Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

computer frezes after downloading [Closed]

Started by bluesboy2000 , Dec 24 2013 02:56 PM

  • This topic is locked This topic is locked

#1
bluesboy2000
Posted 24 December 2013 - 02:56 PM

bluesboy2000

    Member

  • Member
  • PipPip
  • 56 posts
I tried to download Avast from unsecured link,instead it downloaded something called regcur. I uninstalled that and after a restart it was slow to reboot so I ran a mbam scan and found 2 trojan agents.when I rebooted it was still very slow.Now I get unknown folders on the start bar and when try to open theirs a white and the computer freezes till I see a check connections,url screen .I'm now in safe mode so I know my connection is good. OTL scan follows. Thanks for any helpOTL logfile created on:
12/24/2013 3:25:29 PM - Run 2






OTL by OldTimer - Version 3.2.69.0 Folder = D:\Documents and Settings\Administrator.MAXIUMTREBLE\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.38 Mb Total Physical Memory | 31.42 Mb Available Physical Memory | 6.14% Memory free
1.85 Gb Paging File | 1.29 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): C:\pagefile.sys 640 640D:\pagefil [Binary data over 200 bytes]

%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files
Drive C: | 4.47 Gb Total Space | 2.87 Gb Free Space | 64.34% Space Free | Partition Type: NTFS
Drive D: | 181.83 Gb Total Space | 144.01 Gb Free Space | 79.20% Space Free | Partition Type: NTFS

Computer Name: MAXIUMTREBLE | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/12/24 15:23:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Administrator.MAXIUMTREBLE\My Documents\Downloads\OTL(1).exe
PRC - [2013/12/11 22:52:35 | 000,275,568 | ---- | M] (Mozilla Corporation) -- D:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/04/16 02:09:06 | 000,233,048 | ---- | M] (RealNetworks, Inc.) -- D:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
PRC - [2012/10/12 09:59:50 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- D:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2013/12/11 22:52:34 | 003,559,024 | ---- | M] () -- D:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013/12/11 13:43:08 | 016,242,056 | ---- | M] () -- D:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- D:\Program Files\Google\Desktop\Install\{4256ef9b-46ad-a245-41f4-33bb7158415b}\ \ \ﯹ๛\{4256ef9b-46ad-a245-41f4-33bb7158415b}\GoogleUpdate.exe < [WARNING: D:\Program Files\Google\Desktop\Install\{4256ef9b-46ad-a245-41f4-33bb7158415b}\ \ \???\{4256ef9b-46ad-a245-41f4-33bb7158415b}\GoogleUpdate.exe <] -- (etadpug)
SRV - [2013/12/20 11:47:10 | 000,096,736 | ---- | M] (Panda Security S.L.) [Auto | Stopped] -- D:\WINDOWS\system32\PCloudCleanerService.EXE -- (PCloudCleanerService)
SRV - [2013/12/11 22:52:35 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- D:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/12/11 13:43:09 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- D:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/10/25 10:35:50 | 000,182,696 | ---- | M] (Oracle Corporation) [Auto | Stopped] -- D:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/04/16 02:07:08 | 000,039,056 | ---- | M] () [Auto | Stopped] -- D:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2013/04/04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- D:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/10/12 09:59:50 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- D:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | Boot | Stopped] -- -- (twng)
DRV - File not found [Kernel | Boot | Stopped] -- D:\WINDOWS\system32\drivers\PRSBDRVR.SYS -- (PRSBDRVR)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | Auto | Stopped] -- system32\DRIVERS\mdmxsdk.sys -- (mdmxsdk)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | Boot | Stopped] -- D:\WINDOWS\system32\drivers\DasBootF.SYS -- (DasBootF)
DRV - File not found [Kernel | Boot | Stopped] -- D:\WINDOWS\system32\drivers\DasBoot.SYS -- (DasBoot)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2011/09/20 17:18:42 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- D:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/09/20 17:18:42 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- D:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2009/08/25 00:46:36 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2004/10/27 13:57:00 | 002,284,864 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM)
DRV - [2003/12/07 00:09:38 | 000,248,832 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | Auto | Stopped] -- D:\WINDOWS\system32\drivers\cx88vid.sys -- (CX23880)
DRV - [2003/12/06 14:45:00 | 000,295,040 | ---- | M] (AVerMedia Technologies, Inc.) [Kernel | Auto | Stopped] -- D:\WINDOWS\system32\drivers\cx88enc.sys -- (CX88ENC)
DRV - [2003/12/06 14:44:18 | 000,008,320 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\cxavsaud.sys -- (CXAVSAUD)
DRV - [2001/05/14 18:15:40 | 000,010,368 | ---- | M] (Dell Computer Corporation) [Kernel | System | Stopped] -- D:\WINDOWS\system32\drivers\omci.sys -- (OMCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://dts.search-re...q={searchTerms}
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7Bf34c9277-6577-4dff-b2d7-7d58092f272f%7D:1.0.0.12
FF - prefs.js..extensions.enabledAddons: %7BC3949AC2-4B17-43ee-B4F1-D26B9D42404D%7D:15.0.5
FF - prefs.js..extensions.enabledAddons: %7BFCE04E1F-9378-4f39-96F6-5689A9159E45%7D:1.3.2
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: D:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: D:\WINDOWS\system32\Adobe\Director\np32dsw_1205146.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: D:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: D:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.2.32: d:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.5.109: d:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.2: D:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.2: D:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.2: D:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.5.109: D:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.5.109: D:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.2.32: d:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: D:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: D:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: D:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0: D:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: D:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}: D:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/07/04 17:33:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: D:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/07/16 18:27:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FCE04E1F-9378-4f39-96F6-5689A9159E45}: D:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/07/16 18:27:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2013/12/11 22:52:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2013/12/11 22:52:22 | 000,000,000 | ---D | M]

[2011/04/06 14:22:12 | 000,000,000 | ---D | M] (No name found) -- D:\Documents and Settings\Administrator.MAXIUMTREBLE\Application Data\Mozilla\Extensions
[2013/07/05 10:42:03 | 000,000,000 | ---D | M] (No name found) -- D:\Documents and Settings\Administrator.MAXIUMTREBLE\Application Data\Mozilla\Firefox\Profiles\tbep6etg.default\extensions
[2013/07/05 10:42:01 | 000,000,000 | ---D | M] (Search-Results Toolbar) -- D:\Documents and Settings\Administrator.MAXIUMTREBLE\Application Data\Mozilla\Firefox\Profiles\tbep6etg.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f}
[2013/12/11 22:52:18 | 000,000,000 | ---D | M] (No name found) -- D:\Program Files\Mozilla Firefox\extensions
[2013/12/11 22:52:18 | 000,000,000 | ---D | M] (No name found) -- D:\Program Files\Mozilla Firefox\extensions(2)
[2013/12/11 22:52:18 | 000,000,000 | ---D | M] (No name found) -- D:\Program Files\Mozilla Firefox\extensions(2)\{972ce4c6-7e08-4474-a285-3208198ce6fd}(2)
[2013/12/11 22:52:18 | 000,000,000 | ---D | M] (No name found) -- D:\Program Files\Mozilla Firefox\browser\extensions
[2013/12/11 22:52:35 | 000,000,000 | ---D | M] (Default) -- D:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/07/04 17:33:10 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- D:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2013/07/16 18:27:05 | 000,000,000 | ---D | M] (RealDownloader) -- D:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REALNETWORKS\REALDOWNLOADER\BROWSERPLUGINS\FIREFOX\EXT
[2013/04/11 19:50:23 | 000,263,064 | ---- | M] (Mozilla Foundation) -- D:\Program Files\mozilla firefox\components\browsercomps.dll
[2013/07/16 18:25:50 | 000,124,504 | ---- | M] (RealPlayer) -- D:\Program Files\mozilla firefox\plugins\nprpplugin.dll

O1 HOSTS File: ([2001/08/18 07:00:00 | 000,000,734 | ---- | M]) - D:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (no name) - {42D79B50-CC4A-4A8E-860F-BE674AF053A2} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - D:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - D:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - D:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - D:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - D:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - D:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - D:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - D:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - D:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - D:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - D:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - D:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - D:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - D:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - D:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - D:\Program Files\Bonjour\mdnsNSP.dll File not found
O16 - DPF: Microsoft XML Parser for Java file://D:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B66B8CDF-EAF2-438D-B782-B8DDD5AC233D}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - D:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (D:\WINDOWS\system32\userinit.exe) - D:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop BackupWallPaper:
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - D:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/01/20 14:46:53 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (aswBoot.exe /M:4d691da2b)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/12/24 15:23:12 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator.MAXIUMTREBLE\My Documents\Downloads
[2013/12/24 15:15:36 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator.MAXIUMTREBLE\Local Settings\Application Data\Apple Computer
[2013/12/24 15:13:32 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator.MAXIUMTREBLE\Application Data\RealNetworks
[2013/12/24 14:38:55 | 000,096,736 | ---- | C] (Panda Security S.L.) -- D:\WINDOWS\System32\PCloudCleanerService.EXE
[2013/12/15 11:25:24 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\TubeDimmer
[2013/12/15 09:57:15 | 000,000,000 | ---D | C] -- D:\Program Files\Optimizer Pro
[2013/12/15 09:56:24 | 000,000,000 | ---D | C] -- D:\Program Files\Common Files\Software Update Utility
[2013/12/11 22:52:17 | 000,000,000 | ---D | C] -- D:\Program Files\Mozilla Firefox
[2013/12/06 10:12:14 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\SparkTrust

========== Files - Modified Within 30 Days ==========

[2013/12/24 15:20:00 | 000,001,324 | ---- | M] () -- D:\WINDOWS\System32\d3d9caps.dat
[2013/12/24 14:41:41 | 000,002,048 | --S- | M] () -- D:\WINDOWS\bootstat.dat
[2013/12/24 14:36:23 | 000,000,288 | ---- | M] () -- D:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-682003330-287218729-725345543-1004.job
[2013/12/24 14:36:22 | 000,000,296 | ---- | M] () -- D:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-682003330-287218729-725345543-1004.job
[2013/12/24 14:36:09 | 000,000,288 | ---- | M] () -- D:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-682003330-287218729-725345543-1004.job
[2013/12/24 14:34:35 | 000,000,882 | ---- | M] () -- D:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/12/24 13:55:17 | 000,000,935 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\Panda Cloud Cleaner.lnk
[2013/12/24 13:52:08 | 000,000,886 | ---- | M] () -- D:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/12/24 13:43:23 | 000,000,830 | ---- | M] () -- D:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/12/24 11:17:06 | 000,013,002 | ---- | M] () -- D:\WINDOWS\System32\wpa.dbl
[2013/12/24 09:41:05 | 000,000,296 | ---- | M] () -- D:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-682003330-287218729-725345543-1004.job
[2013/12/20 11:47:10 | 000,096,736 | ---- | M] (Panda Security S.L.) -- D:\WINDOWS\System32\PCloudCleanerService.EXE
[2013/12/19 15:57:21 | 000,000,284 | ---- | M] () -- D:\WINDOWS\tasks\AppleSoftwareUpdate.job

========== Files Created - No Company Name ==========

[2013/12/24 13:13:33 | 000,031,848 | ---- | C] () -- D:\WINDOWS\System32\drivers\DasPtct.SYS
[2013/08/29 18:50:29 | 000,000,075 | ---- | C] () -- D:\Documents and Settings\Administrator.MAXIUMTREBLE\Application Data\mbam.context.scan
[2013/07/05 10:46:58 | 000,074,703 | ---- | C] () -- D:\WINDOWS\System32\mfc45.dat
[2013/01/22 16:36:21 | 000,074,703 | ---- | C] () -- D:\WINDOWS\System32\mfc45.dll
[2012/07/11 17:38:23 | 000,484,352 | ---- | C] () -- D:\WINDOWS\System32\lame_enc.dll
[2012/05/05 16:19:46 | 000,013,132 | -H-- | C] () -- D:\WINDOWS\System32\mlfcache.dat
[2012/04/15 14:13:39 | 000,000,754 | ---- | C] () -- D:\WINDOWS\WORDPAD.INI
[2012/02/15 00:16:27 | 000,003,072 | ---- | C] () -- D:\WINDOWS\System32\iacenc.dll
[2012/02/10 14:23:35 | 000,001,324 | ---- | C] () -- D:\WINDOWS\System32\d3d9caps.dat
[2011/04/26 17:47:12 | 000,000,192 | ---- | C] () -- D:\Documents and Settings\All Users\Application Data\video

========== ZeroAccess Check ==========


[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\System32\shdocvw.dll -- [2013/07/31 23:17:51 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = D:\WINDOWS\System32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/04/27 14:33:31 | 000,000,000 | -HSD | M] -- D:\Documents and Settings\All Users\Application Data\AAGMBS
[2011/02/06 11:33:05 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Alwil Software
[2011/08/18 14:12:14 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/04/06 14:35:39 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\AVG10
[2012/07/04 17:28:39 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Babylon
[2012/07/12 09:50:11 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\boost_interprocess
[2012/06/17 20:33:13 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\bProtectorForWindows
[2011/02/06 11:11:33 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Common Files
[2012/04/27 14:58:53 | 000,000,000 | -HSD | M] -- D:\Documents and Settings\All Users\Application Data\dba819
[2011/08/20 18:09:15 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\GamesBar
[2013/07/05 10:56:07 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\iolo
[2011/02/06 14:53:16 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\MFAData
[2011/08/20 18:09:54 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Oberon Media
[2013/12/06 10:14:47 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\ParetoLogic
[2012/06/14 12:04:08 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\PC Optimizer Pro
[2013/01/27 18:26:43 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Playrix Entertainment
[2011/07/08 13:42:12 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Samsung
[2013/12/15 20:34:40 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Soulseek
[2013/12/06 10:16:13 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\SparkTrust
[2013/02/27 11:08:06 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\TEMP
[2013/12/15 11:25:27 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\TubeDimmer
[2011/02/03 12:17:02 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/11/11 14:57:57 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 141 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:07BF512B

< End of report >
  • 0

Advertisements

#2
Machiavelli
Posted 25 December 2013 - 03:53 AM

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,722 posts
Welcome to GeeksToGo, bluesboy2000

My name is Machiavelli and I'll try to fix your PC problems. If you are in SafeMode then print my instructions! Removing Malware on a computer can be very complicated. Malware (malicious software) is able to hide and so I may not be able to find it so easily. In order to remove Malware from you Computer, you need to follow my instructions carefully. Don't be worried if you don't know what to do, just ask me! Please stay in contact with me until the problem is fixed.

Posted Image

Posted Image

!NOTE! Please respect my volunteered time and stay with me until I declare your computer clean. If you are going to be delayed for a while, please let me know.

I am currently in training and my posts will need to be reviewed by an expert, so expect a slight delay between posts. :)

 

Please move the OTL.exe to your Desktop. I'll come with a further answer later.
  • 0

#3
bluesboy2000
Posted 25 December 2013 - 09:17 AM

bluesboy2000

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
Hello Machiavelli
Thanks for sharing your time to help me with this problem.Not sure what you mean by"moving my OTl file to my desktop.Please explain.
  • 0

#4
Machiavelli
Posted 25 December 2013 - 11:01 AM

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,722 posts
Sorry for being unclear.

You have saved a file called OTL.exe in this directory: D:\Documents and Settings\Administrator.MAXIUMTREBLE\My Documents\Downloads - please move the file (OTL.exe) to your Desktop.

A good tutorial is found here.

Merry Christmas!
  • 0

#5
Machiavelli
Posted 25 December 2013 - 12:38 PM

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,722 posts
!!! Backdoor Warning !!!

In your logs I see a Backdoor. That means that your machine is infected with some nasty files which can steal some information. It is difficult to tell whether or not any data has been stolen and finding out which is true instead of doing countermeasures is unproductive. In this light, for your safety, assume that your log-in details and other information have been accessed by another source.
Below are the steps that you should administer:
  • Please disconnect from the Internet! Also don't use it while we are cleaning the infected machine. This is especially true when you are using the computer in question for online banking and other sites that require sensitive and personal information.
  • It is strongly advised that you change your passwords on a clean PC and notify the bank immediately to watch out for suspicious transactions.
I can try to clean the infection but I have to say your computer is very likely compromised and that there is no way to be sure your computer can ever again be trusted.Experts in the security community believe that a reformat and re-installation of the operating system is the best solution. Please peruse the following if you would like to know more:
Now - you decide if you want to reformat the PC or to cleaning the PC. Think of it and choose the best solution for you! Let me know of your decision. If you decide to go through the process, please proceed with the following steps.

OTL Fix

  • Run OTL.
  • Copy (Ctrl+C) and Paste (Ctrl+V) all of the following text into the Custom Scans/Fixes box:


    :Commands
[CREATERESTOREPOINT]

:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://dts.search-re...q={searchTerms}
[2013/07/05 10:42:01 | 000,000,000 | ---D | M] (Search-Results Toolbar) -- D:\Documents and Settings\Administrator.MAXIUMTREBLE\Application Data\Mozilla\Firefox\Profiles\tbep6etg.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f}
O3 - HKLM\..\Toolbar: (no name) - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O16 - DPF: Microsoft XML Parser for Java file://D:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
[2013/12/15 11:25:24 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\TubeDimmer
[2013/12/15 09:57:15 | 000,000,000 | ---D | C] -- D:\Program Files\Optimizer Pro
[2013/12/06 10:12:14 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\SparkTrust
[2013/07/05 10:46:58 | 000,074,703 | ---- | C] () -- D:\WINDOWS\System32\mfc45.dat
[2013/01/22 16:36:21 | 000,074,703 | ---- | C] () -- D:\WINDOWS\System32\mfc45.dll
[2012/07/04 17:28:39 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Babylon
[2012/07/12 09:50:11 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\boost_interprocess
[2012/06/17 20:33:13 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\bProtectorForWindows
[2012/06/14 12:04:08 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\PC Optimizer Pro
[2011/02/03 12:17:02 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/11/11 14:57:57 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
@Alternate Data Stream - 141 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:07BF512B

:Files
dir  D:\Documents and Settings\All Users\Application Data\video /s /C

:Commands
[EMPTYTEMP]
  • Click the Run Fix button.
  • After your computer has rebooted, post the Fixlog into your next reply.

AdwCleaner

Please download AdwCleaner (by Xplode) from the link below and save it to your Desktop:

Download Mirror #1


  • Right-click on AdwCleaner.exe and select Run as administrator.
  • Click Scan and let the scan run.
  • When it finishes, click Clean, following the on screen prompts
  • After your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.

Note: The log can also be found in here: C:\AdwCleaner\

JRT Run

Posted Image Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Farbar Recovery Scan Tool (FRST)

Please download FRST (by Farbar) from the link below and save it to your Desktop.

Download Mirror #1


  • Disable all anti-virus and anti-malware software to prevent them inhibiting FRST in any way. If you are unsure how to do this, see THIS.
  • Double-click FRST.exe/FRST64.exe (depending on which version you downloaded) to run it.
  • When the disclaimer appears, click Yes.
  • Click Scan to start FRST.
  • When FRST finishes scanning, two logs, FRST.txt and Addition.txt will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of both of these logs into your next post please.

  • 0

#6
bluesboy2000
Posted 25 December 2013 - 07:30 PM

bluesboy2000

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
Thanks for the help. Looks like I will be reformatting. Will get back to you tomorrow.
  • 0

#7
Machiavelli
Posted 26 December 2013 - 03:49 AM

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,722 posts
OK & good decision! ;)
  • 0

#8
Machiavelli
Posted 28 December 2013 - 05:23 AM

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,722 posts
Do you still need help?
  • 0

#9
CompCav
Posted 29 December 2013 - 05:03 AM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP