Solved "Detekt" found "Ghost"_ MWB removed Babylon from Unlocker

[QuestionGhost]

Hello,

last November I installed and ran the Gov't Malware Program by Amnesty Int. called "Detekt".
It found that my PC was infected, with "Ghost": Unfortunately, this program only finds spyware/malware but does not offer any removal tools. I tried running Avast and CCleaner but they were not able to find anything on my Computer, Detekt would still find "Ghost".

Later in 2014 I installed a new Avira Anti Vir program (instead of Avast whih I used before) plus Malwarebytes Anti Malware. All programs were updated. Neither one of these three programs did find anything at the time (to the end of 2014).


Now today (Jan. 5, 2015) I updated and used Malwarebytes and it found "Babylon.A" (a kind of "Ghost", if I understand right) in the "Unlocker" (1.9.2) program files.It was put into quarantine by MWB.

I will try to do as you describe the process, and first post the log files that MWB put out today. My external Hard Disc Drive was connected during the scans.

Please let me know if my Computer is safe now, and if there are any safety measures to take (like , not using old USB sticks, or the like)

Thank you for your help!

QuestionGhost

 

[QuestionGhost]

I do not recall exactly when or why I installed Unlocker (1.9.2), or where I got it from, but I must have downloaded and installed it around Nov 2014 (last run Nov 24, 2014)

 

[QuestionGhost]

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 05.01.2015
Scan Time: 22:10:39
Logfile: Babylon.Unlocker_ScanMWB.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.01.05.12
Rootkit Database: v2014.12.30.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Admin

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 382256
Time Elapsed: 1 hr, 10 min, 23 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

[QuestionGhost]

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 05.01.2015
Scan Time: 22:10:39
Logfile: Babylon.Unlocker_ScanMWBytes_b.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.01.05.12
Rootkit Database: v2014.12.30.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Admin

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 382256
Time Elapsed: 1 hr, 10 min, 23 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

[QuestionGhost]

Malwarebytes Anti-Malware
www.malwarebytes.org


Update, 05.01.2015 20:59:04, SYSTEM, COMPUTER-P, Manual, Failed, Unable to access update server,
Update, 05.01.2015 20:59:41, SYSTEM, COMPUTER-P, Manual, Rootkit Database, 2014.12.14.1, 2014.12.30.1,
Update, 05.01.2015 21:00:28, SYSTEM, COMPUTER-P, Manual, Malware Database, 2014.12.16.4, 2015.1.5.11,
Update, 05.01.2015 21:00:49, SYSTEM, COMPUTER-P, Manual, program, 2.0.3.1025, 2.0.4.1028,
Protection, 05.01.2015 21:02:08, SYSTEM, COMPUTER-P, Protection, Malware Protection, Starting,
Protection, 05.01.2015 21:02:08, SYSTEM, COMPUTER-P, Protection, Malware Protection, Started,
Protection, 05.01.2015 21:02:08, SYSTEM, COMPUTER-P, Protection, Malicious Website Protection, Starting,
Protection, 05.01.2015 21:03:30, SYSTEM, COMPUTER-P, Protection, Malicious Website Protection, Started,
Update, 05.01.2015 21:04:03, SYSTEM, COMPUTER-P, Manual, Failed, Unable to access update server,
Update, 05.01.2015 21:04:08, SYSTEM, COMPUTER-P, Manual, Failed, Unable to access update server,
Protection, 05.01.2015 21:07:19, SYSTEM, COMPUTER-P, Protection, Malicious Website Protection, Stopping,
Protection, 05.01.2015 21:07:25, SYSTEM, COMPUTER-P, Protection, Malicious Website Protection, Stopped,
Protection, 05.01.2015 21:07:26, SYSTEM, COMPUTER-P, Protection, Malware Protection, Stopping,
Protection, 05.01.2015 21:07:32, SYSTEM, COMPUTER-P, Protection, Malware Protection, Stopped,
Protection, 05.01.2015 22:08:22, SYSTEM, COMPUTER-P, Protection, Malware Protection, Starting,
Protection, 05.01.2015 22:08:22, SYSTEM, COMPUTER-P, Protection, Malware Protection, Started,
Protection, 05.01.2015 22:08:22, SYSTEM, COMPUTER-P, Protection, Malicious Website Protection, Starting,
Update, 05.01.2015 22:08:44, SYSTEM, COMPUTER-P, Manual, Failed, Unable to access update server,
Update, 05.01.2015 22:09:39, SYSTEM, COMPUTER-P, Manual, Rootkit Database, 2014.11.18.1, 2014.12.30.1,
Update, 05.01.2015 22:09:42, SYSTEM, COMPUTER-P, Manual, Remediation Database, 2013.10.16.1, 2014.12.6.1,
Protection, 05.01.2015 22:09:56, SYSTEM, COMPUTER-P, Protection, Malicious Website Protection, Started,
Update, 05.01.2015 22:10:00, SYSTEM, COMPUTER-P, Manual, Malware Database, 2014.11.20.6, 2015.1.5.12,
Protection, 05.01.2015 22:10:00, SYSTEM, COMPUTER-P, Protection, Refresh, Starting,
Protection, 05.01.2015 22:10:00, SYSTEM, COMPUTER-P, Protection, Malicious Website Protection, Stopping,
Protection, 05.01.2015 22:10:00, SYSTEM, COMPUTER-P, Protection, Malicious Website Protection, Stopped,
Protection, 05.01.2015 22:10:57, SYSTEM, COMPUTER-P, Protection, Refresh, Success,
Protection, 05.01.2015 22:10:57, SYSTEM, COMPUTER-P, Protection, Malicious Website Protection, Starting,
Protection, 05.01.2015 22:13:18, SYSTEM, COMPUTER-P, Protection, Malware Protection, Stopping,
Protection, 05.01.2015 22:13:18, SYSTEM, COMPUTER-P, Protection, Malware Protection, Stopped,
Protection, 05.01.2015 22:13:27, SYSTEM, COMPUTER-P, Protection, Malware Protection, Starting,
Protection, 05.01.2015 22:13:27, SYSTEM, COMPUTER-P, Protection, Malware Protection, Started,
Protection, 05.01.2015 22:14:00, SYSTEM, COMPUTER-P, Protection, Malicious Website Protection, Started,
Update, 05.01.2015 23:04:50, SYSTEM, COMPUTER-P, Scheduler, Malware Database, 2015.1.5.12, 2015.1.5.13,
Protection, 05.01.2015 23:04:51, SYSTEM, COMPUTER-P, Protection, Refresh, Starting,
Protection, 05.01.2015 23:04:51, SYSTEM, COMPUTER-P, Protection, Malicious Website Protection, Stopping,
Protection, 05.01.2015 23:04:54, SYSTEM, COMPUTER-P, Protection, Malicious Website Protection, Stopped,
Protection, 05.01.2015 23:10:15, SYSTEM, COMPUTER-P, Protection, Refresh, Success,
Protection, 05.01.2015 23:10:16, SYSTEM, COMPUTER-P, Protection, Malicious Website Protection, Starting,
Protection, 05.01.2015 23:19:29, SYSTEM, COMPUTER-P, Protection, Malicious Website Protection, Started,
Scan, 05.01.2015 23:21:06, SYSTEM, COMPUTER-P, Manual, Start:05.01.2015 22:10:39, Duration:1 hr 10 min 23 sec, Threat Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections,
Protection, 05.01.2015 23:21:06, SYSTEM, COMPUTER-P, Protection, Malicious Website Protection, Stopping,
Protection, 05.01.2015 23:21:08, SYSTEM, COMPUTER-P, Protection, Malicious Website Protection, Stopped,
Protection, 05.01.2015 23:21:09, SYSTEM, COMPUTER-P, Protection, Malicious Website Protection, Starting,
Protection, 05.01.2015 23:26:23, SYSTEM, COMPUTER-P, Protection, Malicious Website Protection, Started,

(end)

 

[QuestionGhost]

It seems that the log files of the last scan (Jan 5, 2015) do not report any malicious items, isn't that strange? But it is stated by MWB that it has found Babylan.A

 

[QuestionGhost]

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 23.11.2014
Scan Time: 01:07:37
Logfile: MWB Scan Log Nov 23_2014.txt
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.11.22.16
Rootkit Database: v2014.11.22.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Admin

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 365250
Time Elapsed: 32 min, 33 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
PUP.Optional.Babylon.A, C:\Dokumente und Einstellungen\Admin\Eigene Dateien\Downloads\Unlocker1.9.2.exe, Quarantined, [80582a14aad23204652571af44bd9769],

Physical Sectors: 0
(No malicious items detected)


(end)

 

[QuestionGhost]

OK, it seems that MWB has found Babylon.A on Nov 23rd, 2014 already. I did not realize that.

 

[Broni]

Welcome aboard

Unlocker may install Babylon if you run default installation.
If you ran custom installation (as it's always recommended) there is an option to uncheck unwanted "extra" installation.
That type of extra is called foistware.

We can check if your computer is clean.
Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

 

[QuestionGhost]

The only other scan performed by MWB in between the two that I posted above was on Dec.16, 2014 _ No result appearently. I'll post that one too, just to make sure.

 

[QuestionGhost]

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 16.12.2014
Scan Time: 20:54:00
Logfile: MWB Scan Log Dec 16_2014.txt
Administrator: No

Version: 2.00.3.1025
Malware Database: v2014.12.16.04
Rootkit Database: v2014.12.14.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: P

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 205640
Time Elapsed: 37 min, 32 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

[Broni]

Read my previous reply.

 

[QuestionGhost]

Hello and thank you. Yes, I did read these instructions. Only probldem is - I don't know how to zip the file. Anyway, I'll post the result of DSS (_editor) here now.

 

[QuestionGhost]

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Admin at 0:49:24 on 2015-01-06
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.2047.649 [GMT 1:00]
.
AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ================
.
C:\Programme\HitmanPro.Alert\hmpalert.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir Desktop\sched.exe
C:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\Programme\Freemake\CaptureLib\CaptureLibService.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\CCleaner\CCleaner.exe
C:\Programme\Avira\AntiVir Desktop\avshadow.exe
C:\Dokumente und Einstellungen\P\Eigene Dateien\Downloads\Thunderbird_Setup_17.0.6\core\thunderbird.exe
C:\Programme\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\System32\alg.exe
C:\Programme\Avira\AntiVir Desktop\avscan.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\msdtc.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
C:\Programme\Biet-O-Matic\Biet-O-Matic.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\CCleaner\CCleaner.exe
C:\Programme\Malwarebytes Anti-Malware\mbam.exe
C:\Programme\Malwarebytes Anti-Malware\mbamservice.exe
C:\Programme\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Programme\Malwarebytes Anti-Malware\mbam.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Biet-O-Matic\Biet-O-Matic.exe
C:\Programme\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Programme\Avira\AntiVir Desktop\ipmGui.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Programme\Biet-O-Matic\curl.exe
C:\Programme\Biet-O-Matic\curl.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [CCleaner Monitoring] "c:\programme\ccleaner\CCleaner.exe" /MONITOR
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil32_15_0_0_246_Plugin.exe -update plugin
mRun: [avgnt] "c:\programme\avira\antivir desktop\avgnt.exe" /min
mRun: [DWQueuedReporting] "c:\progra~1\gemein~1\micros~1\dw\dwtrig20.exe" -t
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: SoftwareSASGeneration = dword:1
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programme\messenger\msmsgs.exe
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1369942188984
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1369942325312
DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} - hxxp://download.microsoft.com/download/C/9/C/C9C3D86D-84AC-4AF0-8584-842756A66467/MicrosoftDownloadManager.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\programme\google\chrome\application\34.0.1847.137\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\dokumente und einstellungen\admin\anwendungsdaten\mozilla\firefox\profiles\m5mbu6qr.default\
FF - prefs.js: browser.startup.homepage - hxxps://startpage.com/|about:addons|about:healthreport
FF - plugin: c:\programme\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\programme\google\update\1.3.25.11\npGoogleUpdate3.dll
FF - plugin: c:\programme\nokia\nokia suite\npNokiaSuiteEnabler.dll
FF - plugin: c:\windows\npMSDM.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_15_0_0_246.dll
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2014-11-24 37352]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2014-11-24 98160]
R2 hmpalert;HitmanPro.Alert Support Driver;c:\windows\system32\drivers\hmpalert.sys [2014-11-23 75640]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2011-2-11 35088]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-11-23 23256]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-11-23 114904]
R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\drivers\RTL8192su.sys [2010-7-8 606056]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2013-6-25 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2013-6-25 8576]
.
=============== Created Last 30 ================
.
2014-12-11 00:42:05 -------- d-----w- c:\programme\OpenOffice 4
.
==================== Find3M ====================
.
2015-01-05 21:10:38 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-12-09 22:31:27 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-12-09 22:31:26 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-11-23 12:54:57 75640 ----a-w- c:\windows\system32\drivers\hmpalert.sys
2014-11-23 12:54:57 477008 ----a-w- c:\windows\system32\hmpalert.dll
2014-11-21 05:14:14 54360 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-11-21 05:14:06 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-10-23 13:02:01 37352 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2014-10-23 13:01:57 98160 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2014-01-31 22:37:06 22270576 ----a-w- c:\programme\xul.dll
2014-01-31 22:35:59 50288 ----a-w- c:\programme\mozMapi32_InUse.dll
2010-05-26 19:41:02 2106216 ----a-w- c:\programme\D3DCompiler_43.dll
2010-03-18 16:15:26 770384 ----a-w- c:\programme\msvcr100.dll
2010-03-18 16:15:26 421200 ----a-w- c:\programme\msvcp100.dll
.
============= FINISH: 0:52:08,40 ===============

 

[QuestionGhost]

Now, should I attach the zipped file? As I said, I don't know how to zip it.

 

[QuestionGhost]

OK, I seem to have managed to zip the attachment file using 7zip, but I haven't been able to find and upload it yet. It looks like it is not there, even though I know it's there.

 

[QuestionGhost]

I tried with a zip file that was not created with 7zip. "There was an error uplading your file"

 

[QuestionGhost]

Do you need this DDS attachment for a diagnosis? If so: Any idea how I could uplad the zip file? Thank you!

 

[Broni]

You don't have to zip anything.
All logs have to be pasted.
Paste Attach.txt log into your next reply.

 

[QuestionGhost]

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 30.05.2013 19:48:12
System Uptime: 05.01.2015 08:54:18 (16 hours ago)
.
Motherboard: | | KT400-8235
Processor: AMD Athlon(tm) XP 2400+ | Socket A | 1994/133mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 38 GiB total, 11,897 GiB free.
D: is CDROM (CDFS)
G: is FIXED (NTFS) - 1397 GiB total, 1061,298 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: C-Media AC97 Audio Device
Device ID: PCI\VEN_1106&DEV_3059&SUBSYS_0A811019&REV_50\3&61AAA01&0&8D
Manufacturer: C-Media
Name: C-Media AC97 Audio Device
PNP Device ID: PCI\VEN_1106&DEV_3059&SUBSYS_0A811019&REV_50\3&61AAA01&0&8D
Service: cmuda
.
Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: N8-00
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: N8-00
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd
.
==== System Restore Points ===================
.
RP384: 24.11.2014 00:40:52 - Systemprüfpunkt
RP385: 24.11.2014 18:13:23 - avast! antivirus system restore point
RP386: 24.11.2014 22:46:05 - Systemprüfpunkt
RP387: 25.11.2014 23:28:11 - Systemprüfpunkt
RP388: 27.11.2014 08:56:34 - Systemprüfpunkt
RP389: 28.11.2014 18:28:44 - Systemprüfpunkt
RP390: 29.11.2014 23:49:06 - Systemprüfpunkt
RP391: 01.12.2014 01:59:54 - Systemprüfpunkt
RP392: 03.12.2014 18:48:22 - Systemprüfpunkt
RP393: 05.12.2014 21:30:36 - Systemprüfpunkt
RP394: 07.12.2014 19:49:59 - Systemprüfpunkt
RP395: 08.12.2014 20:34:31 - Systemprüfpunkt
RP396: 10.12.2014 16:26:55 - Systemprüfpunkt
RP397: 11.12.2014 01:15:59 - Software Distribution Service 3.0
RP398: 11.12.2014 01:39:55 - OpenOffice.org 3.4.1 wird entfernt
RP399: 11.12.2014 01:42:00 - OpenOffice 4.1.1 wird installiert
RP400: 12.12.2014 20:55:23 - Systemprüfpunkt
RP401: 13.12.2014 21:53:07 - Systemprüfpunkt
RP402: 14.12.2014 22:08:38 - Systemprüfpunkt
RP403: 15.12.2014 22:35:35 - Systemprüfpunkt
RP404: 17.12.2014 03:18:41 - Systemprüfpunkt
RP405: 18.12.2014 16:54:21 - Systemprüfpunkt
RP406: 19.12.2014 16:56:28 - Systemprüfpunkt
RP407: 20.12.2014 17:24:35 - Systemprüfpunkt
RP408: 21.12.2014 21:01:21 - Systemprüfpunkt
RP409: 22.12.2014 21:24:18 - Systemprüfpunkt
RP410: 24.12.2014 00:12:30 - Systemprüfpunkt
RP411: 25.12.2014 00:52:34 - Systemprüfpunkt
RP412: 26.12.2014 01:15:39 - Systemprüfpunkt
RP413: 27.12.2014 01:19:36 - Systemprüfpunkt
RP414: 28.12.2014 16:48:38 - Systemprüfpunkt
RP415: 05.01.2015 15:44:38 - Systemprüfpunkt
.
==== Installed Programs ======================
.
7-Zip 9.20
ABC Amber Audio Converter
Adobe Flash Player 15 Plugin
Adobe Reader XI (11.0.06) - Deutsch
Areca
Avira Free Antivirus
Belkin USB Wireless Adaptor
Biet-O-Matic v2.14.12
C-Media WDM Audio Driver
CCleaner
CDBurnerXP
Dropbox
Eraser 6.0.10.2620
Freemake Video Downloader
Freemake Youtube Mp3 Converter
Google Chrome
Google Update Helper
HitmanPro.Alert
Hotfix für Windows XP (KB2779562)
Hotfix für Windows XP (KB952287)
Hotfix für Windows XP (KB961118)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB976002-v5)
IrfanView (remove only)
LockHunter 3.1, 32/64 bit
Malwarebytes Anti-Malware Version 2.0.4.1028
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
Microsoft .NET Framework 3.5 Language Pack SP1 - deu
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile DEU Language Pack
Microsoft Download Manager
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft User-Mode Driver Framework Feature Pack 1.9
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft_VC100_CRT_SP1_x86
Mozilla Firefox 34.0.5 (x86 de)
Mozilla Maintenance Service
Mozilla Thunderbird 24.3.0 (x86 de)
MSVC80_x86_v2
MSVC90_x86
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nokia Connectivity Cable Driver
Nokia Suite
OpenOffice 4.1.1
PC Connectivity Solution
Recuva
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2898855v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2901110v2)
Sicherheitsupdate für Microsoft Windows (KB2564958)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2510531)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2829530)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2838727)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2846071)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2847204)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2862772)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2870699)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2879017)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2888505)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2898785)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2909210)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2909921)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2936068)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2964358)
Sicherheitsupdate für Windows Media Player (KB2378111)
Sicherheitsupdate für Windows Media Player (KB2834904-v2)
Sicherheitsupdate für Windows Media Player (KB2834904)
Sicherheitsupdate für Windows Media Player (KB952069)
Sicherheitsupdate für Windows Media Player (KB954155)
Sicherheitsupdate für Windows Media Player (KB973540)
Sicherheitsupdate für Windows Media Player (KB975558)
Sicherheitsupdate für Windows Media Player (KB978695)
Sicherheitsupdate für Windows XP (KB2115168)
Sicherheitsupdate für Windows XP (KB2229593)
Sicherheitsupdate für Windows XP (KB2296011)
Sicherheitsupdate für Windows XP (KB2347290)
Sicherheitsupdate für Windows XP (KB2360937)
Sicherheitsupdate für Windows XP (KB2387149)
Sicherheitsupdate für Windows XP (KB2393802)
Sicherheitsupdate für Windows XP (KB2419632)
Sicherheitsupdate für Windows XP (KB2423089)
Sicherheitsupdate für Windows XP (KB2440591)
Sicherheitsupdate für Windows XP (KB2443105)
Sicherheitsupdate für Windows XP (KB2478960)
Sicherheitsupdate für Windows XP (KB2478971)
Sicherheitsupdate für Windows XP (KB2479943)
Sicherheitsupdate für Windows XP (KB2481109)
Sicherheitsupdate für Windows XP (KB2483185)
Sicherheitsupdate für Windows XP (KB2485663)
Sicherheitsupdate für Windows XP (KB2506212)
Sicherheitsupdate für Windows XP (KB2507938)
Sicherheitsupdate für Windows XP (KB2508429)
Sicherheitsupdate für Windows XP (KB2509553)
Sicherheitsupdate für Windows XP (KB2535512)
Sicherheitsupdate für Windows XP (KB2536276-v2)
Sicherheitsupdate für Windows XP (KB2544893-v2)
Sicherheitsupdate für Windows XP (KB2566454)
Sicherheitsupdate für Windows XP (KB2570947)
Sicherheitsupdate für Windows XP (KB2584146)
Sicherheitsupdate für Windows XP (KB2585542)
Sicherheitsupdate für Windows XP (KB2592799)
Sicherheitsupdate für Windows XP (KB2598479)
Sicherheitsupdate für Windows XP (KB2603381)
Sicherheitsupdate für Windows XP (KB2618451)
Sicherheitsupdate für Windows XP (KB2619339)
Sicherheitsupdate für Windows XP (KB2620712)
Sicherheitsupdate für Windows XP (KB2624667)
Sicherheitsupdate für Windows XP (KB2631813)
Sicherheitsupdate für Windows XP (KB2653956)
Sicherheitsupdate für Windows XP (KB2655992)
Sicherheitsupdate für Windows XP (KB2659262)
Sicherheitsupdate für Windows XP (KB2661637)
Sicherheitsupdate für Windows XP (KB2676562)
Sicherheitsupdate für Windows XP (KB2686509)
Sicherheitsupdate für Windows XP (KB2691442)
Sicherheitsupdate für Windows XP (KB2698365)
Sicherheitsupdate für Windows XP (KB2705219-v2)
Sicherheitsupdate für Windows XP (KB2712808)
Sicherheitsupdate für Windows XP (KB2719985)
Sicherheitsupdate für Windows XP (KB2723135-v2)
Sicherheitsupdate für Windows XP (KB2727528)
Sicherheitsupdate für Windows XP (KB2753842-v2)
Sicherheitsupdate für Windows XP (KB2757638)
Sicherheitsupdate für Windows XP (KB2758857)
Sicherheitsupdate für Windows XP (KB2770660)
Sicherheitsupdate für Windows XP (KB2780091)
Sicherheitsupdate für Windows XP (KB2802968)
Sicherheitsupdate für Windows XP (KB2807986)
Sicherheitsupdate für Windows XP (KB2813170)
Sicherheitsupdate für Windows XP (KB2813345)
Sicherheitsupdate für Windows XP (KB2820197)
Sicherheitsupdate für Windows XP (KB2820917)
Sicherheitsupdate für Windows XP (KB2829361)
Sicherheitsupdate für Windows XP (KB2834886)
Sicherheitsupdate für Windows XP (KB2839229)
Sicherheitsupdate für Windows XP (KB2845187)
Sicherheitsupdate für Windows XP (KB2847311)
Sicherheitsupdate für Windows XP (KB2849470)
Sicherheitsupdate für Windows XP (KB2850851)
Sicherheitsupdate für Windows XP (KB2862152)
Sicherheitsupdate für Windows XP (KB2862330)
Sicherheitsupdate für Windows XP (KB2862335)
Sicherheitsupdate für Windows XP (KB2864063)
Sicherheitsupdate für Windows XP (KB2868038)
Sicherheitsupdate für Windows XP (KB2868626)
Sicherheitsupdate für Windows XP (KB2876217)
Sicherheitsupdate für Windows XP (KB2876315)
Sicherheitsupdate für Windows XP (KB2876331)
Sicherheitsupdate für Windows XP (KB2883150)
Sicherheitsupdate für Windows XP (KB2884256)
Sicherheitsupdate für Windows XP (KB2892075)
Sicherheitsupdate für Windows XP (KB2893294)
Sicherheitsupdate für Windows XP (KB2893984)
Sicherheitsupdate für Windows XP (KB2898715)
Sicherheitsupdate für Windows XP (KB2900986)
Sicherheitsupdate für Windows XP (KB2914368)
Sicherheitsupdate für Windows XP (KB2916036)
Sicherheitsupdate für Windows XP (KB2922229)
Sicherheitsupdate für Windows XP (KB2929961)
Sicherheitsupdate für Windows XP (KB2930275)
Sicherheitsupdate für Windows XP (KB923561)
Sicherheitsupdate für Windows XP (KB923789)
Sicherheitsupdate für Windows XP (KB941569)
Sicherheitsupdate für Windows XP (KB946648)
Sicherheitsupdate für Windows XP (KB950762)
Sicherheitsupdate für Windows XP (KB950974)
Sicherheitsupdate für Windows XP (KB951376-v2)
Sicherheitsupdate für Windows XP (KB952004)
Sicherheitsupdate für Windows XP (KB952954)
Sicherheitsupdate für Windows XP (KB956572)
Sicherheitsupdate für Windows XP (KB956802)
Sicherheitsupdate für Windows XP (KB956844)
Sicherheitsupdate für Windows XP (KB959426)
Sicherheitsupdate für Windows XP (KB960803)
Sicherheitsupdate für Windows XP (KB960859)
Sicherheitsupdate für Windows XP (KB969059)
Sicherheitsupdate für Windows XP (KB970430)
Sicherheitsupdate für Windows XP (KB971657)
Sicherheitsupdate für Windows XP (KB972270)
Sicherheitsupdate für Windows XP (KB973507)
Sicherheitsupdate für Windows XP (KB973869)
Sicherheitsupdate für Windows XP (KB973904)
Sicherheitsupdate für Windows XP (KB974112)
Sicherheitsupdate für Windows XP (KB974318)
Sicherheitsupdate für Windows XP (KB974392)
Sicherheitsupdate für Windows XP (KB974571)
Sicherheitsupdate für Windows XP (KB975025)
Sicherheitsupdate für Windows XP (KB975467)
Sicherheitsupdate für Windows XP (KB975560)
Sicherheitsupdate für Windows XP (KB975713)
Sicherheitsupdate für Windows XP (KB977816)
Sicherheitsupdate für Windows XP (KB977914)
Sicherheitsupdate für Windows XP (KB978338)
Sicherheitsupdate für Windows XP (KB978542)
Sicherheitsupdate für Windows XP (KB978706)
Sicherheitsupdate für Windows XP (KB979309)
Sicherheitsupdate für Windows XP (KB979482)
Sicherheitsupdate für Windows XP (KB979687)
Sicherheitsupdate für Windows XP (KB981322)
Sicherheitsupdate für Windows XP (KB981997)
Sicherheitsupdate für Windows XP (KB982132)
Sicherheitsupdate für Windows XP (KB982665)
Tinypic 3.18
Unlocker 1.9.2
Update für Windows XP (KB2345886)
Update für Windows XP (KB2661254-v2)
Update für Windows XP (KB2749655)
Update für Windows XP (KB2904266)
Update für Windows XP (KB2934207)
Update für Windows XP (KB951978)
Update für Windows XP (KB955759)
Update für Windows XP (KB968389)
Update für Windows XP (KB971029)
Update für Windows XP (KB973815)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VLC media player
WebFldrs XP
Windows-Treiberpaket - Nokia pccsmcfd “LegacyDriver” (05/31/2012 7.1.2.0)
Windows 7 Upgrade Advisor
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows XP Service Pack 3
WinPcap 4.1.2
WISO Sparbuch 2010
XML Paper Specification Shared Components Language Pack 1.0
.
==== End Of File ===========================

 

[Broni]

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

• Close all the running programs
• Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
• Otherwise just double-click on RogueKiller.exe
• Pre-scan will start. Let it finish.
• Click on SCAN button.
• Wait until the Status box shows Scan Finished
• Click on Delete.
• Wait until the Status box shows Deleting Finished.
• Click on Report and copy/paste the content of the Notepad into your next reply.
• RKreport.txt could also be found on your desktop.
• If more than one log is produced post all logs.
• If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

Create new restore point before proceeding with the next step....
How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

Download

Malwarebytes Anti-Rootkit (MBAR) to your desktop.

• Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
• Double click on downloaded file. OK self extracting prompt.
• MBAR will start. Click "Next" to continue.
• Click in the following screen "Update" to obtain the latest malware definitions.
• Once the update is complete select "Next" and click "Scan".
• When the scan is finished and no malware has been found select "Exit".
• If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
• Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
  • "mbar-log-{date} (xx-xx-xx).txt"
  • "system-log.txt"

NOTE. If you see This version requires you to completely exit the Anti Malware application message right click on the Malwarebytes Anti-Malware icon in the system tray and click on Exit.

 

[QuestionGhost]

Sorry, I can't run the first of these programs, Rogue Killer, even after trying many times and renaming it twice like it is suggested.

 

[Broni]

Go ahead with MBAR

 

[QuestionGhost]

Please let me know if there is another way to open Rogue Killer. I will try again in about 7 hrs, since I need to take a break now. Thank you again!

 

[QuestionGhost]

OK, I'll go on with MBAR