[rangerdmb]

Additional scan result of Farbar Recovery Scan Tool (x86) Version:11-07-2014
Ran by Security at 2014-07-11 13:01:45
Running from C:\Users\Security\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

2007 Microsoft Office Suite Service Pack 1 (SP1) (Version:  - Microsoft) Hidden
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.6.602.180 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.0.112 - Adobe Systems, Inc.)
Canon MX510 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX510_series) (Version:  - )
Citrix online plug-in - web (HKLM\...\CitrixOnlinePluginPackWeb) (Version: 12.1.44.1 - Citrix Systems, Inc.)
Citrix online plug-in (DV) (Version: 12.1.44.1 - Citrix Systems, Inc.) Hidden
Citrix online plug-in (HDX) (Version: 12.1.44.1 - Citrix Systems, Inc.) Hidden
Citrix online plug-in (USB) (Version: 12.1.44.1 - Citrix Systems, Inc.) Hidden
Citrix online plug-in (Web) (Version: 12.1.44.1 - Citrix Systems, Inc.) Hidden
CP2101 USB to UART Bridge Controller Driver Set (HKLM\...\CP2101 USB to UART Bridge Controller) (Version:  - )
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9FD050BA-79BD-42A4-9E24-E8E13F1C775F}) (Version:  - Microsoft)
DWG TrueView 2012 (HKLM\...\DWG TrueView 2012) (Version: 18.2.51.0 - Autodesk)
DWG TrueView 2012 (Version: 18.2.51.0 - Autodesk) Hidden
Java 7 Update 17 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.170 - Oracle)
Java Auto Updater (Version: 2.1.9.0 - Sun Microsystems, Inc.) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version:  - Microsoft)
Microsoft Office 2010 Service Pack 1 (SP1) (Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6213.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6213.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6213.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office SharePoint Designer 2007 (HKLM\...\SharePointDesigner) (Version: 12.0.6215.1000 - Microsoft Corporation)
Microsoft Office SharePoint Designer 2007 (Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft Office SharePoint Designer 2007 Service Pack 1 (SP1) (HKLM\...\{90120000-0017-0000-0000-0000000FF1CE}_SharePointDesigner_{37180755-CA2B-40AD-9637-89FB0CE7CB36}) (Version:  - Microsoft)
Microsoft Office SharePoint Designer 2007 Service Pack 1 (SP1) (Version:  - Microsoft) Hidden
Microsoft Office SharePoint Designer MUI (English) 2007 (Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Visio Viewer 2010 (HKLM\...\{95140000-0052-0409-0000-0000000FF1CE}) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
player (HKLM\...\player2.12.0) (Version: 2.12.0 - player)
ProxiGuard Standard Patrol Management System (HKLM\...\ProxiGuard Standard Patrol Management System_is1) (Version: 7.3.1 - )
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6710 - Realtek Semiconductor Corp.)
Silicon Laboratories CP210x USB to UART Bridge (Driver Removal) (HKLM\...\SLABCOMM&10C4&EA60) (Version:  - )
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.27252 - TeamViewer)
UltraVnc (HKLM\...\Ultravnc2_is1) (Version: 1.0.9.6.1 - uvnc bvba)
Universal Imaging Utility - Live Version (HKLM\...\UIU) (Version: 4.8.2.0 - )
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2473228) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2010 (KB2494150) (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553065) (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{A8686D24-1E89-43A1-973E-05A258D2B3F8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553092) (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7AC49FC8-F8D2-4DD8-9086-09E52385A21F}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{48E1B6C2-7299-4F3F-AA63-42F0ACE55AA4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{18B3CF2A-73F7-4716-B1AE-86D68726D408}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (HKLM\...\{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{73E67A3A-8D61-44EF-90C2-1697C3DBE668}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{14B7142F-D7E2-4FB0-9E3B-7CAA8D7FFC56}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2566458) (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{EFB525A0-E1C0-4E32-9968-FE401BC87363}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{ED31DE9A-3E13-4E2C-9106-E0D8AFFB9FA6}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (HKLM\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{C4F26A9B-B121-4135-8084-A0D9C780C7C8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (HKLM\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{460FF681-BC66-4C38-99DF-7012E03F1EBA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (HKLM\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{C633216E-FF30-45B6-B2AB-21922A9353EF}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B1FA5E8C-2342-45AF-8A62-5E860042F8DF}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{1CBEDB37-C438-473F-8BA0-2535B0D237E2}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9CFD026D-EB1C-48C2-9DD2-8E8875F251B2}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (HKLM\...\{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{9865DC3A-2898-48D9-B96A-46397571C934}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F1CBE095-403D-466D-BB13-B185A5F33231}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (HKLM\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{47894754-0FEC-4920-9A65-6C1E732587AC}) (Version:  - Microsoft)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BC6DFBFD-16DD-47E1-A7EF-2C062930FA4F}) (Version:  - Microsoft)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (HKLM\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{1EEFF749-6F29-4F0B-AB08-4C6EA52AA110}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{6B6DDDCE-B456-4FE1-9A07-DBC1708E4158}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5DA2D071-A54C-47C0-83E5-43C63DBFD936}) (Version:  - Microsoft)

==================== Restore Points  =========================

==================== Hosts content: ==========================

2009-07-13 21:04 - 2014-01-06 15:40 - 00000822 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {3B864C19-C8D5-4018-B363-9CDBB6F5DF6C} - System32\Tasks\Security Center Update - 3846719018 => C:\Users\Security\AppData\Roaming\Ywuxonav\efypkuh.exe [2014-04-08] (Virtual Group) <==== ATTENTION
Task: C:\Windows\Tasks\Security Center Update - 3846719018.job => C:\Users\Security\AppData\Roaming\Ywuxonav\efypkuh.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2011-03-17 00:11 - 2011-03-17 00:11 - 04297568 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2011-03-26 00:28 - 2011-03-26 00:28 - 00094208 _____ () C:\Windows\System32\IccLibDll.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

==================== EXE Association (whitelisted) =============

==================== MSCONFIG/TASK MANAGER disabled items =========

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (07/11/2014 00:45:13 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 8.0.7601.17514 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: f1c

Start Time: 01cf9d2f49c056b0

Termination Time: 4

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id:

Error: (07/11/2014 00:36:49 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 8.0.7601.17514 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 540

Start Time: 01cf9d28847b47e8

Termination Time: 82

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id: ee83f996-0921-11e4-b55d-1803734dd42d

Error: (07/11/2014 08:14:16 AM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Windows Search Service failed to process the list of included and excluded locations with the error <20, 0x80071a90, "">.

Error: (07/11/2014 06:30:47 AM) (Source: ESENT) (EventID: 488) (User: )
Description: wuaueng.dll (956) SUS20ClientDataStore: An attempt to create the file "C:\Windows\SoftwareDistribution\DataStore\Logs\tmp.edb" failed with system error 112 (0x00000070): "There is not enough space on the disk. ".  The create file operation will fail with error -1808 (0xfffff8f0).

Error: (07/11/2014 06:30:47 AM) (Source: ESENT) (EventID: 488) (User: )
Description: wuaueng.dll (956) SUS20ClientDataStore: An attempt to create the file "C:\Windows\SoftwareDistribution\DataStore\Logs\tmp.edb" failed with system error 112 (0x00000070): "There is not enough space on the disk. ".  The create file operation will fail with error -1808 (0xfffff8f0).

Error: (07/11/2014 06:30:47 AM) (Source: ESENT) (EventID: 488) (User: )
Description: wuaueng.dll (956) SUS20ClientDataStore: An attempt to create the file "C:\Windows\SoftwareDistribution\DataStore\Logs\tmp.edb" failed with system error 112 (0x00000070): "There is not enough space on the disk. ".  The create file operation will fail with error -1808 (0xfffff8f0).

Error: (07/10/2014 02:44:40 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TeamViewer_Service.exe, version: 9.0.27252.0, time stamp: 0x532ac369
Faulting module name: TeamViewer_Service.exe, version: 9.0.27252.0, time stamp: 0x532ac369
Exception code: 0xc0000005
Fault offset: 0x0020d451
Faulting process id: 0x6ec
Faulting application start time: 0xTeamViewer_Service.exe0
Faulting application path: TeamViewer_Service.exe1
Faulting module path: TeamViewer_Service.exe2
Report Id: TeamViewer_Service.exe3

Error: (07/07/2014 05:48:59 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: efypkuh.exe, version: 0.0.0.4, time stamp: 0x5349a356
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x004bb296
Faulting process id: 0x78ac
Faulting application start time: 0xefypkuh.exe0
Faulting application path: efypkuh.exe1
Faulting module path: efypkuh.exe2
Report Id: efypkuh.exe3

Error: (07/06/2014 09:25:17 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 8.0.7601.17514, time stamp: 0x4ce79912
Faulting module name: mshtml.dll, version: 8.0.7601.18094, time stamp: 0x512f5c33
Exception code: 0xc0000005
Fault offset: 0x00395ca0
Faulting process id: 0xc528
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (07/04/2014 10:59:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: efypkuh.exe, version: 0.0.0.4, time stamp: 0x5349a356
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0047b258
Faulting process id: 0x834
Faulting application start time: 0xefypkuh.exe0
Faulting application path: efypkuh.exe1
Faulting module path: efypkuh.exe2
Report Id: efypkuh.exe3

System errors:
=============
Error: (07/11/2014 00:40:25 PM) (Source: Ntfs) (EventID: 137) (User: )
Description: The default transaction resource manager on volume \\?\Volume{a8585443-76eb-11e3-8d3d-806e6f6e6963} encountered a non-retryable error and could not start.  The data contains the error code.

Error: (07/11/2014 11:46:41 AM) (Source: Ntfs) (EventID: 137) (User: )
Description: The default transaction resource manager on volume \\?\Volume{a8585443-76eb-11e3-8d3d-806e6f6e6963} encountered a non-retryable error and could not start.  The data contains the error code.

Error: (07/11/2014 08:22:59 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (07/11/2014 07:07:41 AM) (Source: Ntfs) (EventID: 137) (User: )
Description: The default transaction resource manager on volume \\?\Volume{a8585443-76eb-11e3-8d3d-806e6f6e6963} encountered a non-retryable error and could not start.  The data contains the error code.

Error: (07/11/2014 07:07:48 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 7:05:16 AM on ‎7/‎11/‎2014 was unexpected.

Error: (07/10/2014 11:58:49 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.177.1917.0).

Error: (07/10/2014 04:04:04 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 107.

Error: (07/10/2014 04:04:04 PM) (Source: Schannel) (EventID: 4106) (User: NT AUTHORITY)
Description: An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

Error: (07/10/2014 04:04:04 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 107.

Error: (07/10/2014 04:04:04 PM) (Source: Schannel) (EventID: 4106) (User: NT AUTHORITY)
Description: An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 62%
Total physical RAM: 3241.05 MB
Available physical RAM: 1220.2 MB
Total Pagefile: 4784.64 MB
Available Pagefile: 2382.27 MB
Total Virtual: 2047.88 MB
Available Virtual: 1866.33 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.73 GB) (Free:0.8 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 2BD2C32A)
Partition 1: (Active) - (Size=28 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

==================== End Of Log ============================

[Advertisements]

I'm not sure what the next best option will be, since I can't single out if this is a malware or other type problem. I'm trying to salvage this computer for a friend

The hard drive continues to fill back up after restart or from cleaning the hard drive

[rangerdmb]

I'm not sure what the next best option will be, since I can't single out if this is a malware or other type problem. I'm trying to salvage this computer for a friend

The hard drive continues to fill back up after restart or from cleaning the hard drive

[LiquidTension]

Hello rangerdmb,

My username is LiquidTension, but you can call me Adam. I will be assisting you with your malware-related problems.
If you would allow me to call you by your first name I would prefer that.

======================================================
Important: I have laid out some "ground rules" I would very much appreciate you follow. Please read through the points below, to ensure this process moves as quickly and efficiently as possible.

• Please read through my instructions thoroughly, and ensure you carry out each step in the order specified.
• Please do not post logs using the CODE, QUOTE or ATTACHMENT format. Logs should be posted directly in plain text. If you receive an error whilst posting, please break the log in half and use multiple posts.
• Please do not run any tools or take any steps other than those I provide for you. Independent efforts may make matters worse, and will affect my ability in ascertaining the current situation & providing the best set of instructions for you.
• Ensure you are subscribed to this topic to receive instant email notifications of my responses.
  • Scroll to the top of this page and ensure you see the following:
  • If you are not set to follow this topic, click the Follow this topic button and follow the prompts.
• Please attempt to backup important documents before proceeding with my instructions.
• If you come across any issues whilst following my instructions, please stop and inform me of the issue in as much detail as possible. Please do not hesitate to ask before you run anything.
• Topics are locked if no response is made after 5 days. Please inform me if you will require additional time to complete my instructions.

======================================================

Please be advised that I am currently in training at WhattheTech.com. My responses will need to be approved by a instructor at WhattheTech.com before I post in order to ensure you are receiving accurate instructions. I will return as soon as possible.

[LiquidTension]

Hello rangerdmb, 
 

I'm not sure what the next best option will be, since I can't single out if this is a malware or other type problem.

Malware is present on the computer. Please consider the following warning. 
 

BACKDOOR WARNING

------------------------------

One or more of the identified infections is know to use a backdoor, that allows attackers to remotely control your computer, download/execute files and steal critical system, financial and personal information.

Please disconnect your computer from the internet immediately. If your computer was used for online banking, has credit card information or other sensitive data, using a non-infected computer/device you should immediately change all account information (including those used for banking, email, eBay, paypal, online forums, etc). Consider these accounts already compromised.

If you have used a router, you will need to reset it with a strong logon/password to ensure the malware cannot gain control before connecting again.Banking and credit card institutions should be notified of the possible security breach immediately. Please read the following for further information: How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

Whilst the identified infection can be removed, there is no way to guarantee that your computer will ever be trustworthy again. This is due to the nature of the infection, which allows the attacker complete access to your computer. Many experts in the security community believe that once infected with this type of malware, the best course of action is to reformat the hard drive and reinstall the Operating System. Please read the following information:

• When should I re-format? How should I reinstall?
• Help: I Got Hacked. Now What Do I Do?
• Where to draw the line? When to recommend a format and reinstall?

We can help you remove the infection(s) identified on your computer, but as explained, the recommended course of action is a reformat and reinstall. Please let me know how you wish to proceed. Below are the steps you should follow if you decide against a reformat and reinstall. If you have decided to reformat and reinstall, please let me know.

 

 
-------------------------
 

The hard drive continues to fill back up after restart or from cleaning the hard drive

We will investigate the disappearing hard drive space in due course. For now, please carry out the steps below. 

STEP 1
 Farbar Recovery Scan Tool (FRST) Scan

• Right-Click FRST.exe and select  Run as administrator to run the programme.
• Click Yes to the disclaimer.
• Ensure the Addition.txt box is checked.
• Click the Scan button and let the programme run.
• Upon completion, click OK, then OK on the Addition.txt pop up screen.
• Two logs (FRST.txt & Addition.txt) will now be open on your desktop. Copy the contents of both logs and paste in your next reply. 
   

STEP 2
 aswMBR

• Please download aswMBR and save the file to your desktop. 
• Right-Click aswMBR.exe and select  Run as administrator to run the programme.
• If you are prompted to download the latest anti-virus definitions from avast!, click Yes.
• If you are prompted to enable the use of "Virtualization Technology", click Yes.
• Click the AV Scan: drop down box and click C:\.
• Click Scan. 
• Upon completion, you will see Scan finished successfully. Click Save log. 
• Copy the contents of the log and paste in your next reply.

Note: Do NOT attempt to click Fix or FixMBR.
Note: A file (MBR.dat) will be created on your desktop. Do NOT click or delete it.
 
======================================================
 
STEP 3
 Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

• FRST.txt
• Addition.txt
• aswMBR log

[LiquidTension]

Hello, 

 

Do you still require help? 

[CatByte]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.