Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Pum virus issue + some other stuff [Solved]


  • This topic is locked This topic is locked

#61
Wolffie

Wolffie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
k done


OTL logfile created on: 6/27/2013 5:21:15 PM - Run 14
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Logan\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.50 Gb Total Physical Memory | 1.13 Gb Available Physical Memory | 75.03% Memory free
2.11 Gb Paging File | 1.88 Gb Available in Paging File | 89.48% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 14.65 Gb Total Space | 3.53 Gb Free Space | 24.09% Space Free | Partition Type: NTFS
Drive D: | 97.13 Gb Total Space | 9.37 Gb Free Space | 9.65% Space Free | Partition Type: NTFS

Computer Name: HOME-FA201A11EA | User Name: Logan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/05/11 17:42:06 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe
PRC - [2013/05/11 17:32:45 | 000,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2013/05/09 11:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- D:\Program files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/05/09 11:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- D:\Program files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/05/07 16:00:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Logan\My Documents\Downloads\OTL.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2011/11/23 13:27:04 | 001,052,472 | ---- | M] (COMODO) -- C:\Program Files\Comodo\COMODO GeekBuddy\CLPSLS.exe
PRC - [2010/04/19 14:47:26 | 000,719,688 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
PRC - [2010/04/19 14:45:44 | 001,050,440 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
PRC - [2008/11/09 23:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/14 03:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2013/06/27 01:37:00 | 002,089,984 | ---- | M] () -- D:\Program files\AVAST Software\Avast\defs\13062601\algo.dll
MOD - [2011/05/28 23:04:56 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll


========== Services (SafeList) ==========

SRV - [2013/06/27 10:12:47 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/06/25 02:45:10 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/06/22 13:32:03 | 000,435,016 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2013/05/09 11:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- D:\Program files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2011/11/23 13:27:04 | 001,052,472 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\Comodo\COMODO GeekBuddy\CLPSLS.exe -- (CLPSLS)
SRV - [2010/04/19 14:45:44 | 001,050,440 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2010/04/19 14:42:36 | 000,030,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2008/11/09 23:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2013/06/26 20:27:10 | 000,770,344 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013/06/26 20:27:10 | 000,369,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013/05/09 11:59:10 | 000,174,664 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013/05/09 11:59:10 | 000,056,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013/05/09 11:59:10 | 000,049,376 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013/05/09 11:59:09 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013/05/09 11:59:09 | 000,049,760 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2013/05/09 11:59:08 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013/01/08 21:47:56 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2010/02/25 12:18:08 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2008/04/13 21:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004/11/17 14:05:38 | 002,297,664 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM)
DRV - [2004/08/04 01:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
DRV - [2004/08/04 01:29:28 | 000,701,440 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/07/16 09:19:52 | 000,070,400 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "google.com"
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:8.0.1489
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: D:\Program Files\AVAST Software\Avast\WebRep\FF [2013/06/25 01:10:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/06/27 10:12:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/03/07 21:53:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Logan\Application Data\Mozilla\Extensions
[2013/05/23 21:59:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Logan\Application Data\Mozilla\Firefox\Profiles\ayb2neaw.default\extensions
[2013/06/27 10:12:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/06/27 10:12:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/06/27 10:12:52 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/06/25 01:10:43 | 000,000,000 | ---D | M] (avast! Online Security) -- D:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://blekkosearch....=homepage&v=1_0
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.116\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.116\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Logan\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: YouTube = C:\Documents and Settings\Logan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Documents and Settings\Logan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Gmail = C:\Documents and Settings\Logan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/06/03 00:58:45 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Program files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Program files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [avast] D:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [COMODO] C:\Program Files\Comodo\COMODO GeekBuddy\CLPSLA.exe (COMODO)
O4 - HKLM..\Run: [CPA] C:\Program Files\Comodo\COMODO GeekBuddy\VALA.exe (COMODO)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\NoDriveTypeAutoRun: NoDriveTypeAutoRun = 177
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 177
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1368716941125 (WUWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 78.96.7.88 95.77.94.88
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{561FCA04-03EC-4ECD-A742-B656D6FA86EF}: DhcpNameServer = 78.96.7.88 95.77.94.88
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Logan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Logan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2012/01/23 21:58:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/06/27 10:12:27 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/06/25 01:11:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2013/06/25 01:11:03 | 000,369,456 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2013/06/25 01:11:03 | 000,029,816 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2013/06/25 01:11:01 | 000,056,080 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2013/06/25 01:11:01 | 000,049,760 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2013/06/25 01:11:00 | 000,770,344 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2013/06/25 01:10:58 | 000,229,648 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2013/06/25 01:10:58 | 000,066,336 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys
[2013/06/25 01:10:07 | 000,041,664 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2013/06/25 01:08:19 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013/06/25 01:07:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2013/06/06 18:28:02 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/06/05 21:32:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Logan\My Documents\REIKI
[2013/06/03 01:45:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
[2013/06/03 01:43:51 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2013/06/03 01:03:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2013/05/29 22:29:22 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2013/05/29 22:27:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2013/05/29 22:27:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2013/05/28 20:01:27 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013/05/28 19:59:47 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013/05/28 19:59:47 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013/05/28 19:59:47 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013/05/28 19:59:47 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013/05/28 19:59:20 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/05/28 19:59:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013/05/28 19:53:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2013/05/28 19:53:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/06/27 17:04:21 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/06/27 16:50:32 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/06/27 13:14:00 | 000,000,362 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2013/06/27 06:37:18 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/06/27 06:37:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/06/27 06:37:09 | 1610,141,696 | -HS- | M] () -- C:\hiberfil.sys
[2013/06/26 20:27:10 | 000,770,344 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2013/06/26 20:27:10 | 000,369,456 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2013/06/26 20:27:10 | 000,000,175 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswSP.sys.sum
[2013/06/26 20:27:10 | 000,000,175 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswSnx.sys.sum
[2013/06/26 15:51:18 | 000,000,817 | ---- | M] () -- C:\Documents and Settings\Logan\Desktop\Yahoo! Messenger.lnk
[2013/06/25 01:11:04 | 000,000,791 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2013/06/25 01:10:58 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2013/06/25 00:45:14 | 000,135,168 | ---- | M] () -- C:\zip.exe
[2013/06/25 00:45:14 | 000,019,286 | ---- | M] () -- C:\cleanup.exe
[2013/06/25 00:45:14 | 000,000,574 | ---- | M] () -- C:\cleanup.bat
[2013/06/22 22:21:58 | 000,000,284 | ---- | M] () -- C:\Documents and Settings\Logan\Desktop\Oferta TOYOTA COROLLA (E12U, E12J) GRILA PROIECTOR dreapta QWP - 44 lei bucata - cod PAM63227-02120.URL
[2013/06/22 13:31:06 | 000,377,856 | ---- | M] () -- C:\gmer.exe
[2013/06/22 13:30:51 | 004,280,320 | ---- | M] (Bethesda Softworks) -- C:\Documents and Settings\Logan\My Documents\Morrowind.exe
[2013/06/22 13:29:49 | 005,076,415 | R--- | M] (Swearware) -- C:\Documents and Settings\Logan\Desktop\ComboFix.exe
[2013/06/19 23:51:24 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2013/06/14 21:53:55 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/06/12 18:56:13 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/06/12 18:31:24 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/06/11 09:02:12 | 000,010,752 | ---- | M] () -- C:\Documents and Settings\Logan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/06/06 18:26:48 | 000,195,470 | ---- | M] () -- C:\Documents and Settings\Logan\Desktop\untitled.JPG
[2013/06/03 07:51:58 | 000,001,831 | ---- | M] () -- C:\Documents and Settings\Logan\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/06/03 01:09:54 | 000,000,878 | ---- | M] () -- C:\Documents and Settings\Logan\Desktop\Shortcut to OTL.lnk
[2013/06/03 00:58:45 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/06/02 03:12:26 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/05/29 22:34:40 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2013/05/29 22:34:40 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2013/05/29 22:29:32 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\Logan\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2013/05/29 22:28:23 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2013/05/29 22:27:34 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2013/05/28 20:02:39 | 000,311,604 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/05/28 20:02:39 | 000,039,992 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/05/28 20:01:31 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/06/26 20:27:11 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswSnx.sys.sum
[2013/06/26 20:27:10 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswSP.sys.sum
[2013/06/26 15:50:16 | 000,000,817 | ---- | C] () -- C:\Documents and Settings\Logan\Desktop\Yahoo! Messenger.lnk
[2013/06/25 01:11:04 | 000,000,791 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2013/06/25 01:11:00 | 000,174,664 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2013/06/25 01:10:59 | 000,049,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2013/06/25 01:10:59 | 000,000,362 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2013/06/25 00:45:14 | 000,135,168 | ---- | C] () -- C:\zip.exe
[2013/06/25 00:45:14 | 000,019,286 | ---- | C] () -- C:\cleanup.exe
[2013/06/25 00:45:14 | 000,000,574 | ---- | C] () -- C:\cleanup.bat
[2013/06/24 23:58:21 | 000,731,136 | ---- | C] () -- C:\Documents and Settings\Logan\Desktop\avenger.exe
[2013/06/22 22:21:58 | 000,000,284 | ---- | C] () -- C:\Documents and Settings\Logan\Desktop\Oferta TOYOTA COROLLA (E12U, E12J) GRILA PROIECTOR dreapta QWP - 44 lei bucata - cod PAM63227-02120.URL
[2013/06/06 18:26:48 | 000,195,470 | ---- | C] () -- C:\Documents and Settings\Logan\Desktop\untitled.JPG
[2013/06/03 01:45:45 | 000,001,831 | ---- | C] () -- C:\Documents and Settings\Logan\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/06/03 01:45:45 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2013/06/03 01:43:53 | 000,000,884 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/06/03 01:43:53 | 000,000,880 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/06/03 01:09:54 | 000,000,878 | ---- | C] () -- C:\Documents and Settings\Logan\Desktop\Shortcut to OTL.lnk
[2013/06/02 03:12:26 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/05/29 22:27:34 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2013/05/28 20:01:31 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2013/05/28 20:01:29 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2013/05/28 19:59:47 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/05/28 19:59:47 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/05/28 19:59:47 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/05/28 19:59:47 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/05/28 19:59:47 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/05/16 01:47:25 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2013/01/28 13:01:16 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\vusetup.dll
[2013/01/07 21:54:26 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2012/12/23 04:05:38 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2012/08/02 10:17:08 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\Logan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/15 17:04:07 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012/02/15 17:02:48 | 000,189,792 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/02/15 15:49:25 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2012/02/15 15:25:50 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2012/02/15 15:25:46 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2012/02/15 15:25:46 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2012/02/15 15:17:20 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012/02/15 15:10:38 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

========== ZeroAccess Check ==========


[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2013/04/17 00:18:26 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 15:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 03:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/06/25 01:09:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2013/05/16 07:18:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CPA_VA
[2013/01/08 21:49:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2012/12/07 03:01:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2012/12/07 02:59:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2013/01/08 21:50:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Logan\Application Data\DAEMON Tools Lite
[2012/12/07 03:02:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Logan\Application Data\TuneUp Software
[2013/05/26 01:18:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Logan\Application Data\uTorrent

========== Purity Check ==========



< End of report >

Edited by Wolffie, 27 June 2013 - 08:40 AM.

  • 0

Advertisements


#62
Phel

Phel

    Trusted Helper

  • Malware Removal
  • 1,386 posts
How your computer is running now?

Please, follow these steps:

Step 1. Changing Chrome homepage.

Your current Chrome homepage is malicious.

Please, follow this instruction and set your homepage to www.google.com or to something else, what you want.

After that run new OTL scan and post new log.

Step 2. MBAM scan.

Run Malwarebytes Anti-Malware.
  • Go to the Update tab.
  • Click on the Check for updates button. New small window should appear.
  • If an update is found, it will download and install the latest definitions.
  • Go back to the Scanner tab.
  • Select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Step 3. ESET Online Scanner scan.

Please run a free online scan with the ESET Online Scanner

Vista / Win7 users: Right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator.

Note: This scan works with Internet Explorer or Mozilla FireFox.

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

  • Click the green ESET Online Scanner box
  • Tick the box next to YES, I accept the Terms of Use
    then click on: Start
  • You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, make sure you copy the logfile first!
  • Then click on: Finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

So, please, don't forget to post in your next message:

  • ESET Online Scanner's log
  • MBAM log
  • OTL log

  • 0

#63
Wolffie

Wolffie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
changed the homepage

will post the eset scan in next post cause from what i understand it will take a while

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.06.28.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Logan :: HOME-FA201A11EA [administrator]

6/28/2013 1:18:27 PM
mbam-log-2013-06-28 (13-18-27).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 192257
Time elapsed: 10 minute(s), 31 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0

#64
Wolffie

Wolffie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
the log dissapeared after i checked uninstall,and pressed finish
i think that is what you meant to make sure to copy logfile first



these is the list of found threats:

C:\Documents and Settings\Logan\My Documents\Descarcari\DTLite4461-0328.exe Win32/OpenCandy application cleaned by deleting - quarantined
C:\Documents and Settings\Logan\My Documents\Descarcari\Gothic_II_The_Dark_Saga.exe Win32/Adware.1ClickDownload.J application cleaned by deleting - quarantined
C:\Documents and Settings\Logan\My Documents\Downloads\BestCodecsPackSetup.exe a variant of Win32/InstallBrain.W application cleaned by deleting - quarantined
C:\Documents and Settings\Logan\My Documents\Downloads\iLividSetup.exe Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\Documents and Settings\Logan\My Documents\Downloads\winamp5623_full_emusic-7plus_all.exe Win32/OpenCandy application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\MyWebFace_5aEI\Installr\1.bin\5aEZSETP.dll.vir a variant of Win32/Toolbar.MyWebSearch.Q application cleaned by deleting - quarantined
D:\Desktop\Microsoft_1_.Windows.Media.Center.Edition.2005.Activation.Crack.zip probably a variant of Win32/HackTool.Patcher.O application deleted - quarantined
D:\docs\dsktp\MsgPlusLive-423.exe a variant of Win32/MessengerPlus application cleaned by deleting - quarantined
D:\gta\DFX Audio Enhancer 8.350 and 8.352 + Key [App][Ingles][www.zonatorrent.com].rar multiple threats deleted - quarantined
D:\gta\Downloads\Magic ISO Maker v5.3+keygen\keygen.exe a variant of Win32/HackTool.Patcher.AF application cleaned by deleting - quarantined
D:\Mouse Pack by Korndog2003\mousepack.exe a variant of Win32/HackTool.Patcher.B application deleted - quarantined
D:\Mouse Pack by Korndog2003\mousepack\usbmrs11\usbmrs11.exe a variant of Win32/HackTool.Patcher.B application cleaned by deleting - quarantined
D:\My Downloads\SoftonicDownloader63021.exe a variant of Win32/SoftonicDownloader.A application cleaned by deleting - quarantined
D:\My Downloads\SoftonicDownloader_for_directx.exe a variant of Win32/SoftonicDownloader.A application cleaned by deleting - quarantined
D:\My Downloads\New Foldejuyfr (3)\winamp5581_full_emusic-7plus_en-us.exe Win32/OpenCandy application cleaned by deleting - quarantined
D:\Programe\Winamp\DFX.for.Winamp.v7.502.WinALL.Incl.Keymaker-CORE\CR-DWP75.EXE a variant of Win32/Keygen.AG application cleaned by deleting - quarantined
D:\Programe\Winamp\DFX.for.Winamp.v7.502.WinALL.Incl.Keymaker-CORE\DFX.for.Winamp.v7.502.WinALL.Incl.Keymaker-CORE\CR-DWP75.EXE a variant of Win32/Keygen.AG application cleaned by deleting - quarantined
D:\[bleep]\DC++\Downloads\Theme\Zedge\Nice\Placebo_Style2.sis a variant of SymbOS/KillPhone.E trojan deleted - quarantined




log before uninstall:

[email protected] as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=e356d58caa193d4e89f37dbe68f5ed23
# engine=14185
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-06-28 03:48:46
# local_time=2013-06-28 06:48:46 (+0200, E. Europe Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# scanned=111983
# found=18
# cleaned=18
# scan_time=17016
sh=BECBC8A4096CAD30C091DC83533D829EBC23814D ft=1 fh=48c9390da8713cae vn="Win32/OpenCandy application (cleaned by deleting - quarantined)" ac=C fn="C:\Documents and Settings\Logan\My Documents\Descarcari\DTLite4461-0328.exe"
sh=760E7C02488DE3B7B2F770AB15E0D4B69B01B10D ft=1 fh=c756b3a9e4abb961 vn="Win32/Adware.1ClickDownload.J application (cleaned by deleting - quarantined)" ac=C fn="C:\Documents and Settings\Logan\My Documents\Descarcari\Gothic_II_The_Dark_Saga.exe"
sh=CF53284110386EDE33F8ACF4C08E62F984158CD8 ft=1 fh=b5f25529ea41d707 vn="a variant of Win32/InstallBrain.W application (cleaned by deleting - quarantined)" ac=C fn="C:\Documents and Settings\Logan\My Documents\Downloads\BestCodecsPackSetup.exe"
sh=334059909CA7A5549186BD8BE2421BA9E0A86449 ft=1 fh=c71c00112e662fd3 vn="Win32/Toolbar.SearchSuite application (cleaned by deleting - quarantined)" ac=C fn="C:\Documents and Settings\Logan\My Documents\Downloads\iLividSetup.exe"
sh=13FF792F03866FDCC4838797665B452EF94D02F9 ft=1 fh=979cba7a248e2a01 vn="Win32/OpenCandy application (cleaned by deleting - quarantined)" ac=C fn="C:\Documents and Settings\Logan\My Documents\Downloads\winamp5623_full_emusic-7plus_all.exe"
sh=AA21745B08CD1C1F484315A0B60D069764E0E703 ft=1 fh=0c7a12a53e6482cf vn="a variant of Win32/Toolbar.MyWebSearch.Q application (cleaned by deleting - quarantined)" ac=C fn="C:\Qoobox\Quarantine\C\Program Files\MyWebFace_5aEI\Installr\1.bin\5aEZSETP.dll.vir"
sh=F208D40C94D1297AD8AA4121E39B9AAEF608833D ft=0 fh=0000000000000000 vn="probably a variant of Win32/HackTool.Patcher.O application (deleted - quarantined)" ac=C fn="D:\Desktop\Microsoft_1_.Windows.Media.Center.Edition.2005.Activation.Crack.zip"
sh=BDB68DA962B00146BE6E25A6A5987AF8A6A7C181 ft=1 fh=7fdb6ea2999af9a5 vn="a variant of Win32/MessengerPlus application (cleaned by deleting - quarantined)" ac=C fn="D:\docs\dsktp\MsgPlusLive-423.exe"
sh=9F5A522E7A60A43579607C46AFAC2A92CD6D5592 ft=0 fh=0000000000000000 vn="multiple threats (deleted - quarantined)" ac=C fn="D:\gta\DFX Audio Enhancer 8.350 and 8.352 + Key [App][Ingles][www.zonatorrent.com].rar"
sh=A5AE797FDBC8D60550A55820DED55A61427413B7 ft=1 fh=9e1eb2cd8f49ca8a vn="a variant of Win32/HackTool.Patcher.AF application (cleaned by deleting - quarantined)" ac=C fn="D:\gta\Downloads\Magic ISO Maker v5.3+keygen\keygen.exe"
sh=E7EB7807052DAF57D7DC1443D32EACC65BFA3AA1 ft=1 fh=c71c001142c019f2 vn="a variant of Win32/HackTool.Patcher.B application (deleted - quarantined)" ac=C fn="D:\Mouse Pack by Korndog2003\mousepack.exe"
sh=3ED3CEEFE072C3F4C87E6B557187CD8D3AB5ED5E ft=1 fh=70e76a179b9e2d56 vn="a variant of Win32/HackTool.Patcher.B application (cleaned by deleting - quarantined)" ac=C fn="D:\Mouse Pack by Korndog2003\mousepack\usbmrs11\usbmrs11.exe"
sh=D68A6C108FB0F30117E02D195BBC175AF4BC28A0 ft=1 fh=6f79b5f490b4e16f vn="a variant of Win32/SoftonicDownloader.A application (cleaned by deleting - quarantined)" ac=C fn="D:\My Downloads\SoftonicDownloader63021.exe"
sh=0C8A76516C78F63E0D6A58D64BF2A561B357EF84 ft=1 fh=3b6646fa677e7f19 vn="a variant of Win32/SoftonicDownloader.A application (cleaned by deleting - quarantined)" ac=C fn="D:\My Downloads\SoftonicDownloader_for_directx.exe"
sh=733E774A58D3FC7901BB555ED32D848E714BC1DB ft=1 fh=b86457c67716a952 vn="Win32/OpenCandy application (cleaned by deleting - quarantined)" ac=C fn="D:\My Downloads\New Foldejuyfr (3)\winamp5581_full_emusic-7plus_en-us.exe"
sh=B4947A4FF25AA94770CFCD98A5134F42200BEFC1 ft=1 fh=257e293e7b7c5e68 vn="a variant of Win32/Keygen.AG application (cleaned by deleting - quarantined)" ac=C fn="D:\Programe\Winamp\DFX.for.Winamp.v7.502.WinALL.Incl.Keymaker-CORE\CR-DWP75.EXE"
sh=B4947A4FF25AA94770CFCD98A5134F42200BEFC1 ft=1 fh=257e293e7b7c5e68 vn="a variant of Win32/Keygen.AG application (cleaned by deleting - quarantined)" ac=C fn="D:\Programe\Winamp\DFX.for.Winamp.v7.502.WinALL.Incl.Keymaker-CORE\DFX.for.Winamp.v7.502.WinALL.Incl.Keymaker-CORE\CR-DWP75.EXE"
sh=276CEB2C1ACCA53BE94E2B835E7C313536425E41 ft=0 fh=0000000000000000 vn="a variant of SymbOS/KillPhone.E trojan (deleted - quarantined)" ac=C fn="D:\[bleep]\DC++\Downloads\Theme\Zedge\Nice\Placebo_Style2.sis"


oh and the otl log i forgot to post earlier:

========== COMMANDS ==========
Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 06272013_000417

Edited by Wolffie, 28 June 2013 - 10:03 AM.

  • 0

#65
Phel

Phel

    Trusted Helper

  • Malware Removal
  • 1,386 posts

oh and the otl log i forgot to post earlier:


No, please run new scan using Quick Scan button in OTL.
  • 0

#66
Wolffie

Wolffie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
OTL logfile created on: 6/28/2013 9:22:36 PM - Run 15
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Logan\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.50 Gb Total Physical Memory | 1.03 Gb Available Physical Memory | 68.53% Memory free
2.11 Gb Paging File | 1.87 Gb Available in Paging File | 88.81% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 14.65 Gb Total Space | 3.21 Gb Free Space | 21.92% Space Free | Partition Type: NTFS
Drive D: | 97.13 Gb Total Space | 9.04 Gb Free Space | 9.31% Space Free | Partition Type: NTFS

Computer Name: HOME-FA201A11EA | User Name: Logan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/05/11 17:42:06 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe
PRC - [2013/05/11 17:32:45 | 000,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2013/05/09 11:58:35 | 006,583,664 | ---- | M] (AVAST Software) -- D:\Program files\AVAST Software\Avast\Setup\avast.setup
PRC - [2013/05/09 11:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- D:\Program files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/05/07 16:00:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Logan\My Documents\Downloads\OTL.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2011/11/23 13:27:04 | 001,052,472 | ---- | M] (COMODO) -- C:\Program Files\Comodo\COMODO GeekBuddy\CLPSLS.exe
PRC - [2010/04/19 14:47:26 | 000,719,688 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
PRC - [2010/04/19 14:45:44 | 001,050,440 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
PRC - [2008/11/09 23:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/14 03:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2013/06/28 11:32:53 | 002,090,496 | ---- | M] () -- D:\Program files\AVAST Software\Avast\defs\13062800\algo.dll
MOD - [2013/06/27 22:01:25 | 002,090,496 | ---- | M] () -- D:\Program files\AVAST Software\Avast\defs\13062701\algo.dll
MOD - [2013/05/09 11:58:25 | 000,240,448 | ---- | M] () -- D:\Program files\AVAST Software\Avast\Setup\setiface.dll
MOD - [2011/05/28 23:04:56 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll


========== Services (SafeList) ==========

SRV - [2013/06/27 10:12:47 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/06/25 02:45:10 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/06/22 13:32:03 | 000,435,016 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2013/05/09 11:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- D:\Program files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2011/11/23 13:27:04 | 001,052,472 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\Comodo\COMODO GeekBuddy\CLPSLS.exe -- (CLPSLS)
SRV - [2010/04/19 14:45:44 | 001,050,440 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2010/04/19 14:42:36 | 000,030,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2008/11/09 23:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2013/06/28 07:32:46 | 000,175,176 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013/06/28 07:32:45 | 000,369,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013/06/28 07:32:23 | 000,770,344 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013/05/09 11:59:10 | 000,056,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013/05/09 11:59:10 | 000,049,376 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013/05/09 11:59:09 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013/05/09 11:59:09 | 000,049,760 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2013/05/09 11:59:08 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013/01/08 21:47:56 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2010/02/25 12:18:08 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2008/04/13 21:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004/11/17 14:05:38 | 002,297,664 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM)
DRV - [2004/08/04 01:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
DRV - [2004/08/04 01:29:28 | 000,701,440 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/07/16 09:19:52 | 000,070,400 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "google.com"
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:8.0.1489
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: D:\Program Files\AVAST Software\Avast\WebRep\FF [2013/06/25 01:10:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/06/27 10:12:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/03/07 21:53:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Logan\Application Data\Mozilla\Extensions
[2013/05/23 21:59:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Logan\Application Data\Mozilla\Firefox\Profiles\ayb2neaw.default\extensions
[2013/06/27 10:12:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/06/27 10:12:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/06/27 10:12:52 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/06/25 01:10:43 | 000,000,000 | ---D | M] (avast! Online Security) -- D:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.116\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.116\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Logan\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: YouTube = C:\Documents and Settings\Logan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Documents and Settings\Logan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Gmail = C:\Documents and Settings\Logan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/06/03 00:58:45 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Program files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Program files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [avast] D:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [COMODO] C:\Program Files\Comodo\COMODO GeekBuddy\CLPSLA.exe (COMODO)
O4 - HKLM..\Run: [CPA] C:\Program Files\Comodo\COMODO GeekBuddy\VALA.exe (COMODO)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\NoDriveTypeAutoRun: NoDriveTypeAutoRun = 177
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 177
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1368716941125 (WUWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 78.96.7.88 95.77.94.88
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{561FCA04-03EC-4ECD-A742-B656D6FA86EF}: DhcpNameServer = 78.96.7.88 95.77.94.88
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Logan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Logan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2012/01/23 21:58:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/06/28 14:00:02 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/06/27 10:12:27 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/06/25 01:11:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2013/06/25 01:11:03 | 000,369,584 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2013/06/25 01:11:03 | 000,029,816 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2013/06/25 01:11:01 | 000,056,080 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2013/06/25 01:11:01 | 000,049,760 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2013/06/25 01:11:00 | 000,770,344 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2013/06/25 01:10:58 | 000,229,648 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2013/06/25 01:10:58 | 000,066,336 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys
[2013/06/25 01:10:07 | 000,041,664 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2013/06/25 01:08:19 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013/06/25 01:07:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2013/06/06 18:28:02 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/06/05 21:32:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Logan\My Documents\REIKI
[2013/06/03 01:45:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
[2013/06/03 01:43:51 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2013/06/03 01:03:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2013/05/29 22:29:22 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2013/05/29 22:27:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2013/05/29 22:27:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/06/28 21:04:07 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/06/28 20:48:14 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/06/28 13:10:05 | 000,000,362 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2013/06/28 07:32:46 | 000,175,176 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2013/06/28 07:32:46 | 000,000,175 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswVmm.sys.sum
[2013/06/28 07:32:45 | 000,369,584 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2013/06/28 07:32:45 | 000,000,175 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswSP.sys.sum
[2013/06/28 07:32:44 | 000,000,175 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswSnx.sys.sum
[2013/06/28 07:32:23 | 000,770,344 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2013/06/28 07:28:23 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/06/28 07:28:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/06/28 07:28:14 | 1610,141,696 | -HS- | M] () -- C:\hiberfil.sys
[2013/06/25 01:11:04 | 000,000,791 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2013/06/25 01:10:58 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2013/06/25 00:45:14 | 000,135,168 | ---- | M] () -- C:\zip.exe
[2013/06/25 00:45:14 | 000,019,286 | ---- | M] () -- C:\cleanup.exe
[2013/06/25 00:45:14 | 000,000,574 | ---- | M] () -- C:\cleanup.bat
[2013/06/22 22:21:58 | 000,000,284 | ---- | M] () -- C:\Documents and Settings\Logan\Desktop\Oferta TOYOTA COROLLA (E12U, E12J) GRILA PROIECTOR dreapta QWP - 44 lei bucata - cod PAM63227-02120.URL
[2013/06/22 13:31:06 | 000,377,856 | ---- | M] () -- C:\gmer.exe
[2013/06/22 13:30:51 | 004,280,320 | ---- | M] (Bethesda Softworks) -- C:\Documents and Settings\Logan\My Documents\Morrowind.exe
[2013/06/22 13:29:49 | 005,076,415 | R--- | M] (Swearware) -- C:\Documents and Settings\Logan\Desktop\ComboFix.exe
[2013/06/19 23:51:24 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2013/06/14 21:53:55 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/06/12 18:56:13 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/06/12 18:31:24 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/06/11 09:02:12 | 000,010,752 | ---- | M] () -- C:\Documents and Settings\Logan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/06/06 18:26:48 | 000,195,470 | ---- | M] () -- C:\Documents and Settings\Logan\Desktop\untitled.JPG
[2013/06/03 07:51:58 | 000,001,831 | ---- | M] () -- C:\Documents and Settings\Logan\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/06/03 01:09:54 | 000,000,878 | ---- | M] () -- C:\Documents and Settings\Logan\Desktop\Shortcut to OTL.lnk
[2013/06/03 00:58:45 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/06/02 03:12:26 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/05/29 22:34:40 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2013/05/29 22:34:40 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2013/05/29 22:29:32 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\Logan\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2013/05/29 22:28:23 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2013/05/29 22:27:34 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/06/28 07:33:00 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys.sum
[2013/06/26 20:27:11 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswSnx.sys.sum
[2013/06/26 20:27:10 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswSP.sys.sum
[2013/06/25 01:11:04 | 000,000,791 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2013/06/25 01:11:00 | 000,175,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2013/06/25 01:10:59 | 000,049,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2013/06/25 01:10:59 | 000,000,362 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2013/06/25 00:45:14 | 000,135,168 | ---- | C] () -- C:\zip.exe
[2013/06/25 00:45:14 | 000,019,286 | ---- | C] () -- C:\cleanup.exe
[2013/06/25 00:45:14 | 000,000,574 | ---- | C] () -- C:\cleanup.bat
[2013/06/24 23:58:21 | 000,731,136 | ---- | C] () -- C:\Documents and Settings\Logan\Desktop\avenger.exe
[2013/06/22 22:21:58 | 000,000,284 | ---- | C] () -- C:\Documents and Settings\Logan\Desktop\Oferta TOYOTA COROLLA (E12U, E12J) GRILA PROIECTOR dreapta QWP - 44 lei bucata - cod PAM63227-02120.URL
[2013/06/06 18:26:48 | 000,195,470 | ---- | C] () -- C:\Documents and Settings\Logan\Desktop\untitled.JPG
[2013/06/03 01:45:45 | 000,001,831 | ---- | C] () -- C:\Documents and Settings\Logan\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/06/03 01:45:45 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2013/06/03 01:43:53 | 000,000,884 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/06/03 01:43:53 | 000,000,880 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/06/03 01:09:54 | 000,000,878 | ---- | C] () -- C:\Documents and Settings\Logan\Desktop\Shortcut to OTL.lnk
[2013/06/02 03:12:26 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/05/29 22:27:34 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2013/05/28 19:59:47 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/05/28 19:59:47 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/05/28 19:59:47 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/05/28 19:59:47 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/05/28 19:59:47 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/05/16 01:47:25 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2013/01/28 13:01:16 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\vusetup.dll
[2013/01/07 21:54:26 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2012/12/23 04:05:38 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2012/08/02 10:17:08 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\Logan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/15 17:04:07 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012/02/15 17:02:48 | 000,189,792 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/02/15 15:49:25 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2012/02/15 15:25:50 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2012/02/15 15:25:46 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2012/02/15 15:25:46 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2012/02/15 15:17:20 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012/02/15 15:10:38 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

========== ZeroAccess Check ==========


[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2013/04/17 00:18:26 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 15:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 03:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/06/25 01:09:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2013/05/16 07:18:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CPA_VA
[2013/01/08 21:49:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2012/12/07 03:01:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2012/12/07 02:59:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2013/01/08 21:50:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Logan\Application Data\DAEMON Tools Lite
[2012/12/07 03:02:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Logan\Application Data\TuneUp Software
[2013/05/26 01:18:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Logan\Application Data\uTorrent

========== Purity Check ==========



< End of report >
  • 0

#67
Phel

Phel

    Trusted Helper

  • Malware Removal
  • 1,386 posts
So, do you still have any problems?
  • 0

#68
Wolffie

Wolffie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
nope everything seems fine :thumbsup:

got a minor issue on my laptop thou should i start a new topic for it or should i ask about it here?
  • 0

#69
Phel

Phel

    Trusted Helper

  • Malware Removal
  • 1,386 posts

got a minor issue on my laptop thou should i start a new topic for it or should i ask about it here?



Feel free to start the new topic.

Yeah, we did it. Congratulations, your PC is clean now. :)

However, you need to follow some important steps to remove tools and prevent infection again.

Step 1. Uninstalling Programs.

  • Open Start menu.
  • Click on Control Panel.
  • Click on Programs and Features. New window should appear.
  • Uninstall these programs one by one, selecting each program and clicking Uninstall button.

Programs to uninstall:

  • ESET Online Scanner

Step 2. Uninstall AdwCleaner.

  • Run AdwCleaner on your Desktop.
  • Click Uninstall button.
  • AdwCleaner will be removed from your computer.

Step 3. Uninstalling ComboFix.

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /Uninstall

After that reboot your PC. ComboFix will be removed from your computer.

Step 4. CleanUp.

Run OTL.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    :Files
    C:\sklo*.txt
    C:\kk.txt
    C:\SalityKiller.exe
    C:\kk.exe
    
    :Commands
    [EMPTYTEMP]
  • Then click the Run Fix button at the top.
  • Let the program run unhindered, reboot the PC when it is done.
  • After reboot run OTL again.
  • Click on CleanUp button.
  • OTL will be removed from your computer.

Here are some recommendations for you, how to stay safe in the internet.

  • Keep your system up-to-date. It will increase your protection level, because a lot of malware uses system vulnerabilities.

    To learn more, how to turn Automatic Updates on, click here.
  • Keep another software up-to-date too. Malware often uses third party software vulnerabilities.

    You can monitor news about vulnerabilities or simply install software which will scan your computer for outdated and vulnerable software and will notify you about results. Some of these programs are Secunia PSI (Requires installation, you can download it here) and Secunia OSI (java applet, requires Java Runtime Environment, learn more here).
  • Keep your antivirus software up-to-date.

    Turn on automatic updates for your antivirus, it's a basis of protection. Don't forget to keep your antivirus version up-to-date, new versions usually have advanced functionality, clean and prevent infection more effectively, than outdated versions.
  • Use limited user account. It will considerably increase your level of protection.

    90% of Malware won't work under limited user account, because they need administrator priveleges. If you are using Windows XP, then you can use DropMyRights while you are surfing on the internet.
  • Invent strong and long passwords for your accounts, if you want to keep your personal and confidential data in safety.

    Some malware have very dangerous functionality - they can crack your passwords. Please, set very strong password for your administrator account in Windows, then malware won't harm your PC. For each account on the internet invent individual password.

Hope that these recommendations will help you and you will avoid malware infections in the future. Good luck and safe web to you! :)
  • 0

#70
Wolffie

Wolffie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
well eset dissapeared on its own like a mysterious hero
left behind only the quarantined files

i never had adwcleaner o.O

i do still have an avenger tool on the desktop thou
should i just delete it or does it need some special commands to uninstall?
  • 0

Advertisements


#71
Phel

Phel

    Trusted Helper

  • Malware Removal
  • 1,386 posts

i never had adwcleaner o.O


Oops, sorry about it. :blush:

i do still have an avenger tool on the desktop thou
left behind only the quarantined files


Feel free to delete them.
  • 0

#72
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP