII MFC" had an error loading and wanted permission to notify Microsoft. Then another popup said to connect internet, and kept coming up ever few seconds.. finally the DOJ screen took over!
Is SDII MFC the Trojan?

Reloaded Reatogo and waiting for instructions.
Thanks

kuttus · Oct 12, 2013

Will check that SDII MFC file...

Now please download this file and save it to your Flash Drive.

[attachment=5901]

Then, boot to system recovery, plug in your flash drive, open FRST and click fix. Post the generated log. Then attempt to boot to normal mode.

Carsus · Oct 12, 2013

Couple things:
Ran Kaspersky Rescue just for fun and found two instances of Trojan "Backdoor.win32.androm.awfe", one in internet files, and the other in documents and settings as '..templates/windowsinfo.exe!'

Will fun FRST and fixlist (text) shortly, post log, then try normal mode.
Thx

kuttus · Oct 12, 2013

Okay.

Carsus · Oct 12, 2013

Log from FRST fixlist:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 03-10-2013
Ran by SYSTEM at 2013-10-12 10:03:20 Run:1
Running from D:\
Boot Mode: Recovery

==============================================

Content of fixlist:
*****************
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
2013-10-08 09:16 - 2010-09-13 14:19 - 00126464 _____ C:\Documents and Settings\B. J. Buchanan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\Documents and Settings\B. J. Buchanan\Local Settings\Temp\jre-7u13-windows-i586-iftw.exe
C:\Documents and Settings\B. J. Buchanan\Local Settings\Temp\jre-7u17-windows-i586-iftw.exe
C:\Documents and Settings\B. J. Buchanan\Local Settings\Temp\jre-7u21-windows-i586-iftw.exe
C:\Documents and Settings\B. J. Buchanan\Local Settings\Temp\jre-7u25-windows-i586-iftw.exe
C:\Documents and Settings\B. J. Buchanan\Local Settings\Temp\jre-7u9-windows-i586-iftw.exe
C:\Documents and Settings\B. J. Buchanan\Local Settings\Temp\ose00000.exe
C:\Documents and Settings\B. J. Buchanan\Local Settings\Temp\setup_wm.exe
2013-10-03 12:49 - 2010-01-07 22:00 - 00000020 ____H C:\Documents and Settings\All Users\Application Data\PKP_DLbx.DAT

*****************

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk => Moved successfully.
C:\Documents and Settings\B. J. Buchanan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => Moved successfully.
C:\Documents and Settings\B. J. Buchanan\Local Settings\Temp\jre-7u13-windows-i586-iftw.exe => Moved successfully.
C:\Documents and Settings\B. J. Buchanan\Local Settings\Temp\jre-7u17-windows-i586-iftw.exe => Moved successfully.
C:\Documents and Settings\B. J. Buchanan\Local Settings\Temp\jre-7u21-windows-i586-iftw.exe => Moved successfully.
C:\Documents and Settings\B. J. Buchanan\Local Settings\Temp\jre-7u25-windows-i586-iftw.exe => Moved successfully.
C:\Documents and Settings\B. J. Buchanan\Local Settings\Temp\jre-7u9-windows-i586-iftw.exe => Moved successfully.
C:\Documents and Settings\B. J. Buchanan\Local Settings\Temp\ose00000.exe => Moved successfully.
C:\Documents and Settings\B. J. Buchanan\Local Settings\Temp\setup_wm.exe => Moved successfully.
C:\Documents and Settings\All Users\Application Data\PKP_DLbx.DAT => Moved successfully.

==== End of Fixlog ====

Ok, system came back up, no DOJ screen, but McAfee Windows Firewall is off?! A message comes up regarding firewall, "Due to an unidentified problem, Window cannot display Windows Firewall settings" (?!)

I've not hooked up to internet yet, awaiting your instructions. Have to admit am a little spooked by this trojan, afraid to try anything with PC now (worried face)

Thx

kuttus · Oct 13, 2013

Okay. Now we can do some more scans and Fixes....

STEP 1: Run a scan with AdwCleaner

<ol><li>Download AdwCleaner from the below link.
<><a href="http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner" target="_blank">ADWCLEANER DOWNLAOD LINK</a></> (This link will automatically download Security Check on your computer)</li>

<li>Close all open programs and internet browsers.</li>
<li>Double click on <>adwcleaner.exe</> to run the tool.</li>
<li>Click on <>Scan</>,then confirm each time with <>Ok</>.</li>
<li>After the Scan is Over press on Clean ,then confirm each time with <>Ok</>.
</li>
<li>Your computer will be rebooted automatically. A text file will open after the restart.</li>
<li>Please post the contents of that logfile with your next reply.</li>
<li>You can find the logfile at <>C:\AdwCleaner[S1].txt</> as well.</li>
</ol>
<hr/>

STEP 2: Run a scan with Junkware Removal Tool

Please download Junkware Removal Tool to your desktop from here

Turn off your antivirus software now to avoid potential conflicts

Double-click to run the tool. For Windows Vista or 7 users, right-click the file and select Run as Administrator

The tool will open and start scanning your system

Please be patient as this can take a while to complete depending on your system's specifications

On completion, a log (JRT.txt) will be saved to your desktop and will automatically open

Post the contents of JRT.txt into your next reply

Download Malwarebytes Anti-Rootkit from here to your Desktop

Unzip the contents to a folder on your Desktop.

Open the folder where the contents were unzipped and run mbar.exe

Follow the instructions in the wizard to update and allow the program to scan your computer for threats.

Make sure there is a check next to Create Restore Point and click the Cleanup button to remove any threats. Reboot if prompted to do so.

After the reboot, perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If there are threats, click Cleanup once more and reboot.

When done, please post the two logs in the MBAR folder(mbar-log.txt and system-log.txt)

Please download Malwarebytes' Anti-Malware to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.

At the end, be sure a checkmark is placed next to

Update Malwarebytes' Anti-Malware

and Launch Malwarebytes' Anti-Malware

then click Finish.

If an update is found, it will download and install the latest version.

When it prompts you to try their 30-day trail, click decline

Once the program has loaded, select Perform quick scan, then click Scan.

When the scan is complete, click OK, then Show Results to view the results.

Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.

When completed, a log will open in Notepad. please copy and paste the log into your next reply

If you accidently close it, the log file is saved here and will be named like this:

C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Carsus · Oct 13, 2013

Log from FRST fixlist:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 03-10-2013
Ran by SYSTEM at 2013-10-12 10:03:20 Run:1
Running from D:\
Boot Mode: Recovery

==============================================

Content of fixlist:
*****************
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
2013-10-08 09:16 - 2010-09-13 14:19 - 00126464 _____ C:\Documents and Settings\B. J. Buchanan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\Documents and Settings\B. J. Buchanan\Local Settings\Temp\jre-7u13-windows-i586-iftw.exe
C:\Documents and Settings\B. J. Buchanan\Local Settings\Temp\jre-7u17-windows-i586-iftw.exe
C:\Documents and Settings\B. J. Buchanan\Local Settings\Temp\jre-7u21-windows-i586-iftw.exe
C:\Documents and Settings\B. J. Buchanan\Local Settings\Temp\jre-7u25-windows-i586-iftw.exe
C:\Documents and Settings\B. J. Buchanan\Local Settings\Temp\jre-7u9-windows-i586-iftw.exe
C:\Documents and Settings\B. J. Buchanan\Local Settings\Temp\ose00000.exe
C:\Documents and Settings\B. J. Buchanan\Local Settings\Temp\setup_wm.exe
2013-10-03 12:49 - 2010-01-07 22:00 - 00000020 ____H C:\Documents and Settings\All Users\Application Data\PKP_DLbx.DAT

*****************

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk => Moved successfully.
C:\Documents and Settings\B. J. Buchanan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => Moved successfully.
C:\Documents and Settings\B. J. Buchanan\Local Settings\Temp\jre-7u13-windows-i586-iftw.exe => Moved successfully.
C:\Documents and Settings\B. J. Buchanan\Local Settings\Temp\jre-7u17-windows-i586-iftw.exe => Moved successfully.
C:\Documents and Settings\B. J. Buchanan\Local Settings\Temp\jre-7u21-windows-i586-iftw.exe => Moved successfully.
C:\Documents and Settings\B. J. Buchanan\Local Settings\Temp\jre-7u25-windows-i586-iftw.exe => Moved successfully.
C:\Documents and Settings\B. J. Buchanan\Local Settings\Temp\jre-7u9-windows-i586-iftw.exe => Moved successfully.
C:\Documents and Settings\B. J. Buchanan\Local Settings\Temp\ose00000.exe => Moved successfully.
C:\Documents and Settings\B. J. Buchanan\Local Settings\Temp\setup_wm.exe => Moved successfully.
C:\Documents and Settings\All Users\Application Data\PKP_DLbx.DAT => Moved successfully.

==== End of Fixlog ====

Ok, system came back up, no DOJ screen, but McAfee Windows Firewall is off?! A message comes up regarding firewall, "Due to an unidentified problem, Window cannot display Windows Firewall settings" (?!)

I've not hooked up to internet yet, awaiting your instructions. Have to admit am a little spooked by this trojan, afraid to try anything with PC now (worried face)

Thx

kuttus · Oct 13, 2013

PLease try this steps...

kuttus said:
Okay. Now we can do some more scans and Fixes....

STEP 1: Run a scan with AdwCleaner

<ol><li>Download AdwCleaner from the below link.
<><a href="http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner" target="_blank">ADWCLEANER DOWNLAOD LINK</a></> (This link will automatically download Security Check on your computer)</li>

<li>Close all open programs and internet browsers.</li>
<li>Double click on <>adwcleaner.exe</> to run the tool.</li>
<li>Click on <>Scan</>,then confirm each time with <>Ok</>.</li>
<li>After the Scan is Over press on Clean ,then confirm each time with <>Ok</>.
</li>
<li>Your computer will be rebooted automatically. A text file will open after the restart.</li>
<li>Please post the contents of that logfile with your next reply.</li>
<li>You can find the logfile at <>C:\AdwCleaner[S1].txt</> as well.</li>
</ol>
<hr/>

STEP 2: Run a scan with Junkware Removal Tool

Please download Junkware Removal Tool to your desktop from here

Turn off your antivirus software now to avoid potential conflicts

Double-click to run the tool. For Windows Vista or 7 users, right-click the file and select Run as Administrator

The tool will open and start scanning your system

Please be patient as this can take a while to complete depending on your system's specifications

On completion, a log (JRT.txt) will be saved to your desktop and will automatically open

Post the contents of JRT.txt into your next reply

Download Malwarebytes Anti-Rootkit from here to your Desktop

Unzip the contents to a folder on your Desktop.

Open the folder where the contents were unzipped and run mbar.exe

Follow the instructions in the wizard to update and allow the program to scan your computer for threats.

Make sure there is a check next to Create Restore Point and click the Cleanup button to remove any threats. Reboot if prompted to do so.

After the reboot, perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If there are threats, click Cleanup once more and reboot.

When done, please post the two logs in the MBAR folder(mbar-log.txt and system-log.txt)

Please download Malwarebytes' Anti-Malware to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.

At the end, be sure a checkmark is placed next to

Update Malwarebytes' Anti-Malware

and Launch Malwarebytes' Anti-Malware

then click Finish.

If an update is found, it will download and install the latest version.

When it prompts you to try their 30-day trail, click decline

Once the program has loaded, select Perform quick scan, then click Scan.

When the scan is complete, click OK, then Show Results to view the results.

Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.

When completed, a log will open in Notepad. please copy and paste the log into your next reply

If you accidently close it, the log file is saved here and will be named like this:

C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Carsus · Oct 13, 2013

Ok, we are back in business, baby!!

Ran Adw, JRT, Anti-rootkit, and Anti-malware and system is clean! Windows Firewall came up during last two so something much have been blocking it before.
Here are the logs:
Adw
# AdwCleaner v3.007 - Report created 13/10/2013 at 10:54:17
# Updated 09/10/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : B. J. Buchanan - IOTION-3F307715
# Running from : C:\Documents and Settings\B. J. Buchanan\My Documents\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\DOCUME~1\BJA302~1.BUC\LOCALS~1\Temp\boost_interprocess

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

-\\ Mozilla Firefox v12.0 (en-US)

[ File : C:\Documents and Settings\B. J. Buchanan\Application Data\Mozilla\Firefox\Profiles\1q9wxjhm.default\prefs.js ]

-\\ Google Chrome v30.0.1599.69

[ File : C:\Documents and Settings\B. J. Buchanan\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [1511 octets] - [13/10/2013 08:49:40]
AdwCleaner[S0].txt - [1298 octets] - [13/10/2013 10:54:17]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1358 octets] ##########

JRT
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.4 (10.06.2013:1)
OS: Microsoft Windows XP x86
Ran by B. J. Buchanan on Sun 10/13/2013 at 11:07:38.09
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL

~~~ Registry Keys

~~~ Files

~~~ Folders

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 10/13/2013 at 11:12:46.28
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

MBAR Log
Malwarebytes Anti-Rootkit BETA 1.07.0.1007
www.malwarebytes.org

Database version: v2013.10.13.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
B. J. Buchanan :: IOTION-3F307715 [administrator]

10/13/2013 11:42:23 AM
mbar-log-2013-10-13 (11-42-23).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 209869
Time elapsed: 24 minute(s), 20 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_*202EETADPUG (Rootkit.0Access) -> Delete on reboot.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 2
HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Replace on reboot.
HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Replace on reboot.

Folders Detected: 14
C:\Documents and Settings\B. J. Buchanan\Local Settings\Application Data\Google\Desktop\Install\{df38e91d-9f1f-a188-6889-f193fab844f2}\❤≸⋙ (Trojan.0Access) -> Delete on reboot.
C:\Documents and Settings\B. J. Buchanan\Local Settings\Application Data\Google\Desktop\Install\{df38e91d-9f1f-a188-6889-f193fab844f2}\❤≸⋙\Ⱒ☠⍨ (Trojan.0Access) -> Delete on reboot.
C:\Documents and Settings\B. J. Buchanan\Local Settings\Application Data\Google\Desktop\Install\{df38e91d-9f1f-a188-6889-f193fab844f2}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛ (Trojan.0Access) -> Delete on reboot.
C:\Documents and Settings\B. J. Buchanan\Local Settings\Application Data\Google\Desktop\Install\{df38e91d-9f1f-a188-6889-f193fab844f2}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛\{df38e91d-9f1f-a188-6889-f193fab844f2} (Trojan.0Access) -> Delete on reboot.
C:\Documents and Settings\B. J. Buchanan\Local Settings\Application Data\Google\Desktop\Install\{df38e91d-9f1f-a188-6889-f193fab844f2}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛\{df38e91d-9f1f-a188-6889-f193fab844f2}\L (Trojan.0Access) -> Delete on reboot.
C:\Documents and Settings\B. J. Buchanan\Local Settings\Application Data\Google\Desktop\Install\{df38e91d-9f1f-a188-6889-f193fab844f2}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛\{df38e91d-9f1f-a188-6889-f193fab844f2}\U (Trojan.0Access) -> Delete on reboot.
C:\Documents and Settings\B. J. Buchanan\Local Settings\Application Data\Google\Desktop\Install\{df38e91d-9f1f-a188-6889-f193fab844f2} (Trojan.0Access) -> Delete on reboot.
c:\program files\google\desktop\install\{df38e91d-9f1f-a188-6889-f193fab844f2}\ (Trojan.0Access) -> Delete on reboot.
c:\program files\google\desktop\install\{df38e91d-9f1f-a188-6889-f193fab844f2}\ \ (Trojan.0Access) -> Delete on reboot.
c:\program files\google\desktop\install\{df38e91d-9f1f-a188-6889-f193fab844f2}\ \ \‮ﯹ๛ (Trojan.0Access) -> Delete on reboot.
c:\program files\google\desktop\install\{df38e91d-9f1f-a188-6889-f193fab844f2}\ \ \‮ﯹ๛\{df38e91d-9f1f-a188-6889-f193fab844f2} (Trojan.0Access) -> Delete on reboot.
c:\program files\google\desktop\install\{df38e91d-9f1f-a188-6889-f193fab844f2}\ \ \‮ﯹ๛\{df38e91d-9f1f-a188-6889-f193fab844f2}\l (Trojan.0Access) -> Delete on reboot.
c:\program files\google\desktop\install\{df38e91d-9f1f-a188-6889-f193fab844f2}\ \ \‮ﯹ๛\{df38e91d-9f1f-a188-6889-f193fab844f2}\u (Trojan.0Access) -> Delete on reboot.
C:\Program Files\Google\Desktop\Install\{df38e91d-9f1f-a188-6889-f193fab844f2} (Trojan.0Access) -> Delete on reboot.

Files Detected: 1
c:\windows\assembly\gac\desktop.ini (Rootkit.0access) -> Delete on reboot.

Physical Sectors Detected: 0
(No malicious items detected)

(end)

MBAR System
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1007

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

Java version: 1.6.0_30

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.125000 GHz
Memory total: 3487674368, free: 2814615552

Downloaded database version: v2013.10.13.03
Downloaded database version: v2013.10.11.02
=======================================
Initializing...
------------ Kernel report ------------
10/13/2013 11:42:16
------------ Loaded modules -----------
\WINDOWS\system32\ntkrnlpa.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
ohci1394.sys
\WINDOWS\system32\DRIVERS\1394BUS.SYS
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
PartMgr.sys
VolSnap.sys
atapi.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltMgr.sys
sr.sys
mfehidk.sys
CLBStor.sys
PxHelp20.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
Mup.sys
\SystemRoot\system32\DRIVERS\nic1394.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\nv4_mini.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\yk51x86.sys
\SystemRoot\system32\DRIVERS\fdc.sys
\SystemRoot\system32\DRIVERS\L8042Kbd.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\mfendisk.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\drivers\mfeavfk.sys
\SystemRoot\system32\drivers\mfefirek.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\drivers\RtkHDAud.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\drivers\mfetdi2k.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\arp1394.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\usbccgp.sys
\??\C:\WINDOWS\system32\drivers\cbfs3.sys
\SystemRoot\system32\DRIVERS\usbscan.sys
\SystemRoot\system32\DRIVERS\LHidFilt.Sys
\SystemRoot\system32\DRIVERS\WDFLDR.SYS
\SystemRoot\system32\DRIVERS\Wdf01000.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\LMouFilt.Sys
\SystemRoot\system32\DRIVERS\lvuvc.sys
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\system32\DRIVERS\lvrs.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\nv4_disp.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\System32\Drivers\CLBUDFR.SYS
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\system32\DRIVERS\mrxdav.sys
\SystemRoot\System32\Drivers\LBeepKE.sys
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\??\C:\WINDOWS\system32\drivers\pdihwctl.sys
\??\C:\Program Files\CyberLink\PowerDVD\000.fcl
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\SystemRoot\system32\drivers\mfeapfk.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8ae84ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP2T0L0-8\
Lower Device Object: 0xffffffff8ae53940
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8ae84ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8ae85930, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8ae84ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8ae8d9e8, DeviceName: \Device\00000073\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff8ae53940, DeviceName: \Device\Ide\IdeDeviceP2T0L0-8\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Read File: File "C:\WINDOWS\system32\drivers\gm.dls" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\gm.dls" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\gmreadme.txt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\gmreadme.txt" is compressed (flags = 1)
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: EE17EE17

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 1953503937
Partition file system is NTFS
Partition is bootable

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 1000204886016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-1953505168-1953525168)...
Done!
Infected: c:\windows\assembly\gac\desktop.ini --> [Rootkit.0access]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_*202EETADPUG --> [Rootkit.0Access]
Infected: C:\Documents and Settings\B. J. Buchanan\Local Settings\Application Data\Google\Desktop\Install\{df38e91d-9f1f-a188-6889-f193fab844f2}\❤≸⋙ --> [Trojan.0Access]
Infected: C:\Documents and Settings\B. J. Buchanan\Local Settings\Application Data\Google\Desktop\Install\{df38e91d-9f1f-a188-6889-f193fab844f2}\❤≸⋙\Ⱒ☠⍨ --> [Trojan.0Access]
Infected: C:\Documents and Settings\B. J. Buchanan\Local Settings\Application Data\Google\Desktop\Install\{df38e91d-9f1f-a188-6889-f193fab844f2}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛ --> [Trojan.0Access]
Infected: C:\Documents and Settings\B. J. Buchanan\Local Settings\Application Data\Google\Desktop\Install\{df38e91d-9f1f-a188-6889-f193fab844f2}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛\{df38e91d-9f1f-a188-6889-f193fab844f2} --> [Trojan.0Access]
Infected: C:\Documents and Settings\B. J. Buchanan\Local Settings\Application Data\Google\Desktop\Install\{df38e91d-9f1f-a188-6889-f193fab844f2}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛\{df38e91d-9f1f-a188-6889-f193fab844f2}\L --> [Trojan.0Access]
Infected: C:\Documents and Settings\B. J. Buchanan\Local Settings\Application Data\Google\Desktop\Install\{df38e91d-9f1f-a188-6889-f193fab844f2}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛\{df38e91d-9f1f-a188-6889-f193fab844f2}\U --> [Trojan.0Access]
Infected: C:\Documents and Settings\B. J. Buchanan\Local Settings\Application Data\Google\Desktop\Install\{df38e91d-9f1f-a188-6889-f193fab844f2} --> [Trojan.0Access]
Infected: c:\program files\google\desktop\install\{df38e91d-9f1f-a188-6889-f193fab844f2}\ --> [Trojan.0Access]
Infected: c:\program files\google\desktop\install\{df38e91d-9f1f-a188-6889-f193fab844f2}\ \ --> [Trojan.0Access]
Infected: c:\program files\google\desktop\install\{df38e91d-9f1f-a188-6889-f193fab844f2}\ \ \‮ﯹ๛ --> [Trojan.0Access]
Infected: c:\program files\google\desktop\install\{df38e91d-9f1f-a188-6889-f193fab844f2}\ \ \‮ﯹ๛\{df38e91d-9f1f-a188-6889-f193fab844f2} --> [Trojan.0Access]
Infected: c:\program files\google\desktop\install\{df38e91d-9f1f-a188-6889-f193fab844f2}\ \ \‮ﯹ๛\{df38e91d-9f1f-a188-6889-f193fab844f2}\l --> [Trojan.0Access]
Infected: c:\program files\google\desktop\install\{df38e91d-9f1f-a188-6889-f193fab844f2}\ \ \‮ﯹ๛\{df38e91d-9f1f-a188-6889-f193fab844f2}\u --> [Trojan.0Access]
Infected: C:\Program Files\Google\Desktop\Install\{df38e91d-9f1f-a188-6889-f193fab844f2} --> [Trojan.0Access]
Infected: HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|AntiVirusDisableNotify --> [PUM.Disabled.SecurityCenter]
Infected: HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|FirewallDisableNotify --> [PUM.Disabled.SecurityCenter]
Scan finished
Creating System Restore point...
Cleaning up...
Executing an action fixdamage.exe...
Success!
Queuing an action fixdamage.exe
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1007

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

Java version: 1.6.0_30

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.125000 GHz
Memory total: 3487674368, free: 3016683520

=======================================
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1007

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

Java version: 1.6.0_30

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.125000 GHz
Memory total: 3487674368, free: 2831794176

Initializing...
======================
------------ Kernel report ------------
10/13/2013 12:39:44
------------ Loaded modules -----------
\WINDOWS\system32\ntkrnlpa.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
\WINDOWS\system32\drivers\CLASSPNP.SYS
imofugc.sys
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
ohci1394.sys
\WINDOWS\system32\DRIVERS\1394BUS.SYS
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
PartMgr.sys
VolSnap.sys
atapi.sys
disk.sys
fltMgr.sys
sr.sys
mfehidk.sys
CLBStor.sys
PxHelp20.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
Mup.sys
\SystemRoot\system32\DRIVERS\nic1394.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\nv4_mini.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\yk51x86.sys
\SystemRoot\system32\DRIVERS\fdc.sys
\SystemRoot\system32\DRIVERS\L8042Kbd.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\mfendisk.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\drivers\mfeavfk.sys
\SystemRoot\system32\drivers\mfefirek.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\drivers\RtkHDAud.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\drivers\mfetdi2k.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\arp1394.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\??\C:\WINDOWS\system32\drivers\cbfs3.sys
\SystemRoot\system32\DRIVERS\usbscan.sys
\SystemRoot\system32\DRIVERS\LHidFilt.Sys
\SystemRoot\system32\DRIVERS\WDFLDR.SYS
\SystemRoot\system32\DRIVERS\Wdf01000.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\LMouFilt.Sys
\SystemRoot\system32\DRIVERS\lvuvc.sys
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\system32\DRIVERS\lvrs.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\nv4_disp.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\System32\Drivers\CLBUDFR.SYS
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\system32\DRIVERS\mrxdav.sys
\SystemRoot\System32\Drivers\LBeepKE.sys
\SystemRoot\system32\DRIVERS\srv.sys
\??\C:\WINDOWS\system32\drivers\pdihwctl.sys
\??\C:\Program Files\CyberLink\PowerDVD\000.fcl
\SystemRoot\system32\drivers\mfeapfk.sys
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8af50ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP2T0L0-8\
Lower Device Object: 0xffffffff8af56d98
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8af50ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8af80b70, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8af50ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8af59900, DeviceName: \Device\00000073\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff8af56d98, DeviceName: \Device\Ide\IdeDeviceP2T0L0-8\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Read File: File "C:\WINDOWS\system32\drivers\gm.dls" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\gm.dls" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\gmreadme.txt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\gmreadme.txt" is compressed (flags = 1)
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: EE17EE17

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 1953503937
Partition file system is NTFS
Partition is bootable

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 1000204886016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-1953505168-1953525168)...
Done!
Scan finished
=======================================

Removal queue found; removal started
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_63_i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1007

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

Java version: 1.6.0_30

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.124000 GHz
Memory total: 3487674368, free: 3111755776

=======================================
Malwarebytes Anti-Malware
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.10.13.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
B. J. Buchanan :: IOTION-3F307715 [administrator]

10/13/2013 2:15:02 PM
mbam-log-2013-10-13 (14-15-02).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 204793
Time elapsed: 7 minute(s), 19 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Documents and Settings\B. J. Buchanan\My Documents\Downloads\rcpsetup5_dcomnew_sec_728_dcomnew_sec_728.exe (PUP.Optional.RegCleanerPro) -> Quarantined and deleted successfully.

(end)

Think all is well.
Would like to ask your thoughts on which programs I should use going forward to prevent this from happening again. Figure Malwarebytes program is pretty good, but should I use anything else in combination?

Many thanks for the help!

kuttus · Oct 14, 2013

Now that your PC is clean, I recommend you to create a new System Restore point then purge the old ones after.

For XP
How to create a Restore Point in XP
Delete all restore points except the most recent one

For Vista
Create a restore point
Delete all but the most recent restore point

For Windows 7
Create a restore point
Delete all but the most recent restore point - Click the Delete all but the most recent restore point link

Keep your system updated

Keeping your programs (especially Adobe and Java products) updated is essential. Update Checker will notify you if any of your programs require an update.
Microsoft releases patches for Windows and Office products regularly to patch up Windows and Office product bugs and vulnerabilities.
Please ensure you update your system regularly and have automatic updates on. You can learn how to turn Automatic Updates on here

I also recommend you to switch your antivirus program to a better one. Here are some suggestions:

avast! 7 Home Edition - Don't use it with Online Armor
Avira AntiVir Personal
Microsoft Security Essentials

In addition to your antivirus, you need additional protection such as a firewall and behavioural blocker.

Online Armor
Comodo Firewall - If you are an advance user

Here are only a few suggestions that will improve your system security. Should you wish to allow us to make full recommendations and set your PC up with maximum security, please start a thread here. Our community of PC enthusiasts and experts will give you feedback and help you secure your system from future malware infections.

Internet Explorer may be the most popular browser but it's definitely not the most secure browser. Consider using other browsers with addition add-ons to safeguard your system while browsing the internet.

Firefox is a more secure, faster browser than Internet Explorer. Firefox contains less vulnerabilities, reducing the risk of drive-by downloads. In addition, you can add the following add-ons to increase security.

KeyScramber - Encrypts your keystrokes to protect you against keyloggers that steals personal & banking information
AdBlock - Disable/blocks advertisements on websites so you won't accidentally click on a malicious ad.
NoScript - Disables Flash & Java contents to avoid exploits or drive-by attacks
Web of Trust - Shows the website rating by other users and blocks dangerous and poor-rated sites

Google Chrome is another good browser that is faster and more secure than Internet Explorer by having a sandbox feature. Additionally, you can add the following add-on to Chrome to heighten security.

AdBlock

Lastly, it is important to perform system maintenance on a regular basis. Here are a few tools and on-demand scanners that you should keep & use every 1-2 weeks to keep your system healthy.

Other than that, stay safe out there! If you have any other questions or concerns, feel free to ask

<hr />
What's next?

Bulild up your malware defenses by starting a new thread in Security Configuration Wizard forum.
Learn how to avoid malware by reading this article <a href="http://malwaretips.com/blogs/how-to-easily-avoid-pc-infections/">How to easily avoid malware</a>
Be an active member in the MalwareTips community!

My virus removal help is always free. Should you wish to show your appreciation via a donation, it will be much appreciated.

Search

Trying to remove 'Dept of Justice' Trojan!

Carsus

New Member

kuttus

Level 2

Carsus

New Member

kuttus

Level 2

Carsus

New Member

kuttus

Level 2

Carsus

New Member

Carsus

New Member

kuttus

Level 2

Attachments

Carsus

New Member

kuttus

Level 2

Carsus

New Member

kuttus

Level 2

Carsus

New Member

kuttus

Level 2

Carsus

New Member

kuttus

Level 2

Similar threads