Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Avast Malware Blocked Problem

Started by confusedperson , Aug 05 2012 06:40 AM

  • Please log in to reply

#1
confusedperson
Posted 05 August 2012 - 06:40 AM

confusedperson

    New Member

  • Member
  • Pip
  • 3 posts
I am currently using Avast Free in version 7.0.1456 I just updated this today although I have been experiencing this problem since yesterday. Yesterday as I was on google and on a blog, I have visted this blog many times before, and was about to take it off when the malware popup came up which then was followed by another and another. I turned off my computer and put it back on again and it stopped, for a while. The problem continued I then asked my brother to log onto his file and didn't happen to him! Today I thought it would be ok as it didn't happen to him but within a couple of minutes of logging on a pop up came, folowed by another, they have stopped for a while but do pop up once in a while. I would like to know how to get rid of the here are the logs:
OTL logfile created on: 05/08/2012 13:24:45 - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Maaria\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

8.00 Gb Total Physical Memory | 6.48 Gb Available Physical Memory | 81.04% Memory free
16.00 Gb Paging File | 14.17 Gb Available in Paging File | 88.61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 917.56 Gb Total Space | 832.24 Gb Free Space | 90.70% Space Free | Partition Type: NTFS
Drive D: | 35.09 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: ZAMIR-PC | User Name: Zamir | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/05 13:23:22 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Maaria\Downloads\OTL.exe
PRC - [2012/03/07 00:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/03/07 00:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/01/14 14:59:23 | 000,183,296 | ---- | M] () -- C:\Users\Maaria\AppData\Roaming\Fuyv\vyuf.exe
PRC - [2009/10/15 03:10:44 | 001,169,904 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\Roxio Burn.exe
PRC - [2009/10/15 03:10:28 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/14 14:59:23 | 000,183,296 | ---- | M] () -- C:\Users\Maaria\AppData\Roaming\Fuyv\vyuf.exe
MOD - [2009/10/15 03:10:44 | 001,169,904 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\Roxio Burn.exe
MOD - [2009/10/15 03:10:28 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
MOD - [2009/10/15 03:10:16 | 000,588,272 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\BBEngineAS.dll
MOD - [2009/09/28 00:52:34 | 000,375,280 | ---- | M] () -- c:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SQLite352.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/03/07 00:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2011/01/26 22:55:38 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/08/04 12:58:36 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/07 00:04:06 | 000,819,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/03/07 00:04:04 | 000,337,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/03/07 00:02:20 | 000,053,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012/03/07 00:01:57 | 000,059,224 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/03/07 00:01:52 | 000,069,976 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/03/07 00:01:32 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/26 23:37:22 | 009,085,952 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/01/26 22:13:34 | 000,299,520 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/11/23 16:12:00 | 001,579,520 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2009/08/06 04:43:58 | 000,320,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 03:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/05 10:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {ecfbff3c-fd5b-4a47-816c-c926ea321561} - C:\Program Files (x86)\Serif_MoviePlus\prxtbSer0.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 05 31 BD 78 46 87 CC 01 [binary data]
IE - HKCU\..\URLSearchHook: {ecfbff3c-fd5b-4a47-816c-c926ea321561} - C:\Program Files (x86)\Serif_MoviePlus\prxtbSer0.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{423B1E74-607B-4199-9CCF-622904F3C86A}: "URL" = http://search.condui...&ctid=CT3069202
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Zamir\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Zamir\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)


[2012/05/22 17:02:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zamir\AppData\Roaming\Mozilla\Firefox\extensions
[2012/05/22 17:02:52 | 000,000,000 | ---D | M] (Serif MoviePlus Community Toolbar) -- C:\Users\Zamir\AppData\Roaming\Mozilla\Firefox\extensions\{ecfbff3c-fd5b-4a47-816c-c926ea321561}

========== Chrome ==========

CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage:
CHR - Extension: YouTube = C:\Users\Zamir\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Zamir\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: avast! WebRep = C:\Users\Zamir\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\
CHR - Extension: Serif MoviePlus = C:\Users\Zamir\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfafkpaifpmpadngdmgiikeipjiedbpc\2.3.3.3_0\
CHR - Extension: Gmail = C:\Users\Zamir\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Serif MoviePlus Toolbar) - {ecfbff3c-fd5b-4a47-816c-c926ea321561} - C:\Program Files (x86)\Serif_MoviePlus\prxtbSer0.dll (Conduit Ltd.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Serif MoviePlus Toolbar) - {ecfbff3c-fd5b-4a47-816c-c926ea321561} - C:\Program Files (x86)\Serif_MoviePlus\prxtbSer0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Serif MoviePlus Toolbar) - {ECFBFF3C-FD5B-4A47-816C-C926EA321561} - C:\Program Files (x86)\Serif_MoviePlus\prxtbSer0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{79D5AC21-C7A9-45A8-9EB2-CB2C9BE1DCD4}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/02/22 01:43:08 | 000,358,248 | R--- | M] (NETGEAR Inc.) - D:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2006/05/29 09:27:40 | 000,000,047 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/05 12:31:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/07/24 14:00:30 | 000,000,000 | ---D | C] -- C:\Users\Zamir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/07/07 15:38:51 | 000,000,000 | ---D | C] -- C:\Windows\en
[1 C:\Users\Maaria\AppData\Local\{7b17814c-6124-70b9-1784-916e59c58a39}\*.tmp files -> C:\Users\Maaria\AppData\Local\{7b17814c-6124-70b9-1784-916e59c58a39}\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/05 13:17:06 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/05 13:17:06 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/05 13:14:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/05 13:10:14 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/05 13:09:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/05 13:09:39 | 2146,676,735 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/05 13:04:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2096948156-3174776095-956837993-1000UA.job
[2012/08/05 13:02:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2096948156-3174776095-956837993-1004UA.job
[2012/08/05 12:58:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2096948156-3174776095-956837993-1003UA.job
[2012/08/05 12:58:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/05 12:31:33 | 000,001,843 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/08/05 12:31:32 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/08/02 19:58:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2096948156-3174776095-956837993-1003Core.job
[2012/07/26 14:04:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2096948156-3174776095-956837993-1000Core.job
[2012/07/26 14:02:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2096948156-3174776095-956837993-1004Core.job
[2012/07/24 14:01:06 | 000,000,632 | RHS- | M] () -- C:\Users\Zamir\ntuser.pol
[2012/07/16 17:39:03 | 463,356,003 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/07/11 18:11:22 | 000,296,720 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2012/08/05 12:31:33 | 000,001,843 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/07/25 19:53:26 | 000,000,912 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2096948156-3174776095-956837993-1003UA.job
[2012/07/25 19:53:25 | 000,000,860 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2096948156-3174776095-956837993-1003Core.job
[2012/07/24 14:01:06 | 000,000,632 | RHS- | C] () -- C:\Users\Zamir\ntuser.pol
[2012/07/24 13:59:36 | 000,000,908 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2096948156-3174776095-956837993-1000UA.job
[2012/07/24 13:59:35 | 000,000,856 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2096948156-3174776095-956837993-1000Core.job
[2012/07/24 13:57:27 | 000,000,912 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2096948156-3174776095-956837993-1004UA.job
[2012/07/24 13:57:26 | 000,000,860 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2096948156-3174776095-956837993-1004Core.job
[2012/01/11 21:14:40 | 000,002,048 | -HS- | C] () -- C:\Users\Maaria\AppData\Local\{7b17814c-6124-70b9-1784-916e59c58a39}\@
[2011/10/10 13:21:51 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/12/21 02:27:22 | 000,003,113 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== LOP Check ==========

[2012/08/05 12:44:18 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >




OTL Extras logfile created on: 05/08/2012 13:24:45 - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Maaria\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

8.00 Gb Total Physical Memory | 6.48 Gb Available Physical Memory | 81.04% Memory free
16.00 Gb Paging File | 14.17 Gb Available in Paging File | 88.61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 917.56 Gb Total Space | 832.24 Gb Free Space | 90.70% Space Free | Partition Type: NTFS
Drive D: | 35.09 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: ZAMIR-PC | User Name: Zamir | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0418A19F-7D81-436E-9061-EBE2CB33C20B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3089E74E-4438-4621-8FC9-7B49DA60331C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3FFD391A-70EE-4C71-B4A7-A44CAE09679A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{50238DEA-1775-44D2-9347-A083FFAC096E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{55E53F01-EDAB-456E-A9D9-F454CE20513D}" = lport=445 | protocol=6 | dir=in | app=system |
"{64187126-F40A-4FEA-84D4-65C5B84E54BB}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{68CEDED0-8B98-43E6-BD6C-3B7B4B0300EF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6BCA2FC7-2135-4957-B112-FB1C4BF3689B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6F92AEDD-382D-4175-ADB8-A4C088C07EA5}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9566DBEA-B5A3-4C5D-AC30-BBC1178EA4AC}" = lport=138 | protocol=17 | dir=in | app=system |
"{9D1B8791-C9B5-45F0-9A12-D0B1C9753B85}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{9DFF34B2-695C-41AA-A018-F851DAC3F09E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B320B9E1-B6C9-4F94-B796-EB127F04D4AE}" = rport=10243 | protocol=6 | dir=out | app=system |
"{B7715F55-6128-48FC-BCC4-2460E6D0B340}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{BA6B5BA9-B351-4A59-AD93-6E2B87CF852E}" = rport=139 | protocol=6 | dir=out | app=system |
"{BFDD39F3-21E5-4FF7-A93A-E7D1F9DBC74A}" = lport=137 | protocol=17 | dir=in | app=system |
"{C11D3F81-ADCA-47EB-ACDA-8515976CA1B2}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{D85896CA-9D8E-47A3-BC5A-F8EF6A977338}" = lport=10243 | protocol=6 | dir=in | app=system |
"{DC6F5018-2C62-4D2D-9FF7-71F33C3C2F05}" = rport=137 | protocol=17 | dir=out | app=system |
"{DF93C150-054C-40A0-99A1-64132449A09A}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{E22F9CB5-3819-4DB1-AE8A-C66248C58CCE}" = rport=445 | protocol=6 | dir=out | app=system |
"{E3137A4F-89C6-48C1-9B70-01638037280E}" = rport=138 | protocol=17 | dir=out | app=system |
"{E81B31A3-F6C4-4CB8-8804-B30F576C4CDA}" = lport=139 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05AF95A0-5CE4-46A4-855A-5F775CAF7B37}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{28C7825B-5FBB-4225-9FA8-6930DAA5B397}" = protocol=1 | dir=in | [email protected],-28543 |
"{3F703AF6-E74F-4F85-A217-9626E058CE1C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{447FAB87-DAB1-4C63-B79E-0F01DB7AE2DF}" = protocol=6 | dir=out | app=system |
"{499E9100-3D5C-4AA0-AFCD-3DD7E2033DB9}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{54706908-1113-4B45-82DB-AB4C1EB9D3AC}" = protocol=58 | dir=out | [email protected],-28546 |
"{5BF29A0F-692E-4792-B349-4CD64D8727AE}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{5D801557-F1E0-4F05-B3FB-4CED5515F530}" = protocol=1 | dir=out | [email protected],-28544 |
"{5DBB42D2-2ADA-4C0C-85FE-092E93A00062}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5E0DB4DB-7BC9-47EB-971E-110EAFC9324B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5EACAF58-A422-4C69-9F21-9886E22F3ACB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{81D1FDF8-3EF3-49D9-BFCA-79A3EF9C23D9}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{89EA680C-58CE-404F-9479-84C7226AA739}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{8A3CDFB4-3A13-4C34-AEF7-EB7E803446A1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8ADECFD3-5D8C-4F90-84E0-4B5100CDC731}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{96070CDD-6021-40D8-A041-AFBB38586808}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{AE489C17-6050-4C0A-A311-1B7F86DB8191}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B8BD3228-EB89-47D4-926E-F77C4702C404}" = protocol=58 | dir=in | [email protected],-28545 |
"{BD4D0BFB-0B45-4E35-9BB7-E7F55C79C4FE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E47BA826-35E0-41B3-A3E3-E21DC19B54A5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E698662F-1E11-4054-8565-7E6FDCF57DAD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F2AE7766-7403-4A0A-BE04-B7C69AD51D89}" = protocol=1 | dir=out | [email protected],-28544 |
"TCP Query User{7143D9A6-39EE-4F49-9D6C-3FA20C32E783}C:\users\maaria\appdata\roaming\fuyv\vyuf.exe" = protocol=6 | dir=in | app=c:\users\maaria\appdata\roaming\fuyv\vyuf.exe |
"TCP Query User{C862422A-D60E-4EE4-AC1E-E8C8EF1BE349}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{2A4C5D48-FB54-49FA-943B-81818349EA15}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{352BA5D1-5A02-488B-98B2-200BEEA1B673}C:\users\maaria\appdata\roaming\fuyv\vyuf.exe" = protocol=17 | dir=in | app=c:\users\maaria\appdata\roaming\fuyv\vyuf.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0335701D-8E28-4A7F-B0EF-312974755BB2}" = Modem Diagnostic Tool
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B8A560B-73C4-0FEF-637D-B3202ABF50C1}" = ATI Catalyst Install Manager
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A325B368-A9EC-40EF-A95C-9DEAD3683AE3}" = Broadcom Gigabit NetLink Controller
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"EPSON SX218 Series" = EPSON SX218 Series Printer Uninstall
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0EDBEB2B-7C8D-42E6-8312-0F84394A3223}" = Windows Media Center Add-in for Silverlight
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java™ 6 Update 30
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{451517F1-7E41-400B-AA36-FB7E2563526D}" = DW 1525 Driver Installation
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_BASICR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_BASICR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_BASICR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_BASICR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_BASICR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_BASICR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_BASICR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_BASICR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_BASICR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_BASICR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_BASICR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0013-0000-0000-0000000FF1CE}" = Microsoft Office Basic 2007
"{91120000-0013-0000-0000-0000000FF1CE}_BASICR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center
"{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"avast" = avast! Free Antivirus
"BASICR" = Microsoft Office Basic 2007
"EPSON Scanner" = EPSON Scan
"Serif_MoviePlus Toolbar" = Serif MoviePlus Toolbar
"WinLiveSuite" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 04/08/2012 12:54:31 | Computer Name = Zamir-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16447,
time stamp: 0x4fc9cd53 Faulting module name: aswWebRepIE.dll, version: 7.0.1456.418,
time stamp: 0x4ff31b8b Exception code: 0xc0000417 Fault offset: 0x0004d9fb Faulting
process id: 0x13f8 Faulting application start time: 0x01cd7261cfa01831 Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll Report Id: 0f40840b-de55-11e1-94c6-842b2b8a4b70

Error - 04/08/2012 12:54:37 | Computer Name = Zamir-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16447,
time stamp: 0x4fc9cd53 Faulting module name: aswWebRepIE.dll, version: 7.0.1456.418,
time stamp: 0x4ff31b8b Exception code: 0xc0000417 Fault offset: 0x0004d9fb Faulting
process id: 0x1510 Faulting application start time: 0x01cd7261d32641b8 Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll Report Id: 12bd2811-de55-11e1-94c6-842b2b8a4b70

Error - 04/08/2012 12:54:46 | Computer Name = Zamir-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16447,
time stamp: 0x4fc9cd53 Faulting module name: aswWebRepIE.dll, version: 7.0.1456.418,
time stamp: 0x4ff31b8b Exception code: 0xc0000417 Fault offset: 0x0004d9fb Faulting
process id: 0x1640 Faulting application start time: 0x01cd7261d843768e Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll Report Id: 17df1fa7-de55-11e1-94c6-842b2b8a4b70

Error - 04/08/2012 12:54:50 | Computer Name = Zamir-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16447,
time stamp: 0x4fc9cd53 Faulting module name: aswWebRepIE.dll, version: 7.0.1456.418,
time stamp: 0x4ff31b8b Exception code: 0xc0000417 Fault offset: 0x0004d9fb Faulting
process id: 0x51c Faulting application start time: 0x01cd7261dae77d5b Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll Report Id: 1a80c514-de55-11e1-94c6-842b2b8a4b70

Error - 04/08/2012 12:54:55 | Computer Name = Zamir-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16447,
time stamp: 0x4fc9cd53 Faulting module name: aswWebRepIE.dll, version: 7.0.1456.418,
time stamp: 0x4ff31b8b Exception code: 0xc0000417 Fault offset: 0x0004d9fb Faulting
process id: 0xf08 Faulting application start time: 0x01cd7261dd9e8f2b Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll Report Id: 1d35d72b-de55-11e1-94c6-842b2b8a4b70

Error - 04/08/2012 12:54:59 | Computer Name = Zamir-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16447,
time stamp: 0x4fc9cd53 Faulting module name: aswWebRepIE.dll, version: 7.0.1456.418,
time stamp: 0x4ff31b8b Exception code: 0xc0000417 Fault offset: 0x0004d9fb Faulting
process id: 0x1200 Faulting application start time: 0x01cd7261e03e9688 Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll Report Id: 1fd0ae83-de55-11e1-94c6-842b2b8a4b70

Error - 04/08/2012 12:55:05 | Computer Name = Zamir-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16447,
time stamp: 0x4fc9cd53 Faulting module name: aswWebRepIE.dll, version: 7.0.1456.418,
time stamp: 0x4ff31b8b Exception code: 0xc0000417 Fault offset: 0x0004d9fb Faulting
process id: 0x4f4 Faulting application start time: 0x01cd7261e37fac8b Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll Report Id: 231b55a4-de55-11e1-94c6-842b2b8a4b70

Error - 04/08/2012 12:55:09 | Computer Name = Zamir-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16447,
time stamp: 0x4fc9cd53 Faulting module name: aswWebRepIE.dll, version: 7.0.1456.418,
time stamp: 0x4ff31b8b Exception code: 0xc0000417 Fault offset: 0x0004d9fb Faulting
process id: 0x17a8 Faulting application start time: 0x01cd7261e661971f Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll Report Id: 25faded8-de55-11e1-94c6-842b2b8a4b70

Error - 04/08/2012 12:55:14 | Computer Name = Zamir-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16447,
time stamp: 0x4fc9cd53 Faulting module name: aswWebRepIE.dll, version: 7.0.1456.418,
time stamp: 0x4ff31b8b Exception code: 0xc0000417 Fault offset: 0x0004d9fb Faulting
process id: 0x978 Faulting application start time: 0x01cd7261e91b0a4f Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll Report Id: 28b45207-de55-11e1-94c6-842b2b8a4b70

Error - 05/08/2012 07:21:11 | Computer Name = Zamir-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16447,
time stamp: 0x4fc9cd53 Faulting module name: aswWebRepIE.dll, version: 7.0.1456.418,
time stamp: 0x4ff31b8b Exception code: 0xc0000417 Fault offset: 0x0004d9fb Faulting
process id: 0x848 Faulting application start time: 0x01cd72fc66e2f425 Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll Report Id: a85de960-deef-11e1-9a73-842b2b8a4b70

[ Media Center Events ]
Error - 05/03/2012 11:28:11 | Computer Name = Zamir-PC | Source = MCUpdate | ID = 0
Description = 15:28:11 - Error connecting to the internet. 15:28:11 - Unable
to contact server..

Error - 05/03/2012 11:28:21 | Computer Name = Zamir-PC | Source = MCUpdate | ID = 0
Description = 15:28:16 - Error connecting to the internet. 15:28:16 - Unable
to contact server..

Error - 06/03/2012 11:39:54 | Computer Name = Zamir-PC | Source = MCUpdate | ID = 0
Description = 15:39:54 - Error connecting to the internet. 15:39:54 - Unable
to contact server..

Error - 06/03/2012 11:40:27 | Computer Name = Zamir-PC | Source = MCUpdate | ID = 0
Description = 15:40:00 - Error connecting to the internet. 15:40:00 - Unable
to contact server..

Error - 02/05/2012 11:41:08 | Computer Name = Zamir-PC | Source = MCUpdate | ID = 0
Description = 16:41:08 - Error connecting to the internet. 16:41:08 - Unable
to contact server..

Error - 02/05/2012 11:41:19 | Computer Name = Zamir-PC | Source = MCUpdate | ID = 0
Description = 16:41:13 - Error connecting to the internet. 16:41:13 - Unable
to contact server..

Error - 18/05/2012 12:10:11 | Computer Name = Zamir-PC | Source = MCUpdate | ID = 0
Description = 17:10:11 - Error connecting to the internet. 17:10:11 - Unable
to contact server..

Error - 18/05/2012 12:10:22 | Computer Name = Zamir-PC | Source = MCUpdate | ID = 0
Description = 17:10:17 - Error connecting to the internet. 17:10:17 - Unable
to contact server..

Error - 16/06/2012 12:22:49 | Computer Name = Zamir-PC | Source = MCUpdate | ID = 0
Description = 17:22:49 - Error connecting to the internet. 17:22:49 - Unable
to contact server..

Error - 16/06/2012 12:22:59 | Computer Name = Zamir-PC | Source = MCUpdate | ID = 0
Description = 17:22:55 - Error connecting to the internet. 17:22:55 - Unable
to contact server..

[ OSession Events ]
Error - 06/06/2012 11:15:17 | Computer Name = Zamir-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 103
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 31/07/2012 12:35:26 | Computer Name = Zamir-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 16:50:52 on ?31/?07/?2012 was unexpected.

Error - 02/08/2012 10:49:15 | Computer Name = Zamir-PC | Source = DCOM | ID = 10016
Description =

Error - 02/08/2012 10:49:16 | Computer Name = Zamir-PC | Source = DCOM | ID = 10016
Description =

Error - 02/08/2012 12:23:43 | Computer Name = Zamir-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 16:52:07 on ?02/?08/?2012 was unexpected.

Error - 02/08/2012 13:47:19 | Computer Name = Zamir-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 18:40:26 on ?02/?08/?2012 was unexpected.

Error - 02/08/2012 14:56:43 | Computer Name = Zamir-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 19:50:06 on ?02/?08/?2012 was unexpected.

Error - 03/08/2012 12:13:03 | Computer Name = Zamir-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 14:31:33 on ?03/?08/?2012 was unexpected.

Error - 04/08/2012 07:20:36 | Computer Name = Zamir-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 19:21:25 on ?03/?08/?2012 was unexpected.

Error - 05/08/2012 07:17:20 | Computer Name = Zamir-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 20:38:01 on ?04/?08/?2012 was unexpected.

Error - 05/08/2012 07:33:49 | Computer Name = Zamir-PC | Source = WMPNetworkSvc | ID = 866300
Description =


< End of report >


there were two sperate notes so I just put both.
Please Help
  • 0

Advertisements

#2
RKinner
Posted 05 August 2012 - 08:06 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
This is the latest zero Access infection.

Copy the text in the code box by highlighting and Ctrl + c


:OTL
IE - HKCU\..\URLSearchHook: {ecfbff3c-fd5b-4a47-816c-c926ea321561} - C:\Program Files (x86)\Serif_MoviePlus\prxtbSer0.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes\{423B1E74-607B-4199-9CCF-622904F3C86A}: "URL" = http://search.condui...&ctid=CT3069202
[2012/05/22 17:02:52 | 000,000,000 | ---D | M] (Serif MoviePlus Community Toolbar) -- C:\Users\Zamir\AppData\Roaming\Mozilla\Firefox\extensions\{ecfbff3c-fd5b-4a47-816c-c926ea321561}
O2 - BHO: (Serif MoviePlus Toolbar) - {ecfbff3c-fd5b-4a47-816c-c926ea321561} - C:\Program Files (x86)\Serif_MoviePlus\prxtbSer0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Serif MoviePlus Toolbar) - {ecfbff3c-fd5b-4a47-816c-c926ea321561} - C:\Program Files (x86)\Serif_MoviePlus\prxtbSer0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Serif MoviePlus Toolbar) - {ECFBFF3C-FD5B-4A47-816C-C926EA321561} - C:\Program Files (x86)\Serif_MoviePlus\prxtbSer0.dll (Conduit Ltd.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)

:files
C:\Windows\Installer\{7b17814c-6124-70b9-1784-916e59c58a39}
C:\Users\Maaria\AppData\Local\{7b17814c-6124-70b9-1784-916e59c58a39}
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
C:\Windows\SysNative\services.exe|C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe /replace
C:\Users\Maaria\AppData\Roaming\Fuyv

:reg
[HKEY_CLASSES_ROOT\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32]
""="%systemroot%\system32\wbem\wbemess.dll"
[-HKCU\Software\Classes\clsid\{7b17814c-6124-70b9-1784-916e59c58a39}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"TCP Query User{7143D9A6-39EE-4F49-9D6C-3FA20C32E783}C:\users\maaria\appdata\roaming\fuyv\vyuf.exe" =-
"UDP Query User{352BA5D1-5A02-488B-98B2-200BEEA1B673}C:\users\maaria\appdata\roaming\fuyv\vyuf.exe" =-


:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]

then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it into a reply. This will also create a file winsock2.reg on your desktop. It is an insurance file. If you can't get on the Internet after the fix, try right clicking on the winsock2.reg and Merge then reboot. If that doesn't help then do a System Restore.


Download aswMBR.exe ( 511KB ) to your desktop.
Right click aswMBR.exe and Run as Administrator
uncheck trace disk IO calls
Click the "Scan" button to start scan (Accept the Avast Engine)
On completion of the scan if the Fix button is enabled (not the FixMBR button) press it and then run a new scan and click save log, save it to your desktop and post in your next reply
If the Fix button is not enabled then just click save log, save it to your desktop and post in your next reply

ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Right click on TDSSKiller.exe and select Run As Administrator to start the program.

If TDSSKiller alerts you that the system needs to reboot, please consent.

Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.



Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:
http://www.malwareby...lwarebytes_free

SAVE Malwarebytes' Anti-Malware to your desktop.

* Right-click mbam-setup.exe and select Run As Administrator to start the program.
* follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.


Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc  /scannow



(This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.


Copy the text in the code box:

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
pnrpnsp.dll 
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
services.exe
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.


Ron
  • 0

#3
confusedperson
Posted 05 August 2012 - 08:26 AM

confusedperson

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Sorry I was just wondering will rebooting my computer cause me to lose all my files? Also will it mean I'll have to install eveyrthing again or is it just a simple restart?
  • 0

#4
RKinner
Posted 05 August 2012 - 09:08 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
just a restart
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP