Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Trojan Ransom.ed Trojan Ransom.end


  • Please log in to reply

#16
Steviep

Steviep

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 311 posts

screen.jpg

 

This is what I get when I try to open my anti virus


  • 0

Advertisements


#17
Phel

Phel

    Trusted Helper

  • Malware Removal
  • 1,386 posts

It's interesting. Can I have a look at new OTL.txt log?


  • 0

#18
Steviep

Steviep

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 311 posts

Hi, sorry for the delay but ISP has had problrms in the  area. Here is the log

 

 

 

OTL logfile created on: 06/04/2014 21:36:05 - Run 6
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Stevie\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
2.00 Gb Total Physical Memory | 1.29 Gb Available Physical Memory | 64.49% Memory free
3.85 Gb Paging File | 3.20 Gb Available in Paging File | 83.22% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.42 Gb Total Space | 21.22 Gb Free Space | 28.52% Space Free | Partition Type: NTFS
 
Computer Name: DELL360 | User Name: Stevie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/03/29 17:10:29 | 000,440,400 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2014/03/29 17:10:21 | 000,440,400 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2014/03/27 19:22:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Stevie\Desktop\OTL.exe
PRC - [2014/03/25 17:07:20 | 000,121,424 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
PRC - [2013/12/09 12:37:19 | 000,431,672 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2013/10/30 04:16:32 | 000,233,472 | ---- | M] (Teruten) -- C:\WINDOWS\system32\FsUsbExService.Exe
PRC - [2013/10/16 21:09:30 | 000,182,696 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/11/13 15:07:20 | 001,369,624 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2012/11/13 15:07:16 | 001,103,392 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2012/09/17 06:39:30 | 000,171,600 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
PRC - [2012/07/13 17:27:00 | 000,769,432 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe
PRC - [2011/12/12 00:00:00 | 000,122,000 | ---- | M] (Seiko Epson Corporation) -- C:\WINDOWS\system32\escsvc.exe
PRC - [2011/08/01 10:11:38 | 001,091,984 | ---- | M] (Western Digital ) -- C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe
PRC - [2011/08/01 10:11:36 | 001,592,208 | ---- | M] (Western Digital ) -- C:\Program Files\Western Digital\WD SmartWare\WDFME.exe
PRC - [2011/08/01 10:11:32 | 000,263,056 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe
PRC - [2009/10/24 03:18:54 | 000,360,224 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2009/05/14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
PRC - [2008/09/16 12:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
PRC - [2008/04/14 13:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/03/25 17:07:18 | 000,137,808 | ---- | M] () -- C:\Program Files\Avira\My Avira\Avira.OE.NativeCore.dll
MOD - [2014/03/25 17:07:12 | 000,063,568 | ---- | M] () -- C:\Program Files\Avira\My Avira\Avira.OE.AvConnectorNative.dll
MOD - [2014/01/20 14:17:04 | 000,073,544 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/01/20 14:16:38 | 001,044,808 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2013/12/09 12:37:21 | 000,394,808 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2012/11/13 15:06:32 | 000,158,624 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
MOD - [2012/11/13 15:06:30 | 000,108,960 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2012/11/13 15:06:28 | 000,528,288 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\JSDialogPack150.bpl
MOD - [2012/11/13 15:06:28 | 000,416,160 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2012/08/23 10:38:24 | 000,574,840 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
MOD - [2010/11/02 08:33:58 | 000,886,272 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\System.Data.SQLite.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- C:\Program Files\ThreatFire\TFService.exe service -- (ThreatFire)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Spybot -- (SDWSCService)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDUpdateService)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDScannerService)
SRV - File not found [Auto | Stopped] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2014/03/29 17:10:29 | 000,440,400 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2014/03/29 17:10:22 | 001,017,424 | ---- | M] (Avira Operations GmbH & Co. KG) [Disabled | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2014/03/29 17:10:21 | 000,440,400 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2014/03/25 17:07:20 | 000,121,424 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe -- (Avira.OE.ServiceHost)
SRV - [2014/03/24 21:39:18 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/10/30 04:16:32 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2013/10/16 21:09:30 | 000,182,696 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/09/17 06:39:30 | 000,171,600 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor11.0)
SRV - [2012/07/13 17:27:00 | 000,769,432 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2011/12/12 00:00:00 | 000,122,000 | ---- | M] (Seiko Epson Corporation) [Auto | Running] -- C:\WINDOWS\system32\escsvc.exe -- (EpsonScanSvc)
SRV - [2011/08/01 10:11:38 | 001,091,984 | ---- | M] (Western Digital ) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe -- (WDRulesService)
SRV - [2011/08/01 10:11:36 | 001,592,208 | ---- | M] (Western Digital ) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WDFME.exe -- (WDFMEService)
SRV - [2011/08/01 10:11:32 | 000,263,056 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe -- (WDDMService)
SRV - [2009/10/24 03:18:54 | 000,360,224 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2009/06/11 14:58:08 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/05/14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)
SRV - [2008/09/16 12:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0)
SRV - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Unknown (0) | Disabled | Unknown] -- System32\Drivers\TfKbMon.sys -- (TfKbMon)
DRV - File not found [Kernel | Disabled | Stopped] -- system32\DRIVERS\pccsmcfd.sys -- (pccsmcfd)
DRV - [2013/12/09 12:37:21 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2013/12/09 12:37:19 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2013/12/09 12:37:18 | 000,135,648 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2013/12/09 12:37:18 | 000,090,400 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2013/10/30 04:16:30 | 000,037,344 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/11/08 00:38:17 | 000,099,080 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\inspect.sys -- (Inspect)
DRV - [2012/11/08 00:38:16 | 000,032,640 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2012/11/08 00:38:14 | 000,497,952 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2012/08/26 13:56:17 | 000,121,248 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2012/05/14 07:12:12 | 000,103,040 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtihdXP3.sys -- (AtiHDAudioService)
DRV - [2011/11/10 04:42:12 | 007,493,120 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2011/02/16 17:52:46 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2010/01/15 00:08:30 | 000,059,664 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfSysMon.sys -- (TfSysMon)
DRV - [2010/01/15 00:08:29 | 000,033,552 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - [2010/01/15 00:08:28 | 000,051,984 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - [2009/11/04 20:36:03 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2009/10/04 09:34:20 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/07/13 17:51:12 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2008/06/19 18:52:30 | 000,176,640 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\k57xp32.sys -- (k57w2k)
DRV - [2008/04/14 00:16:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2008/03/28 11:14:02 | 000,024,064 | ---- | M] (Sonic Focus, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfaudio.sys -- (SFAUDIO)
DRV - [2008/03/06 19:42:14 | 000,530,944 | R--- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emBDA.sys -- (USB28xxBGA)
DRV - [2007/08/07 01:15:07 | 000,033,052 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2007/07/20 18:40:10 | 000,084,992 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2007/04/26 05:42:16 | 000,045,696 | R--- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emOEM.sys -- (USB28xxOEM)
DRV - [2007/03/20 11:33:26 | 000,028,672 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\libusb0.sys -- (libusb0)
DRV - [2005/09/23 23:18:32 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MarvinBus.sys -- (MarvinBus)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{BF6ECD4B-F767-45E8-8E28-2628ABD50234}: "URL" = http://www.google.co...g}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {BF6ECD4B-F767-45E8-8E28-2628ABD50234}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{BF6ECD4B-F767-45E8-8E28-2628ABD50234}: "URL" = https://www.google.c...?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Web Player Plug-In,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
 
[2012/11/08 21:32:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Stevie\Application Data\Mozilla\Firefox\extensions
[2012/11/08 21:32:57 | 000,000,000 | ---D | M] (BitTorrentControl_v12) -- C:\Documents and Settings\Stevie\Application Data\Mozilla\Firefox\extensions\{b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14}
[2013/09/08 22:16:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2008/09/04 01:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Error reading preferences file
CHR - Extension: Google Docs = C:\Documents and Settings\Stevie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Documents and Settings\Stevie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Documents and Settings\Stevie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Wallet = C:\Documents and Settings\Stevie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Documents and Settings\Stevie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2013/10/31 00:04:25 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\EPSON Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\EPSON Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {41564952-412D-5637-4300-7A786E7484D7} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Avira Systray] C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe (Avira Operations GmbH & Co. KG)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: o2.co.uk ([*.broadband] https in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {588031A3-94BF-4CDD-86D0-939F6F93910F} https://fixit.suppor...FixItClient.CAB (FixItClient Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1240353057735 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1350221284562 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} https://www.icloud.c...stem/iCloud.cab (iCloud Web App Plugin)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{94A1732D-8D17-4CCA-B27F-9F22AC0E7875}: DhcpNameServer = 194.168.4.100 194.168.8.100
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\Program Files\Power Video Converter\msdxm.ocx (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:AutorunsDisabled () -
O24 - Desktop WallPaper: C:\Documents and Settings\Stevie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper:
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\msnlnamespacemgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/04/21 23:02:19 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/04/03 22:43:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Package Cache
[2014/04/03 22:43:11 | 004,413,904 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Documents and Settings\Stevie\Desktop\avira_en_av___ws.exe
[2014/04/01 21:32:15 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/03/29 14:07:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
[2014/03/29 11:20:40 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/03/27 23:11:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stevie\Desktop\RK_Quarantine
[2014/03/27 22:28:29 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Stevie\Desktop\OTL.exe
 
========== Files - Modified Within 30 Days ==========
 
File not found -- C:\WINDOWS\System32\
[2014/04/06 21:34:51 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{C45D3254-C5F2-4164-8186-CF660410A378}.job
[2014/04/06 21:33:06 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/04/06 21:33:05 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cd685145978ed4.job
[2014/04/06 21:32:41 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/04/06 21:31:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/04/05 13:16:10 | 000,232,701 | ---- | M] () -- C:\Documents and Settings\Stevie\Desktop\screen.jpg
[2014/04/03 22:43:42 | 000,000,858 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira.lnk
[2014/04/03 22:43:12 | 004,413,904 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Documents and Settings\Stevie\Desktop\avira_en_av___ws.exe
[2014/04/01 21:31:34 | 000,612,664 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014/04/01 21:31:34 | 000,124,716 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2014/03/29 11:20:22 | 001,950,720 | ---- | M] () -- C:\Documents and Settings\Stevie\Desktop\adwcleaner.exe
[2014/03/27 23:06:08 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2014/03/27 23:04:00 | 003,972,608 | ---- | M] () -- C:\Documents and Settings\Stevie\Desktop\RogueKiller.exe
[2014/03/27 19:22:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Stevie\Desktop\OTL.exe
[2014/03/24 21:39:18 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/03/24 21:39:17 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2014/03/24 21:39:17 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2014/03/17 10:53:02 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2014/03/13 18:52:47 | 016,554,195 | ---- | M] () -- C:\Documents and Settings\Stevie\Desktop\img002.jpg
[2014/03/11 21:12:10 | 000,026,112 | ---- | M] () -- C:\Documents and Settings\Stevie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== Files Created - No Company Name ==========
 
File not found -- C:\WINDOWS\System32\
[2014/04/05 13:16:10 | 000,232,701 | ---- | C] () -- C:\Documents and Settings\Stevie\Desktop\screen.jpg
[2014/04/03 22:43:42 | 000,000,858 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira.lnk
[2014/03/29 11:20:21 | 001,950,720 | ---- | C] () -- C:\Documents and Settings\Stevie\Desktop\adwcleaner.exe
[2014/03/27 23:05:41 | 003,972,608 | ---- | C] () -- C:\Documents and Settings\Stevie\Desktop\RogueKiller.exe
[2014/03/13 18:52:40 | 016,554,195 | ---- | C] () -- C:\Documents and Settings\Stevie\Desktop\img002.jpg
[2014/01/15 22:19:10 | 000,010,498 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\lpm.dat
[2013/10/16 22:30:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2013/08/18 14:46:35 | 000,558,133 | ---- | C] () -- C:\WINDOWS\System32\sqlite3.dll
[2013/04/30 18:25:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ViewNX2.INI
[2013/04/30 18:20:45 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Spacious
[2013/04/30 18:20:45 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Stevie\Application Data\Sound Effects
[2013/04/30 18:20:45 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLev.DAT
[2013/04/30 18:20:44 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Space Choir
[2013/04/30 18:20:44 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Soundtrack
[2013/04/30 18:20:44 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Stevie\Application Data\Solid Colors
[2013/04/30 18:20:44 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Stevie\Application Data\Smooth Strings
[2013/04/30 18:20:44 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLet.DAT
[2013/04/30 18:20:44 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLes.DAT
[2013/03/17 22:02:58 | 003,150,858 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-2000478354-963894560-682003330-1003-0.dat
[2013/03/10 20:54:20 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\E8FEA67A3C.sys
[2013/01/20 14:03:38 | 000,564,618 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/10/22 19:50:11 | 000,303,104 | ---- | C] () -- C:\WINDOWS\emunist.exe
[2012/10/22 19:50:10 | 000,001,588 | ---- | C] () -- C:\WINDOWS\TVEpaDrv.ini
[2012/10/22 18:57:51 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2011/05/02 21:46:31 | 000,000,096 | ---- | C] () -- C:\Documents and Settings\Stevie\.asadminpass
[2011/01/03 13:22:49 | 000,000,291 | ---- | C] () -- C:\Documents and Settings\Stevie\Application Data\iPod Access v4 Prefs
[2011/01/03 13:21:24 | 000,000,052 | -H-- | C] () -- C:\Documents and Settings\Stevie\Application Data\iPodAccessv4_OwnerName
[2011/01/03 13:21:24 | 000,000,052 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\iPodAccessv4_OwnerName
[2011/01/03 13:19:41 | 000,000,009 | -H-- | C] () -- C:\Documents and Settings\Stevie\Application Data\iPodAccess_Time
[2010/11/03 17:51:27 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\$_hpcst$.hpc
[2010/09/30 22:37:43 | 001,014,870 | ---- | C] () -- C:\Documents and Settings\Stevie\Local Settings\Application Data\[j0012]-[p01].bmp
[2010/08/25 14:56:52 | 000,005,018 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2010/03/04 23:41:26 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\Stevie\.recently-used.xbel
[2010/02/02 20:23:52 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Stevie\Application Data\$_hpcst$.hpc
[2009/10/04 09:44:24 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2009/05/02 10:29:56 | 000,000,249 | ---- | C] () -- C:\Documents and Settings\Stevie\default.pls
[2009/05/01 16:42:20 | 000,000,084 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2009/04/22 18:49:15 | 000,026,112 | ---- | C] () -- C:\Documents and Settings\Stevie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
"" = SHELL32.dll -- [2012/06/08 15:26:20 | 008,462,848 | ---- | M] (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009/03/03 00:04:03 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 13:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 13:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >


  • 0

#19
Phel

Phel

    Trusted Helper

  • Malware Removal
  • 1,386 posts
Okay, let's take some actions now.
 
I have noticed that some parts of Comodo and ThreatFire are still alive. It is not normal, seems that they were not completely uninstalled. Let's uninstall them and check with another tool called FRST, which could show us info about Avira blockage reason.
 
Step 1. Uninstall Comodo.
  • Download Uninstaller Tool here.
  • Unzip contents of downloaded Setup.zip to seperate folder on your Desktop.
  • Run Uninstaller Tool.exe file.
  • Click Uninstall Comodo Internet Security button.
  • Program will remove Comodo leftovers from your computer.
  • When finished, restart your computer.
Step 2. Uninstall ThreatFire.
  • Download ThreatFire Removal Tool here.
  • Unzip contents of downloaded removethreatfire(3.0).zip to seperate folder on your Desktop.
  • Run RemoveThreatFire.exe file.
  • Click Yes.
  • Program will remove ThreatFire leftovers from your computer.
  • When finished, restart your computer.
Step 3. FRST Scan.
  • Download Farbar Recovery Scan Tool x32 here to your Desktop.
  • When completed, launch the downloaded file.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
    FRST%20Start%20scan.gif
  • Press Scan button.
  • It will make a log (FRST.txt) on the Desktop. Please copy and paste it to your reply.

  • 0

#20
Steviep

Steviep

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 311 posts
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014  01
Ran by Stevie (administrator) on DELL360 on 07-04-2014 19:01:09
Running from C:\Documents and Settings\Stevie\My Documents\Downloads
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 7
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(ABBYY) C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Seiko Epson Corporation) C:\WINDOWS\system32\EscSvc.exe
(Teruten) C:\WINDOWS\system32\FsUsbExService.Exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Nero AG) C:\Program Files\Nero\Update\NASvc.exe
(Sony Corporation) C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
(Protexis Inc.) c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe
(Western Digital ) C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Western Digital ) C:\Program Files\Western Digital\WD SmartWare\WDFME.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Farbar) C:\Documents and Settings\Stevie\My Documents\Downloads\FRST (1).exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-01-20] (Apple Inc.)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-03-29] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\qttask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.)
HKLM\...\Run: [Avira Systray] - C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [173136 2014-03-25] (Avira Operations GmbH & Co. KG)
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\ESET <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\ESET <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Malwarebytes' Anti-Malware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Avira <====== ATTENTION
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
HKU\S-1-5-21-2000478354-963894560-682003330-1003\...409d6c4515e9\InprocServer32: [Default-shell32] SHELL32.dll ATTENTION! ====> ZeroAccess?
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {BF6ECD4B-F767-45E8-8E28-2628ABD50234} URL = https://www.google.c...q={searchTerms}
SearchScopes: HKCU - {BF6ECD4B-F767-45E8-8E28-2628ABD50234} URL = https://www.google.c...q={searchTerms}
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
Toolbar: HKCU - No Name - {41564952-412D-5637-4300-7A786E7484D7} -  No File
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab
DPF: {588031A3-94BF-4CDD-86D0-939F6F93910F} https://fixit.suppor...FixItClient.CAB
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1240353057735
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} https://www.icloud.c...stem/iCloud.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: vnd.ms.radio - {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\Program Files\Power Video Converter\msdxm.ocx (Microsoft Corporation)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\msnlnamespacemgr.dll [304128 2008-05-26] (Microsoft Corporation)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
 
Chrome: 
=======
CHR DefaultSearchKeyword: google.co.uk
CHR Extension: (Google Docs) - C:\Documents and Settings\Stevie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-31]
CHR Extension: (Google Drive) - C:\Documents and Settings\Stevie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-31]
CHR Extension: (YouTube) - C:\Documents and Settings\Stevie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-31]
CHR Extension: (Google Search) - C:\Documents and Settings\Stevie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-31]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Stevie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-31]
CHR Extension: (Gmail) - C:\Documents and Settings\Stevie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-31]
 
========================== Services (Whitelisted) =================
 
R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 AdobeActiveFileMonitor11.0; C:\Program Files\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171600 2012-09-17] (Adobe Systems Incorporated)
R2 AdobeActiveFileMonitor7.0; C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [169312 2008-09-16] (Adobe Systems Incorporated)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-03-29] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-03-29] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1017424 2014-03-29] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [121424 2014-03-25] (Avira Operations GmbH & Co. KG)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc.exe [122000 2011-12-12] (Seiko Epson Corporation)
S2 gupdate1c9c4557151c6be; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-04-23] (Google Inc.)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-10-16] (Oracle Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [769432 2012-07-13] (Nero AG)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)
 
==================== Drivers (Whitelisted) ====================
 
R3 AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [121248 2012-08-26] (SlySoft, Inc.)
R3 AtiHDAudioService; C:\WINDOWS\System32\drivers\AtihdXP3.sys [103040 2012-05-14] (Advanced Micro Devices)
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [90400 2013-12-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\System32\DRIVERS\avipbb.sys [135648 2013-12-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\System32\DRIVERS\avkmgr.sys [37352 2013-12-09] (Avira Operations GmbH & Co. KG)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R1 ElbyCDIO; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [31088 2010-12-16] (Elaborate Bytes AG)
R3 FsUsbExDisk; C:\WINDOWS\system32\FsUsbExDisk.SYS [37344 2013-10-30] ()
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2008-10-28] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2008-10-28] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2008-10-28] (HP)
R3 k57w2k; C:\WINDOWS\System32\DRIVERS\k57xp32.sys [176640 2008-06-19] (Broadcom Corporation)
S3 libusb0; C:\WINDOWS\System32\drivers\libusb0.sys [28672 2007-03-20] (http://libusb-win32.sourceforge.net)
S3 MarvinBus; C:\WINDOWS\System32\DRIVERS\MarvinBus.sys [171520 2005-09-23] (Pinnacle Systems GmbH)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 MPE; C:\WINDOWS\System32\DRIVERS\MPE.sys [15232 2008-04-14] (Microsoft Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R0 PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [46096 2012-08-10] (Corel Corporation)
R0 SFAUDIO; C:\WINDOWS\System32\drivers\sfaudio.sys [24064 2008-03-28] (Sonic Focus, Inc)
R0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [721904 2009-11-04] ()
R1 ssmdrv; C:\WINDOWS\System32\DRIVERS\ssmdrv.sys [28520 2013-12-09] (Avira GmbH)
R1 StarOpen; C:\WINDOWS\system32\Drivers\StarOpen.sys [5632 2009-10-04] ()
S3 USB28xxBGA; C:\WINDOWS\System32\DRIVERS\emBDA.sys [530944 2008-03-06] (eMPIA Technology, Inc.)
S3 USB28xxOEM; C:\WINDOWS\System32\DRIVERS\emOEM.sys [45696 2007-04-26] (eMPIA Technology, Inc.)
S3 wceusbsh; C:\WINDOWS\System32\DRIVERS\wceusbsh.sys [28672 2006-11-06] (Microsoft Corporation)
S4 cerc6; No ImagePath
S4 IntelIde; No ImagePath
S4 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
Error(0) reading file: "C:\WINDOWS\system32\ "
2014-04-07 19:00 - 2014-04-07 19:01 - 00000000 ____D () C:\FRST
2014-04-07 18:51 - 2007-10-10 15:07 - 00116032 _____ (PC Tools) C:\Documents and Settings\Stevie\Desktop\RemoveThreatFire.exe
2014-04-07 18:43 - 2014-04-07 18:43 - 05075834 _____ () C:\Documents and Settings\Stevie\Desktop\Setup.zip
2014-04-07 18:43 - 2014-04-07 18:43 - 00000000 ____D () C:\Documents and Settings\Stevie\Application Data\Uninstaller Tool(Comodo Forums)
2014-04-07 18:43 - 2011-04-22 04:04 - 05493014 _____ (Forum Volunteers) C:\Documents and Settings\Stevie\Desktop\Uninstaller Tool.exe
2014-04-03 22:43 - 2014-04-05 13:01 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Package Cache
2014-04-03 22:43 - 2014-04-03 22:43 - 04413904 _____ (Avira Operations GmbH & Co. KG) C:\Documents and Settings\Stevie\Desktop\avira_en_av___ws.exe
2014-04-03 22:43 - 2014-04-03 22:43 - 00000858 _____ () C:\Documents and Settings\All Users\Desktop\Avira.lnk
2014-04-01 21:32 - 2014-04-01 21:32 - 00000000 ____D () C:\_OTL
2014-03-29 14:07 - 2014-04-03 22:43 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Avira
2014-03-29 11:20 - 2014-03-29 11:21 - 00000000 ____D () C:\AdwCleaner
2014-03-29 11:20 - 2014-03-29 11:20 - 01950720 _____ () C:\Documents and Settings\Stevie\Desktop\adwcleaner.exe
2014-03-27 23:13 - 2014-03-27 23:13 - 00003413 _____ () C:\Documents and Settings\Stevie\Desktop\RKreport[0]_S_03272014_221344.txt
2014-03-27 23:11 - 2014-03-27 23:18 - 00000000 ____D () C:\Documents and Settings\Stevie\Desktop\RK_Quarantine
2014-03-27 23:05 - 2014-03-27 23:04 - 03972608 _____ () C:\Documents and Settings\Stevie\Desktop\RogueKiller.exe
2014-03-27 22:44 - 2014-04-06 21:42 - 00069470 _____ () C:\Documents and Settings\Stevie\Desktop\OTL.Txt
2014-03-27 22:44 - 2014-04-03 22:35 - 00069940 _____ () C:\Documents and Settings\Stevie\Desktop\Extras.Txt
2014-03-27 22:28 - 2014-03-27 19:22 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\Stevie\Desktop\OTL.exe
2014-03-27 18:06 - 2014-03-27 18:06 - 00004192 _____ () C:\WINDOWS\KB2930275.log
2014-03-27 18:06 - 2014-03-27 18:06 - 00003675 _____ () C:\WINDOWS\KB2916036.log
2014-03-27 18:06 - 2014-03-27 18:06 - 00003673 _____ () C:\WINDOWS\KB2929961.log
2014-03-27 16:23 - 2014-03-27 16:23 - 00002777 _____ () C:\Documents and Settings\Administrator\Local Settings\HOW_DECRYPT.HTML
2014-03-27 16:23 - 2014-03-27 16:23 - 00002777 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\HOW_DECRYPT.HTML
2014-03-27 16:23 - 2014-03-27 16:23 - 00002777 _____ () C:\Documents and Settings\Administrator\HOW_DECRYPT.HTML
2014-03-27 16:23 - 2014-03-27 16:23 - 00001261 _____ () C:\Documents and Settings\Administrator\Local Settings\HOW_DECRYPT.TXT
2014-03-27 16:23 - 2014-03-27 16:23 - 00001261 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\HOW_DECRYPT.TXT
2014-03-27 16:23 - 2014-03-27 16:23 - 00001261 _____ () C:\Documents and Settings\Administrator\HOW_DECRYPT.TXT
2014-03-27 16:23 - 2014-03-27 16:23 - 00000133 _____ () C:\Documents and Settings\Administrator\Local Settings\HOW_DECRYPT.URL
2014-03-27 16:23 - 2014-03-27 16:23 - 00000133 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\HOW_DECRYPT.URL
2014-03-27 16:23 - 2014-03-27 16:23 - 00000133 _____ () C:\Documents and Settings\Administrator\HOW_DECRYPT.URL
2014-03-27 16:22 - 2014-03-27 16:22 - 00002777 _____ () C:\Documents and Settings\Administrator\Application Data\HOW_DECRYPT.HTML
2014-03-27 16:22 - 2014-03-27 16:22 - 00001261 _____ () C:\Documents and Settings\Administrator\Application Data\HOW_DECRYPT.TXT
2014-03-27 16:22 - 2014-03-27 16:22 - 00000133 _____ () C:\Documents and Settings\Administrator\Application Data\HOW_DECRYPT.URL
 
==================== One Month Modified Files and Folders =======
 
2014-04-07 19:01 - 2014-04-07 19:00 - 00000000 ____D () C:\FRST
2014-04-07 18:55 - 2008-04-14 13:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-04-07 18:54 - 2009-05-01 19:20 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-04-07 18:54 - 2009-05-01 19:20 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-04-07 18:54 - 2009-04-21 23:06 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-04-07 18:53 - 2014-01-24 22:58 - 00700696 _____ () C:\WINDOWS\WindowsUpdate.log
2014-04-07 18:53 - 2013-03-18 10:43 - 00458752 _____ () C:\WINDOWS\system32\config\SpybotSD.evt
2014-04-07 18:53 - 2009-04-21 23:06 - 00032542 _____ () C:\WINDOWS\SchedLgU.Txt
2014-04-07 18:53 - 2009-04-21 23:06 - 00000278 ___SH () C:\Documents and Settings\Stevie\ntuser.ini
2014-04-07 18:53 - 2009-04-21 23:06 - 00000000 ____D () C:\Documents and Settings\Stevie
2014-04-07 18:52 - 2010-03-03 00:22 - 00000000 ____D () C:\Program Files\ThreatFire
2014-04-07 18:44 - 2011-05-14 07:31 - 00000000 ____D () C:\Program Files\COMODO
2014-04-07 18:43 - 2014-04-07 18:43 - 05075834 _____ () C:\Documents and Settings\Stevie\Desktop\Setup.zip
2014-04-07 18:43 - 2014-04-07 18:43 - 00000000 ____D () C:\Documents and Settings\Stevie\Application Data\Uninstaller Tool(Comodo Forums)
2014-04-06 21:42 - 2014-03-27 22:44 - 00069470 _____ () C:\Documents and Settings\Stevie\Desktop\OTL.Txt
2014-04-06 21:34 - 2009-06-05 20:03 - 00000424 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{C45D3254-C5F2-4164-8186-CF660410A378}.job
2014-04-06 21:33 - 2012-07-22 22:30 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cd685145978ed4.job
2014-04-06 21:33 - 2009-07-01 22:41 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-05 17:38 - 2014-02-16 22:00 - 00004148 _____ () C:\WINDOWS\setupapi.log
2014-04-05 13:01 - 2014-04-03 22:43 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Package Cache
2014-04-03 22:53 - 2013-01-20 14:03 - 00564618 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2014-04-03 22:43 - 2014-04-03 22:43 - 04413904 _____ (Avira Operations GmbH & Co. KG) C:\Documents and Settings\Stevie\Desktop\avira_en_av___ws.exe
2014-04-03 22:43 - 2014-04-03 22:43 - 00000858 _____ () C:\Documents and Settings\All Users\Desktop\Avira.lnk
2014-04-03 22:43 - 2014-03-29 14:07 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Avira
2014-04-03 22:43 - 2011-05-31 22:46 - 00000000 ____D () C:\Program Files\Avira
2014-04-03 22:43 - 2011-05-01 17:48 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Avira
2014-04-03 22:35 - 2014-03-27 22:44 - 00069940 _____ () C:\Documents and Settings\Stevie\Desktop\Extras.Txt
2014-04-01 21:42 - 2011-05-01 18:01 - 00000000 ____D () C:\WINDOWS\system32\NtmsData
2014-04-01 21:42 - 2009-04-21 22:59 - 00000000 ____D () C:\WINDOWS\Registration
2014-04-01 21:32 - 2014-04-01 21:32 - 00000000 ____D () C:\_OTL
2014-04-01 21:31 - 2009-04-21 23:52 - 00752666 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-03-29 11:21 - 2014-03-29 11:20 - 00000000 ____D () C:\AdwCleaner
2014-03-29 11:20 - 2014-03-29 11:20 - 01950720 _____ () C:\Documents and Settings\Stevie\Desktop\adwcleaner.exe
2014-03-27 23:18 - 2014-03-27 23:11 - 00000000 ____D () C:\Documents and Settings\Stevie\Desktop\RK_Quarantine
2014-03-27 23:13 - 2014-03-27 23:13 - 00003413 _____ () C:\Documents and Settings\Stevie\Desktop\RKreport[0]_S_03272014_221344.txt
2014-03-27 23:06 - 2011-04-13 22:50 - 00001324 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-03-27 23:04 - 2014-03-27 23:05 - 03972608 _____ () C:\Documents and Settings\Stevie\Desktop\RogueKiller.exe
2014-03-27 19:22 - 2014-03-27 22:28 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\Stevie\Desktop\OTL.exe
2014-03-27 19:17 - 2011-07-02 10:41 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2541763$
2014-03-27 19:06 - 2009-05-19 18:53 - 00000000 ____D () C:\Documents and Settings\Stevie\Application Data\vlc
2014-03-27 18:06 - 2014-03-27 18:06 - 00004192 _____ () C:\WINDOWS\KB2930275.log
2014-03-27 18:06 - 2014-03-27 18:06 - 00003675 _____ () C:\WINDOWS\KB2916036.log
2014-03-27 18:06 - 2014-03-27 18:06 - 00003673 _____ () C:\WINDOWS\KB2929961.log
2014-03-27 17:23 - 2011-05-02 21:30 - 00000000 ____D () C:\glassfish3
2014-03-27 17:14 - 2010-09-28 18:31 - 00000000 ____D () C:\Documents and Settings\Stevie\Application Data\PC Suite
2014-03-27 16:39 - 2009-04-22 07:56 - 00000000 ____D () C:\OFFICE2003-CUSTOM
2014-03-27 16:31 - 2012-10-14 15:40 - 00000000 ____D () C:\AMD
2014-03-27 16:28 - 2010-08-23 18:09 - 00000000 ____D () C:\ATI
2014-03-27 16:28 - 2009-12-24 02:56 - 00000000 ____D () C:\v2d
2014-03-27 16:28 - 2009-04-21 23:02 - 00000000 ____D () C:\DELL
2014-03-27 16:27 - 2013-09-11 18:50 - 00000000 ____D () C:\Documents and Settings\Stevie\Application Data\PhotoCollageMax
2014-03-27 16:24 - 2009-07-12 23:46 - 00000000 ____D () C:\1fffe9804ec5f40fa0c6a745c411d3f0
2014-03-27 16:23 - 2014-03-27 16:23 - 00002777 _____ () C:\Documents and Settings\Administrator\Local Settings\HOW_DECRYPT.HTML
2014-03-27 16:23 - 2014-03-27 16:23 - 00002777 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\HOW_DECRYPT.HTML
2014-03-27 16:23 - 2014-03-27 16:23 - 00002777 _____ () C:\Documents and Settings\Administrator\HOW_DECRYPT.HTML
2014-03-27 16:23 - 2014-03-27 16:23 - 00001261 _____ () C:\Documents and Settings\Administrator\Local Settings\HOW_DECRYPT.TXT
2014-03-27 16:23 - 2014-03-27 16:23 - 00001261 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\HOW_DECRYPT.TXT
2014-03-27 16:23 - 2014-03-27 16:23 - 00001261 _____ () C:\Documents and Settings\Administrator\HOW_DECRYPT.TXT
2014-03-27 16:23 - 2014-03-27 16:23 - 00000133 _____ () C:\Documents and Settings\Administrator\Local Settings\HOW_DECRYPT.URL
2014-03-27 16:23 - 2014-03-27 16:23 - 00000133 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\HOW_DECRYPT.URL
2014-03-27 16:23 - 2014-03-27 16:23 - 00000133 _____ () C:\Documents and Settings\Administrator\HOW_DECRYPT.URL
2014-03-27 16:23 - 2014-01-26 19:32 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-03-27 16:23 - 2011-12-26 19:26 - 00000000 ___SD () C:\Documents and Settings\Administrator
2014-03-27 16:23 - 2011-12-26 19:26 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Western Digital
2014-03-27 16:22 - 2014-03-27 16:22 - 00002777 _____ () C:\Documents and Settings\Administrator\Application Data\HOW_DECRYPT.HTML
2014-03-27 16:22 - 2014-03-27 16:22 - 00001261 _____ () C:\Documents and Settings\Administrator\Application Data\HOW_DECRYPT.TXT
2014-03-27 16:22 - 2014-03-27 16:22 - 00000133 _____ () C:\Documents and Settings\Administrator\Application Data\HOW_DECRYPT.URL
2014-03-24 21:39 - 2012-07-22 20:00 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-03-24 21:39 - 2012-07-22 20:00 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-03-24 21:39 - 2012-03-18 20:31 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-03-17 10:53 - 2013-10-31 23:11 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2014-03-13 22:07 - 2014-02-23 10:18 - 00000000 ___RD () C:\Documents and Settings\Stevie\My Documents\Dropbox
2014-03-13 19:26 - 2014-02-23 10:16 - 00000000 ____D () C:\Documents and Settings\Stevie\Application Data\Dropbox
2014-03-13 18:39 - 2013-10-16 21:37 - 00000000 ____D () C:\Documents and Settings\Stevie\Application Data\Epson
2014-03-13 18:39 - 2013-10-16 21:14 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\EPSON
2014-03-11 23:25 - 2013-01-20 10:42 - 00000000 ____D () C:\Documents and Settings\Stevie\My Documents\NeroVideo
2014-03-11 21:12 - 2009-04-22 18:49 - 00026112 _____ () C:\Documents and Settings\Stevie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-03-09 00:12 - 2013-03-17 22:02 - 03150858 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-2000478354-963894560-682003330-1003-0.dat
 
Alureon:
C:\Documents and Settings\Stevie\Local Settings\temp\sqylbyp\sivrxcc\wow.dll
 
Some content of TEMP:
====================
C:\Documents and Settings\Stevie\Local Settings\temp\avgnt.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit
 
==================== End Of Log ============================

Edited by Steviep, 07 April 2014 - 12:05 PM.

  • 0

#21
Phel

Phel

    Trusted Helper

  • Malware Removal
  • 1,386 posts

Step 1. FRST Fix.

  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select Copy, right-click in the open notepad and select Paste).
  • Save it on your Desktop as fixlist.txt.
    start
    C:\Documents and Settings\Stevie\Local Settings\temp\avgnt.exe
    C:\Documents and Settings\Stevie\Local Settings\temp\sqylbyp\sivrxcc\wow.dll
    C:\Documents and Settings\Stevie\Local Settings\temp\sqylbyp
    HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\ESET <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Program Files\ESET <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Program Files\Malwarebytes' Anti-Malware <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Avira <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Program Files\Avira <====== ATTENTION
    2014-04-07 18:52 - 2010-03-03 00:22 - 00000000 ____D () C:\Program Files\ThreatFire
    2014-04-07 18:44 - 2011-05-14 07:31 - 00000000 ____D () C:\Program Files\COMODO
    HKU\S-1-5-21-2000478354-963894560-682003330-1003\...409d6c4515e9\InprocServer32: [Default-shell32] SHELL32.dll ATTENTION! ====> ZeroAccess?
    end
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.
  • Now please move FRST.exe from C:\Documents and Settings\Stevie\My Documents\Downloads to your Desktop.
  • Run FRST and press the Fix button just once and wait.
  • The tool will make a log on Desktop (Fixlog.txt).
  • Reboot your computer.
  • Run new FRST scan.
  • Post contents of fresh FRST log and Fixlog.txt in your next reply.

Step 2. aswMBR scan.

  • Download aswMBR.exe (1870KB) to your Desktop.
  • Double click the aswMBR.exe to run it.

    aswMBR1.png
  • Click the [Scan] button to start scan.

    aswMBR2.png
  • On completion of the scan click [Save log], save it to your desktop and post in your next reply.

 

So, please, don't forget to post in your next message:

 

  • fresh FRST log
  • Fixlog.txt
  • aswMBR log

  • 0

#22
Steviep

Steviep

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 311 posts

Hi here are the logs:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014  01
Ran by Stevie (administrator) on DELL360 on 07-04-2014 20:34:49
Running from C:\Documents and Settings\Stevie\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 7
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(ABBYY) C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Seiko Epson Corporation) C:\WINDOWS\system32\EscSvc.exe
(Teruten) C:\WINDOWS\system32\FsUsbExService.Exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Nero AG) C:\Program Files\Nero\Update\NASvc.exe
(Sony Corporation) C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
(Protexis Inc.) c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe
(Western Digital ) C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Western Digital ) C:\Program Files\Western Digital\WD SmartWare\WDFME.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-01-20] (Apple Inc.)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-03-29] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\qttask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.)
HKLM\...\Run: [Avira Systray] - C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [173136 2014-03-25] (Avira Operations GmbH & Co. KG)
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\ESET <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\ESET <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Malwarebytes' Anti-Malware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Avira <====== ATTENTION
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
HKU\S-1-5-21-2000478354-963894560-682003330-1003\...409d6c4515e9\InprocServer32: [Default-shell32] SHELL32.dll ATTENTION! ====> ZeroAccess?
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {BF6ECD4B-F767-45E8-8E28-2628ABD50234} URL = https://www.google.c...q={searchTerms}
SearchScopes: HKCU - {BF6ECD4B-F767-45E8-8E28-2628ABD50234} URL = https://www.google.c...q={searchTerms}
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
Toolbar: HKCU - No Name - {41564952-412D-5637-4300-7A786E7484D7} -  No File
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab
DPF: {588031A3-94BF-4CDD-86D0-939F6F93910F} https://fixit.suppor...FixItClient.CAB
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1240353057735
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} https://www.icloud.c...stem/iCloud.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: vnd.ms.radio - {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\Program Files\Power Video Converter\msdxm.ocx (Microsoft Corporation)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\msnlnamespacemgr.dll [304128 2008-05-26] (Microsoft Corporation)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
 
Chrome: 
=======
CHR DefaultSearchKeyword: google.co.uk
CHR Extension: (Google Docs) - C:\Documents and Settings\Stevie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-31]
CHR Extension: (Google Drive) - C:\Documents and Settings\Stevie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-31]
CHR Extension: (YouTube) - C:\Documents and Settings\Stevie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-31]
CHR Extension: (Google Search) - C:\Documents and Settings\Stevie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-31]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Stevie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-31]
CHR Extension: (Gmail) - C:\Documents and Settings\Stevie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-31]
 
========================== Services (Whitelisted) =================
 
R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 AdobeActiveFileMonitor11.0; C:\Program Files\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171600 2012-09-17] (Adobe Systems Incorporated)
R2 AdobeActiveFileMonitor7.0; C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [169312 2008-09-16] (Adobe Systems Incorporated)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-03-29] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-03-29] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1017424 2014-03-29] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [121424 2014-03-25] (Avira Operations GmbH & Co. KG)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc.exe [122000 2011-12-12] (Seiko Epson Corporation)
S2 gupdate1c9c4557151c6be; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-04-23] (Google Inc.)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-10-16] (Oracle Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [769432 2012-07-13] (Nero AG)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)
 
==================== Drivers (Whitelisted) ====================
 
R3 AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [121248 2012-08-26] (SlySoft, Inc.)
R3 AtiHDAudioService; C:\WINDOWS\System32\drivers\AtihdXP3.sys [103040 2012-05-14] (Advanced Micro Devices)
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [90400 2013-12-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\System32\DRIVERS\avipbb.sys [135648 2013-12-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\System32\DRIVERS\avkmgr.sys [37352 2013-12-09] (Avira Operations GmbH & Co. KG)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R1 ElbyCDIO; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [31088 2010-12-16] (Elaborate Bytes AG)
R3 FsUsbExDisk; C:\WINDOWS\system32\FsUsbExDisk.SYS [37344 2013-10-30] ()
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2008-10-28] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2008-10-28] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2008-10-28] (HP)
R3 k57w2k; C:\WINDOWS\System32\DRIVERS\k57xp32.sys [176640 2008-06-19] (Broadcom Corporation)
S3 libusb0; C:\WINDOWS\System32\drivers\libusb0.sys [28672 2007-03-20] (http://libusb-win32.sourceforge.net)
S3 MarvinBus; C:\WINDOWS\System32\DRIVERS\MarvinBus.sys [171520 2005-09-23] (Pinnacle Systems GmbH)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 MPE; C:\WINDOWS\System32\DRIVERS\MPE.sys [15232 2008-04-14] (Microsoft Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R0 PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [46096 2012-08-10] (Corel Corporation)
R0 SFAUDIO; C:\WINDOWS\System32\drivers\sfaudio.sys [24064 2008-03-28] (Sonic Focus, Inc)
R0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [721904 2009-11-04] ()
R1 ssmdrv; C:\WINDOWS\System32\DRIVERS\ssmdrv.sys [28520 2013-12-09] (Avira GmbH)
R1 StarOpen; C:\WINDOWS\system32\Drivers\StarOpen.sys [5632 2009-10-04] ()
S3 USB28xxBGA; C:\WINDOWS\System32\DRIVERS\emBDA.sys [530944 2008-03-06] (eMPIA Technology, Inc.)
S3 USB28xxOEM; C:\WINDOWS\System32\DRIVERS\emOEM.sys [45696 2007-04-26] (eMPIA Technology, Inc.)
S3 wceusbsh; C:\WINDOWS\System32\DRIVERS\wceusbsh.sys [28672 2006-11-06] (Microsoft Corporation)
S4 cerc6; No ImagePath
S4 IntelIde; No ImagePath
S4 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
Error(0) reading file: "C:\WINDOWS\system32\ "
2014-04-07 20:34 - 2014-04-07 20:35 - 00013699 _____ () C:\Documents and Settings\Stevie\Desktop\FRST.txt
2014-04-07 20:29 - 2014-04-07 20:29 - 00001306 _____ () C:\Documents and Settings\Stevie\Desktop\fixlist.text
2014-04-07 19:00 - 2014-04-07 20:34 - 00000000 ____D () C:\FRST
2014-04-07 18:58 - 2014-04-07 18:58 - 01145856 _____ (Farbar) C:\Documents and Settings\Stevie\Desktop\FRST.exe
2014-04-07 18:51 - 2007-10-10 15:07 - 00116032 _____ (PC Tools) C:\Documents and Settings\Stevie\Desktop\RemoveThreatFire.exe
2014-04-07 18:43 - 2014-04-07 18:43 - 05075834 _____ () C:\Documents and Settings\Stevie\Desktop\Setup.zip
2014-04-07 18:43 - 2014-04-07 18:43 - 00000000 ____D () C:\Documents and Settings\Stevie\Application Data\Uninstaller Tool(Comodo Forums)
2014-04-07 18:43 - 2011-04-22 04:04 - 05493014 _____ (Forum Volunteers) C:\Documents and Settings\Stevie\Desktop\Uninstaller Tool.exe
2014-04-03 22:43 - 2014-04-05 13:01 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Package Cache
2014-04-03 22:43 - 2014-04-03 22:43 - 04413904 _____ (Avira Operations GmbH & Co. KG) C:\Documents and Settings\Stevie\Desktop\avira_en_av___ws.exe
2014-04-03 22:43 - 2014-04-03 22:43 - 00000858 _____ () C:\Documents and Settings\All Users\Desktop\Avira.lnk
2014-04-01 21:32 - 2014-04-01 21:32 - 00000000 ____D () C:\_OTL
2014-03-29 14:07 - 2014-04-03 22:43 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Avira
2014-03-29 11:20 - 2014-03-29 11:21 - 00000000 ____D () C:\AdwCleaner
2014-03-29 11:20 - 2014-03-29 11:20 - 01950720 _____ () C:\Documents and Settings\Stevie\Desktop\adwcleaner.exe
2014-03-27 23:13 - 2014-03-27 23:13 - 00003413 _____ () C:\Documents and Settings\Stevie\Desktop\RKreport[0]_S_03272014_221344.txt
2014-03-27 23:11 - 2014-03-27 23:18 - 00000000 ____D () C:\Documents and Settings\Stevie\Desktop\RK_Quarantine
2014-03-27 23:05 - 2014-03-27 23:04 - 03972608 _____ () C:\Documents and Settings\Stevie\Desktop\RogueKiller.exe
2014-03-27 22:44 - 2014-04-06 21:42 - 00069470 _____ () C:\Documents and Settings\Stevie\Desktop\OTL.Txt
2014-03-27 22:44 - 2014-04-03 22:35 - 00069940 _____ () C:\Documents and Settings\Stevie\Desktop\Extras.Txt
2014-03-27 22:28 - 2014-03-27 19:22 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\Stevie\Desktop\OTL.exe
2014-03-27 18:06 - 2014-03-27 18:06 - 00004192 _____ () C:\WINDOWS\KB2930275.log
2014-03-27 18:06 - 2014-03-27 18:06 - 00003675 _____ () C:\WINDOWS\KB2916036.log
2014-03-27 18:06 - 2014-03-27 18:06 - 00003673 _____ () C:\WINDOWS\KB2929961.log
2014-03-27 16:23 - 2014-03-27 16:23 - 00002777 _____ () C:\Documents and Settings\Administrator\Local Settings\HOW_DECRYPT.HTML
2014-03-27 16:23 - 2014-03-27 16:23 - 00002777 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\HOW_DECRYPT.HTML
2014-03-27 16:23 - 2014-03-27 16:23 - 00002777 _____ () C:\Documents and Settings\Administrator\HOW_DECRYPT.HTML
2014-03-27 16:23 - 2014-03-27 16:23 - 00001261 _____ () C:\Documents and Settings\Administrator\Local Settings\HOW_DECRYPT.TXT
2014-03-27 16:23 - 2014-03-27 16:23 - 00001261 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\HOW_DECRYPT.TXT
2014-03-27 16:23 - 2014-03-27 16:23 - 00001261 _____ () C:\Documents and Settings\Administrator\HOW_DECRYPT.TXT
2014-03-27 16:23 - 2014-03-27 16:23 - 00000133 _____ () C:\Documents and Settings\Administrator\Local Settings\HOW_DECRYPT.URL
2014-03-27 16:23 - 2014-03-27 16:23 - 00000133 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\HOW_DECRYPT.URL
2014-03-27 16:23 - 2014-03-27 16:23 - 00000133 _____ () C:\Documents and Settings\Administrator\HOW_DECRYPT.URL
2014-03-27 16:22 - 2014-03-27 16:22 - 00002777 _____ () C:\Documents and Settings\Administrator\Application Data\HOW_DECRYPT.HTML
2014-03-27 16:22 - 2014-03-27 16:22 - 00001261 _____ () C:\Documents and Settings\Administrator\Application Data\HOW_DECRYPT.TXT
2014-03-27 16:22 - 2014-03-27 16:22 - 00000133 _____ () C:\Documents and Settings\Administrator\Application Data\HOW_DECRYPT.URL
 
==================== One Month Modified Files and Folders =======
 
2014-04-07 20:35 - 2014-04-07 20:34 - 00013699 _____ () C:\Documents and Settings\Stevie\Desktop\FRST.txt
2014-04-07 20:34 - 2014-04-07 19:00 - 00000000 ____D () C:\FRST
2014-04-07 20:33 - 2008-04-14 13:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-04-07 20:32 - 2009-05-01 19:20 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-04-07 20:32 - 2009-05-01 19:20 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-04-07 20:32 - 2009-04-21 23:06 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-04-07 20:31 - 2014-01-24 22:58 - 00701537 _____ () C:\WINDOWS\WindowsUpdate.log
2014-04-07 20:31 - 2013-03-18 10:43 - 00458752 _____ () C:\WINDOWS\system32\config\SpybotSD.evt
2014-04-07 20:31 - 2009-04-21 23:06 - 00032542 _____ () C:\WINDOWS\SchedLgU.Txt
2014-04-07 20:31 - 2009-04-21 23:06 - 00000278 ___SH () C:\Documents and Settings\Stevie\ntuser.ini
2014-04-07 20:31 - 2009-04-21 23:06 - 00000000 ____D () C:\Documents and Settings\Stevie
2014-04-07 20:29 - 2014-04-07 20:29 - 00001306 _____ () C:\Documents and Settings\Stevie\Desktop\fixlist.text
2014-04-07 18:58 - 2014-04-07 18:58 - 01145856 _____ (Farbar) C:\Documents and Settings\Stevie\Desktop\FRST.exe
2014-04-07 18:52 - 2010-03-03 00:22 - 00000000 ____D () C:\Program Files\ThreatFire
2014-04-07 18:44 - 2011-05-14 07:31 - 00000000 ____D () C:\Program Files\COMODO
2014-04-07 18:43 - 2014-04-07 18:43 - 05075834 _____ () C:\Documents and Settings\Stevie\Desktop\Setup.zip
2014-04-07 18:43 - 2014-04-07 18:43 - 00000000 ____D () C:\Documents and Settings\Stevie\Application Data\Uninstaller Tool(Comodo Forums)
2014-04-06 21:42 - 2014-03-27 22:44 - 00069470 _____ () C:\Documents and Settings\Stevie\Desktop\OTL.Txt
2014-04-06 21:34 - 2009-06-05 20:03 - 00000424 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{C45D3254-C5F2-4164-8186-CF660410A378}.job
2014-04-06 21:33 - 2012-07-22 22:30 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cd685145978ed4.job
2014-04-06 21:33 - 2009-07-01 22:41 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-05 17:38 - 2014-02-16 22:00 - 00004148 _____ () C:\WINDOWS\setupapi.log
2014-04-05 13:01 - 2014-04-03 22:43 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Package Cache
2014-04-03 22:53 - 2013-01-20 14:03 - 00564618 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2014-04-03 22:43 - 2014-04-03 22:43 - 04413904 _____ (Avira Operations GmbH & Co. KG) C:\Documents and Settings\Stevie\Desktop\avira_en_av___ws.exe
2014-04-03 22:43 - 2014-04-03 22:43 - 00000858 _____ () C:\Documents and Settings\All Users\Desktop\Avira.lnk
2014-04-03 22:43 - 2014-03-29 14:07 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Avira
2014-04-03 22:43 - 2011-05-31 22:46 - 00000000 ____D () C:\Program Files\Avira
2014-04-03 22:43 - 2011-05-01 17:48 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Avira
2014-04-03 22:35 - 2014-03-27 22:44 - 00069940 _____ () C:\Documents and Settings\Stevie\Desktop\Extras.Txt
2014-04-01 21:42 - 2011-05-01 18:01 - 00000000 ____D () C:\WINDOWS\system32\NtmsData
2014-04-01 21:42 - 2009-04-21 22:59 - 00000000 ____D () C:\WINDOWS\Registration
2014-04-01 21:32 - 2014-04-01 21:32 - 00000000 ____D () C:\_OTL
2014-04-01 21:31 - 2009-04-21 23:52 - 00752666 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-03-29 11:21 - 2014-03-29 11:20 - 00000000 ____D () C:\AdwCleaner
2014-03-29 11:20 - 2014-03-29 11:20 - 01950720 _____ () C:\Documents and Settings\Stevie\Desktop\adwcleaner.exe
2014-03-27 23:18 - 2014-03-27 23:11 - 00000000 ____D () C:\Documents and Settings\Stevie\Desktop\RK_Quarantine
2014-03-27 23:13 - 2014-03-27 23:13 - 00003413 _____ () C:\Documents and Settings\Stevie\Desktop\RKreport[0]_S_03272014_221344.txt
2014-03-27 23:06 - 2011-04-13 22:50 - 00001324 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-03-27 23:04 - 2014-03-27 23:05 - 03972608 _____ () C:\Documents and Settings\Stevie\Desktop\RogueKiller.exe
2014-03-27 19:22 - 2014-03-27 22:28 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\Stevie\Desktop\OTL.exe
2014-03-27 19:17 - 2011-07-02 10:41 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2541763$
2014-03-27 19:06 - 2009-05-19 18:53 - 00000000 ____D () C:\Documents and Settings\Stevie\Application Data\vlc
2014-03-27 18:06 - 2014-03-27 18:06 - 00004192 _____ () C:\WINDOWS\KB2930275.log
2014-03-27 18:06 - 2014-03-27 18:06 - 00003675 _____ () C:\WINDOWS\KB2916036.log
2014-03-27 18:06 - 2014-03-27 18:06 - 00003673 _____ () C:\WINDOWS\KB2929961.log
2014-03-27 17:23 - 2011-05-02 21:30 - 00000000 ____D () C:\glassfish3
2014-03-27 17:14 - 2010-09-28 18:31 - 00000000 ____D () C:\Documents and Settings\Stevie\Application Data\PC Suite
2014-03-27 16:39 - 2009-04-22 07:56 - 00000000 ____D () C:\OFFICE2003-CUSTOM
2014-03-27 16:31 - 2012-10-14 15:40 - 00000000 ____D () C:\AMD
2014-03-27 16:28 - 2010-08-23 18:09 - 00000000 ____D () C:\ATI
2014-03-27 16:28 - 2009-12-24 02:56 - 00000000 ____D () C:\v2d
2014-03-27 16:28 - 2009-04-21 23:02 - 00000000 ____D () C:\DELL
2014-03-27 16:27 - 2013-09-11 18:50 - 00000000 ____D () C:\Documents and Settings\Stevie\Application Data\PhotoCollageMax
2014-03-27 16:24 - 2009-07-12 23:46 - 00000000 ____D () C:\1fffe9804ec5f40fa0c6a745c411d3f0
2014-03-27 16:23 - 2014-03-27 16:23 - 00002777 _____ () C:\Documents and Settings\Administrator\Local Settings\HOW_DECRYPT.HTML
2014-03-27 16:23 - 2014-03-27 16:23 - 00002777 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\HOW_DECRYPT.HTML
2014-03-27 16:23 - 2014-03-27 16:23 - 00002777 _____ () C:\Documents and Settings\Administrator\HOW_DECRYPT.HTML
2014-03-27 16:23 - 2014-03-27 16:23 - 00001261 _____ () C:\Documents and Settings\Administrator\Local Settings\HOW_DECRYPT.TXT
2014-03-27 16:23 - 2014-03-27 16:23 - 00001261 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\HOW_DECRYPT.TXT
2014-03-27 16:23 - 2014-03-27 16:23 - 00001261 _____ () C:\Documents and Settings\Administrator\HOW_DECRYPT.TXT
2014-03-27 16:23 - 2014-03-27 16:23 - 00000133 _____ () C:\Documents and Settings\Administrator\Local Settings\HOW_DECRYPT.URL
2014-03-27 16:23 - 2014-03-27 16:23 - 00000133 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\HOW_DECRYPT.URL
2014-03-27 16:23 - 2014-03-27 16:23 - 00000133 _____ () C:\Documents and Settings\Administrator\HOW_DECRYPT.URL
2014-03-27 16:23 - 2014-01-26 19:32 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-03-27 16:23 - 2011-12-26 19:26 - 00000000 ___SD () C:\Documents and Settings\Administrator
2014-03-27 16:23 - 2011-12-26 19:26 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Western Digital
2014-03-27 16:22 - 2014-03-27 16:22 - 00002777 _____ () C:\Documents and Settings\Administrator\Application Data\HOW_DECRYPT.HTML
2014-03-27 16:22 - 2014-03-27 16:22 - 00001261 _____ () C:\Documents and Settings\Administrator\Application Data\HOW_DECRYPT.TXT
2014-03-27 16:22 - 2014-03-27 16:22 - 00000133 _____ () C:\Documents and Settings\Administrator\Application Data\HOW_DECRYPT.URL
2014-03-24 21:39 - 2012-07-22 20:00 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-03-24 21:39 - 2012-07-22 20:00 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-03-24 21:39 - 2012-03-18 20:31 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-03-17 10:53 - 2013-10-31 23:11 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2014-03-13 22:07 - 2014-02-23 10:18 - 00000000 ___RD () C:\Documents and Settings\Stevie\My Documents\Dropbox
2014-03-13 19:26 - 2014-02-23 10:16 - 00000000 ____D () C:\Documents and Settings\Stevie\Application Data\Dropbox
2014-03-13 18:39 - 2013-10-16 21:37 - 00000000 ____D () C:\Documents and Settings\Stevie\Application Data\Epson
2014-03-13 18:39 - 2013-10-16 21:14 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\EPSON
2014-03-11 23:25 - 2013-01-20 10:42 - 00000000 ____D () C:\Documents and Settings\Stevie\My Documents\NeroVideo
2014-03-11 21:12 - 2009-04-22 18:49 - 00026112 _____ () C:\Documents and Settings\Stevie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-03-09 00:12 - 2013-03-17 22:02 - 03150858 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-2000478354-963894560-682003330-1003-0.dat
 
Alureon:
C:\Documents and Settings\Stevie\Local Settings\temp\sqylbyp\sivrxcc\wow.dll
 
Some content of TEMP:
====================
C:\Documents and Settings\Stevie\Local Settings\temp\avgnt.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit
 
==================== End Of Log ============================
 
 
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 13-03-2014  01
Ran by Stevie at 2014-04-07 20:30:33 Run:1
Running from C:\Documents and Settings\Stevie\Desktop
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
 
*****************
 
 
==== End of Fixlog ====
 
 
aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2014-04-07 20:37:28
-----------------------------
20:37:28.734    OS Version: Windows 5.1.2600 Service Pack 3
20:37:28.734    Number of processors: 2 586 0x170A
20:37:28.734    ComputerName: DELL360  UserName: Stevie
20:37:29.953    Initialize success
20:40:01.437    AVAST engine defs: 14040700
20:40:03.046    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
20:40:03.046    Disk 0 Vendor: ST380815AS 4.ADA Size: 76293MB BusType: 3
20:40:03.125    Disk 0 MBR read successfully
20:40:03.140    Disk 0 MBR scan
20:40:03.140    Disk 0 Windows XP default MBR code
20:40:03.140    Disk 0 Partition 1 00     DE Dell Utility Dell 8.0       78 MB offset 63
20:40:03.156    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS        76206 MB offset 160650
20:40:03.171    Disk 0 scanning sectors +156232125
20:40:03.234    Disk 0 scanning C:\WINDOWS\system32\drivers
20:40:14.078    Service scanning
20:40:27.468    Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
20:40:31.625    Modules scanning
20:40:36.671    Disk 0 trace - called modules:
20:40:36.703    ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys sppv.sys hal.dll >>UNKNOWN [0x8a5a4938]<<
20:40:36.703    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a51fab8]
20:40:36.703    3 CLASSPNP.SYS[f74c7fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a55bd98]
20:40:37.062    AVAST engine scan C:\WINDOWS
20:40:43.718    AVAST engine scan C:\WINDOWS\system32
20:44:13.500    AVAST engine scan C:\WINDOWS\system32\drivers
20:44:25.578    AVAST engine scan C:\Documents and Settings\Stevie
20:44:40.718    Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Stevie\Desktop\MBR.dat"
20:44:40.718    The log file has been saved successfully to "C:\Documents and Settings\Stevie\Desktop\aswMBR.txt"
 
 

  • 0

#23
Phel

Phel

    Trusted Helper

  • Malware Removal
  • 1,386 posts

C:\Documents and Settings\Stevie\Desktop\fixlist.text <---- .text is not a proper extension.

 

fixlist.txt <---- .txt is right extension.

 

So, please, change fixlist.text file extension to fixlist.txt

 

After that re-run Step 1 from my previous message and post new logs.


  • 0

#24
Steviep

Steviep

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 311 posts

Hi Phel, I've just noticed that the aswmbr scan wasnt complet and I'm running it again and will post the updated log shortly


  • 0

#25
Steviep

Steviep

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 311 posts
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014  01
Ran by Stevie (administrator) on DELL360 on 07-04-2014 21:10:58
Running from C:\Documents and Settings\Stevie\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 7
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(ABBYY) C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Seiko Epson Corporation) C:\WINDOWS\system32\EscSvc.exe
(Teruten) C:\WINDOWS\system32\FsUsbExService.Exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Nero AG) C:\Program Files\Nero\Update\NASvc.exe
(Sony Corporation) C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
(Protexis Inc.) c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe
(Western Digital ) C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Western Digital ) C:\Program Files\Western Digital\WD SmartWare\WDFME.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-01-20] (Apple Inc.)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-03-29] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\qttask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.)
HKLM\...\Run: [Avira Systray] - C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [173136 2014-03-25] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {BF6ECD4B-F767-45E8-8E28-2628ABD50234} URL = https://www.google.c...q={searchTerms}
SearchScopes: HKCU - {BF6ECD4B-F767-45E8-8E28-2628ABD50234} URL = https://www.google.c...q={searchTerms}
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
Toolbar: HKCU - No Name - {41564952-412D-5637-4300-7A786E7484D7} -  No File
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab
DPF: {588031A3-94BF-4CDD-86D0-939F6F93910F} https://fixit.suppor...FixItClient.CAB
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1240353057735
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} https://www.icloud.c...stem/iCloud.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: vnd.ms.radio - {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\Program Files\Power Video Converter\msdxm.ocx (Microsoft Corporation)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\msnlnamespacemgr.dll [304128 2008-05-26] (Microsoft Corporation)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
 
Chrome: 
=======
CHR DefaultSearchKeyword: google.co.uk
CHR Extension: (Google Docs) - C:\Documents and Settings\Stevie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-31]
CHR Extension: (Google Drive) - C:\Documents and Settings\Stevie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-31]
CHR Extension: (YouTube) - C:\Documents and Settings\Stevie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-31]
CHR Extension: (Google Search) - C:\Documents and Settings\Stevie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-31]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Stevie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-31]
CHR Extension: (Gmail) - C:\Documents and Settings\Stevie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-31]
 
========================== Services (Whitelisted) =================
 
R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 AdobeActiveFileMonitor11.0; C:\Program Files\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171600 2012-09-17] (Adobe Systems Incorporated)
R2 AdobeActiveFileMonitor7.0; C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [169312 2008-09-16] (Adobe Systems Incorporated)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-03-29] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-03-29] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1017424 2014-03-29] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [121424 2014-03-25] (Avira Operations GmbH & Co. KG)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc.exe [122000 2011-12-12] (Seiko Epson Corporation)
S2 gupdate1c9c4557151c6be; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-04-23] (Google Inc.)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-10-16] (Oracle Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [769432 2012-07-13] (Nero AG)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)
 
==================== Drivers (Whitelisted) ====================
 
R3 AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [121248 2012-08-26] (SlySoft, Inc.)
R3 AtiHDAudioService; C:\WINDOWS\System32\drivers\AtihdXP3.sys [103040 2012-05-14] (Advanced Micro Devices)
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [90400 2013-12-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\System32\DRIVERS\avipbb.sys [135648 2013-12-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\System32\DRIVERS\avkmgr.sys [37352 2013-12-09] (Avira Operations GmbH & Co. KG)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R1 ElbyCDIO; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [31088 2010-12-16] (Elaborate Bytes AG)
R3 FsUsbExDisk; C:\WINDOWS\system32\FsUsbExDisk.SYS [37344 2013-10-30] ()
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2008-10-28] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2008-10-28] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2008-10-28] (HP)
R3 k57w2k; C:\WINDOWS\System32\DRIVERS\k57xp32.sys [176640 2008-06-19] (Broadcom Corporation)
S3 libusb0; C:\WINDOWS\System32\drivers\libusb0.sys [28672 2007-03-20] (http://libusb-win32.sourceforge.net)
S3 MarvinBus; C:\WINDOWS\System32\DRIVERS\MarvinBus.sys [171520 2005-09-23] (Pinnacle Systems GmbH)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 MPE; C:\WINDOWS\System32\DRIVERS\MPE.sys [15232 2008-04-14] (Microsoft Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R0 PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [46096 2012-08-10] (Corel Corporation)
R0 SFAUDIO; C:\WINDOWS\System32\drivers\sfaudio.sys [24064 2008-03-28] (Sonic Focus, Inc)
R0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [721904 2009-11-04] ()
R1 ssmdrv; C:\WINDOWS\System32\DRIVERS\ssmdrv.sys [28520 2013-12-09] (Avira GmbH)
R1 StarOpen; C:\WINDOWS\system32\Drivers\StarOpen.sys [5632 2009-10-04] ()
S3 USB28xxBGA; C:\WINDOWS\System32\DRIVERS\emBDA.sys [530944 2008-03-06] (eMPIA Technology, Inc.)
S3 USB28xxOEM; C:\WINDOWS\System32\DRIVERS\emOEM.sys [45696 2007-04-26] (eMPIA Technology, Inc.)
S3 wceusbsh; C:\WINDOWS\System32\DRIVERS\wceusbsh.sys [28672 2006-11-06] (Microsoft Corporation)
S4 cerc6; No ImagePath
S4 IntelIde; No ImagePath
S4 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
Error(0) reading file: "C:\WINDOWS\system32\ "
2014-04-07 20:44 - 2014-04-07 20:44 - 00001902 _____ () C:\Documents and Settings\Stevie\Desktop\aswMBR.txt
2014-04-07 20:44 - 2014-04-07 20:44 - 00000512 _____ () C:\Documents and Settings\Stevie\Desktop\MBR.dat
2014-04-07 20:37 - 2014-04-07 20:37 - 04745728 _____ (AVAST Software) C:\Documents and Settings\Stevie\Desktop\aswMBR.exe
2014-04-07 20:34 - 2014-04-07 21:11 - 00012903 _____ () C:\Documents and Settings\Stevie\Desktop\FRST.txt
2014-04-07 19:00 - 2014-04-07 21:10 - 00000000 ____D () C:\FRST
2014-04-07 18:58 - 2014-04-07 18:58 - 01145856 _____ (Farbar) C:\Documents and Settings\Stevie\Desktop\FRST.exe
2014-04-07 18:51 - 2007-10-10 15:07 - 00116032 _____ (PC Tools) C:\Documents and Settings\Stevie\Desktop\RemoveThreatFire.exe
2014-04-07 18:43 - 2014-04-07 18:43 - 05075834 _____ () C:\Documents and Settings\Stevie\Desktop\Setup.zip
2014-04-07 18:43 - 2014-04-07 18:43 - 00000000 ____D () C:\Documents and Settings\Stevie\Application Data\Uninstaller Tool(Comodo Forums)
2014-04-07 18:43 - 2011-04-22 04:04 - 05493014 _____ (Forum Volunteers) C:\Documents and Settings\Stevie\Desktop\Uninstaller Tool.exe
2014-04-03 22:43 - 2014-04-05 13:01 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Package Cache
2014-04-03 22:43 - 2014-04-03 22:43 - 04413904 _____ (Avira Operations GmbH & Co. KG) C:\Documents and Settings\Stevie\Desktop\avira_en_av___ws.exe
2014-04-03 22:43 - 2014-04-03 22:43 - 00000858 _____ () C:\Documents and Settings\All Users\Desktop\Avira.lnk
2014-04-01 21:32 - 2014-04-01 21:32 - 00000000 ____D () C:\_OTL
2014-03-29 14:07 - 2014-04-03 22:43 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Avira
2014-03-29 11:20 - 2014-03-29 11:21 - 00000000 ____D () C:\AdwCleaner
2014-03-29 11:20 - 2014-03-29 11:20 - 01950720 _____ () C:\Documents and Settings\Stevie\Desktop\adwcleaner.exe
2014-03-27 23:13 - 2014-03-27 23:13 - 00003413 _____ () C:\Documents and Settings\Stevie\Desktop\RKreport[0]_S_03272014_221344.txt
2014-03-27 23:11 - 2014-03-27 23:18 - 00000000 ____D () C:\Documents and Settings\Stevie\Desktop\RK_Quarantine
2014-03-27 23:05 - 2014-03-27 23:04 - 03972608 _____ () C:\Documents and Settings\Stevie\Desktop\RogueKiller.exe
2014-03-27 22:44 - 2014-04-06 21:42 - 00069470 _____ () C:\Documents and Settings\Stevie\Desktop\OTL.Txt
2014-03-27 22:44 - 2014-04-03 22:35 - 00069940 _____ () C:\Documents and Settings\Stevie\Desktop\Extras.Txt
2014-03-27 22:28 - 2014-03-27 19:22 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\Stevie\Desktop\OTL.exe
2014-03-27 18:06 - 2014-03-27 18:06 - 00004192 _____ () C:\WINDOWS\KB2930275.log
2014-03-27 18:06 - 2014-03-27 18:06 - 00003675 _____ () C:\WINDOWS\KB2916036.log
2014-03-27 18:06 - 2014-03-27 18:06 - 00003673 _____ () C:\WINDOWS\KB2929961.log
2014-03-27 16:23 - 2014-03-27 16:23 - 00002777 _____ () C:\Documents and Settings\Administrator\Local Settings\HOW_DECRYPT.HTML
2014-03-27 16:23 - 2014-03-27 16:23 - 00002777 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\HOW_DECRYPT.HTML
2014-03-27 16:23 - 2014-03-27 16:23 - 00002777 _____ () C:\Documents and Settings\Administrator\HOW_DECRYPT.HTML
2014-03-27 16:23 - 2014-03-27 16:23 - 00001261 _____ () C:\Documents and Settings\Administrator\Local Settings\HOW_DECRYPT.TXT
2014-03-27 16:23 - 2014-03-27 16:23 - 00001261 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\HOW_DECRYPT.TXT
2014-03-27 16:23 - 2014-03-27 16:23 - 00001261 _____ () C:\Documents and Settings\Administrator\HOW_DECRYPT.TXT
2014-03-27 16:23 - 2014-03-27 16:23 - 00000133 _____ () C:\Documents and Settings\Administrator\Local Settings\HOW_DECRYPT.URL
2014-03-27 16:23 - 2014-03-27 16:23 - 00000133 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\HOW_DECRYPT.URL
2014-03-27 16:23 - 2014-03-27 16:23 - 00000133 _____ () C:\Documents and Settings\Administrator\HOW_DECRYPT.URL
2014-03-27 16:22 - 2014-03-27 16:22 - 00002777 _____ () C:\Documents and Settings\Administrator\Application Data\HOW_DECRYPT.HTML
2014-03-27 16:22 - 2014-03-27 16:22 - 00001261 _____ () C:\Documents and Settings\Administrator\Application Data\HOW_DECRYPT.TXT
2014-03-27 16:22 - 2014-03-27 16:22 - 00000133 _____ () C:\Documents and Settings\Administrator\Application Data\HOW_DECRYPT.URL
 
==================== One Month Modified Files and Folders =======
 
2014-04-07 21:11 - 2014-04-07 20:34 - 00012903 _____ () C:\Documents and Settings\Stevie\Desktop\FRST.txt
2014-04-07 21:10 - 2014-04-07 19:00 - 00000000 ____D () C:\FRST
2014-04-07 21:10 - 2008-04-14 13:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-04-07 21:09 - 2009-05-01 19:20 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-04-07 21:09 - 2009-05-01 19:20 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-04-07 21:08 - 2014-01-24 22:58 - 00702378 _____ () C:\WINDOWS\WindowsUpdate.log
2014-04-07 21:08 - 2013-03-18 10:43 - 00458752 _____ () C:\WINDOWS\system32\config\SpybotSD.evt
2014-04-07 21:08 - 2009-04-21 23:06 - 00032542 _____ () C:\WINDOWS\SchedLgU.Txt
2014-04-07 21:08 - 2009-04-21 23:06 - 00000278 ___SH () C:\Documents and Settings\Stevie\ntuser.ini
2014-04-07 21:08 - 2009-04-21 23:06 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-04-07 21:08 - 2009-04-21 23:06 - 00000000 ____D () C:\Documents and Settings\Stevie
2014-04-07 20:44 - 2014-04-07 20:44 - 00001902 _____ () C:\Documents and Settings\Stevie\Desktop\aswMBR.txt
2014-04-07 20:44 - 2014-04-07 20:44 - 00000512 _____ () C:\Documents and Settings\Stevie\Desktop\MBR.dat
2014-04-07 20:37 - 2014-04-07 20:37 - 04745728 _____ (AVAST Software) C:\Documents and Settings\Stevie\Desktop\aswMBR.exe
2014-04-07 18:58 - 2014-04-07 18:58 - 01145856 _____ (Farbar) C:\Documents and Settings\Stevie\Desktop\FRST.exe
2014-04-07 18:43 - 2014-04-07 18:43 - 05075834 _____ () C:\Documents and Settings\Stevie\Desktop\Setup.zip
2014-04-07 18:43 - 2014-04-07 18:43 - 00000000 ____D () C:\Documents and Settings\Stevie\Application Data\Uninstaller Tool(Comodo Forums)
2014-04-06 21:42 - 2014-03-27 22:44 - 00069470 _____ () C:\Documents and Settings\Stevie\Desktop\OTL.Txt
2014-04-06 21:34 - 2009-06-05 20:03 - 00000424 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{C45D3254-C5F2-4164-8186-CF660410A378}.job
2014-04-06 21:33 - 2012-07-22 22:30 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cd685145978ed4.job
2014-04-06 21:33 - 2009-07-01 22:41 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-05 17:38 - 2014-02-16 22:00 - 00004148 _____ () C:\WINDOWS\setupapi.log
2014-04-05 13:01 - 2014-04-03 22:43 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Package Cache
2014-04-03 22:53 - 2013-01-20 14:03 - 00564618 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2014-04-03 22:43 - 2014-04-03 22:43 - 04413904 _____ (Avira Operations GmbH & Co. KG) C:\Documents and Settings\Stevie\Desktop\avira_en_av___ws.exe
2014-04-03 22:43 - 2014-04-03 22:43 - 00000858 _____ () C:\Documents and Settings\All Users\Desktop\Avira.lnk
2014-04-03 22:43 - 2014-03-29 14:07 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Avira
2014-04-03 22:43 - 2011-05-31 22:46 - 00000000 ____D () C:\Program Files\Avira
2014-04-03 22:43 - 2011-05-01 17:48 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Avira
2014-04-03 22:35 - 2014-03-27 22:44 - 00069940 _____ () C:\Documents and Settings\Stevie\Desktop\Extras.Txt
2014-04-01 21:42 - 2011-05-01 18:01 - 00000000 ____D () C:\WINDOWS\system32\NtmsData
2014-04-01 21:42 - 2009-04-21 22:59 - 00000000 ____D () C:\WINDOWS\Registration
2014-04-01 21:32 - 2014-04-01 21:32 - 00000000 ____D () C:\_OTL
2014-04-01 21:31 - 2009-04-21 23:52 - 00752666 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-03-29 11:21 - 2014-03-29 11:20 - 00000000 ____D () C:\AdwCleaner
2014-03-29 11:20 - 2014-03-29 11:20 - 01950720 _____ () C:\Documents and Settings\Stevie\Desktop\adwcleaner.exe
2014-03-27 23:18 - 2014-03-27 23:11 - 00000000 ____D () C:\Documents and Settings\Stevie\Desktop\RK_Quarantine
2014-03-27 23:13 - 2014-03-27 23:13 - 00003413 _____ () C:\Documents and Settings\Stevie\Desktop\RKreport[0]_S_03272014_221344.txt
2014-03-27 23:06 - 2011-04-13 22:50 - 00001324 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-03-27 23:04 - 2014-03-27 23:05 - 03972608 _____ () C:\Documents and Settings\Stevie\Desktop\RogueKiller.exe
2014-03-27 19:22 - 2014-03-27 22:28 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\Stevie\Desktop\OTL.exe
2014-03-27 19:17 - 2011-07-02 10:41 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2541763$
2014-03-27 19:06 - 2009-05-19 18:53 - 00000000 ____D () C:\Documents and Settings\Stevie\Application Data\vlc
2014-03-27 18:06 - 2014-03-27 18:06 - 00004192 _____ () C:\WINDOWS\KB2930275.log
2014-03-27 18:06 - 2014-03-27 18:06 - 00003675 _____ () C:\WINDOWS\KB2916036.log
2014-03-27 18:06 - 2014-03-27 18:06 - 00003673 _____ () C:\WINDOWS\KB2929961.log
2014-03-27 17:23 - 2011-05-02 21:30 - 00000000 ____D () C:\glassfish3
2014-03-27 17:14 - 2010-09-28 18:31 - 00000000 ____D () C:\Documents and Settings\Stevie\Application Data\PC Suite
2014-03-27 16:39 - 2009-04-22 07:56 - 00000000 ____D () C:\OFFICE2003-CUSTOM
2014-03-27 16:31 - 2012-10-14 15:40 - 00000000 ____D () C:\AMD
2014-03-27 16:28 - 2010-08-23 18:09 - 00000000 ____D () C:\ATI
2014-03-27 16:28 - 2009-12-24 02:56 - 00000000 ____D () C:\v2d
2014-03-27 16:28 - 2009-04-21 23:02 - 00000000 ____D () C:\DELL
2014-03-27 16:27 - 2013-09-11 18:50 - 00000000 ____D () C:\Documents and Settings\Stevie\Application Data\PhotoCollageMax
2014-03-27 16:24 - 2009-07-12 23:46 - 00000000 ____D () C:\1fffe9804ec5f40fa0c6a745c411d3f0
2014-03-27 16:23 - 2014-03-27 16:23 - 00002777 _____ () C:\Documents and Settings\Administrator\Local Settings\HOW_DECRYPT.HTML
2014-03-27 16:23 - 2014-03-27 16:23 - 00002777 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\HOW_DECRYPT.HTML
2014-03-27 16:23 - 2014-03-27 16:23 - 00002777 _____ () C:\Documents and Settings\Administrator\HOW_DECRYPT.HTML
2014-03-27 16:23 - 2014-03-27 16:23 - 00001261 _____ () C:\Documents and Settings\Administrator\Local Settings\HOW_DECRYPT.TXT
2014-03-27 16:23 - 2014-03-27 16:23 - 00001261 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\HOW_DECRYPT.TXT
2014-03-27 16:23 - 2014-03-27 16:23 - 00001261 _____ () C:\Documents and Settings\Administrator\HOW_DECRYPT.TXT
2014-03-27 16:23 - 2014-03-27 16:23 - 00000133 _____ () C:\Documents and Settings\Administrator\Local Settings\HOW_DECRYPT.URL
2014-03-27 16:23 - 2014-03-27 16:23 - 00000133 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\HOW_DECRYPT.URL
2014-03-27 16:23 - 2014-03-27 16:23 - 00000133 _____ () C:\Documents and Settings\Administrator\HOW_DECRYPT.URL
2014-03-27 16:23 - 2014-01-26 19:32 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-03-27 16:23 - 2011-12-26 19:26 - 00000000 ___SD () C:\Documents and Settings\Administrator
2014-03-27 16:23 - 2011-12-26 19:26 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Western Digital
2014-03-27 16:22 - 2014-03-27 16:22 - 00002777 _____ () C:\Documents and Settings\Administrator\Application Data\HOW_DECRYPT.HTML
2014-03-27 16:22 - 2014-03-27 16:22 - 00001261 _____ () C:\Documents and Settings\Administrator\Application Data\HOW_DECRYPT.TXT
2014-03-27 16:22 - 2014-03-27 16:22 - 00000133 _____ () C:\Documents and Settings\Administrator\Application Data\HOW_DECRYPT.URL
2014-03-24 21:39 - 2012-07-22 20:00 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-03-24 21:39 - 2012-07-22 20:00 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-03-24 21:39 - 2012-03-18 20:31 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-03-17 10:53 - 2013-10-31 23:11 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2014-03-13 22:07 - 2014-02-23 10:18 - 00000000 ___RD () C:\Documents and Settings\Stevie\My Documents\Dropbox
2014-03-13 19:26 - 2014-02-23 10:16 - 00000000 ____D () C:\Documents and Settings\Stevie\Application Data\Dropbox
2014-03-13 18:39 - 2013-10-16 21:37 - 00000000 ____D () C:\Documents and Settings\Stevie\Application Data\Epson
2014-03-13 18:39 - 2013-10-16 21:14 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\EPSON
2014-03-11 23:25 - 2013-01-20 10:42 - 00000000 ____D () C:\Documents and Settings\Stevie\My Documents\NeroVideo
2014-03-11 21:12 - 2009-04-22 18:49 - 00026112 _____ () C:\Documents and Settings\Stevie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-03-09 00:12 - 2013-03-17 22:02 - 03150858 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-2000478354-963894560-682003330-1003-0.dat
 
Some content of TEMP:
====================
C:\Documents and Settings\Stevie\Local Settings\temp\avgnt.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit
 
==================== End Of Log ============================
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 13-03-2014  01
Ran by Stevie at 2014-04-07 21:06:03 Run:2
Running from C:\Documents and Settings\Stevie\Desktop
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
start
C:\Documents and Settings\Stevie\Local Settings\temp\avgnt.exe
C:\Documents and Settings\Stevie\Local Settings\temp\sqylbyp\sivrxcc\wow.dll
C:\Documents and Settings\Stevie\Local Settings\temp\sqylbyp
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\ESET <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\ESET <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Malwarebytes' Anti-Malware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Avira <====== ATTENTION
2014-04-07 18:52 - 2010-03-03 00:22 - 00000000 ____D () C:\Program Files\ThreatFire
2014-04-07 18:44 - 2011-05-14 07:31 - 00000000 ____D () C:\Program Files\COMODO
HKU\S-1-5-21-2000478354-963894560-682003330-1003\...409d6c4515e9\InprocServer32: [Default-shell32] SHELL32.dll ATTENTION! ====> ZeroAccess?
end
*****************
 
C:\Documents and Settings\Stevie\Local Settings\temp\avgnt.exe => Moved successfully.
C:\Documents and Settings\Stevie\Local Settings\temp\sqylbyp\sivrxcc\wow.dll => Moved successfully.
C:\Documents and Settings\Stevie\Local Settings\temp\sqylbyp => Moved successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
C:\Program Files\ThreatFire => Moved successfully.
C:\Program Files\COMODO => Moved successfully.
HKU\S-1-5-21-2000478354-963894560-682003330-1003\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} => Key deleted successfully.
 
==== End of Fixlog ====
 
 
Just waiting for aswmbr to finish, after rebooting at step one my anti virus appears to have come back :)

  • 0

Advertisements


#26
Steviep

Steviep

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 311 posts
aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2014-04-07 21:12:36
-----------------------------
21:12:36.734    OS Version: Windows 5.1.2600 Service Pack 3
21:12:36.734    Number of processors: 2 586 0x170A
21:12:36.734    ComputerName: DELL360  UserName: Stevie
21:13:00.796    Initialize success
21:13:53.734    AVAST engine defs: 14040700
21:13:55.765    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
21:13:55.781    Disk 0 Vendor: ST380815AS 4.ADA Size: 76293MB BusType: 3
21:13:56.140    Disk 0 MBR read successfully
21:13:56.140    Disk 0 MBR scan
21:13:56.218    Disk 0 Windows XP default MBR code
21:13:56.234    Disk 0 Partition 1 00     DE Dell Utility Dell 8.0       78 MB offset 63
21:13:56.312    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS        76206 MB offset 160650
21:13:56.359    Disk 0 scanning sectors +156232125
21:13:57.390    Disk 0 scanning C:\WINDOWS\system32\drivers
21:14:10.875    Service scanning
21:14:23.156    Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
21:14:27.375    Modules scanning
21:14:31.156    Disk 0 trace - called modules:
21:14:31.171    ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys spoj.sys hal.dll >>UNKNOWN [0x8a5a4938]<<
21:14:31.171    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a549ab8]
21:14:31.171    3 CLASSPNP.SYS[f74c7fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a556d98]
21:14:31.578    AVAST engine scan C:\WINDOWS
21:14:36.281    AVAST engine scan C:\WINDOWS\system32
21:18:29.078    AVAST engine scan C:\WINDOWS\system32\drivers
21:18:41.093    AVAST engine scan C:\Documents and Settings\Stevie
21:34:15.656    AVAST engine scan C:\Documents and Settings\All Users
21:51:36.953    Scan finished successfully
21:56:50.906    Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Stevie\Desktop\MBR.dat"
21:56:50.921    The log file has been saved successfully to "C:\Documents and Settings\Stevie\Desktop\aswMBR.txt"

Edited by Steviep, 07 April 2014 - 02:57 PM.

  • 0

#27
Phel

Phel

    Trusted Helper

  • Malware Removal
  • 1,386 posts

after rebooting at step one my anti virus appears to have come back :)

 
Nice to hear that. :) Do you still have any problems remaining?
 
The last portions of scans:
 
Step 1. MBAM scan.

bf_new.gif Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup<build number here>.exe to install the application.
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware.
  • Make sure that checkmark is NOT placed next to Enable free trial of Malwarebytes Anti-Malware Premium.
  • Click Finish.
  • Malwarebytes Anti-Malware will be launched.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, click big green button Scan now.
  • The scan may take some time to finish, so please be patient.
  • When the scan is completed, click Copy to Clipboard button.
  • Click Cancel, after that - Yes.
  • Paste the entire report in your next reply.
Step 2. ESET Online Scanner scan.

Please run a free online scan with the ESET Online Scanner.

Vista / Win7 users: Right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator.

Note: This scan works with Internet Explorer or Mozilla FireFox.

You will need to disable your current installed Anti-Virus for the duration of the online scan, how to do so can be read here.

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
  • Click the green ESET Online Scanner box.
  • Tick the box next to YES, I accept the Terms of Use then click on: Start.
  • You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, make sure you copy the logfile first!
  • Then click on: Finish.
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
So, please, don't forget to post in your next message:
  • ESET Online Scanner's log
  • MBAM log

  • 0

#28
Steviep

Steviep

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 311 posts

Hi thanks for your help, the PC seems to be working fine with no problems that I can see, here is the first log and just waiting for the ESET to finish

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 08/04/2014
Scan Time: 21:04:23
Logfile:
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.04.08.06
Rootkit Database: v2014.03.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Stevie

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 276839
Time Elapsed: 14 min, 6 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 2
Trojan.FakeAlert.SA, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\2EOETFM3W2, No Action By User, [eef884a3df9c5ed8036b4b4a0ef405fb],
Trojan.FakeAlert.SA, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\D1T2EUR7FZ, No Action By User, [fbeb75b24e2d999d9f67ab6cc53e3bc5],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)


  • 0

#29
Steviep

Steviep

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 311 posts

[email protected] as CAB hook log:
OnlineScanner.ocx - registred OK
# version=8
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=a63556361e26224ea42276f29706187e
# engine=17802
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-04-08 09:33:46
# local_time=2014-04-08 10:33:46 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# scanned=159079
# found=4
# cleaned=0
# scan_time=4714
sh=932E042070F1567ED5A116E98E3C04D7D07E0681 ft=1 fh=3bf8f6c29b1c29c3 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Documents and Settings\Stevie\My Documents\Downloads\ccsetup409.exe"
sh=00EB2806D54EA24AD5C02405B07AC9F9CEC26047 ft=1 fh=74cbab00d1ab0b01 vn="a variant of Win32/Kryptik.BZCS trojan" ac=I fn="C:\FRST\Quarantine\C\Documents and Settings\Stevie\Local Settings\temp\sqylbyp\sivrxcc\wow.dll.xBAD"
sh=B9A96D9AE94C4B42CA5499933F6DF218B3903768 ft=1 fh=966b3592656dc188 vn="a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application" ac=I fn="C:\Program Files\Avira\AntiVir Desktop\offercast_avirav7_.exe"
sh=DF106553AA7E1119027AC6BBE81B02A189F670E1 ft=1 fh=b7a532b1447610d1 vn="a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application" ac=I fn="C:\RECYCLER\S-1-5-21-2000478354-963894560-682003330-1003\Dc70.exe"

 


  • 0

#30
Phel

Phel

    Trusted Helper

  • Malware Removal
  • 1,386 posts

Okay, let's remove leftovers:

 

Step 1. MBAM scan.

 

  • Run  Malwarebytes Anti-Malware.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, click big green button Scan now.
  • The scan may take some time to finish, so please be patient.
  • When the scan is completed, click Apply Actions button.
  • When finished, reboot your computer.

     

Step 2. OTL fix.

 

  • Run OTL.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:
    :Commands
    [CREATERESTOREPOINT] 
    
    :Files
    C:\Documents and Settings\Stevie\My Documents\Downloads\ccsetup409.exe
     
    :Commands
    [EMPTYTEMP]
  • Then click the Run Fix button at the top.
  • Let the program run unhindered, reboot the PC when it is done.

     

     

 


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP