Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

malware ? frst attached. computer grinds to a halt not sure if still

malware frst

  • This topic is locked This topic is locked

#1
Marcus1122

Marcus1122

    Member

  • Member
  • PipPip
  • 42 posts
recently deleted about 25 items with avast and a few items pop back up for deletion.
 
computer seems to grind to a halt soon after booting up.
 
i ran frst and not sure how to prepare list on word doc for deletion.
 
any help appreciated.
 
 
 
attached.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-01-2015 01
Ran by ron (administrator) on TRADE on 29-01-2015 13:33:06
Running from C:\Users\ron\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HGNGCAW3
Loaded Profiles: ron (Available profiles: ron)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Andrea Electronics Corporation) C:\Windows\System32\AERTSrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Cisco WebEx LLC) C:\Windows\System32\atashost.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Coupons.com Inc.) C:\Program Files\Coupons\CouponPrinterService.exe
(Nero AG) C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe
(Matrox Graphics Inc) C:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.Pdesk.ServicesHost.exe
(Matrox Graphics Inc.) C:\Windows\System32\mgabg.exe
() C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
() C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
(Matrox Graphics Inc.) C:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk SE.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office\EXCEL.EXE


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Matrox PowerDesk SE] => C:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk SE.exe [3907328 2008-09-19] (Matrox Graphics Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-23] (AVAST Software)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4907008 2008-01-17] (Realtek Semiconductor)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dll ATTENTION! ====> ZeroAccess?
HKU\S-1-5-21-893646719-2384664811-2616046975-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-893646719-2384664811-2616046975-1000\...\Run: [aliim] => C:\Program Files\TradeManager\AliIM.exe [293272 2014-05-14] (Alibaba (China) Co., Ltd.)
HKU\S-1-5-21-893646719-2384664811-2616046975-1000\...\Policies\Explorer: [Run] "C:\Users\ron\AppData\Roaming\Microsoft\Windows\IEUpdate\odbcconf.exe"
HKU\S-1-5-21-893646719-2384664811-2616046975-1000\...\MountPoints2: {004efa5f-79f9-11e3-bd19-001d0995108c} - H:\setup.exe -a
HKU\S-1-5-21-893646719-2384664811-2616046975-1000\...409d6c4515e9\InprocServer32: [Default-shell32] shell32.dll ATTENTION! ====> ZeroAccess?
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ron\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ron\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ron\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-893646719-2384664811-2616046975-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?gws_rd=ssl
HKU\S-1-5-21-893646719-2384664811-2616046975-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKU\S-1-5-21-893646719-2384664811-2616046975-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01
HKU\S-1-5-21-893646719-2384664811-2616046975-1000\Software\Microsoft\Internet Explorer\Main,Old Start Page = https://www.google.com/?gws_rd=sslnwõ#
SearchScopes: HKLM -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/...=AVASDF&PC=AV01
SearchScopes: HKLM -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/...=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-893646719-2384664811-2616046975-1000 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = https://www.google.c...q={searchTerms}
SearchScopes: HKU\S-1-5-21-893646719-2384664811-2616046975-1000 -> {2EAC5DC5-E7C8-4BF6-BFCA-3510A4289594} URL = http://search.condui...2596632957&UM=2
SearchScopes: HKU\S-1-5-21-893646719-2384664811-2616046975-1000 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/...=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-893646719-2384664811-2616046975-1000 -> {645701DB-0A59-AE3F-8D62-BAA040AFB663} URL = http://www.bing.com/...007&form=ZGAIDF
SearchScopes: HKU\S-1-5-21-893646719-2384664811-2616046975-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = https://www.google.c...q={searchTerms}
SearchScopes: HKU\S-1-5-21-893646719-2384664811-2616046975-1000 -> {D01CF7C9-3DCB-4C05-9623-4C8D5FA93E9F} URL = http://search.yahoo....=utf-8&fr=b1ie7
SearchScopes: HKU\S-1-5-21-893646719-2384664811-2616046975-1000 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://search.yahoo....p={searchTerms}
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKU\S-1-5-21-893646719-2384664811-2616046975-1000 -> No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File
Toolbar: HKU\S-1-5-21-893646719-2384664811-2616046975-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab}
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell...r/SysProExe.CAB
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147}
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\..\Interfaces\{98A01950-602C-43F6-9D45-DF1D31177ABE}: [NameServer] 192.168.1.1

FireFox:
========
FF Plugin: @alibaba.com/nptrademanager;version=1.0 -> C:\Program Files\TradeManager\nptrademanager.dll ( )
FF Plugin: @alibaba.com/npwangwang;version=1.0 -> C:\Program Files\TradeManager\npwangwang.dll ( )
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll No File
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @oberon-media.com/ONCAdapter -> C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll (Oberon-Media )
FF Plugin: @real.com/nppl3260;version=16.0.4.19 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.4 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.4.19 -> c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-893646719-2384664811-2616046975-1000: @alibaba.com/npAliSSOLogin;version=1.0 -> C:\Program Files\trademanager\npAliSSOLogin.dll (Alibaba software (Shanghai) Corporation.)
FF Plugin HKU\S-1-5-21-893646719-2384664811-2616046975-1000: tdameritrade.com/thinkorswim -> C:\Program Files\thinkTDAL\npthinkorswim.dll (TD Ameritrade)
FF Plugin HKU\S-1-5-21-893646719-2384664811-2616046975-1000: tdameritrade.com/tossc -> C:\Program Files\thinkTDAL\nptossc.dll (TD Ameritrade)
FF Extension: FT Downloader - C:\Users\ron\AppData\Roaming\Mozilla\Firefox\profiles\extensions\[email protected] [2013-06-26]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-06-30]
FF HKLM\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF HKLM\...\Firefox\Extensions: [{1B12EF76-2B5E-4DA1-B587-4762D49BFE03}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-10-10]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-06-06]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\21.0.1180.60\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\33.0.1750.154\gcswf32.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\33.0.1750.154\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 6 U31) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (AliWangWang Plug-In For Firefox and Netscape) - C:\Program Files\trademanager\npwangwang.dll ( )
CHR Plugin: (RealNetworks™ RealPlayer Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll No File
CHR Plugin: (RealPlayer™ HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll No File
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - c:\program files\real\realplayer\Netscape6\nprpjplug.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (RealJukebox NS Plugin) - c:\program files\real\realplayer\Netscape6\nprjplug.dll No File
CHR Profile: C:\Users\ron\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-07-05]
CHR Extension: (Google Search) - C:\Users\ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-07-05]
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2012-07-05]
CHR Extension: (Chrome In-App Payments service) - C:\Users\ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-23]
CHR Extension: (No Name) - C:\Users\ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\opfedmikikmahmpaimpfelmikhaigobp [2013-11-11]
CHR Extension: (Gmail) - C:\Users\ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-07-05]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-26]
CHR HKLM\...\Chrome\Extension: [lgnbhdnimikkoodkogjlcllngimhlapp] - C:\Program Files\FTDownloader.com\FTDownloader10.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [opfedmikikmahmpaimpfelmikhaigobp] - C:\Users\ron\AppData\Local\CRE\opfedmikikmahmpaimpfelmikhaigobp.crx [2013-10-28]
CHR HKU\S-1-5-21-893646719-2384664811-2616046975-1000\...\Chrome\Extension: [opfedmikikmahmpaimpfelmikhaigobp] - C:\Users\ron\AppData\Local\CRE\opfedmikikmahmpaimpfelmikhaigobp.crx [2013-10-28]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AERTFilters; C:\Windows\system32\AERTSrv.exe [77824 2007-12-05] (Andrea Electronics Corporation)
R2 atashost; C:\Windows\system32\atashost.exe [136784 2012-11-16] (Cisco WebEx LLC)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-26] (AVAST Software)
R2 CouponPrinterService; C:\Program Files\Coupons\CouponPrinterService.exe [154096 2014-10-15] (Coupons.com Inc.)
R2 DeviceMonitorService; C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe [87368 2011-09-19] (Nero AG)
S4 lxduCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxduserv.exe [94208 2009-10-16] (Lexmark International, Inc.) [File not signed]
S4 lxdu_device; C:\Windows\system32\lxducoms.exe [594600 2008-05-23] ( )
R2 Matrox.Pdesk.ServicesHost; C:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.Pdesk.ServicesHost.exe [343296 2008-09-19] (Matrox Graphics Inc)
R2 MGABGEXE; C:\Windows\system32\mgabg.exe [87560 2007-04-04] (Matrox Graphics Inc.)
R2 MotoHelper; C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe [214896 2011-12-06] ()
S3 PCPitstop Scheduling; C:\Program Files\PCPitstop\PCPitstopScheduleService.exe [86016 2010-09-13] (PC Pitstop LLC) [File not signed]
S4 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2014-08-12] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-11-26] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2014-11-26] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [55240 2014-11-26] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-11-26] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2014-11-26] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423784 2014-11-26] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57928 2014-11-26] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2014-11-26] ()
R3 G400DH; C:\Windows\System32\DRIVERS\g400dhm.sys [350592 2008-07-11] (Matrox Graphics Inc.)
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [43520 2012-02-15] (Apple, Inc.) [File not signed]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-29 13:32 - 2015-01-29 13:33 - 00000000 ____D () C:\FRST
2015-01-29 13:20 - 2015-01-29 13:20 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-29 13:20 - 2015-01-29 13:20 - 00000000 _____ () C:\Windows\setupact.log
2015-01-29 10:15 - 2015-01-29 10:17 - 00100240 _____ () C:\Windows\system32\GDIPFONTCACHEV1.DAT
2015-01-29 08:40 - 2015-01-29 08:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-01-29 08:40 - 2014-11-26 12:27 - 00291352 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-01-28 18:28 - 2015-01-28 18:59 - 00000000 ___HD () C:\48895b54
2015-01-28 17:33 - 2015-01-28 17:31 - 00270340 _____ (Dramatising#Featuring) C:\Windows\system32\bitsDGAE.exe
2015-01-28 09:01 - 2015-01-29 12:12 - 00000000 ___HD () C:\ProgramData\{49A0BAC7-3326-4433-9373-4AA8793ABB5C}

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-29 13:31 - 2014-12-23 13:08 - 00088576 _____ () C:\Users\ron\Desktop\ua order.xls
2015-01-29 13:20 - 2009-06-30 13:13 - 00000680 _____ () C:\Users\ron\AppData\Local\d3d9caps.dat
2015-01-29 13:20 - 2006-11-02 07:47 - 00003712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-29 13:20 - 2006-11-02 07:47 - 00003712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-29 13:03 - 2009-07-07 08:38 - 00000000 ____D () C:\Windows\system32\Sti
2015-01-29 13:03 - 2009-07-01 09:50 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-01-29 12:38 - 2008-01-20 20:35 - 01235578 _____ () C:\Windows\WindowsUpdate.log
2015-01-29 12:34 - 2014-10-29 07:26 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-29 12:16 - 2013-12-12 08:36 - 00000000 ____D () C:\ProgramData\boost_interprocess
2015-01-29 12:12 - 2009-08-16 13:28 - 00000000 ____D () C:\temp
2015-01-29 12:12 - 2006-11-02 08:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-29 11:47 - 2011-05-12 08:58 - 00002479 _____ () C:\Users\ron\Desktop\HiJackThis.lnk
2015-01-29 11:34 - 2014-09-23 09:29 - 00003011 _____ () C:\Users\ron\Desktop\hijackthis.log
2015-01-29 11:03 - 2006-11-02 08:01 - 00032534 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-29 10:57 - 2009-10-08 14:31 - 00000000 ____D () C:\Windows\pss
2015-01-29 09:42 - 2010-02-23 13:38 - 00000000 ____D () C:\Windows\Minidump
2015-01-29 08:51 - 2008-01-20 21:47 - 02418070 _____ () C:\Windows\PFRO.log
2015-01-29 08:41 - 2014-11-26 12:28 - 00001787 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-01-28 18:48 - 2009-11-16 08:54 - 00000000 ____D () C:\ProgramData\Skype
2015-01-28 18:46 - 2014-10-10 07:20 - 00000000 ____D () C:\ProgramData\RealNetworks
2015-01-28 18:46 - 2014-01-10 11:46 - 00000000 ____D () C:\ProgramData\Nero
2015-01-28 18:46 - 2010-03-09 14:18 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-28 18:46 - 2009-10-01 13:54 - 00000000 ____D () C:\ProgramData\Real
2015-01-28 18:45 - 2013-08-31 12:01 - 00000000 ___HD () C:\ProgramData\CanonBJ
2015-01-28 18:45 - 2013-01-02 08:36 - 00000000 ____D () C:\ProgramData\Dl_cats
2015-01-28 18:45 - 2012-10-22 10:15 - 00000000 ____D () C:\ProgramData\cylabuedltgjbsp
2015-01-28 18:45 - 2011-03-10 17:43 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-01-28 18:45 - 2009-12-24 08:42 - 00000000 ____D () C:\ProgramData\Lexmark 5600-6600 Series
2015-01-28 18:44 - 2012-10-15 16:43 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2015-01-28 18:44 - 2011-09-02 12:22 - 00000000 ____D () C:\ProgramData\Apple Computer
2015-01-28 18:44 - 2009-07-08 10:30 - 00000000 ____D () C:\ProgramData\5600-6600 Series
2015-01-28 18:44 - 2008-10-06 16:24 - 00000000 ____D () C:\dell
2015-01-28 18:43 - 2012-04-17 08:25 - 00000000 ____D () C:\2nd Story Software
2015-01-28 18:29 - 2009-04-22 11:14 - 00000000 ___HD () C:\$AVG8.VAULT$
2015-01-28 17:42 - 2013-12-13 11:04 - 00000000 ____D () C:\Program Files\thinkTDAL
2015-01-28 17:42 - 2013-04-15 07:21 - 00000000 ____D () C:\Users\ron\.thinkorswim
2015-01-28 16:38 - 2014-04-15 08:44 - 63711332 _____ () C:\Users\ron\Downloads\mfc_10_03_2014.rar
2015-01-28 15:35 - 2014-04-04 16:38 - 00000000 ____D () C:\ProgramData\2992199F9A
2015-01-28 09:52 - 2009-06-30 13:12 - 00000000 ____D () C:\Users\ron
2015-01-26 13:35 - 2006-11-02 05:33 - 00759368 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-22 11:37 - 2009-07-11 09:50 - 00002555 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Excel.lnk
2015-01-20 18:01 - 2014-12-15 12:02 - 00025600 _____ () C:\Users\ron\Desktop\ua and refulls.xls
2015-01-20 17:26 - 2009-07-20 08:48 - 00000768 _____ () C:\Users\ron\AppData\Local\d3d8caps.dat
2015-01-20 10:25 - 2014-10-29 12:41 - 00047616 _____ () C:\Users\ron\Desktop\IKON SETS.xls
2015-01-15 12:06 - 2009-07-11 09:50 - 00002557 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Word.lnk
2014-12-30 11:34 - 2014-05-14 17:37 - 00000000 ____D () C:\Users\ron\AppData\Local\Windows Live

==================== Files in the root of some directories =======

2010-06-11 13:18 - 2010-06-11 13:18 - 0000320 _____ () C:\Users\ron\AppData\Roaming\SEC502751.trad
2009-12-22 11:13 - 2009-03-02 18:48 - 0076407 _____ () C:\Users\ron\AppData\Roaming\Smiley.ico
2009-07-20 08:48 - 2015-01-20 17:26 - 0000768 _____ () C:\Users\ron\AppData\Local\d3d8caps.dat
2009-06-30 13:13 - 2015-01-29 13:20 - 0000680 _____ () C:\Users\ron\AppData\Local\d3d9caps.dat
2009-07-20 09:15 - 2014-10-16 07:42 - 0008704 _____ () C:\Users\ron\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-03-01 09:05 - 2013-03-01 09:07 - 95023320 ____T () C:\ProgramData\1507992.pad
2013-12-30 13:40 - 2013-12-30 13:45 - 95025368 ____T () C:\ProgramData\3bnfrjwlc.fee
2013-12-30 13:40 - 2013-12-30 13:44 - 0000000 _____ () C:\ProgramData\3bnfrjwlc.odd
2013-03-06 11:16 - 2013-03-06 11:19 - 95023320 ____T () C:\ProgramData\4601732.pad
2013-03-13 09:37 - 2013-03-13 09:38 - 95023320 ____T () C:\ProgramData\6845498.pad
2012-10-02 16:01 - 2012-10-03 16:59 - 83023306 ____T () C:\ProgramData\avaj.pad
2013-12-30 13:40 - 2013-12-30 13:40 - 0160232 _____ (Microsoft Corporation) C:\ProgramData\clwjrfnb3.jss
2013-01-02 08:27 - 2013-01-02 08:27 - 0000000 _____ () C:\ProgramData\cmn_upld.log
2012-09-28 16:17 - 2012-10-03 12:58 - 83023306 ____T () C:\ProgramData\dapeton.pad
2013-01-02 08:55 - 2014-01-24 08:57 - 0000309 _____ () C:\ProgramData\dlea.log
2013-05-03 08:43 - 2013-08-19 13:30 - 0089010 _____ () C:\ProgramData\dleaJSW.log
2013-05-06 07:01 - 2014-01-24 08:57 - 0011273 _____ () C:\ProgramData\dleascan.log
2012-10-05 11:20 - 2012-10-05 11:21 - 83023306 ____T () C:\ProgramData\emorhc.pad
2009-11-16 09:15 - 2009-11-16 09:15 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2013-01-03 08:14 - 2013-01-18 09:09 - 0000504 _____ () C:\ProgramData\FastPics.log
2014-01-23 11:17 - 2014-01-24 08:33 - 0000000 _____ () C:\ProgramData\frmqjfj6b.odd
2012-10-02 07:24 - 2012-10-02 07:27 - 83023306 ____T () C:\ProgramData\gifnocsm.pad
2012-07-06 08:37 - 2012-07-06 08:38 - 4503728 ____T () C:\ProgramData\go_0molg.pad
2012-08-16 13:38 - 2012-08-17 07:05 - 83023306 ____T () C:\ProgramData\ism_0_llatsni.pad
2009-12-24 08:42 - 2012-12-17 08:35 - 0000980 _____ () C:\ProgramData\lxduDiagnostics.log
2009-07-22 12:48 - 2012-01-06 16:23 - 0047092 _____ () C:\ProgramData\lxduJSW.log
2013-01-02 08:27 - 2013-01-02 08:27 - 0000000 _____ () C:\ProgramData\LxWbGwLog.log
2014-03-14 14:27 - 2014-03-17 16:22 - 95027928 ____T () C:\ProgramData\qlf7lflb.fee
2014-03-27 14:55 - 2014-03-27 14:55 - 0201481 _____ () C:\ProgramData\qm7wj4hjr.gsa
2013-12-13 17:36 - 2013-12-13 18:09 - 95025368 ____T () C:\ProgramData\qwh2bnmq.fee
2013-12-13 17:36 - 2013-12-13 18:09 - 0000000 _____ () C:\ProgramData\qwh2bnmq.odd
2013-12-13 17:37 - 2013-12-13 17:53 - 0000285 _____ () C:\ProgramData\qwh2bnmq.reg
2012-08-03 08:15 - 2012-08-03 08:18 - 4503728 ____T () C:\ProgramData\ras_0oed.pad
2012-10-02 09:25 - 2012-10-02 09:25 - 83023306 ____T () C:\ProgramData\reyalpclv.pad
2014-03-27 14:56 - 2014-04-02 11:10 - 95027928 ____T () C:\ProgramData\rjh4jw7mq.bbr
2014-01-29 13:51 - 2014-01-29 13:51 - 0000000 _____ () C:\ProgramData\rllflc3v.odd
2009-07-17 15:53 - 2009-07-17 15:53 - 0252654 _____ () C:\ProgramData\SPL1C96.tmp
2012-09-26 16:48 - 2012-09-26 16:48 - 0239141 _____ () C:\ProgramData\SPL256.tmp
2009-07-16 17:48 - 2009-07-16 17:48 - 0014854 _____ () C:\ProgramData\SPL2ECB.tmp
2011-07-11 15:04 - 2011-07-11 15:04 - 0183016 _____ () C:\ProgramData\SPL2FC2.tmp
2009-11-20 08:51 - 2009-11-20 08:51 - 0529138 _____ () C:\ProgramData\SPL69EE.tmp
2009-11-20 08:53 - 2009-11-20 08:53 - 0529138 _____ () C:\ProgramData\SPL8057.tmp
2012-09-14 13:30 - 2012-09-14 13:30 - 0365310 _____ () C:\ProgramData\SPLD9B5.tmp
2009-11-20 08:54 - 2009-11-20 08:54 - 0187264 _____ () C:\ProgramData\SPLEB97.tmp
2012-09-24 11:38 - 2012-09-27 10:54 - 83023306 ____T () C:\ProgramData\sqj.pad
2012-09-21 14:40 - 2012-09-21 14:42 - 83023306 ____T () C:\ProgramData\ssrsc.pad
2012-09-21 13:23 - 2012-09-21 13:29 - 83023306 ____T () C:\ProgramData\tsohnoc.pad
2009-07-08 10:24 - 2009-07-08 10:24 - 0000000 _____ () C:\ProgramData\UpdaterLog.txt
2013-12-20 12:39 - 2013-12-20 12:54 - 95025368 ____T () C:\ProgramData\v7jw87tr.fee
2013-12-20 12:39 - 2013-12-20 12:39 - 0000000 _____ () C:\ProgramData\v7jw87tr.odd
2012-10-01 14:32 - 2012-10-01 14:36 - 83023306 ____T () C:\ProgramData\vsloops.pad
2012-10-18 09:13 - 2012-10-18 09:14 - 83023306 ____T () C:\ProgramData\xoferif.pad
2012-07-26 09:33 - 2012-07-26 09:35 - 4503728 ____T () C:\ProgramData\z7_0ytr.pad

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-893646719-2384664811-2616046975-1000\$74dfbc209b664417a153f0d06f86a798

ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$74dfbc209b664417a153f0d06f86a798

Files to move or delete:
====================
C:\ProgramData\1507992.pad
C:\ProgramData\3bnfrjwlc.fee
C:\ProgramData\3bnfrjwlc.odd
C:\ProgramData\4601732.pad
C:\ProgramData\6845498.pad
C:\ProgramData\avaj.pad
C:\ProgramData\clwjrfnb3.jss
C:\ProgramData\dapeton.pad
C:\ProgramData\emorhc.pad
C:\ProgramData\frmqjfj6b.odd
C:\ProgramData\gifnocsm.pad
C:\ProgramData\go_0molg.pad
C:\ProgramData\ism_0_llatsni.pad
C:\ProgramData\qlf7lflb.fee
C:\ProgramData\qwh2bnmq.fee
C:\ProgramData\qwh2bnmq.odd
C:\ProgramData\qwh2bnmq.reg
C:\ProgramData\ras_0oed.pad
C:\ProgramData\reyalpclv.pad
C:\ProgramData\rllflc3v.odd
C:\ProgramData\sqj.pad
C:\ProgramData\ssrsc.pad
C:\ProgramData\tsohnoc.pad
C:\ProgramData\v7jw87tr.fee
C:\ProgramData\v7jw87tr.odd
C:\ProgramData\vsloops.pad
C:\ProgramData\xoferif.pad
C:\ProgramData\z7_0ytr.pad
C:\Users\ron\gcmmzjwoxoztu.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-29 12:20

==================== End Of Log ============================

Attached Files


  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you let me know of any problems after this run


CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

 

CreateRestorePoint:
HKU\S-1-5-21-893646719-2384664811-2616046975-1000\...\Policies\Explorer: [Run] "C:\Users\ron\AppData\Roaming\Microsoft\Windows\IEUpdate\odbcconf.exe"
HKU\S-1-5-21-893646719-2384664811-2616046975-1000\...409d6c4515e9\InprocServer32: [Default-shell32] shell32.dll ATTENTION! ====> ZeroAccess?
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dll ATTENTION! ====> ZeroAccess?
Toolbar: HKU\S-1-5-21-893646719-2384664811-2616046975-1000 -> No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File
Toolbar: HKU\S-1-5-21-893646719-2384664811-2616046975-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab}
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147}
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
2015-01-28 17:33 - 2015-01-28 17:31 - 00270340 _____ (Dramatising#Featuring) C:\Windows\system32\bitsDGAE.exe
2015-01-28 09:01 - 2015-01-29 12:12 - 00000000 ___HD () C:\ProgramData\{49A0BAC7-3326-4433-9373-4AA8793ABB5C}
2015-01-29 12:16 - 2013-12-12 08:36 - 00000000 ____D () C:\ProgramData\boost_interprocess
2015-01-28 18:45 - 2012-10-22 10:15 - 00000000 ____D () C:\ProgramData\cylabuedltgjbsp
2015-01-28 15:35 - 2014-04-04 16:38 - 00000000 ____D () C:\ProgramData\2992199F9A
2013-03-01 09:05 - 2013-03-01 09:07 - 95023320 ____T () C:\ProgramData\1507992.pad
2013-12-30 13:40 - 2013-12-30 13:45 - 95025368 ____T () C:\ProgramData\3bnfrjwlc.fee
2013-12-30 13:40 - 2013-12-30 13:44 - 0000000 _____ () C:\ProgramData\3bnfrjwlc.odd
2013-03-06 11:16 - 2013-03-06 11:19 - 95023320 ____T () C:\ProgramData\4601732.pad
2013-03-13 09:37 - 2013-03-13 09:38 - 95023320 ____T () C:\ProgramData\6845498.pad
2012-10-02 16:01 - 2012-10-03 16:59 - 83023306 ____T () C:\ProgramData\avaj.pad
2013-12-30 13:40 - 2013-12-30 13:40 - 0160232 _____ (Microsoft Corporation) C:\ProgramData\clwjrfnb3.jss
2013-01-02 08:27 - 2013-01-02 08:27 - 0000000 _____ () C:\ProgramData\cmn_upld.log
2012-09-28 16:17 - 2012-10-03 12:58 - 83023306 ____T () C:\ProgramData\dapeton.pad
2013-01-02 08:55 - 2014-01-24 08:57 - 0000309 _____ () C:\ProgramData\dlea.log
2013-05-03 08:43 - 2013-08-19 13:30 - 0089010 _____ () C:\ProgramData\dleaJSW.log
2013-05-06 07:01 - 2014-01-24 08:57 - 0011273 _____ () C:\ProgramData\dleascan.log
2012-10-05 11:20 - 2012-10-05 11:21 - 83023306 ____T () C:\ProgramData\emorhc.pad
2009-11-16 09:15 - 2009-11-16 09:15 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2013-01-03 08:14 - 2013-01-18 09:09 - 0000504 _____ () C:\ProgramData\FastPics.log
2014-01-23 11:17 - 2014-01-24 08:33 - 0000000 _____ () C:\ProgramData\frmqjfj6b.odd
2012-10-02 07:24 - 2012-10-02 07:27 - 83023306 ____T () C:\ProgramData\gifnocsm.pad
2012-07-06 08:37 - 2012-07-06 08:38 - 4503728 ____T () C:\ProgramData\go_0molg.pad
2012-08-16 13:38 - 2012-08-17 07:05 - 83023306 ____T () C:\ProgramData\ism_0_llatsni.pad
2009-12-24 08:42 - 2012-12-17 08:35 - 0000980 _____ () C:\ProgramData\lxduDiagnostics.log
2009-07-22 12:48 - 2012-01-06 16:23 - 0047092 _____ () C:\ProgramData\lxduJSW.log
2013-01-02 08:27 - 2013-01-02 08:27 - 0000000 _____ () C:\ProgramData\LxWbGwLog.log
2014-03-14 14:27 - 2014-03-17 16:22 - 95027928 ____T () C:\ProgramData\qlf7lflb.fee
2014-03-27 14:55 - 2014-03-27 14:55 - 0201481 _____ () C:\ProgramData\qm7wj4hjr.gsa
2013-12-13 17:36 - 2013-12-13 18:09 - 95025368 ____T () C:\ProgramData\qwh2bnmq.fee
2013-12-13 17:36 - 2013-12-13 18:09 - 0000000 _____ () C:\ProgramData\qwh2bnmq.odd
2013-12-13 17:37 - 2013-12-13 17:53 - 0000285 _____ () C:\ProgramData\qwh2bnmq.reg
2012-08-03 08:15 - 2012-08-03 08:18 - 4503728 ____T () C:\ProgramData\ras_0oed.pad
2012-10-02 09:25 - 2012-10-02 09:25 - 83023306 ____T () C:\ProgramData\reyalpclv.pad
2014-03-27 14:56 - 2014-04-02 11:10 - 95027928 ____T () C:\ProgramData\rjh4jw7mq.bbr
2014-01-29 13:51 - 2014-01-29 13:51 - 0000000 _____ () C:\ProgramData\rllflc3v.odd
2009-07-17 15:53 - 2009-07-17 15:53 - 0252654 _____ () C:\ProgramData\SPL1C96.tmp
2012-09-26 16:48 - 2012-09-26 16:48 - 0239141 _____ () C:\ProgramData\SPL256.tmp
2009-07-16 17:48 - 2009-07-16 17:48 - 0014854 _____ () C:\ProgramData\SPL2ECB.tmp
2011-07-11 15:04 - 2011-07-11 15:04 - 0183016 _____ () C:\ProgramData\SPL2FC2.tmp
2009-11-20 08:51 - 2009-11-20 08:51 - 0529138 _____ () C:\ProgramData\SPL69EE.tmp
2009-11-20 08:53 - 2009-11-20 08:53 - 0529138 _____ () C:\ProgramData\SPL8057.tmp
2012-09-14 13:30 - 2012-09-14 13:30 - 0365310 _____ () C:\ProgramData\SPLD9B5.tmp
2009-11-20 08:54 - 2009-11-20 08:54 - 0187264 _____ () C:\ProgramData\SPLEB97.tmp
2012-09-24 11:38 - 2012-09-27 10:54 - 83023306 ____T () C:\ProgramData\sqj.pad
2012-09-21 14:40 - 2012-09-21 14:42 - 83023306 ____T () C:\ProgramData\ssrsc.pad
2012-09-21 13:23 - 2012-09-21 13:29 - 83023306 ____T () C:\ProgramData\tsohnoc.pad
2009-07-08 10:24 - 2009-07-08 10:24 - 0000000 _____ () C:\ProgramData\UpdaterLog.txt
2013-12-20 12:39 - 2013-12-20 12:54 - 95025368 ____T () C:\ProgramData\v7jw87tr.fee
2013-12-20 12:39 - 2013-12-20 12:39 - 0000000 _____ () C:\ProgramData\v7jw87tr.odd
2012-10-01 14:32 - 2012-10-01 14:36 - 83023306 ____T () C:\ProgramData\vsloops.pad
2012-10-18 09:13 - 2012-10-18 09:14 - 83023306 ____T () C:\ProgramData\xoferif.pad
2012-07-26 09:33 - 2012-07-26 09:35 - 4503728 ____T () C:\ProgramData\z7_0ytr.pad
Task: {1846B47A-65FA-4F82-93C7-FFF00E67AB24} - System32\Tasks\{10BD6702-A095-42C9-9584-28140523B5F5} => pcalua.exe -a "C:\Users\ron\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\77N3PB15\pbf4setup[1].exe" -d C:\Users\ron\Desktop
HKLM\...\.exe: => <===== ATTENTION!
HKU\S-1-5-21-893646719-2384664811-2616046975-1000\Software\Classes\.exe: exefile => <===== ATTENTION!
C:\$Recycle.Bin\S-1-5-21-893646719-2384664811-2616046975-1000\$74dfbc209b664417a153f0d06f86a798
C:\$Recycle.Bin\S-1-5-18\$74dfbc209b664417a153f0d06f86a798
C:\Users\ron\AppData\Roaming\Microsoft\Windows\IEUpdate
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Download aswMBR.exe ( 4.5mb ) to your desktop.
Double click the aswMBR.exe to run it.
You may be offered the option of using virtualisation, accept that
When it offers to download the virus database allow that as well
Click the "Scan" button to start scan

AswMBR%20scan.JPG


On completion of the scan click save log, save it to your desktop and post in your next reply
  • 0

#3
Marcus1122

Marcus1122

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts

thx for quick response.
 
completed.  seems pretty good so far.  ill update u tomorrow.
 
 
 
attached is fix log.
 
 
i think i ran another avast scan after i sent u initial message and it deleted a bunch of stuff again.

Attached Files


  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
AswMBR will run an Avast scan when it checks the MBR
  • 0

#5
Marcus1122

Marcus1122

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts

my bad, will do aswmbr. 

 

i did run avast.  something showed up with c/windows/temp/low/sessionwin32k/3976/conhost.exe  win32 krptik-ouj trj

 

and once in awhile avast blocks something with conhost.

 

will do aswmbr now.

 

thx a bunch


  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
That was in the temp folder so FRST would have cleared that out
  • 1

#7
Marcus1122

Marcus1122

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts

how did u come up that script for notepad ?

 

about how long does the scan take ?

 

seems like its stalling out.

 

thx


  • 0

#8
Marcus1122

Marcus1122

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
I believe that was still popping up today and avast caught it.

I rebooted and running aswmbr now.

Avast was catching a few things popping up.
  • 0

#9
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Once AswMBR has completed could you run a fresh FRST scan for me please
  • 0

#10
Marcus1122

Marcus1122

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts

ill get back on monday.   have to get going and will be away for weekend.

 

thx.   attached aswmbr. 

 

thx a bunch

Attached Files


  • 0

Advertisements


#11
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK AswMBR located them for me. So when you get back run this fix and then let me know how the system is

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
C:\Users\ron\AppData\Local\Temp\conhost.exe
C:\Users\ron\AppData\Local\Temp\Low\SessionWin32k
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that
  • 0

#12
Marcus1122

Marcus1122

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
Ok will do.
I take it I should delete or change name of the prior fixlist.txt?

Thx
  • 0

#13
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
If you ran the prior fixlist it should have disappeared from your desktop
  • 0

#14
Marcus1122

Marcus1122

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts

ran it from c drive in frst folder.   still there.   ill move the first to desktop.


  • 0

#15
Marcus1122

Marcus1122

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts

not sure if it ran correctly.

 

i first ran from c drive and the frst.exe seem to move to a sub folder, frst-older version.

 

then i resaved to desktop and ran again a few times as it seemed to halt.

 

attached

 

thx

 

 

 

 

Attached Files


  • 0






Similar Topics


Also tagged with one or more of these keywords: malware, frst

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP