Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Avira Can't Remove TR/ATRAPS.Gen2 [Solved]


  • This topic is locked This topic is locked

#31
Echo24

Echo24

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Sorry for misunderstanding. Neither step 2 or 3 restored the internet connection. Here is the log from step 3 (if it helps, this isn't the first time that I ran it):

Start

Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.

Could Not Find C:\Windows\assembly\GAC_32\Desktop.ini
Could Not Find C:\Windows\assembly\GAC_64\Desktop.ini


Here is the FSS log:

Farbar Service Scanner Version: 08-07-2012
Ran by Josh Toby (administrator) on 22-07-2012 at 16:43:21
Running from "D:\"
Microsoft Windows 7 Home Premium (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Attempt to access Google.com returned error: Other errors
Yahoo IP is accessible.
Attempt to access Yahoo.com returned error: Other errors


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2012-02-16 16:52] - [2011-12-27 22:59] - 0499200 ____A (Microsoft Corporation) DB9D6C6B2CD95A9CA414D045B627422E

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2012-05-10 19:27] - [2012-03-30 06:09] - 1895280 ____A (Microsoft Corporation) 624C5B3AA4C99B3184BB922D9ECE3FF0

C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

And here is the MiniToolbox log:

MiniToolBox by Farbar Version: 15-07-2012
Ran by Josh Toby (administrator) on 22-07-2012 at 16:44:50
Microsoft Windows 7 Home Premium (X64)
Boot Mode: Normal
***************************************************************************
========================= IP Configuration: ================================

MAC Bridge Miniport = Network Bridge (Connecting)
Atheros AR8131 PCI-E Gigabit Ethernet Controller (NDIS 6.20) = Local Area Connection (Connected)
Intel® WiFi Link 1000 BGN = Wireless Network Connection (Connected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : JoshsComputer
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : 00-1E-64-0A-38-C3
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{65C6BC1F-3713-4473-922E-DC89FF2F3DEA}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 127.0.0.1

Ping request could not find host google.com. Please check the name and try again.
Server: UnKnown
Address: 127.0.0.1

Ping request could not find host yahoo.com. Please check the name and try again.
Server: UnKnown
Address: 127.0.0.1

Ping request could not find host bleepingcomputer.com. Please check the name and try again.

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
15...00 1e 64 0a 38 c3 ......Microsoft Virtual WiFi Miniport Adapter
1...........................Software Loopback Interface 1
26...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
1 306 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\NLAapi.dll [51712] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 06 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70144] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

x64-Catalog5 02 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\winrnr.dll"

x64-Catalog5 03 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

x64-Catalog5 04 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\pnrpnsp.dll"

x64-Catalog5 05 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)

**** End of log ****

Thanks for your patience.
  • 0

Advertisements


#32
farbar

farbar

    Developer

  • Expert
  • 365 posts
There is connection to internet and even Windows is updating but the name address resolution doesn't work.

Also there is something that hides any active connection so that IP configuration doesn't show the configuration of the active connection.

Let's try the system restore.

You have many restore points. We want to restore the system to an earlier date prior to the infection. If it foes well you will be able to get the connection back.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select System Restore
[*]Use the system restore point interface to restore the system to the following date:

09-07-2012 12:33:08 Windows Update

[*]If it succeeded let the system starts normally and tell me if it worked.[/list]
  • 0

#33
Echo24

Echo24

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
At first, when I restored it, it told me that there was an error. However, when I logged in, it seemed that it went okay. I can finally use the internet again (thank you so much for that). But I could still be infected. I don't know when I got the virus and Avira is half-uninstalled, so I really have no way of knowing.
  • 0

#34
farbar

farbar

    Developer

  • Expert
  • 365 posts
Great. :thumbsup:

We make sure the system is clean.

  • Please delete your copy of FRST64. Also delete C:\FRST folder, then follow the instruction in #23"]this post[/url] to download the latest FRST64, make a scan with FRST64 and post the log it makes.
  • Please uninstall Avira. If you want to keep Avira please reinstall Avira again to have an antivirus protection.
  • Please download Malwarebytes' Anti-Malware from one of these locations:
    malwarebytes.org
    majorgeeks.com
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the MBAM log.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.


Note:
In case malware prevented the mbam-setup.exe file from installing rename it to something.exe

In case malware prevented it from updating or running using Windows Explorer (right-click start > Explorer) navigate to the following folder: C"\Program Files\Malwarebyte' Anti-Malware
Locate the file mbam.exe and rename it to clear.exe then double-click to run it.

  • 0

#35
Echo24

Echo24

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Okay. I ran both. However, after the system restore, Avira was half-uninstalled. I couldn't run it, update it, or uninstall it, so I decided to uninstall it myself. I deleted some registry entries, but some, including the master key, couldn't be deleted. It no longer shows up in Programs and Features, but the Program Files folder is still there, along with the aforementioned registry keys. What should I do about it?

Here is the FRST log:

Scan result of Farbar Recovery Scan Tool Version: 20-07-2012 01
Ran by Josh Toby at 23-07-2012 10:09:50
Running from C:\Users\Josh Toby\Downloads
(X64) OS Language: English(US)
Attention: Could not load system hive.ERROR: The process cannot access the file because it is being used by another process.

ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNTION PROPERLY.


============ One Month Created Files and Folders ==============

2012-07-23 10:09 - 2012-07-23 10:09 - 01437781 ____A (Farbar) C:\Users\Josh Toby\Downloads\FRST64(1).exe
2012-07-23 10:09 - 2012-07-23 10:09 - 00000000 ____D C:\FRST
2012-07-23 09:01 - 2012-06-11 22:02 - 03147264 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-22 23:07 - 2012-07-22 23:08 - 00000000 ____D C:\Program Files (x86)\ERUNT2
2012-07-22 23:07 - 2012-07-22 23:07 - 00000883 ____A C:\Users\Josh Toby\Desktop\ERUNT.lnk
2012-07-22 23:06 - 2012-07-22 23:07 - 00791393 ____A (Lars Hederer ) C:\Users\Josh Toby\Downloads\erunt-setup.exe
2012-07-22 23:06 - 2012-06-09 00:30 - 14165504 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-07-22 23:06 - 2012-06-08 23:46 - 12868608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-07-22 23:06 - 2012-06-06 00:50 - 02003968 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-07-22 23:06 - 2012-06-06 00:50 - 01880064 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-07-22 23:06 - 2012-06-06 00:09 - 01389568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-07-22 23:06 - 2012-06-06 00:09 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-07-22 23:06 - 2012-06-02 00:38 - 00152432 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-07-22 23:06 - 2012-06-02 00:38 - 00095088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-07-22 23:06 - 2012-06-02 00:37 - 00459216 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-07-22 23:06 - 2012-06-02 00:27 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-07-22 23:06 - 2012-06-02 00:27 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-07-22 23:06 - 2012-06-01 23:48 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-07-22 23:06 - 2012-06-01 23:48 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-07-22 23:06 - 2012-06-01 23:47 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-07-22 23:06 - 2012-06-01 23:42 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-07-18 11:01 - 2012-07-22 16:45 - 00007256 ____A C:\Users\Josh Toby\Desktop\Result.txt
2012-07-13 22:11 - 2012-07-13 22:11 - 00021866 ____A C:\ComboFix.txt
2012-07-13 08:56 - 2012-07-13 22:11 - 00000000 ____D C:\Qoobox
2012-07-13 08:25 - 2012-07-13 08:25 - 00000000 ____D C:\_OTL
2012-07-13 08:23 - 2012-07-22 23:08 - 00000000 ____D C:\Windows\ERDNT
2012-07-13 08:22 - 2012-07-23 01:39 - 00000000 ____D C:\Program Files (x86)\ERUNT
2012-07-11 17:59 - 2012-07-11 18:01 - 60805809 ____A C:\Users\Josh Toby\Downloads\Pokemon - HeartGold.zip
2012-07-11 11:49 - 2012-07-23 01:39 - 00000000 ____D C:\Program Files (x86)\SC
2012-07-11 11:46 - 2012-07-11 11:46 - 04613404 ____A C:\Users\Josh Toby\Downloads\setupsdV271en.zip
2012-07-11 11:02 - 2012-07-11 16:49 - 00044760 ____A C:\Users\Josh Toby\Downloads\Extras.Txt
2012-07-11 10:58 - 2012-07-21 20:56 - 00222712 ____A C:\Users\Josh Toby\Downloads\OTL.Txt
2012-07-07 16:44 - 2012-07-07 16:47 - 00002003 ____A C:\Users\Josh Toby\Desktop\RealPlayer.lnk
2012-07-04 19:23 - 2012-07-04 19:23 - 00000296 ____A C:\Windows\SysWOW64\msexcr.ini
2012-07-02 12:02 - 2012-07-02 12:02 - 00000000 ____D C:\Users\Josh Toby\AppData\Roaming\Mael
2012-07-02 11:57 - 2012-07-02 11:57 - 00000000 ____D C:\Program Files (x86)\HxD
2012-06-27 19:30 - 2012-06-27 19:30 - 00699808 ____A C:\Windows\Minidump\062712-25771-01.dmp
2012-06-25 20:23 - 2012-06-25 20:23 - 00000000 ____D C:\Users\Josh Toby\Documents\MyTIData
2012-06-25 17:11 - 2012-06-25 17:12 - 00437248 ____A (Microsoft Corporation) C:\Windows\System32\mspaintxp.exe
2012-06-25 16:33 - 2012-06-02 17:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-25 16:33 - 2012-06-02 17:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-25 16:33 - 2012-06-02 17:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-25 16:33 - 2012-06-02 17:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-25 16:33 - 2012-06-02 17:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-25 16:33 - 2012-06-02 17:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-25 16:33 - 2012-06-02 17:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-25 16:33 - 2012-06-02 15:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-25 16:33 - 2012-06-02 15:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe

============ 3 Months Modified Files ========================

2012-07-23 10:09 - 2012-07-23 10:09 - 01437781 ____A (Farbar) C:\Users\Josh Toby\Downloads\FRST64(1).exe
2012-07-23 10:03 - 2010-02-26 18:49 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-07-23 09:50 - 2012-04-22 10:43 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-07-23 09:50 - 2012-04-22 10:43 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-23 09:50 - 2011-07-27 20:11 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-07-23 09:26 - 2009-07-14 00:13 - 00726444 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-23 09:25 - 2009-07-13 23:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-23 09:25 - 2009-07-13 23:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-23 09:22 - 2009-07-13 23:51 - 00078121 ____A C:\Windows\setupact.log
2012-07-23 09:17 - 2010-02-26 18:49 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-07-23 09:17 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-23 09:17 - 2009-07-13 23:45 - 00358200 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-23 09:01 - 2008-01-14 21:13 - 02020611 ____A C:\Windows\WindowsUpdate.log
2012-07-23 08:56 - 2009-11-29 18:37 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-07-22 23:07 - 2012-07-22 23:07 - 00000883 ____A C:\Users\Josh Toby\Desktop\ERUNT.lnk
2012-07-22 23:07 - 2012-07-22 23:06 - 00791393 ____A (Lars Hederer ) C:\Users\Josh Toby\Downloads\erunt-setup.exe
2012-07-22 16:45 - 2012-07-18 11:01 - 00007256 ____A C:\Users\Josh Toby\Desktop\Result.txt
2012-07-21 20:56 - 2012-07-11 10:58 - 00222712 ____A C:\Users\Josh Toby\Downloads\OTL.Txt
2012-07-19 22:11 - 2011-05-07 17:01 - 00016136 ____A C:\Users\Josh Toby\Documents\MT.xlsx
2012-07-13 22:11 - 2012-07-13 22:11 - 00021866 ____A C:\ComboFix.txt
2012-07-11 18:01 - 2012-07-11 17:59 - 60805809 ____A C:\Users\Josh Toby\Downloads\Pokemon - HeartGold.zip
2012-07-11 16:49 - 2012-07-11 11:02 - 00044760 ____A C:\Users\Josh Toby\Downloads\Extras.Txt
2012-07-11 11:46 - 2012-07-11 11:46 - 04613404 ____A C:\Users\Josh Toby\Downloads\setupsdV271en.zip
2012-07-07 16:47 - 2012-07-07 16:44 - 00002003 ____A C:\Users\Josh Toby\Desktop\RealPlayer.lnk
2012-07-04 19:23 - 2012-07-04 19:23 - 00000296 ____A C:\Windows\SysWOW64\msexcr.ini
2012-07-03 22:10 - 2009-08-20 02:51 - 01836624 ____A C:\Windows\PFRO.log
2012-06-28 19:07 - 2009-11-15 15:21 - 00086392 ____A C:\Users\Josh Toby\AppData\Local\GDIPFONTCACHEV1.DAT
2012-06-27 19:30 - 2012-06-27 19:30 - 00699808 ____A C:\Windows\Minidump\062712-25771-01.dmp
2012-06-27 19:30 - 2010-05-26 09:38 - 326202262 ____A C:\Windows\MEMORY.DMP
2012-06-25 17:12 - 2012-06-25 17:11 - 00437248 ____A (Microsoft Corporation) C:\Windows\System32\mspaintxp.exe
2012-06-19 17:02 - 2012-06-19 17:02 - 01359824 ____A C:\Users\Josh Toby\Documents\pc-decrapifier-2.2.8.exe
2012-06-11 22:02 - 2012-07-23 09:01 - 03147264 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-09 00:30 - 2012-07-22 23:06 - 14165504 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-08 23:46 - 2012-07-22 23:06 - 12868608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-06 00:50 - 2012-07-22 23:06 - 02003968 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-06 00:50 - 2012-07-22 23:06 - 01880064 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-06 00:09 - 2012-07-22 23:06 - 01389568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-06 00:09 - 2012-07-22 23:06 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-06-02 17:19 - 2012-06-25 16:33 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 17:19 - 2012-06-25 16:33 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 17:19 - 2012-06-25 16:33 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 17:19 - 2012-06-25 16:33 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 17:19 - 2012-06-25 16:33 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 17:15 - 2012-06-25 16:33 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 17:15 - 2012-06-25 16:33 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 15:19 - 2012-06-25 16:33 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 15:15 - 2012-06-25 16:33 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 00:38 - 2012-07-22 23:06 - 00152432 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-02 00:38 - 2012-07-22 23:06 - 00095088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-02 00:37 - 2012-07-22 23:06 - 00459216 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-02 00:27 - 2012-07-22 23:06 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-02 00:27 - 2012-07-22 23:06 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-06-01 23:48 - 2012-07-22 23:06 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-06-01 23:48 - 2012-07-22 23:06 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-06-01 23:47 - 2012-07-22 23:06 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-06-01 23:42 - 2012-07-22 23:06 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-06-01 12:02 - 2012-03-23 17:52 - 00001207 ____A C:\Users\Josh Toby\Desktop\Any Video Converter.lnk
2012-05-31 12:25 - 2009-11-29 18:39 - 00279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-05-19 21:53 - 2012-05-19 21:53 - 00001812 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2012-05-14 22:56 - 2012-06-12 19:21 - 01197568 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-14 22:52 - 2012-06-12 19:21 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-14 22:08 - 2012-06-12 19:21 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-05-14 22:06 - 2012-06-12 19:21 - 00048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-05-12 13:22 - 2010-05-23 18:51 - 00000072 ____A C:\Users\Public\LMDebug.log
2012-05-08 20:43 - 2011-10-20 21:58 - 00132832 ____A (Avira GmbH) C:\Windows\System32\Drivers\avipbb.sys
2012-05-08 20:43 - 2011-10-20 21:58 - 00098848 ____A (Avira GmbH) C:\Windows\System32\Drivers\avgntflt.sys
2012-05-04 05:52 - 2012-06-12 19:19 - 05505392 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 05:08 - 2012-06-12 19:19 - 03958128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-04 05:08 - 2012-06-12 19:19 - 03902320 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-02 00:32 - 2012-06-12 19:23 - 00208896 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-04-27 22:50 - 2012-06-12 19:19 - 00204800 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-26 00:34 - 2012-06-12 19:19 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-26 00:34 - 2012-06-12 19:19 - 00076288 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-26 00:28 - 2012-06-12 19:19 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 57%
Total physical RAM: 1978.92 MB
Available physical RAM: 837.95 MB
Total Pagefile: 3957.84 MB
Available Pagefile: 2240.05 MB
Total Virtual: 8192 MB
Available Virtual: 8191.87 MB

======================= Partitions =========================

1 Drive c: (Gateway) (Fixed) (Total:220.79 GB) (Free:133.72 GB) NTFS
2 Drive d: () (Removable) (Total:1.79 GB) (Free:1.79 GB) FAT

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 232 GB 0 B
Disk 1 Online 1838 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 12 GB 1024 KB
Partition 2 Primary 100 MB 12 GB
Partition 3 Primary 220 GB 12 GB

==================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 PQSERVICE NTFS Partition 12 GB Healthy Hidden

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 0 SYSTEM RESE NTFS Partition 100 MB Healthy System (partition with boot components)

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C Gateway NTFS Partition 220 GB Healthy Boot

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
* Partition 1 Primary 1838 MB 0 B

==================================================================================

Disk: 1
There is no partition selected.

There is no partition selected.
Please select a partition and try again.

==================================================================================

==========================================================

Last Boot: 2012-05-30 11:59

======================= End Of Log ==========================

And here is the MBAM log:

Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.23.09

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Josh Toby :: JOSHSCOMPUTER [administrator]

Protection: Enabled

7/23/2012 10:26:39 AM
mbam-log-2012-07-23 (10-26-39).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 193974
Time elapsed: 9 minute(s), 9 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 7
HKCR\CLSID\{D9291F9E-7010-4D7A-8DF6-455DEEF8EF51} (PUP.LivingPlay) -> Quarantined and deleted successfully.
HKCR\TypeLib\{8006F89E-63A1-402A-8DB7-08A4C58F95AA} (PUP.LivingPlay) -> Quarantined and deleted successfully.
HKCR\Interface\{D4256C66-8177-4E19-8A13-2D43B2282D0D} (PUP.LivingPlay) -> Quarantined and deleted successfully.
HKCR\lptlIE.TextLinks.1 (PUP.LivingPlay) -> Quarantined and deleted successfully.
HKCR\lptlIE.TextLinks (PUP.LivingPlay) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D9291F9E-7010-4D7A-8DF6-455DEEF8EF51} (PUP.LivingPlay) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{D9291F9E-7010-4D7A-8DF6-455DEEF8EF51} (PUP.LivingPlay) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Josh Toby\AppData\Local\Temp\guppy-silent.exe (PUP.Zugo) -> Quarantined and deleted successfully.

(end)
  • 0

#36
farbar

farbar

    Developer

  • Expert
  • 365 posts
Please save FRST on the flash drive and run it from the recovery mode as follows:

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
  • 0

#37
Echo24

Echo24

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Scan result of Farbar Recovery Scan Tool Version: 20-07-2012 01
Ran by SYSTEM at 23-07-2012 13:51:55
Running from F:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [320000 2009-04-09] (AlcorMicro Co., Ltd.)
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7940128 2009-07-06] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-07-06] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Acer ePower Management] C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe [828960 2009-08-05] (Acer Incorporated)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1808168 2009-06-18] (Synaptics Incorporated)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [159232 2009-09-02] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [380928 2009-09-02] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [358912 2009-09-02] (Intel Corporation)
HKLM\...\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun [825184 2009-09-30] (Microsoft Corporation)
HKLM-x32\...\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe [825864 2009-08-16] (Dritek System Inc.)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED [588648 2009-07-24] (Symantec Corporation)
HKLM-x32\...\Run: [Camera Assistant Software] "C:\Program Files (x86)\Video Web Camera\traybar.exe" [630784 2009-06-29] (Chicony)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [STO Backup Service] C:\Program Files (x86)\SmarThru Office\BackUpSvr.exe [192512 2008-08-05] ()
HKLM-x32\...\Run: [STO Launcher Service] C:\Program Files (x86)\SmarThru Office\x64\LegacyLauncher.exe /run [383488 2008-08-05] ()
HKLM-x32\...\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun [552960 2009-03-23] ()
HKLM-x32\...\Run: [4x26 Scan2PC] "C:\Windows\Twain_32\Samsung\SCX4x26\Scan2pc.exe" [503808 2009-03-17] ()
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM-x32\...\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [348624 2012-05-08] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot [296056 2012-01-07] (RealNetworks, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe" -u auto-update [239336 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462920 2012-07-03] (Malwarebytes Corporation)
HKU\Josh Toby\...\Run: [A34553D58FCE2714D7C827068F456B9CA34A7632._service_run] "C:\Users\Josh Toby\AppData\Local\Google\Chrome\Application\chrome.exe" --type=service [x]
HKU\Josh Toby\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
HKU\Josh Toby\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [17344176 2012-06-05] (Skype Technologies S.A.)
HKU\Josh Toby\...\Run: [Media Finder] "C:\Program Files (x86)\Media Finder\MF.exe" /opentotray [x]
HKU\Josh Toby\...\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent [1242448 2012-03-25] (Valve Corporation)
HKU\Josh Toby\...\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59240 2012-02-23] (Apple Inc.)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Startup: C:\Users\Josh Toby\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
ShortcutTarget: ERUNT AutoBackup.lnk -> C:\Program Files (x86)\ERUNT2\AUTOBACK.EXE ()

==================== Services (Whitelisted) ======

2 AntiVirSchedulerService; "C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe" [86224 2012-05-08] (Avira Operations GmbH & Co. KG)
2 AntiVirService; "C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe" [110032 2012-05-08] (Avira Operations GmbH & Co. KG)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation)
2 AdobeActiveFileMonitor8.0; C:\Users\Josh Toby\Desktop\Photoshop Stuff\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [x]

========================== Drivers (Whitelisted) =============

2 avgntflt; C:\Windows\System32\Drivers\avgntflt.sys [98848 2012-05-08] (Avira GmbH)
1 avipbb; C:\Windows\System32\Drivers\avipbb.sys [132832 2012-05-08] (Avira GmbH)
1 avkmgr; C:\Windows\System32\Drivers\avkmgr.sys [27760 2011-10-11] (Avira GmbH)
2 DgiVecp; C:\Windows\System32\Drivers\DgiVecp.sys [53816 2009-02-11] (Samsung Electronics Co., Ltd.)
3 int15.sys; \??\C:\Windows\System32\OEM\Factory\int15.sys [17952 2008-03-28] (Acer, Inc.)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-07-03] (Malwarebytes Corporation)
3 usbio; C:\Windows\System32\Drivers\dsiarhwprog_x64.sys [51600 2007-02-08] (Thesycon GmbH, Germany)
3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-07-23 07:25 - 2012-07-23 07:25 - 00001080 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-23 07:25 - 2012-07-23 07:25 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-23 07:24 - 2012-07-23 07:24 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Josh Toby\Downloads\mbam-setup-1.62.0.1300.exe
2012-07-23 07:15 - 2012-07-23 07:15 - 00000042 ____A C:\Windows\SysWOW64\AK083E209605E394C.lie
2012-07-23 07:14 - 2012-07-23 07:14 - 03543936 ____A (www.PerfectUninstaller.net ) C:\Users\Josh Toby\Downloads\PerfectUninstaller_Setup.exe
2012-07-23 07:10 - 2012-07-23 07:10 - 00016875 ____A C:\Users\Josh Toby\Downloads\FRST.txt
2012-07-23 07:09 - 2012-07-23 07:09 - 01437781 ____A (Farbar) C:\Users\Josh Toby\Downloads\FRST64(1).exe
2012-07-23 07:09 - 2012-07-23 07:09 - 00000000 ____D C:\FRST
2012-07-23 06:01 - 2012-06-11 19:02 - 03147264 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-22 20:07 - 2012-07-22 20:08 - 00000000 ____D C:\Program Files (x86)\ERUNT2
2012-07-22 20:07 - 2012-07-22 20:07 - 00000883 ____A C:\Users\Josh Toby\Desktop\ERUNT.lnk
2012-07-22 20:06 - 2012-07-22 20:07 - 00791393 ____A (Lars Hederer ) C:\Users\Josh Toby\Downloads\erunt-setup.exe
2012-07-22 20:06 - 2012-06-08 21:30 - 14165504 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-07-22 20:06 - 2012-06-08 20:46 - 12868608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-07-22 20:06 - 2012-06-05 21:50 - 02003968 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-07-22 20:06 - 2012-06-05 21:50 - 01880064 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-07-22 20:06 - 2012-06-05 21:09 - 01389568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-07-22 20:06 - 2012-06-05 21:09 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-07-22 20:06 - 2012-06-01 21:38 - 00152432 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-07-22 20:06 - 2012-06-01 21:38 - 00095088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-07-22 20:06 - 2012-06-01 21:37 - 00459216 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-07-22 20:06 - 2012-06-01 21:27 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-07-22 20:06 - 2012-06-01 21:27 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-07-22 20:06 - 2012-06-01 20:48 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-07-22 20:06 - 2012-06-01 20:48 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-07-22 20:06 - 2012-06-01 20:47 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-07-22 20:06 - 2012-06-01 20:42 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-07-13 19:11 - 2012-07-13 19:11 - 00021866 ____A C:\ComboFix.txt
2012-07-13 05:56 - 2012-07-13 19:11 - 00000000 ____D C:\Qoobox
2012-07-13 05:25 - 2012-07-13 05:25 - 00000000 ____D C:\_OTL
2012-07-13 05:23 - 2012-07-22 20:08 - 00000000 ____D C:\Windows\ERDNT
2012-07-13 05:22 - 2012-07-22 22:39 - 00000000 ____D C:\Program Files (x86)\ERUNT
2012-07-11 14:59 - 2012-07-11 15:01 - 60805809 ____A C:\Users\Josh Toby\Downloads\Pokemon - HeartGold.zip
2012-07-11 08:49 - 2012-07-22 22:39 - 00000000 ____D C:\Program Files (x86)\SC
2012-07-11 08:02 - 2012-07-11 13:49 - 00044760 ____A C:\Users\Josh Toby\Downloads\Extras.Txt
2012-07-11 07:58 - 2012-07-21 17:56 - 00222712 ____A C:\Users\Josh Toby\Downloads\OTL.Txt
2012-07-07 13:44 - 2012-07-07 13:47 - 00002003 ____A C:\Users\Josh Toby\Desktop\RealPlayer.lnk
2012-07-04 16:23 - 2012-07-04 16:23 - 00000296 ____A C:\Windows\SysWOW64\msexcr.ini
2012-07-02 09:02 - 2012-07-02 09:02 - 00000000 ____D C:\Users\Josh Toby\AppData\Roaming\Mael
2012-07-02 08:57 - 2012-07-02 08:57 - 00000000 ____D C:\Program Files (x86)\HxD
2012-06-27 16:30 - 2012-06-27 16:30 - 00699808 ____A C:\Windows\Minidump\062712-25771-01.dmp
2012-06-25 17:23 - 2012-06-25 17:23 - 00000000 ____D C:\Users\Josh Toby\Documents\MyTIData
2012-06-25 14:11 - 2012-06-25 14:12 - 00437248 ____A (Microsoft Corporation) C:\Windows\System32\mspaintxp.exe
2012-06-25 13:33 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-25 13:33 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-25 13:33 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-25 13:33 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-25 13:33 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-25 13:33 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-25 13:33 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-25 13:33 - 2012-06-02 12:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-25 13:33 - 2012-06-02 12:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe

============ 3 Months Modified Files ========================

2012-07-23 10:49 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-23 10:49 - 2009-07-13 20:51 - 00078289 ____A C:\Windows\setupact.log
2012-07-23 10:47 - 2008-01-14 18:13 - 02031616 ____A C:\Windows\WindowsUpdate.log
2012-07-23 10:37 - 2012-04-22 07:43 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-23 10:37 - 2010-02-26 15:49 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-07-23 08:13 - 2010-02-26 15:49 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-07-23 07:51 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-23 07:51 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-23 07:43 - 2009-08-19 23:51 - 01836980 ____A C:\Windows\PFRO.log
2012-07-23 07:25 - 2012-07-23 07:25 - 00001080 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-23 07:24 - 2012-07-23 07:24 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Josh Toby\Downloads\mbam-setup-1.62.0.1300.exe
2012-07-23 07:15 - 2012-07-23 07:15 - 00000042 ____A C:\Windows\SysWOW64\AK083E209605E394C.lie
2012-07-23 07:14 - 2012-07-23 07:14 - 03543936 ____A (www.PerfectUninstaller.net ) C:\Users\Josh Toby\Downloads\PerfectUninstaller_Setup.exe
2012-07-23 07:10 - 2012-07-23 07:10 - 00016875 ____A C:\Users\Josh Toby\Downloads\FRST.txt
2012-07-23 07:09 - 2012-07-23 07:09 - 01437781 ____A (Farbar) C:\Users\Josh Toby\Downloads\FRST64(1).exe
2012-07-23 06:50 - 2012-04-22 07:43 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-07-23 06:50 - 2011-07-27 17:11 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-07-23 06:26 - 2009-07-13 21:13 - 00726444 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-23 06:17 - 2009-07-13 20:45 - 00358200 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-23 05:56 - 2009-11-29 15:37 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-07-22 20:07 - 2012-07-22 20:07 - 00000883 ____A C:\Users\Josh Toby\Desktop\ERUNT.lnk
2012-07-22 20:07 - 2012-07-22 20:06 - 00791393 ____A (Lars Hederer ) C:\Users\Josh Toby\Downloads\erunt-setup.exe
2012-07-21 17:56 - 2012-07-11 07:58 - 00222712 ____A C:\Users\Josh Toby\Downloads\OTL.Txt
2012-07-19 19:11 - 2011-05-07 14:01 - 00016136 ____A C:\Users\Josh Toby\Documents\MT.xlsx
2012-07-13 19:11 - 2012-07-13 19:11 - 00021866 ____A C:\ComboFix.txt
2012-07-11 15:01 - 2012-07-11 14:59 - 60805809 ____A C:\Users\Josh Toby\Downloads\Pokemon - HeartGold.zip
2012-07-11 13:49 - 2012-07-11 08:02 - 00044760 ____A C:\Users\Josh Toby\Downloads\Extras.Txt
2012-07-07 13:47 - 2012-07-07 13:44 - 00002003 ____A C:\Users\Josh Toby\Desktop\RealPlayer.lnk
2012-07-04 16:23 - 2012-07-04 16:23 - 00000296 ____A C:\Windows\SysWOW64\msexcr.ini
2012-07-03 10:46 - 2010-03-29 15:48 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-06-28 16:07 - 2009-11-15 12:21 - 00086392 ____A C:\Users\Josh Toby\AppData\Local\GDIPFONTCACHEV1.DAT
2012-06-27 16:30 - 2012-06-27 16:30 - 00699808 ____A C:\Windows\Minidump\062712-25771-01.dmp
2012-06-27 16:30 - 2010-05-26 06:38 - 326202262 ____A C:\Windows\MEMORY.DMP
2012-06-25 14:12 - 2012-06-25 14:11 - 00437248 ____A (Microsoft Corporation) C:\Windows\System32\mspaintxp.exe
2012-06-19 14:02 - 2012-06-19 14:02 - 01359824 ____A C:\Users\Josh Toby\Documents\pc-decrapifier-2.2.8.exe
2012-06-11 19:02 - 2012-07-23 06:01 - 03147264 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-08 21:30 - 2012-07-22 20:06 - 14165504 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-08 20:46 - 2012-07-22 20:06 - 12868608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-05 21:50 - 2012-07-22 20:06 - 02003968 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 21:50 - 2012-07-22 20:06 - 01880064 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-05 21:09 - 2012-07-22 20:06 - 01389568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-05 21:09 - 2012-07-22 20:06 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-06-02 14:19 - 2012-06-25 13:33 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-25 13:33 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-25 13:33 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-25 13:33 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-25 13:33 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-25 13:33 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-25 13:33 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 12:19 - 2012-06-25 13:33 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 12:15 - 2012-06-25 13:33 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-01 21:38 - 2012-07-22 20:06 - 00152432 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-01 21:38 - 2012-07-22 20:06 - 00095088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-01 21:37 - 2012-07-22 20:06 - 00459216 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-01 21:27 - 2012-07-22 20:06 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 21:27 - 2012-07-22 20:06 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-06-01 20:48 - 2012-07-22 20:06 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-06-01 20:48 - 2012-07-22 20:06 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-06-01 20:47 - 2012-07-22 20:06 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-06-01 20:42 - 2012-07-22 20:06 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-06-01 09:02 - 2012-03-23 14:52 - 00001207 ____A C:\Users\Josh Toby\Desktop\Any Video Converter.lnk
2012-05-31 09:25 - 2009-11-29 15:39 - 00279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-05-19 18:53 - 2012-05-19 18:53 - 00001812 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2012-05-14 19:56 - 2012-06-12 16:21 - 01197568 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-14 19:52 - 2012-06-12 16:21 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-14 19:08 - 2012-06-12 16:21 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-05-14 19:06 - 2012-06-12 16:21 - 00048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-05-12 10:22 - 2010-05-23 15:51 - 00000072 ____A C:\Users\Public\LMDebug.log
2012-05-08 17:43 - 2011-10-20 18:58 - 00132832 ____A (Avira GmbH) C:\Windows\System32\Drivers\avipbb.sys
2012-05-08 17:43 - 2011-10-20 18:58 - 00098848 ____A (Avira GmbH) C:\Windows\System32\Drivers\avgntflt.sys
2012-05-04 02:52 - 2012-06-12 16:19 - 05505392 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 02:08 - 2012-06-12 16:19 - 03958128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-04 02:08 - 2012-06-12 16:19 - 03902320 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-01 21:32 - 2012-06-12 16:23 - 00208896 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-04-27 19:50 - 2012-06-12 16:19 - 00204800 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-25 21:34 - 2012-06-12 16:19 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-25 21:34 - 2012-06-12 16:19 - 00076288 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-25 21:28 - 2012-06-12 16:19 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe


========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 26%
Total physical RAM: 1978.92 MB
Available physical RAM: 1462.99 MB
Total Pagefile: 1978.92 MB
Available Pagefile: 1449.86 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

======================= Partitions =========================

1 Drive c: (Gateway) (Fixed) (Total:220.79 GB) (Free:133.62 GB) NTFS
2 Drive e: (PQSERVICE) (Fixed) (Total:12 GB) (Free:3.52 GB) NTFS
3 Drive f: () (Removable) (Total:1.79 GB) (Free:1.79 GB) FAT
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
5 Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 232 GB 0 B
Disk 1 Online 1838 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 12 GB 1024 KB
Partition 2 Primary 100 MB 12 GB
Partition 3 Primary 220 GB 12 GB

==================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 E PQSERVICE NTFS Partition 12 GB Healthy Hidden

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 0 Y SYSTEM RESE NTFS Partition 100 MB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C Gateway NTFS Partition 220 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
* Partition 1 Primary 1838 MB 0 B

==================================================================================

Disk: 1
There is no partition selected.

There is no partition selected.
Please select a partition and try again.

==================================================================================

==========================================================

Last Boot: 2012-05-30 08:59

======================= End Of Log ==========================
  • 0

#38
jeffce

jeffce

    Trusted Helper

  • Malware Removal
  • 216 posts
  • MVP
Hi!

Thanks for watching over this farbar! Your assistance is greatly appreciated! :D
----------

Things are looking better. How is your system running now?
----------

Please download and run the program found here to remove Avira completely. Once that is done reboot your system and then you can either do a fresh install of Avira or choose from one of the two free antivirus programs below to add to your system.

Microsoft Security Essentials
Avast
  • 0

#39
Echo24

Echo24

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
I tried using the tool to remove Avira, but there are ten or so registries that can't be deleted. Also, which would you recommend, Avast or Avira? Thanks.
  • 0

#40
jeffce

jeffce

    Trusted Helper

  • Malware Removal
  • 216 posts
  • MVP
I personally would use Avast (I really do use it)over Avira. How is your system running?
  • 0

Advertisements


#41
Echo24

Echo24

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Everything's working fine. What can I do to make sure I don't get infected again?
  • 0

#42
jeffce

jeffce

    Trusted Helper

  • Malware Removal
  • 216 posts
  • MVP
Great! Glad to hear. Let's check for some updates and then we should be finished. At the end I will give you some good information about keeping your system more secure. :thumbsup:
----------

Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt
  • Please post the contents of that document.

  • 0

#43
Echo24

Echo24

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Okay, here is the log.

Results of screen317's Security Check version 0.99.43
Windows 7 x64 (UAC is enabled)
Out of date service pack!!
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Avira Desktop
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
Java™ 6 Update 31
Java version out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox 13.0.1 Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 8%
````````````````````End of Log``````````````````````
  • 0

#44
jeffce

jeffce

    Trusted Helper

  • Malware Removal
  • 216 posts
  • MVP
Hi,

Please go to Start > Control Panel > Programs and Features > remove all the Java Programs you see, now download the latest Java from the following link and install it:

http://java.com/en/download/index.jsp
----------

You have an older version of Adobe Reader. You can download the current version HERE

You may want to consider Foxit Reader instead. It may be a bit lighter on resources.

Visit their support forum
Foxit Forum

In either case you should uninstall Adobe Reader 9 first. Be sure to move any PDF documents to another folder first though.
----------
  • 0

#45
Echo24

Echo24

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Okay, I installed both. Now what?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP