Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Smiley Virus after Bios [Closed]


  • This topic is locked This topic is locked

#1
JohnVostro

JohnVostro

    New Member

  • Member
  • Pip
  • 5 posts
It all started one day ago. I noticed that i could not open my volume control and chrome started to malfunction so I decided to reinstall windows 7 just as a precaution but after I reinstalled Windows 7 everzthing worked like it was supposed to but after the BIOS is loaded *allready the screen flashes during BIOS start up*, a white smiley face turns up on the following black screen when i hit enter windows boots and works prettz much but still this can=t be good. I tried Knoppocolin *boot with Linux* and ran everz virus scanner available. Kasperskz, Avira, clamav, Malwarebytes ... and thez all gave me nothing just one keygenerator that i deleted even though it has been on mz szstem for zears and probably didn=t do anything *false positive* After that i tried to use Smitfraudfix.exe from Siri but even that broke down in safe mode. I also tried to surch the szstem with smitfraudfix but it onlz gave me a short window that said denied. I am reallz lost please someone help...


OTL logfile created on: 3/4/2014 15:33:01 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Vostro\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

15.95 Gb Total Physical Memory | 14.09 Gb Available Physical Memory | 88.33% Memory free
31.89 Gb Paging File | 29.78 Gb Available in Paging File | 93.36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119.14 Gb Total Space | 79.28 Gb Free Space | 66.54% Space Free | Partition Type: NTFS
Drive D: | 298.09 Gb Total Space | 48.10 Gb Free Space | 16.14% Space Free | Partition Type: NTFS
Drive E: | 3.05 Gb Total Space | 2.96 Gb Free Space | 97.12% Space Free | Partition Type: NTFS
Drive F: | 465.76 Gb Total Space | 83.69 Gb Free Space | 17.97% Space Free | Partition Type: NTFS
Drive G: | 1859.96 Gb Total Space | 86.06 Gb Free Space | 4.63% Space Free | Partition Type: NTFS
Drive H: | 1.53 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive I: | 800.52 Gb Total Space | 294.77 Gb Free Space | 36.82% Space Free | Partition Type: FAT32
Drive J: | 15.60 Gb Total Space | 15.60 Gb Free Space | 100.00% Space Free | Partition Type: FAT32
Drive K: | 115.22 Gb Total Space | 115.22 Gb Free Space | 100.00% Space Free | Partition Type: FAT32
Drive L: | 7.52 Gb Total Space | 2.72 Gb Free Space | 36.13% Space Free | Partition Type: FAT32
Drive M: | 1863.01 Gb Total Space | 10.93 Gb Free Space | 0.59% Space Free | Partition Type: NTFS

Computer Name: VOSTRO-PC | User Name: Vostro | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/03/04 15:32:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Vostro\Desktop\OTL.exe
PRC - [2014/03/03 12:29:57 | 000,233,936 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10l_ActiveX.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PRC - [2008/05/27 23:17:49 | 000,003,584 | ---- | M] () -- C:\Users\Vostro\Desktop\SmitfraudFix\Policies.exe


========== Modules (No Company Name) ==========

MOD - [2008/05/27 23:17:49 | 000,003,584 | ---- | M] () -- C:\Users\Vostro\Desktop\SmitfraudFix\Policies.exe


========== Services (SafeList) ==========

SRV:64bit: - [2013/10/10 14:54:28 | 000,144,152 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2013/02/19 16:05:38 | 000,497,664 | ---- | M] () [Auto | Running] -- C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe -- (Qualcomm Atheros Killer Service)
SRV:64bit: - [2009/07/13 17:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 17:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/02/19 16:06:38 | 000,066,928 | ---- | M] (Qualcomm Atheros, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\bflwfx64.sys -- (BfLwf)
DRV:64bit: - [2013/02/19 16:06:36 | 000,165,824 | ---- | M] (Qualcomm Atheros, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e22W7x64.sys -- (Ke2200)
DRV:64bit: - [2011/07/22 08:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 13:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2009/07/13 17:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 17:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 17:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?r...opt=0&ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 11 7F 67 3B 21 37 CF 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.51204.0\npctrl.dll ( Microsoft Corporation)



O1 HOSTS File: ([2014/03/04 15:04:59 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThemesTab = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClassicShell = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000017 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 192.168.0.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AA9CF9D1-9884-475D-BFF6-00CA4425CA01}: DhcpNameServer = 192.168.0.1 192.168.0.2
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/03/04 15:32:50 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Vostro\Desktop\OTL.exe
[2014/03/04 15:02:40 | 000,000,000 | ---D | C] -- C:\Users\Vostro\AppData\Local\ElevatedDiagnostics
[2014/03/04 14:52:14 | 000,289,144 | ---- | C] (S!Ri) -- C:\Windows\SysWow64\VCCLSID.exe
[2014/03/04 14:52:14 | 000,288,417 | ---- | C] (S!Ri) -- C:\Windows\SysWow64\SrchSTS.exe
[2014/03/04 14:52:14 | 000,135,168 | ---- | C] (SteelWerX) -- C:\Windows\SysWow64\swreg.exe
[2014/03/04 14:52:14 | 000,087,552 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysWow64\VACFix.exe
[2014/03/04 14:52:14 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysWow64\IEDFix.exe
[2014/03/04 14:52:14 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysWow64\IEDFix.C.exe
[2014/03/04 14:52:14 | 000,082,432 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysWow64\404Fix.exe
[2014/03/04 14:52:14 | 000,080,384 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysWow64\o4Patch.exe
[2014/03/04 14:52:14 | 000,079,360 | ---- | C] (SteelWerX) -- C:\Windows\SysWow64\swxcacls.exe
[2014/03/04 14:52:14 | 000,078,336 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysWow64\Agent.OMZ.Fix.exe
[2014/03/04 14:52:14 | 000,053,248 | ---- | C] (http://www.beyondlogic.org) -- C:\Windows\SysWow64\Process.exe
[2014/03/04 14:52:14 | 000,000,000 | ---D | C] -- C:\Users\Vostro\Desktop\SmitfraudFix
[2014/03/04 14:21:02 | 000,000,000 | ---D | C] -- C:\Users\Vostro\Desktop\XPSP2_customer_ready_2180
[2014/03/04 14:21:02 | 000,000,000 | ---D | C] -- C:\Users\Vostro\Desktop\wininetdebug.6.0.2800.1106
[2014/03/04 14:21:02 | 000,000,000 | ---D | C] -- C:\Users\Vostro\Desktop\wininetdebug.6.0.2600.0000
[2014/03/04 14:21:02 | 000,000,000 | ---D | C] -- C:\Users\Vostro\Desktop\wininetdebug.5.50.4807.2300
[2014/03/04 14:21:02 | 000,000,000 | ---D | C] -- C:\Users\Vostro\Desktop\wininetdebug.5.50.4134.600
[2014/03/04 14:20:50 | 000,000,000 | ---D | C] -- C:\Temp
[2014/03/03 23:58:01 | 000,000,000 | ---D | C] -- C:\Users\Vostro\AppData\Roaming\SUPERAntiSpyware.com
[2014/03/03 23:57:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2014/03/03 23:57:29 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2014/03/03 23:57:29 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2014/03/03 23:25:29 | 000,000,000 | ---D | C] -- C:\Users\Vostro\AppData\Roaming\Malwarebytes
[2014/03/03 23:25:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014/03/03 23:25:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/03/03 23:25:21 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/03/03 23:25:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2014/03/03 23:25:10 | 000,000,000 | ---D | C] -- C:\Users\Vostro\AppData\Local\Programs
[2014/03/03 23:12:06 | 000,000,000 | ---D | C] -- C:\Users\Vostro\AppData\Local\Diagnostics
[2014/03/03 12:43:30 | 000,000,000 | ---D | C] -- C:\Users\Vostro\AppData\Roaming\Macromedia
[2014/03/03 12:43:29 | 000,000,000 | ---D | C] -- C:\Users\Vostro\AppData\Roaming\Adobe
[2014/03/03 12:42:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2014/03/03 12:42:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Qualcomm Atheros
[2014/03/03 12:42:23 | 000,000,000 | ---D | C] -- C:\Program Files\Qualcomm Atheros
[2014/03/03 12:42:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Bigfoot Networks
[2014/03/03 12:40:51 | 000,000,000 | ---D | C] -- C:\MSI
[2014/03/03 12:35:09 | 000,000,000 | ---D | C] -- C:\OETemp
[2014/03/03 12:32:55 | 000,000,000 | R--D | C] -- C:\Users\Vostro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2014/03/03 12:32:55 | 000,000,000 | R--D | C] -- C:\Users\Vostro\Searches
[2014/03/03 12:32:55 | 000,000,000 | R--D | C] -- C:\Users\Vostro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2014/03/03 12:32:55 | 000,000,000 | -H-D | C] -- C:\Users\Vostro\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2014/03/03 12:32:48 | 000,000,000 | ---D | C] -- C:\Users\Vostro\AppData\Roaming\Identities
[2014/03/03 12:32:47 | 000,000,000 | R--D | C] -- C:\Users\Vostro\Contacts
[2014/03/03 12:32:47 | 000,000,000 | ---D | C] -- C:\Users\Vostro\AppData\Local\VirtualStore
[2014/03/03 12:32:45 | 000,000,000 | --SD | C] -- C:\Users\Vostro\AppData\Roaming\Microsoft
[2014/03/03 12:32:45 | 000,000,000 | R--D | C] -- C:\Users\Vostro\Videos
[2014/03/03 12:32:45 | 000,000,000 | R--D | C] -- C:\Users\Vostro\Saved Games
[2014/03/03 12:32:45 | 000,000,000 | R--D | C] -- C:\Users\Vostro\Pictures
[2014/03/03 12:32:45 | 000,000,000 | R--D | C] -- C:\Users\Vostro\Music
[2014/03/03 12:32:45 | 000,000,000 | R--D | C] -- C:\Users\Vostro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2014/03/03 12:32:45 | 000,000,000 | R--D | C] -- C:\Users\Vostro\Links
[2014/03/03 12:32:45 | 000,000,000 | R--D | C] -- C:\Users\Vostro\Favorites
[2014/03/03 12:32:45 | 000,000,000 | R--D | C] -- C:\Users\Vostro\Downloads
[2014/03/03 12:32:45 | 000,000,000 | R--D | C] -- C:\Users\Vostro\Documents
[2014/03/03 12:32:45 | 000,000,000 | R--D | C] -- C:\Users\Vostro\Desktop
[2014/03/03 12:32:45 | 000,000,000 | R--D | C] -- C:\Users\Vostro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2014/03/03 12:32:45 | 000,000,000 | -HSD | C] -- C:\Users\Vostro\AppData\Local\Temporary Internet Files
[2014/03/03 12:32:45 | 000,000,000 | -HSD | C] -- C:\Users\Vostro\Templates
[2014/03/03 12:32:45 | 000,000,000 | -HSD | C] -- C:\Users\Vostro\Start Menu
[2014/03/03 12:32:45 | 000,000,000 | -HSD | C] -- C:\Users\Vostro\SendTo
[2014/03/03 12:32:45 | 000,000,000 | -HSD | C] -- C:\Users\Vostro\Recent
[2014/03/03 12:32:45 | 000,000,000 | -HSD | C] -- C:\Users\Vostro\PrintHood
[2014/03/03 12:32:45 | 000,000,000 | -HSD | C] -- C:\Users\Vostro\NetHood
[2014/03/03 12:32:45 | 000,000,000 | -HSD | C] -- C:\Users\Vostro\Documents\My Videos
[2014/03/03 12:32:45 | 000,000,000 | -HSD | C] -- C:\Users\Vostro\Documents\My Pictures
[2014/03/03 12:32:45 | 000,000,000 | -HSD | C] -- C:\Users\Vostro\Documents\My Music
[2014/03/03 12:32:45 | 000,000,000 | -HSD | C] -- C:\Users\Vostro\My Documents
[2014/03/03 12:32:45 | 000,000,000 | -HSD | C] -- C:\Users\Vostro\Local Settings
[2014/03/03 12:32:45 | 000,000,000 | -HSD | C] -- C:\Users\Vostro\AppData\Local\History
[2014/03/03 12:32:45 | 000,000,000 | -HSD | C] -- C:\Users\Vostro\Cookies
[2014/03/03 12:32:45 | 000,000,000 | -HSD | C] -- C:\Users\Vostro\Application Data
[2014/03/03 12:32:45 | 000,000,000 | -HSD | C] -- C:\Users\Vostro\AppData\Local\Application Data
[2014/03/03 12:32:45 | 000,000,000 | -H-D | C] -- C:\Users\Vostro\AppData
[2014/03/03 12:32:45 | 000,000,000 | ---D | C] -- C:\Users\Vostro\AppData\Local\Temp
[2014/03/03 12:32:45 | 000,000,000 | ---D | C] -- C:\Users\Vostro\AppData\Local\Microsoft
[2014/03/03 12:32:45 | 000,000,000 | ---D | C] -- C:\Users\Vostro\AppData\Roaming\Media Center Programs
[2014/03/03 12:31:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2014/03/03 12:30:18 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2014/03/03 12:30:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2014/03/03 12:30:00 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
[2014/03/03 12:29:57 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2014/03/03 12:29:53 | 000,444,952 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2014/03/03 12:29:53 | 000,200,704 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\Windows\SysWow64\ssleay32.dll
[2014/03/03 12:29:52 | 002,129,408 | ---- | C] (Python Software Foundation) -- C:\Windows\SysWow64\python31.dll
[2014/03/03 12:29:52 | 001,017,344 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\Windows\SysWow64\libeay32.dll
[2014/03/03 12:29:52 | 000,312,848 | ---- | C] (AutoIt Team) -- C:\Windows\SysWow64\AutoItX3.dll
[2014/03/03 12:29:52 | 000,200,704 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\Windows\SysWow64\libssl32.dll
[2014/03/03 12:29:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2014/03/03 12:29:39 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2014/03/03 12:29:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2014/03/03 12:28:18 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2014/03/03 12:27:56 | 000,000,000 | -HSD | C] -- C:\Recovery
[2014/03/03 12:05:40 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2014/03/03 12:05:39 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2014/03/03 07:21:42 | 000,000,000 | ---D | C] -- C:\Windows\Panther

========== Files - Modified Within 30 Days ==========

[2014/03/04 15:32:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Vostro\Desktop\OTL.exe
[2014/03/04 15:23:46 | 000,778,150 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/03/04 15:23:46 | 000,659,580 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/03/04 15:23:46 | 000,120,508 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/03/04 15:19:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/03/04 15:19:21 | 4253,388,798 | -HS- | M] () -- C:\hiberfil.sys
[2014/03/04 15:05:00 | 000,000,691 | ---- | M] () -- C:\Users\Vostro\AppData\Roaming\GetValue.vbs
[2014/03/04 15:05:00 | 000,000,214 | ---- | M] () -- C:\Windows\SysWow64\tmp.reg
[2014/03/04 15:05:00 | 000,000,035 | ---- | M] () -- C:\Users\Vostro\AppData\Roaming\SetValue.bat
[2014/03/04 14:49:55 | 000,009,584 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/03/04 14:49:55 | 000,009,584 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/03/04 14:41:34 | 001,885,088 | ---- | M] () -- C:\Users\Vostro\Desktop\SmitfraudFix_v2.423.exe
[2014/03/04 14:34:25 | 000,000,154 | ---- | M] () -- C:\Windows\wininit.ini
[2014/03/04 00:19:55 | 000,000,512 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task f26898dd-b729-46b3-aebc-07cd07fc46ea.job
[2014/03/04 00:19:55 | 000,000,512 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 0b80c621-fb34-481f-b88d-46194fd09c6e.job
[2014/03/03 23:57:30 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
[2014/03/03 23:25:22 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/03/03 22:57:23 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2014/03/03 12:43:25 | 000,001,437 | ---- | M] () -- C:\Users\Vostro\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/03/03 12:42:27 | 000,002,268 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Qualcomm Atheros Killer Network Manager.lnk
[2014/03/03 12:42:27 | 000,002,238 | ---- | M] () -- C:\Users\Public\Desktop\Qualcomm Atheros Killer Network Manager.lnk
[2014/03/03 12:32:39 | 000,771,962 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/03/03 12:08:37 | 000,042,045 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2014/03/03 12:08:37 | 000,042,045 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2014/03/03 12:05:44 | 000,274,320 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2014/03/04 14:52:27 | 000,000,691 | ---- | C] () -- C:\Users\Vostro\AppData\Roaming\GetValue.vbs
[2014/03/04 14:52:27 | 000,000,214 | ---- | C] () -- C:\Windows\SysWow64\tmp.reg
[2014/03/04 14:52:27 | 000,000,035 | ---- | C] () -- C:\Users\Vostro\AppData\Roaming\SetValue.bat
[2014/03/04 14:52:14 | 000,075,776 | ---- | C] () -- C:\Windows\SysWow64\WS2Fix.exe
[2014/03/04 14:52:14 | 000,051,200 | ---- | C] () -- C:\Windows\SysWow64\dumphive.exe
[2014/03/04 14:52:14 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\swsc.exe
[2014/03/04 14:41:30 | 001,885,088 | ---- | C] () -- C:\Users\Vostro\Desktop\SmitfraudFix_v2.423.exe
[2014/03/04 14:20:15 | 000,000,154 | ---- | C] () -- C:\Windows\wininit.ini
[2014/03/03 23:58:04 | 000,000,512 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task f26898dd-b729-46b3-aebc-07cd07fc46ea.job
[2014/03/03 23:58:04 | 000,000,512 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 0b80c621-fb34-481f-b88d-46194fd09c6e.job
[2014/03/03 23:57:30 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
[2014/03/03 23:25:22 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/03/03 22:57:23 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2014/03/03 12:43:25 | 000,001,437 | ---- | C] () -- C:\Users\Vostro\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/03/03 12:42:27 | 000,002,268 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Qualcomm Atheros Killer Network Manager.lnk
[2014/03/03 12:42:27 | 000,002,238 | ---- | C] () -- C:\Users\Public\Desktop\Qualcomm Atheros Killer Network Manager.lnk
[2014/03/03 12:32:57 | 000,001,409 | ---- | C] () -- C:\Users\Vostro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2014/03/03 12:32:56 | 000,001,443 | ---- | C] () -- C:\Users\Vostro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2014/03/03 12:32:45 | 000,000,290 | ---- | C] () -- C:\Users\Vostro\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2014/03/03 12:32:45 | 000,000,272 | ---- | C] () -- C:\Users\Vostro\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2014/03/03 12:31:51 | 000,771,962 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/03/03 12:29:53 | 000,271,264 | ---- | C] () -- C:\Windows\SysWow64\vbrun100.dll
[2014/03/03 12:29:52 | 000,921,665 | ---- | C] () -- C:\Windows\SysWow64\msvcrt-ruby18.dll
[2014/03/03 12:29:52 | 000,210,944 | ---- | C] () -- C:\Windows\SysWow64\msvcrt10.dll
[2014/03/03 12:29:52 | 000,027,136 | ---- | C] () -- C:\Windows\SysWow64\pythonw.exe
[2014/03/03 12:29:52 | 000,026,624 | ---- | C] () -- C:\Windows\SysWow64\python.exe
[2014/03/03 12:29:52 | 000,020,537 | ---- | C] () -- C:\Windows\SysWow64\rubyw.exe
[2014/03/03 12:29:52 | 000,020,536 | ---- | C] () -- C:\Windows\SysWow64\ruby.exe
[2014/03/03 12:08:34 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2014/03/03 12:08:30 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2014/03/03 12:05:39 | 4253,388,798 | -HS- | C] () -- C:\hiberfil.sys

========== ZeroAccess Check ==========

[2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2011/02/08 19:54:27 | 014,162,944 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011/02/08 19:54:27 | 012,867,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 17:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========


========== Purity Check ==========



< End of report >

Edited by JohnVostro, 04 March 2014 - 08:53 AM.

  • 0

Advertisements


#2
SleepyDude

SleepyDude

    Trusted Helper

  • Malware Removal
  • 4,388 posts
Hello John :welcome:

My name around here is SleepyDude and I will be helping you with your Computer problem. I know that having a computer with problems can be very frustrating but I will do my best to help you fixing the issue.

Sometimes this can be a long process, it's very important that you stay with me and follow all my instructions to the letter until I declare your machine is clean.

I have compiled a list of guidelines you must take in consideration so that the helping process goes smooth for you and for me:

  • Please perform all steps in the order they are listed in each set of instructions
  • Don't install/uninstall any software or run any other cleaning tools besides the ones I ask you to use
    • Running other programs can interfere with the tools we use and have unpredicted results. Also I need to know what is going on with your machine at any time
  • If possible avoid using the computer for other tasks until we finish the cleaning process
    • The reason for this is because it can make the malware infection worst and more difficult to clean. Some malware can download updates from the internet when you use the computer
  • Please don't attach your logs instead Copy & Paste the information to your post unless specifically instructed to do so
  • Please read every post completely before doing anything if you have some doubts or questions please ask before continuing

IMPORTANT: At GeeksToGo we do our best to help you solving the problem but sometimes things don't go as planned. To be safe than sorry you should Backup your important data to a safe place, anywhere except on the computer with problems.

The all fixing process need to be executed from a user account with Administrator privileges also some of the tasks need to be executed in Safe Mode, you should save or print the instructions for use when you don't have access to the forum.


Now about your problem. Any chance of posting a picture showing the Smiley?

I would like to see the log called Extras.txt that was generated when you ran OTL. The log should be on the Desktop, if you can't find it don't worry and let me know.

Please execute the following steps to get some more logs...



Step 1 - Scan with aswMBR

  • Download aswMBR from here or here and save the file to the Desktop.
  • Double click the aswMBR.exe file to run it.
    (On Windows Vista and above right click the icon and choose Run as Administrator, accept the security warning)
    Posted Image
  • If it asks you if you want to download the latest virus definitions, click Yes
  • Click the "Scan" button to start the scan
    Posted Image
  • On completion of the scan click Save log and save the file aswMBR.txt to your Desktop.
    WARNING: Don't click on the buttons FixMBR and Fix unless instructed to do so.
  • Open the log aswMBR.txt and post the full contents of the file in your next reply.


Step 2 - Scan with AdwCleaner

Download AdwCleaner from here to the Desktop
  • Close all open windows and browsers
  • Right click on the Adwcleaner icon and choose Run as Administrator to execute the program
    Posted Image
  • Click the Scan button and wait for the program to finish.
  • For now click the Report button, Notepad will open please copy/paste the generated log to your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[R0].txt


Things I would like to see in your next reply:
  • The Extras.txt log
  • The aswMBR.txt log
  • AdwCleaner log AdwCleaner[R0].txt

  • 0

#3
JohnVostro

JohnVostro

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Thank you so very much for helping me. I have 2 out of 3 Scans for you. I´m really sorry but the ASWMBR Scan always malfunctions at one point. I ran it 10 times but it always crashed. Therefore i can only provide the ADWCleaner report:

# AdwCleaner v3.020 - Report created 10/03/2014 at 01:51:59
# Updated 27/02/2014 by Xplode
# Operating System : Windows 7 Ultimate (64 bits)
# Username : Vostro - VOSTRO-PC
# Running from : C:\Users\Vostro\Desktop\adwcleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Found C:\Windows\SysWOW64\AI_RecycleBin

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKLM\Software\caphyon
Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16533


-\\ Google Chrome v33.0.1750.146

[ File : C:\Users\Vostro\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [775 octets] - [10/03/2014 01:51:59]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [834 octets] ##########




And the Extras Report.



OTL Extras logfile created on: 10.03.2014 01:01:26 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Vostro\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy

15,95 Gb Total Physical Memory | 12,79 Gb Available Physical Memory | 80,16% Memory free
31,90 Gb Paging File | 28,44 Gb Available in Paging File | 89,16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,14 Gb Total Space | 21,89 Gb Free Space | 18,38% Space Free | Partition Type: NTFS
Drive D: | 465,76 Gb Total Space | 86,21 Gb Free Space | 18,51% Space Free | Partition Type: NTFS
Drive E: | 3,05 Gb Total Space | 2,73 Gb Free Space | 89,47% Space Free | Partition Type: NTFS
Drive F: | 298,09 Gb Total Space | 48,10 Gb Free Space | 16,14% Space Free | Partition Type: NTFS
Drive G: | 1859,96 Gb Total Space | 210,14 Gb Free Space | 11,30% Space Free | Partition Type: NTFS
Drive J: | 1863,01 Gb Total Space | 10,58 Gb Free Space | 0,57% Space Free | Partition Type: NTFS

Computer Name: VOSTRO-PC | User Name: Vostro | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.




I hope this helps. Maybe you have a suggestion how I can manage the ASWMBR log. "Avast Antirootkit has stopped working." :(
  • 0

#4
SleepyDude

SleepyDude

    Trusted Helper

  • Malware Removal
  • 4,388 posts
Hi John,

I need you to check the Extras.txt log because the one you posted isn't complete.

About the aswMBR problem, let's try to run the tool with different settings if this doesn't work we will try with another tool.


Step 1 - Scan with aswMBR

  • Double click the aswMBR.exe file to run it.
    (On Windows Vista and above right click the icon and choose Run as Administrator, accept the security warning)
    Posted Image
  • Make sure you change the Av Scan: box from Quick Scan to None according to the image above
  • Click the Scan button to start the scan
  • On completion of the scan click Save log and save the file aswMBR.txt to your Desktop.
    WARNING: Don't click on the buttons FixMBR and Fix unless instructed to do so.
  • Open the log aswMBR.txt and post the full contents of the file in your next reply.



Things I would like to see in your next reply:
  • The full Extras.txt log
  • The aswMBR.txt log

Edit: If you have SUPERAntiSpyware Professional or any other security program active please try to disable the protection before running aswMBR.
  • 0

#5
JohnVostro

JohnVostro

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Ok now I have the aswMBR scan:

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2014-03-12 14:37:25
-----------------------------
14:37:25.361 OS Version: Windows x64 6.1.7600
14:37:25.361 Number of processors: 4 586 0x2A07
14:37:25.362 ComputerName: VOSTRO-PC UserName: Vostro
14:37:25.660 Initialize success
14:38:05.770 AVAST engine defs: 14031200
14:38:42.672 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
14:38:42.674 Disk 0 Vendor: SAMSUNG_SSD_830_Series CXM03B1Q Size: 122104MB BusType: 11
14:38:42.676 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-2
14:38:42.677 Disk 1 Vendor: TOSHIBA_MK3252GSX LV010D Size: 305245MB BusType: 11
14:38:42.679 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP4T0L0-4
14:38:42.681 Disk 2 Vendor: ST2000DL003-9VT166 CC32 Size: 1907729MB BusType: 11
14:38:42.683 Disk 3 \Device\Harddisk3\DR3 -> \Device\Ide\IdeDeviceP1T0L0-1
14:38:42.686 Disk 3 Vendor: ST3500320AS SD1A Size: 476940MB BusType: 11
14:38:42.741 Disk 0 MBR read successfully
14:38:42.744 Disk 0 MBR scan
14:38:42.749 Disk 0 Windows 7 default MBR code
14:38:42.757 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
14:38:42.768 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 122002 MB offset 206848
14:38:42.836 Disk 0 scanning C:\Windows\system32\drivers
14:38:55.537 Service scanning
14:39:00.013 Service MSICDSetup H:\CDriver64.sys **LOCKED** 21
14:39:00.623 Service NTIOLib_1_0_C H:\NTIOLib_X64.sys **LOCKED** 21
14:39:04.880 Modules scanning
14:39:04.889 Disk 0 trace - called modules:
14:39:04.904 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
14:39:04.912 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800d819060]
14:39:04.917 3 CLASSPNP.SYS[fffff8800196f43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800d574680]
14:39:04.921 Scan finished successfully
14:39:50.424 Disk 0 MBR has been saved successfully to "C:\Users\Vostro\Desktop\MBR.dat"
14:39:50.428 The log file has been saved successfully to "C:\Users\Vostro\Desktop\aswMBR.txt"



__________________________________________________________________________________________________________________________________
And the full Extras log:



OTL Extras logfile created on: 10.03.2014 01:01:26 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Vostro\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy

15,95 Gb Total Physical Memory | 12,79 Gb Available Physical Memory | 80,16% Memory free
31,90 Gb Paging File | 28,44 Gb Available in Paging File | 89,16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,14 Gb Total Space | 21,89 Gb Free Space | 18,38% Space Free | Partition Type: NTFS
Drive D: | 465,76 Gb Total Space | 86,21 Gb Free Space | 18,51% Space Free | Partition Type: NTFS
Drive E: | 3,05 Gb Total Space | 2,73 Gb Free Space | 89,47% Space Free | Partition Type: NTFS
Drive F: | 298,09 Gb Total Space | 48,10 Gb Free Space | 16,14% Space Free | Partition Type: NTFS
Drive G: | 1859,96 Gb Total Space | 210,14 Gb Free Space | 11,30% Space Free | Partition Type: NTFS
Drive J: | 1863,01 Gb Total Space | 10,58 Gb Free Space | 0,57% Space Free | Partition Type: NTFS

Computer Name: VOSTRO-PC | User Name: Vostro | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1B70057F-7037-4030-86EC-C08766FD5F5B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{77454BA9-3828-4BEE-827D-FC59C1AAB0BA}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{060941E8-6CD7-4845-8D9E-88C15D77F795}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{074C37C3-5838-422B-BD1F-B8542EF5991D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\peggle nights\pegglenights.exe |
"{14813D33-73EF-4063-890C-7F0DEBA02CE0}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{193CE925-C09E-434A-ADFD-145976829204}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{2072F83F-6EF0-437D-88A9-6091EF44401D}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{20F36E64-B8D9-46F9-A4AC-96D1A5AB3BDE}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{219A75DF-250F-423B-BF39-1CC25F844B56}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 4\bf4.exe |
"{2BB4740B-7E76-4FCC-9D53-C6AC86E265F7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike source\hl2.exe |
"{407D7BBB-928F-449E-A718-13245A0870F0}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2380\agent.exe |
"{4ACD9A7A-9578-4D67-AD85-5A6516D1466B}" = protocol=6 | dir=in | app=c:\program files (x86)\battle.net\battle.net.exe |
"{4D1CE7E3-EF89-4655-97AB-41DDB9017889}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{4FD46438-7690-406D-8709-BD59A1B9CFE8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{55916001-5F90-40CC-A34E-99A2E54B136C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike source\hl2.exe |
"{6568F3F1-82ED-436E-A2E5-C11973709D9E}" = protocol=17 | dir=in | app=c:\program files (x86)\battle.net\battle.net.exe |
"{80163723-225A-46E8-945A-9F32725D8DC6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\peggle nights\pegglenights.exe |
"{87C9DE7C-C43F-4F26-A135-B09182135237}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{9E3C51C9-2BCC-489C-BA00-63E6D548EB29}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 4\bf4_x86.exe |
"{A0D06C28-19E7-4279-9442-721A10380309}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2380\agent.exe |
"{C0D7E69D-16FC-48EE-92EF-81527F37125F}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{C95483F1-942E-4B30-B080-904910D3BD2D}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{D5910547-8BE2-46D0-8371-E62641438A82}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{E00E69B6-0863-475B-AFA3-792FE62C5E0D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{E1E432A6-5B61-4917-977C-69E9C2185572}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 4\bf4_x86.exe |
"{E9985886-7F73-4321-9E67-A3B0DA269234}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2717\agent.exe |
"{F227A849-5E19-451C-9BF3-FDEE11CE3272}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2717\agent.exe |
"{F22DDF4C-D709-4B85-8AD6-866DB7382F10}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 4\bf4.exe |
"{F56D43C8-5708-4F44-BF4C-A9E3102ADFF4}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{F9D0C536-787C-41BD-AFBE-4AA8F3899500}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{FA218FBC-F373-43B2-B9C5-91740FD0293E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{FBB778E3-9523-4833-99B0-C41F22BB2957}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{FD025869-3D4B-4569-ACFC-6ABBD18F8E7E}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"TCP Query User{3D3B246F-6E7F-4801-BB98-3D6E718E7272}C:\users\vostro\appdata\local\temp\keygen.exe" = protocol=6 | dir=in | app=c:\users\vostro\appdata\local\temp\keygen.exe |
"TCP Query User{BD5062B9-39D4-4702-B88B-EE9608D1FF0F}C:\users\vostro\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\vostro\appdata\roaming\spotify\spotify.exe |
"UDP Query User{AD0CF2F5-5F79-44FB-BA3A-AC37DE8DEF6D}C:\users\vostro\appdata\local\temp\keygen.exe" = protocol=17 | dir=in | app=c:\users\vostro\appdata\local\temp\keygen.exe |
"UDP Query User{F85F8FE6-DC31-4CE3-A54F-F04D6D13ED39}C:\users\vostro\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\vostro\appdata\roaming\spotify\spotify.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{19648082-62FE-4F97-9A8C-B0870977449F}" = MacDrive 8
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86416021FF}" = Java™ 6 Update 21 (64-bit)
"{2EDC2FA3-1F34-34E5-9085-588C9EFD1CC6}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{764384C5-BCA9-307C-9AAC-FD443662686A}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 331.65
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 331.65
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 331.65
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.15.2
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{DF446558-ADF7-4884-9B2D-281979CCE71F}" = Qualcomm Atheros Killer Network Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FA00A3CC-7440-4938-A271-F186F50DD40D}" = Intel® Trusted Connect Service Client
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"VLC media player" = VLC media player 2.1.4
"WinRAR archiver" = WinRAR 5.01 (64-Bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{148D9D03-5D23-4D4F-B5D0-BA6030C45DCF}" = Adobe Flash Player 10 ActiveX
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel® USB 3.0 eXtensible Host Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java™ 6 Update 21
"{3D6AD258-61EA-35F5-812C-B7A02152996E}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610
"{517CC397-B22F-4593-8DCB-DE72CC541E9A}" = League of Legends
"{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}" = Asmedia ASM106x SATA Host Controller Driver
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{7b05af00-d234-4cf0-8cc3-1fcb21da2374}" = Avira
"{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1" = Super-Charger
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95716cce-fc71-413f-8ad5-56c2892d4b3a}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{997BB441-BC61-49AB-AA3C-24CB6E4EB53B}" = Avira
"{9ECF7817-DB11-4FBA-9DF1-296A578D513A}" = Adobe Shockwave Player 11.5
"{a1909659-0a08-4554-8af1-2175904903a1}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ABADE36E-EC37-413B-8179-B432AD3FACE7}" = Battlefield 4™
"{E7D4E834-93EB-351F-B8FB-82CDAE623003}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Avira AntiVir Desktop" = Avira Free Antivirus
"Battle.net" = Battle.net
"Battlelog Web Plugins" = Battlelog Web Plugins
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2013-08-01
"ESN Sonar-0.70.4" = ESN Sonar
"Google Chrome" = Google Chrome
"InstallShield_{DF446558-ADF7-4884-9B2D-281979CCE71F}" = Qualcomm Atheros Killer Network Manager
"League of Legends 3.0.1" = League of Legends
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"Steam" = Steam
"Steam App 240" = Counter-Strike: Source
"Steam App 3540" = Peggle Nights

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Spotify" = Spotify

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 09.03.2014 01:39:53 | Computer Name = Vostro-PC | Source = Steam Client Service | ID = 1
Description = Error: Failed to poke open firewall

Error - 09.03.2014 07:17:11 | Computer Name = Vostro-PC | Source = Steam Client Service | ID = 1
Description = Error: Failed to poke open firewall

[ System Events ]
Error - 07.03.2014 02:27:54 | Computer Name = Vostro-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows Modules Installer" wurde mit folgendem Fehler
beendet: %%16405

Error - 07.03.2014 02:27:55 | Computer Name = Vostro-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1000
Description = Fehler bei der CBS-Clientinitialisierung. Letzter Fehler: 0x80080005

Error - 07.03.2014 02:27:55 | Computer Name = Vostro-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = Fehler beim Starten des Assistenten für das Sprachpaket-Setup. Führen
Sie einen Neustart des Systems aus, und führen Sie den Assistenten erneut aus.

Error - 07.03.2014 02:30:33 | Computer Name = Vostro-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80242016 fehlgeschlagen: Update for Internet Explorer 8 Compatibility
View List for Windows 7 for x64-based Systems (KB2598845)

Error - 08.03.2014 22:37:51 | Computer Name = Vostro-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?3/?8/?2014 um 6:31:44 PM unerwartet heruntergefahren.

Error - 09.03.2014 01:16:26 | Computer Name = Vostro-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?3/?8/?2014 um 9:13:45 PM unerwartet heruntergefahren.

Error - 09.03.2014 01:39:53 | Computer Name = Vostro-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Steam Client Service erreicht.

Error - 09.03.2014 01:39:53 | Computer Name = Vostro-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053

Error - 09.03.2014 07:12:28 | Computer Name = Vostro-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?3/?9/?2014 um 4:02:21 AM unerwartet heruntergefahren.

Error - 09.03.2014 07:12:56 | Computer Name = Vostro-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1000
Description = Fehler bei der CBS-Clientinitialisierung. Letzter Fehler: 0x8007045b


< End of report >
  • 0

#6
SleepyDude

SleepyDude

    Trusted Helper

  • Malware Removal
  • 4,388 posts
Hi John,

Thanks for the logs. Can you please attach the file C:\Users\Vostro\Desktop\MBR.dat to your post.
  • 0

#7
JohnVostro

JohnVostro

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
I attatched the Dat file. I hope you can find something with it. thanks so much for your help !
  • 0

#8
JohnVostro

JohnVostro

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
I attatched the Dat file. I hope you can find something with it. thanks so much for your help !

Attached Files

  • Attached File  MBR.dat   512bytes   34 downloads

  • 0

#9
SleepyDude

SleepyDude

    Trusted Helper

  • Malware Removal
  • 4,388 posts
Hi John,

Thanks for the file. Please run the following scan.


Step 1 - TDSSKiller

Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application
    (Accept the UAC prompt to allow changes to the computer).
  • Click Accept on the windows End User License Agreement and KSN Statement, then on the following window click on Change parameters
    Posted Image
  • Put a checkmark beside loaded modules.
    Posted Image
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click again on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
    Posted Image
  • Click the Start Scan button.
    Posted Image
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
    Posted Image
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Posted Image
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file on your next post.

I would like to know if the Smiley face you see is something like this?
Posted Image


Things I would like to see in your next reply:
  • The TDSSKiller log

  • 0

#10
SleepyDude

SleepyDude

    Trusted Helper

  • Malware Removal
  • 4,388 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP