TechSpot

Trojan.Dorkbot.ED found

Solved
By morphy201180
Dec 28, 2013
  1. Hi,

    I hope someone can help. I did my monthly malwarebytes scan and it detected the above trojan. I followed the instructions to remove and restarted my computer. I just want to check that my computer is completely clean.

    I have pasted the logs below.

    Malwarebytes Anti-Malware 1.75.0.1300
    www.malwarebytes.org

    Database version: v2013.12.28.06

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    Max :: MAX [administrator]

    28/12/2013 20:55:49
    mbam-log-2013-12-28 (20-55-49).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 229111
    Time elapsed: 8 minute(s), 57 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\Documents and Settings\Max\Local Settings\temp\dzwtopwb.exe (Trojan.Dorkbot.ED) -> Quarantined and deleted successfully.

    (end)

    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 8.0.6001.18702
    Run by Max at 22:52:15 on 2013-12-28
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.511.279 [GMT 0:00]
    .
    AV: avast! Internet Security *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    FW: avast! Internet Security *Disabled*
    .
    ============== Running Processes ================
    .
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\AVAST Software\Avast\afwServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Secunia\PSI\PSIA.exe
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Secunia\PSI\psi_tray.exe
    C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Secunia\PSI\sua.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\system32\svchost.exe -k DcomLaunch
    C:\WINDOWS\system32\svchost.exe -k rpcss
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k NetworkService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\system32\svchost.exe -k netsvcs
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.co.uk/
    BHO: BitComet Helper: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - c:\program files\bitcomet\tools\BitCometBHO_1.5.4.11.dll
    BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
    BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - c:\program files\windows live\toolbar\wltcore.dll
    TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - c:\program files\windows live\toolbar\wltcore.dll
    TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - c:\program files\avast software\avast\aswWebRepIE.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
    uPolicies-Explorer: NoDriveAutoRun = dword:67108863
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
    mPolicies-Explorer: NoDriveAutoRun = dword:67108863
    mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
    mPolicies-Explorer: NoDriveAutoRun = dword:67108863
    IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm
    IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
    IE: Free YouTube Download - c:\program files\common files\dvdvideosoft\plugins\freeytvdownloader.htm
    IE: Free YouTube to MP3 Converter - c:\program files\common files\dvdvideosoft\plugins\freeytmp3downloader.htm
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - c:\program files\bitcomet\tools\BitCometBHO_1.5.4.11.dll/206
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    .
    INFO: HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1351086641375
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\31.0.1650.63\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [2013-12-28 12112]
    R0 aswNdis2;avast! Firewall NDIS Driver;c:\windows\system32\drivers\aswNdis2.sys [2013-12-28 252336]
    R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2013-8-11 49944]
    R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2013-8-11 180248]
    R0 nvcchflt;NVIDIA Disk Cache Filter Driver;c:\windows\system32\drivers\nvcchflt.sys [2005-2-11 16640]
    R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2013-12-28 26136]
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-8-11 775952]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-8-11 410528]
    R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-8-11 67824]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-8-11 50344]
    R2 avast! Firewall;avast! Firewall;c:\program files\avast software\avast\afwServ.exe [2013-12-28 113704]
    R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2011-12-7 54760]
    R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2013-4-18 1227800]
    R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2013-4-18 659992]
    R3 Blackberry Device Manager;BlackBerry Device Manager;c:\program files\common files\research in motion\usb drivers\BbDevMgr.exe [2013-1-18 577536]
    R3 PSI;PSI;c:\windows\system32\drivers\psi_mf_x86.sys [2013-4-18 16024]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
    S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\drivers\s115bus.sys [2007-4-23 83208]
    S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\drivers\s115mdfl.sys [2007-4-23 15112]
    S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\drivers\s115mdm.sys [2007-4-23 108680]
    S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s115mgmt.sys [2007-4-23 100488]
    S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\drivers\s115obex.sys [2007-4-23 98568]
    S3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [2010-6-12 223128]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S4 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2007-5-28 275968]
    .
    =============== File Associations ===============
    .
    ShellExec: BitComet.exe: open="c:\program files\bitcomet\BitComet.exe"
    .
    =============== Created Last 30 ================
    .
    2013-12-28 22:11:17 -------- d-----w- c:\documents and settings\max\application data\AVAST Software
    2013-12-28 22:01:34 252336 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
    2013-12-28 22:01:34 104752 ----a-w- c:\windows\system32\drivers\aswFW.sys
    2013-12-28 22:01:33 26136 ----a-w- c:\windows\system32\drivers\aswKbd.sys
    2013-12-28 22:01:19 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys
    2013-12-23 13:25:45 90709 ----a-w- c:\documents and settings\all users\application data\microsoft\media tools\temp\tmpD0.exe
    2013-12-23 13:15:38 49940480 ----a-w- c:\program files\GUTB1.tmp
    2013-12-23 13:15:38 -------- d-----w- c:\program files\GUMB0.tmp
    2013-12-23 13:09:28 155648 ----a-w- c:\documents and settings\all users\application data\microsoft\media tools\temp\tmp11.exe
    .
    ==================== Find3M ====================
    .
    2013-12-28 22:07:21 775952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2013-12-28 22:07:21 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2013-12-28 22:07:21 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
    2013-12-28 22:07:21 180248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
    2013-12-28 22:07:20 43152 ----a-w- c:\windows\avastSS.scr
    .
    ============= FINISH: 22:53:03.25 ===============

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume1
    Install Date: 12/06/2010 15:36:45
    System Uptime: 28/12/2013 22:09:20 (0 hours ago)
    .
    Motherboard: eveshamvale | | MS-7125
    Processor: AMD Athlon(tm) 64 Processor 3200+ | Socket 939 | 2010/201mhz
    .
    ==== Disk Partitions =========================
    .
    A: is Removable
    C: is FIXED (NTFS) - 147 GiB total, 27.702 GiB free.
    I: is FIXED (NTFS) - 932 GiB total, 20.922 GiB free.
    J: is FIXED (NTFS) - 932 GiB total, 24.567 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318}
    Description: CD-ROM Drive
    Device ID: IDE\CDROMSONY_DVD_RW_DW-Q28A_____________________KYS1____\4&FB5CB90&0&1.0.0
    Manufacturer: (Standard CD-ROM drives)
    Name: SONY DVD RW DW-Q28A
    PNP Device ID: IDE\CDROMSONY_DVD_RW_DW-Q28A_____________________KYS1____\4&FB5CB90&0&1.0.0
    Service: cdrom
    .
    Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318}
    Description: CD-ROM Drive
    Device ID: IDE\CDROMSONY_DVD-ROM_DDU1615____________________FYS2____\4&FB5CB90&0&1.1.0
    Manufacturer: (Standard CD-ROM drives)
    Name: SONY DVD-ROM DDU1615
    PNP Device ID: IDE\CDROMSONY_DVD-ROM_DDU1615____________________FYS2____\4&FB5CB90&0&1.1.0
    Service: cdrom
    .
    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: NVIDIA nForce Networking Controller
    Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV0057\4&1434C427&0&01
    Manufacturer: Nvidia
    Name: NVIDIA nForce Networking Controller
    PNP Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV0057\4&1434C427&0&01
    Service: NVENETFD
    .
    Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318}
    Description: CD-ROM Drive
    Device ID: SCSI\CDROM&VEN_CRMB&PROD_C1AZKLIBSH&REV_3.5Z\5&2134D835&0&000
    Manufacturer: (Standard CD-ROM drives)
    Name: CRMB C1AZKLIBSH SCSI CdRom Device
    PNP Device ID: SCSI\CDROM&VEN_CRMB&PROD_C1AZKLIBSH&REV_3.5Z\5&2134D835&0&000
    Service: cdrom
    .
    Class GUID: {4D36E978-E325-11CE-BFC1-08002BE10318}
    Description: Communications Port
    Device ID: ACPI\PNP0501\1
    Manufacturer: (Standard port types)
    Name: Communications Port (COM1)
    PNP Device ID: ACPI\PNP0501\1
    Service: Serial
    .
    ==== System Restore Points ===================
    .
    RP991: 16/08/2013 21:23:56 - System Checkpoint
    RP992: 16/08/2013 21:24:02 - OTL Restore Point - 16/08/2013 21:23:59
    RP993: 16/08/2013 21:44:00 - Revo Uninstaller's restore point - ESET Online Scanner v3
    RP994: 16/08/2013 21:48:33 - Revo Uninstaller's restore point - Apple Application Support
    RP995: 16/08/2013 21:51:27 - Revo Uninstaller's restore point - Apple Software Update
    RP996: 16/08/2013 21:52:42 - Revo Uninstaller's restore point - CCleaner
    RP997: 16/08/2013 21:56:19 - Revo Uninstaller's restore point - Agatha Christie - And Then There Were None
    RP998: 28/12/2013 22:03:20 - avast! antivirus system restore point
    .
    ==== Installed Programs ======================
    .
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Media Player
    Adobe Reader XI (11.0.05)
    avast! Internet Security
    BitComet 1.35
    BlackBerry App World Browser Plugin
    BlackBerry Desktop Software 7.1
    BlackBerry Device Software Updater
    Bonjour
    Compatibility Pack for the 2007 Office system
    Free Video to MP3 Converter version 5.0.22.128
    Free YouTube Download version 3.2.0.128
    Free YouTube to MP3 Converter version 3.12.0.128
    Google Chrome
    Google Update Helper
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Junk Mail filter update
    Malwarebytes Anti-Malware version 1.75.0.1300
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    Microsoft Office File Validation Add-In
    Microsoft Office Live Add-in 1.5
    Microsoft Office Outlook Connector
    Microsoft Office Professional Edition 2003
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Sync Framework Runtime Native v1.0 (x86)
    Microsoft Sync Framework Services Native v1.0 (x86)
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Visual J# 2.0 Redistributable Package
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 6 Service Pack 2 (KB973686)
    NVIDIA ForceWare Network Access Manager
    PowerDVD
    QuickTime
    Realtek AC'97 Audio
    Revo Uninstaller 1.94
    Secunia PSI (3.0.0.7009)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB2482017)
    Security Update for Windows Internet Explorer 8 (KB2497640)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2530548)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2559049)
    Security Update for Windows Internet Explorer 8 (KB2586448)
    Security Update for Windows Internet Explorer 8 (KB2618444)
    Security Update for Windows Internet Explorer 8 (KB2647516)
    Security Update for Windows Internet Explorer 8 (KB2675157)
    Security Update for Windows Internet Explorer 8 (KB2699988)
    Security Update for Windows Internet Explorer 8 (KB2722913)
    Security Update for Windows Internet Explorer 8 (KB2744842)
    Security Update for Windows Internet Explorer 8 (KB2761465)
    Security Update for Windows Internet Explorer 8 (KB2792100)
    Security Update for Windows Internet Explorer 8 (KB2797052)
    Security Update for Windows Internet Explorer 8 (KB2799329)
    Security Update for Windows Internet Explorer 8 (KB2809289)
    Security Update for Windows Internet Explorer 8 (KB2817183)
    Security Update for Windows Internet Explorer 8 (KB2829530)
    Security Update for Windows Internet Explorer 8 (KB2838727)
    Security Update for Windows Internet Explorer 8 (KB2847204)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows XP (KB2839229)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB982381)
    Segoe UI
    Sky Broadband
    Sky Broadband Browser Branding
    SmartSound Quicktracks Plugin
    Tweaking.com - Windows Repair (All in One)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB2447568)
    Update for Windows Internet Explorer 8 (KB2598845)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB982632)
    Virtual DJ - Atomix Productions
    VLC media player 2.1.2
    WebFldrs XP
    Winamp
    Winamp Detector Plug-in
    Windows Imaging Component
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live Mail
    Windows Live Messenger
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Toolbar
    Windows Live Upload Tool
    Windows Live Writer
    Windows Media Format Runtime
    Windows Media Player Firefox Plugin
    Windows XP Service Pack 3
    WinRAR archiver
    .
    ==== Event Viewer Messages From Past Week ========
    .
    28/12/2013 22:10:50, error: Service Control Manager [7000] - The aswFsBlk service failed to start due to the following error: The system cannot find the file specified.
    28/12/2013 22:08:21, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the avast! Firewall service to connect.
    28/12/2013 22:08:21, error: Service Control Manager [7000] - The avast! Firewall service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    28/12/2013 21:55:52, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: atapi PCIIde
    28/12/2013 21:55:11, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
    .
    ==== End Of File ===========================
     
  2. Broni

    Broni Malware Annihilator Posts: 48,033   +271

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===================================

    [​IMG] Download RogueKiller for 32bit or Roguekiller for 64bit to your Desktop.
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Create new restore point before proceeding with the next step....
    How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

    Download Malwarebytes Anti-Rootkit (MBAR) from HERE
    • Unzip downloaded file.
    • Open the folder where the contents were unzipped and run mbar.exe
    • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
    • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
    • Wait while the system shuts down and the cleanup process is performed.
    • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
     
  3. morphy201180

    morphy201180 TS Rookie Topic Starter Posts: 31

    RogueKiller V8.8.0 [Dec 27 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.adlice.com/forum/
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
    Started in : Normal mode
    User : Max [Admin rights]
    Mode : Scan -- Date : 12/29/2013 00:30:46
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 2 ¤¤¤
    [HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
    [HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND

    ¤¤¤ Scheduled tasks : 0 ¤¤¤

    ¤¤¤ Startup Entries : 0 ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ Browser Addons : 0 ¤¤¤

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED 0xc0000033] ¤¤¤

    ¤¤¤ External Hives: ¤¤¤

    ¤¤¤ Infection : ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> %SystemRoot%\System32\drivers\etc\hosts


    127.0.0.1 localhost
    127.0.0.1 serial.alcohol-soft.com
    127.0.0.1 www.alcohol-soft.com
    127.0.0.1 images.alcohol-soft.com
    127.0.0.1 trial.alcohol-soft.com
    127.0.0.1 alcohol-soft.com


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD1600JB-00GVC0 +++++
    --- User ---
    [MBR] 42a43f7d6381165f522b5beb7cc548dc
    [BSP] bebad6991d2bda8fb059e038170b4e79 : Windows XP MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 150405 Mo
    1 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 308030310 | Size: 2219 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR! ([0x1] Incorrect function. )

    +++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) Seagate FreeAgent USB Device +++++
    --- User ---
    [MBR] 4b33c4bd42c1b64342920085ca661a1d
    [BSP] 2470c8e6fd96c1e4c53c34f4dbaf637b : Windows XP MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 953867 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR! ([0x32] The request is not supported. )

    +++++ PhysicalDrive2: (\\.\PHYSICALDRIVE2 @ USB) ST310005 20AS USB Device +++++
    --- User ---
    [MBR] 7435b395373533bcd39085cd12602a0e
    [BSP] 3a263ec662f61a27d74cd7a536bc3337 : Windows XP MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 953867 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR! ([0x32] The request is not supported. )

    Finished : << RKreport[0]_S_12292013_003046.txt >>


    RogueKiller V8.8.0 [Dec 27 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.adlice.com/forum/
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
    Started in : Normal mode
    User : Max [Admin rights]
    Mode : Remove -- Date : 12/29/2013 00:31:27
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 2 ¤¤¤
    [HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED
    [HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED

    ¤¤¤ Scheduled tasks : 0 ¤¤¤

    ¤¤¤ Startup Entries : 0 ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ Browser Addons : 0 ¤¤¤

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED 0xc0000033] ¤¤¤

    ¤¤¤ External Hives: ¤¤¤

    ¤¤¤ Infection : ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> %SystemRoot%\System32\drivers\etc\hosts


    127.0.0.1 localhost
    127.0.0.1 serial.alcohol-soft.com
    127.0.0.1 www.alcohol-soft.com
    127.0.0.1 images.alcohol-soft.com
    127.0.0.1 trial.alcohol-soft.com
    127.0.0.1 alcohol-soft.com


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD1600JB-00GVC0 +++++
    --- User ---
    [MBR] 42a43f7d6381165f522b5beb7cc548dc
    [BSP] bebad6991d2bda8fb059e038170b4e79 : Windows XP MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 150405 Mo
    1 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 308030310 | Size: 2219 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR! ([0x1] Incorrect function. )

    +++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) Seagate FreeAgent USB Device +++++
    --- User ---
    [MBR] 4b33c4bd42c1b64342920085ca661a1d
    [BSP] 2470c8e6fd96c1e4c53c34f4dbaf637b : Windows XP MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 953867 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR! ([0x32] The request is not supported. )

    +++++ PhysicalDrive2: (\\.\PHYSICALDRIVE2 @ USB) ST310005 20AS USB Device +++++
    --- User ---
    [MBR] 7435b395373533bcd39085cd12602a0e
    [BSP] 3a263ec662f61a27d74cd7a536bc3337 : Windows XP MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 953867 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR! ([0x32] The request is not supported. )

    Finished : << RKreport[0]_D_12292013_003127.txt >>
    RKreport[0]_S_12292013_003046.txt
     
  4. morphy201180

    morphy201180 TS Rookie Topic Starter Posts: 31

    Malwarebytes Anti-Rootkit BETA 1.07.0.1008
    www.malwarebytes.org

    Database version: v2013.12.28.07

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    Max :: MAX [administrator]

    29/12/2013 00:41:47
    mbar-log-2013-12-29 (00-41-47).txt

    Scan type: Quick scan
    Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
    Scan options disabled:
    Kernel memory modifications detected. Deep Anti-Rootkit Scan engaged.
    Objects scanned: 232810
    Time elapsed: 23 minute(s), 54 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    Physical Sectors Detected: 0
    (No malicious items detected)

    (end)

    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.07.0.1008

    (c) Malwarebytes Corporation 2011-2012

    OS version: 5.1.2600 Windows XP Service Pack 3 x86

    Account is Administrative

    Internet Explorer version: 8.0.6001.18702

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, I:\ DRIVE_FIXED, J:\ DRIVE_FIXED
    CPU speed: 2.010000 GHz
    Memory total: 536330240, free: 46555136

    Downloaded database version: v2013.12.28.07
    Downloaded database version: v2013.12.18.01
    =======================================
    Initializing...
    ------------ Kernel report ------------
    12/29/2013 00:41:14
    ------------ Loaded modules -----------
    \WINDOWS\system32\ntkrnlpa.exe
    \WINDOWS\system32\hal.dll
    \WINDOWS\system32\KDCOM.DLL
    \WINDOWS\system32\BOOTVID.dll
    spqr.sys
    \WINDOWS\System32\Drivers\WMILIB.SYS
    \WINDOWS\System32\Drivers\SCSIPORT.SYS
    ACPI.sys
    pci.sys
    isapnp.sys
    pciide.sys
    \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
    MountMgr.sys
    ftdisk.sys
    PartMgr.sys
    VolSnap.sys
    atapi.sys
    nvatabus.sys
    disk.sys
    \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    fltmgr.sys
    sr.sys
    PxHelp20.sys
    KSecDD.sys
    Ntfs.sys
    NDIS.sys
    aswNdis2.sys
    aswNdis.sys
    nvcchflt.sys
    Mup.sys
    aswVmm.sys
    aswRvrt.sys
    \SystemRoot\system32\DRIVERS\tunmp.sys
    \SystemRoot\system32\DRIVERS\processr.sys
    \SystemRoot\system32\DRIVERS\usbohci.sys
    \SystemRoot\system32\DRIVERS\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\usbehci.sys
    \SystemRoot\system32\drivers\ALCXWDM.SYS
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\system32\drivers\ks.sys
    \SystemRoot\system32\DRIVERS\HSFBS2S2.sys
    \SystemRoot\system32\DRIVERS\HSFDPSP2.sys
    \SystemRoot\system32\DRIVERS\HSFCXTS2.sys
    \SystemRoot\System32\Drivers\Modem.SYS
    \SystemRoot\system32\DRIVERS\nvnetbus.sys
    \SystemRoot\system32\DRIVERS\NVNRM.SYS
    \SystemRoot\system32\DRIVERS\NVSNPU.SYS
    \SystemRoot\system32\DRIVERS\nv4_mini.sys
    \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    \SystemRoot\System32\Drivers\a10mt5ln.SYS
    \SystemRoot\system32\DRIVERS\fdc.sys
    \SystemRoot\system32\DRIVERS\parport.sys
    \SystemRoot\system32\DRIVERS\audstub.sys
    \SystemRoot\System32\Drivers\RootMdm.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\system32\DRIVERS\psched.sys
    \SystemRoot\system32\DRIVERS\msgpc.sys
    \SystemRoot\system32\DRIVERS\ptilink.sys
    \SystemRoot\system32\DRIVERS\raspti.sys
    \SystemRoot\system32\DRIVERS\RimSerial.sys
    \SystemRoot\system32\DRIVERS\WDFLDR.SYS
    \SystemRoot\System32\Drivers\wdf01000.sys
    \SystemRoot\system32\DRIVERS\termdd.sys
    \SystemRoot\system32\DRIVERS\kbdclass.sys
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \SystemRoot\system32\DRIVERS\swenum.sys
    \SystemRoot\system32\DRIVERS\update.sys
    \SystemRoot\system32\DRIVERS\mssmbios.sys
    \SystemRoot\system32\DRIVERS\flpydisk.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \??\C:\WINDOWS\system32\drivers\aswSP.sys
    \SystemRoot\System32\Drivers\Fs_Rec.SYS
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    \??\C:\WINDOWS\system32\drivers\aswKbd.sys
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\Drivers\mnmdd.SYS
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\DRIVERS\rasacd.sys
    \SystemRoot\system32\DRIVERS\ipsec.sys
    \SystemRoot\system32\DRIVERS\tcpip.sys
    \??\C:\WINDOWS\system32\drivers\aswTdi.sys
    \SystemRoot\system32\DRIVERS\ipnat.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\system32\DRIVERS\tcpip6.sys
    \SystemRoot\system32\DRIVERS\netbt.sys
    \??\C:\WINDOWS\system32\drivers\aswRdr.sys
    \SystemRoot\system32\drivers\ip6fw.sys
    \SystemRoot\System32\drivers\ws2ifsl.sys
    \SystemRoot\System32\drivers\afd.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\System32\Drivers\StarOpen.SYS
    \SystemRoot\system32\DRIVERS\redbook.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\system32\DRIVERS\imapi.sys
    \SystemRoot\System32\Drivers\Fips.SYS
    \??\C:\WINDOWS\system32\drivers\aswSnx.sys
    \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    \SystemRoot\system32\DRIVERS\usbccgp.sys
    \SystemRoot\system32\DRIVERS\hidusb.sys
    \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    \SystemRoot\system32\DRIVERS\mouhid.sys
    \SystemRoot\system32\DRIVERS\kbdhid.sys
    \SystemRoot\System32\Drivers\dump_nvatabus.sys
    \SystemRoot\System32\Drivers\dump_WMILIB.SYS
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\System32\watchdog.sys
    \SystemRoot\System32\drivers\dxg.sys
    \SystemRoot\System32\drivers\dxgthk.sys
    \SystemRoot\System32\nv4_disp.dll
    \SystemRoot\System32\ATMFD.DLL
    \??\C:\WINDOWS\system32\drivers\aswMonFlt.sys
    \SystemRoot\system32\DRIVERS\fssfltr_tdi.sys
    \SystemRoot\system32\DRIVERS\ndisuio.sys
    \SystemRoot\system32\drivers\wdmaud.sys
    \SystemRoot\system32\drivers\sysaudio.sys
    \SystemRoot\System32\Drivers\ParVdm.SYS
    \SystemRoot\system32\DRIVERS\mdmxsdk.sys
    \SystemRoot\system32\DRIVERS\srv.sys
    \SystemRoot\System32\Drivers\HTTP.sys
    \SystemRoot\system32\DRIVERS\psi_mf_x86.sys
    \??\C:\DOCUME~1\Max\LOCALS~1\Temp\mbr.sys
    \SystemRoot\system32\DRIVERS\NVENETFD.sys
    \SystemRoot\System32\Drivers\Fastfat.SYS
    \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
    \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
    \WINDOWS\system32\ntdll.dll
    \Program Files\Alcohol Soft\Alcohol 120\Alcoholx.dll
    ----------- End -----------
    Done!
    <<<1>>>
    Upper Device Name: \Device\Harddisk2\DR4
    Upper Device Object: 0xffffffff81ff7ab8
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\00000080\
    Lower Device Object: 0xffffffff822b57e8
    Lower Device Driver Name: \Driver\usbstor\
    IRP handler 0 of \Driver\usbstor points to an unknown module
    Unhooking enabled.
    <<<1>>>
    Upper Device Name: \Device\Harddisk2\DR4
    Upper Device Object: 0xffffffff81ff7ab8
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\00000080\
    Lower Device Object: 0xffffffff822b57e8
    Lower Device Driver Name: \Driver\usbstor\
    Driver name found: usbstor
    Initialization returned 0x0
    Load Function returned 0x0
    <<<1>>>
    Upper Device Name: \Device\Harddisk1\DR3
    Upper Device Object: 0xffffffff81ff7030
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\0000007f\
    Lower Device Object: 0xffffffff82c50720
    Lower Device Driver Name: \Driver\usbstor\
    Driver name found: usbstor
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xffffffff82d35ab8
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\00000070\
    Lower Device Object: 0xffffffff82d36030
    Lower Device Driver Name: \Driver\nvatabus\
    Driver name found: nvatabus
    Initialization returned 0x0
    Load Function returned 0x0
    <<<2>>>
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xffffffff82d35ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffffff82dd3e08, DeviceName: Unknown, DriverName: \Driver\PartMgr\
    DevicePointer: 0xffffffff82d35ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xffffffff82cc8b88, DeviceName: \Device\00000073\, DriverName: \Driver\ACPI\
    DevicePointer: 0xffffffff82d36030, DeviceName: \Device\00000070\, DriverName: \Driver\nvatabus\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    Upper DeviceData: 0xffffffffe3dc0ed8, 0xffffffff82d35ab8, 0xfffffffffe6bb040
    Lower DeviceData: 0xffffffffe14b60c0, 0xffffffff82d36030, 0xffffffff82bff260
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    File user open failed: C:\WINDOWS\SYSTEM32\drivers\sptd.sys (0x00000020)
    Done!
    Drive 0
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: E168E168

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63 Numsec = 308030247
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Other (0x12)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 308030310 Numsec = 4546395

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 160041885696 bytes
    Sector size: 512 bytes

    Scanning physical sectors of unpartitioned space on drive 0 (1-62-312561808-312581808)...
    Done!
    Physical Sector Size: 512
    Drive: 1, DevicePointer: 0xffffffff81ff7030, DeviceName: \Device\Harddisk1\DR3\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffffff822c4750, DeviceName: Unknown, DriverName: \Driver\PartMgr\
    DevicePointer: 0xffffffff81ff7030, DeviceName: \Device\Harddisk1\DR3\, DriverName: \Driver\Disk\
    DevicePointer: 0xffffffff82c50720, DeviceName: \Device\0000007f\, DriverName: \Driver\usbstor\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk1\DR3\, DriverName: \Driver\Disk\
    Upper DeviceData: 0xffffffffe16616b8, 0xffffffff81ff7030, 0xfffffffffe72dab8
    Lower DeviceData: 0xffffffffe17a1da0, 0xffffffff82c50720, 0xffffffff8257f740
    Drive 1
    Scanning MBR on drive 1...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: EABD2EC9

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63 Numsec = 1953520002

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 1000204886016 bytes
    Sector size: 512 bytes

    Done!
    Physical Sector Size: 512
    Drive: 2, DevicePointer: 0xffffffff81ff7ab8, DeviceName: \Device\Harddisk2\DR4\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffffff8226a750, DeviceName: Unknown, DriverName: \Driver\PartMgr\
    DevicePointer: 0xffffffff81ff7ab8, DeviceName: \Device\Harddisk2\DR4\, DriverName: \Driver\Disk\
    DevicePointer: 0xffffffff822b57e8, DeviceName: \Device\00000080\, DriverName: \Driver\usbstor\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk2\DR4\, DriverName: \Driver\Disk\
    Upper DeviceData: 0xffffffffe10a5430, 0xffffffff81ff7ab8, 0xfffffffffe6c76c8
    Lower DeviceData: 0xffffffffe32a19f8, 0xffffffff822b57e8, 0xffffffffff5cbaf0
    Drive 2
    Scanning MBR on drive 2...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: CBCE2081

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63 Numsec = 1953520002

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 1000204886016 bytes
    Sector size: 512 bytes

    Done!
    Scan finished
    =======================================


    Removal queue found; removal started
    Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
    Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_63_i.mbam...
    Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
    Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR_1_i.mbam...
    Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR_1_r.mbam...
    Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR_2_i.mbam...
    Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR_2_r.mbam...
    Removal finished
     
  5. Broni

    Broni Malware Annihilator Posts: 48,033   +271

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  6. morphy201180

    morphy201180 TS Rookie Topic Starter Posts: 31

    Please see below Combofix log

    ComboFix 13-12-26.01 - Max 29/12/2013 14:31:13.4.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.511.187 [GMT 0:00]
    Running from: c:\documents and settings\Max\Desktop\ComboFix.exe
    AV: avast! Internet Security *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    FW: avast! Internet Security *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2013-11-28 to 2013-12-29 )))))))))))))))))))))))))))))))
    .
    .
    2013-12-29 00:41 . 2013-12-29 00:41 104664 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2013-12-29 00:40 . 2013-12-29 00:40 51416 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2013-12-28 22:11 . 2013-12-28 22:11 -------- d-----w- c:\documents and settings\Max\Application Data\AVAST Software
    2013-12-28 22:01 . 2013-12-28 22:06 252336 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
    2013-12-28 22:01 . 2013-12-19 13:11 104752 ----a-w- c:\windows\system32\drivers\aswFW.sys
    2013-12-28 22:01 . 2013-12-28 22:07 26136 ----a-w- c:\windows\system32\drivers\aswKbd.sys
    2013-12-28 22:01 . 2013-09-25 12:15 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys
    2013-12-23 13:25 . 2013-12-23 13:25 90709 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Media Tools\temp\tmpD0.exe
    2013-12-23 13:15 . 2013-12-23 13:17 -------- d-----w- c:\program files\GUMB0.tmp
    2013-12-23 13:15 . 2013-12-23 13:15 49940480 ----a-w- c:\program files\GUTB1.tmp
    2013-12-23 13:09 . 2013-12-23 13:09 155648 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Media Tools\temp\tmp11.exe
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-12-29 00:30 . 2013-12-29 00:30 4352 ----a-w- c:\windows\system32\drivers\wmilib.sys.bak
    2013-12-29 00:30 . 2013-12-29 00:30 18944 ----a-w- c:\windows\system32\drivers\wpdusb.sys.bak
    2013-12-29 00:30 . 2013-12-29 00:30 12032 ----a-w- c:\windows\system32\drivers\ws2ifsl.sys.bak
    2013-12-29 00:30 . 2013-12-29 00:30 9600 ----a-w- c:\windows\system32\drivers\WINFOXIO.sys.bak
    2013-12-29 00:30 . 2013-12-29 00:30 83072 ----a-w- c:\windows\system32\drivers\wdmaud.sys.bak
    2013-12-29 00:30 . 2013-12-29 00:30 444136 ----a-w- c:\windows\system32\drivers\wdf01000.sys.bak
    2013-12-29 00:30 . 2013-12-29 00:30 37608 ----a-w- c:\windows\system32\drivers\wdfldr.sys.bak
    2013-12-29 00:30 . 2013-12-29 00:30 34560 ----a-w- c:\windows\system32\drivers\wanarp.sys.bak
    2013-12-29 00:30 . 2013-12-29 00:30 25471 ----a-w- c:\windows\system32\drivers\watv10nt.sys.bak
    2013-12-29 00:30 . 2013-12-29 00:30 22271 ----a-w- c:\windows\system32\drivers\watv06nt.sys.bak
    2013-12-29 00:30 . 2013-12-29 00:30 11935 ----a-w- c:\windows\system32\drivers\wadv11nt.sys.bak
    2013-12-29 00:30 . 2013-12-29 00:30 11871 ----a-w- c:\windows\system32\drivers\wadv09nt.sys.bak
    2013-12-29 00:30 . 2013-12-29 00:30 11295 ----a-w- c:\windows\system32\drivers\wadv08nt.sys.bak
    2013-12-29 00:30 . 2013-12-29 00:30 81664 ----a-w- c:\windows\system32\drivers\videoprt.sys.bak
    2013-12-29 00:30 . 2013-12-29 00:30 52352 ----a-w- c:\windows\system32\drivers\volsnap.sys.bak
    2013-12-29 00:30 . 2013-12-29 00:30 42240 ----a-w- c:\windows\system32\drivers\viaagp.sys.bak
    2013-12-29 00:30 . 2013-12-29 00:30 14208 ----a-w- c:\windows\system32\drivers\wacompen.sys.bak
    2013-12-29 00:30 . 2013-12-29 00:30 11807 ----a-w- c:\windows\system32\drivers\wadv07nt.sys.bak
    2013-12-29 00:30 . 2013-12-29 00:30 58112 ----a-w- c:\windows\system32\drivers\vdmindvd.sys.bak
    2013-12-29 00:30 . 2013-12-29 00:30 223128 ----a-w- c:\windows\system32\drivers\vaxscsi.sys.bak
    2013-12-29 00:30 . 2013-12-29 00:30 20992 ----a-w- c:\windows\system32\drivers\vga.sys.bak
    2013-12-29 00:30 . 2013-12-29 00:30 121984 ----a-w- c:\windows\system32\drivers\usbvideo.sys.bak
    2013-12-29 00:30 . 2013-12-29 00:30 26368 ----a-w- c:\windows\system32\drivers\usbstor.sys.bak
    2013-12-29 00:30 . 2013-12-29 00:30 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys.bak
    2013-12-29 00:30 . 2013-12-29 00:30 17152 ----a-w- c:\windows\system32\drivers\usbohci.sys.bak
    2013-12-29 00:30 . 2013-12-29 00:30 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys.bak
    2013-12-29 00:30 . 2013-12-29 00:30 143872 ----a-w- c:\windows\system32\drivers\usbport.sys.bak
    2013-12-29 00:30 . 2013-12-29 00:30 15872 ----a-w- c:\windows\system32\drivers\usbintel.sys.bak
    2013-12-29 00:30 . 2013-12-29 00:30 59520 ----a-w- c:\windows\system32\drivers\usbhub.sys.bak
    2013-12-29 00:30 . 2013-12-29 00:30 30208 ----a-w- c:\windows\system32\drivers\usbehci.sys.bak
    2013-12-29 00:30 . 2013-12-29 00:30 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys.bak
    2013-12-29 00:30 . 2013-12-29 00:30 4736 ----a-w- c:\windows\system32\drivers\usbd.sys.bak
    2013-12-29 00:30 . 2013-12-29 00:30 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys.bak
    2013-12-29 00:30 . 2013-12-29 00:30 25728 ----a-w- c:\windows\system32\drivers\usbcamd2.sys.bak
    2013-12-29 00:30 . 2013-12-29 00:30 25600 ----a-w- c:\windows\system32\drivers\usbcamd.sys.bak
    2013-12-29 00:30 . 2013-12-29 00:30 12928 ----a-w- c:\windows\system32\drivers\usb8023x.sys.bak
    2013-12-29 00:30 . 2013-12-29 00:30 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys.bak
    2013-12-29 00:30 . 2013-12-29 00:30 384768 ----a-w- c:\windows\system32\drivers\update.sys.bak
    2013-12-29 00:30 . 2013-12-29 00:30 66048 ----a-w- c:\windows\system32\drivers\udfs.sys.bak
    2013-12-29 00:30 . 2013-12-29 00:30 44672 ----a-w- c:\windows\system32\drivers\uagp35.sys.bak
    2013-12-29 00:30 . 2013-12-29 00:30 12288 ----a-w- c:\windows\system32\drivers\tunmp.sys.bak
    2013-12-29 00:30 . 2013-12-29 00:30 21376 ----a-w- c:\windows\system32\drivers\tsbvcap.sys.bak
    2013-12-29 00:30 . 2013-12-29 00:30 51712 ----a-w- c:\windows\system32\drivers\tosdvd.sys.bak
    2013-12-29 00:30 . 2013-12-29 00:30 40840 ----a-w- c:\windows\system32\drivers\termdd.sys.bak
    2013-12-29 00:30 . 2013-12-29 00:30 15616 ----a-w- c:\windows\system32\drivers\TrueSight.sys.bak
    2013-12-29 00:30 . 2013-12-29 00:30 21896 ----a-w- c:\windows\system32\drivers\tdtcp.sys.bak
    2013-12-29 00:30 . 2013-12-29 00:30 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys.bak
    2013-12-29 00:30 . 2013-12-29 00:30 19072 ----a-w- c:\windows\system32\drivers\tdi.sys.bak
    2013-12-29 00:30 . 2013-12-29 00:30 12040 ----a-w- c:\windows\system32\drivers\tdpipe.sys.bak
    2013-12-29 00:30 . 2013-12-29 00:30 60800 ----a-w- c:\windows\system32\drivers\sysaudio.sys.bak
    2013-12-29 00:30 . 2013-12-29 00:30 56576 ----a-w- c:\windows\system32\drivers\swmidi.sys.bak
    2013-12-29 00:30 . 2013-12-29 00:30 361600 ----a-w- c:\windows\system32\drivers\tcpip.sys.bak
    2013-12-29 00:30 . 2013-12-29 00:30 14976 ----a-w- c:\windows\system32\drivers\tape.sys.bak
    2013-12-29 00:30 . 2013-12-29 00:30 5632 ----a-w- c:\windows\system32\drivers\StarOpen.sys.bak
    2013-12-29 00:30 . 2013-12-29 00:30 49408 ----a-w- c:\windows\system32\drivers\stream.sys.bak
    2013-12-29 00:30 . 2013-12-29 00:30 4352 ----a-w- c:\windows\system32\drivers\swenum.sys.bak
    2013-12-29 00:30 . 2013-12-29 00:30 357888 ----a-w- c:\windows\system32\drivers\srv.sys.bak
    2013-12-29 00:30 . 2013-12-29 00:30 73472 ----a-w- c:\windows\system32\drivers\sr.sys.bak
    2013-12-29 00:30 . 2013-12-29 00:30 691696 ----a-w- c:\windows\system32\drivers\sptd.sys.bak
    2013-12-29 00:30 . 2013-12-29 00:30 6272 ----a-w- c:\windows\system32\drivers\splitter.sys.bak
    2013-12-29 00:30 . 2013-12-29 00:30 25344 ----a-w- c:\windows\system32\drivers\sonydcam.sys.bak
    2013-12-29 00:30 . 2013-12-29 00:30 95424 ----a-w- c:\windows\system32\drivers\slnthal.sys.bak
    2013-12-29 00:30 . 2013-12-29 00:30 5888 ----a-w- c:\windows\system32\drivers\smbali.sys.bak
    2013-12-29 00:30 . 2013-12-29 00:30 14592 ----a-w- c:\windows\system32\drivers\smclib.sys.bak
    2013-12-29 00:30 . 2013-12-29 00:30 13240 ----a-w- c:\windows\system32\drivers\slwdmsup.sys.bak
    2013-12-29 00:30 . 2013-12-29 00:30 64512 ----a-w- c:\windows\system32\drivers\serial.sys.bak
    2013-12-29 00:30 . 2013-12-29 00:30 40960 ----a-w- c:\windows\system32\drivers\sisagp.sys.bak
    2013-12-29 00:30 . 2013-12-29 00:30 404990 ----a-w- c:\windows\system32\drivers\slntamr.sys.bak
    2013-12-29 00:30 . 2013-12-29 00:30 129535 ----a-w- c:\windows\system32\drivers\slnt7554.sys.bak
    2013-12-29 00:30 . 2013-12-29 00:30 11904 ----a-w- c:\windows\system32\drivers\sffdisk.sys.bak
    2013-12-29 00:30 . 2013-12-29 00:30 11392 ----a-w- c:\windows\system32\drivers\sfloppy.sys.bak
    2013-12-29 00:30 . 2013-12-29 00:30 11008 ----a-w- c:\windows\system32\drivers\sffp_sd.sys.bak
    2013-12-29 00:30 . 2013-12-29 00:30 10240 ----a-w- c:\windows\system32\drivers\sffp_mmc.sys.bak
    2013-12-29 00:30 . 2013-12-29 00:30 15744 ----a-w- c:\windows\system32\drivers\serenum.sys.bak
    2013-12-29 00:30 . 2013-12-29 00:30 98568 ----a-w- c:\windows\system32\drivers\s115obex.sys.bak
    2013-12-29 00:30 . 2013-12-29 00:30 96384 ----a-w- c:\windows\system32\drivers\scsiport.sys.bak
    2013-12-29 00:30 . 2013-12-29 00:30 79232 ----a-w- c:\windows\system32\drivers\sdbus.sys.bak
    2013-12-29 00:30 . 2013-12-29 00:30 20480 ----a-w- c:\windows\system32\drivers\secdrv.sys.bak
    2013-12-29 00:30 . 2013-12-29 00:30 166912 ----a-w- c:\windows\system32\drivers\s3gnbm.sys.bak
    2013-12-29 00:30 . 2013-12-29 00:30 12424 ----a-w- c:\windows\system32\drivers\s115whnt.sys.bak
    2013-12-29 00:30 . 2013-12-29 00:30 12424 ----a-w- c:\windows\system32\drivers\s115wh.sys.bak
    2013-12-29 00:30 . 2013-12-29 00:30 100488 ----a-w- c:\windows\system32\drivers\s115mgmt.sys.bak
    2013-12-29 00:30 . 2013-12-29 00:30 83208 ----a-w- c:\windows\system32\drivers\s115bus.sys.bak
    2013-12-29 00:30 . 2013-12-29 00:30 5888 ----a-w- c:\windows\system32\drivers\rootmdm.sys.bak
    2013-12-29 00:30 . 2013-12-29 00:30 30592 ----a-w- c:\windows\system32\drivers\rndismpx.sys.bak
    2013-12-29 00:30 . 2013-12-29 00:30 30592 ----a-w- c:\windows\system32\drivers\rndismp.sys.bak
    2013-12-29 00:30 . 2013-12-29 00:30 203136 ----a-w- c:\windows\system32\drivers\rmcast.sys.bak
    2013-12-29 00:30 . 2013-12-29 00:30 15112 ----a-w- c:\windows\system32\drivers\s115mdfl.sys.bak
    2013-12-29 00:30 . 2013-12-29 00:30 12424 ----a-w- c:\windows\system32\drivers\s115cmnt.sys.bak
    2013-12-29 00:30 . 2013-12-29 00:30 12424 ----a-w- c:\windows\system32\drivers\s115cm.sys.bak
    2013-12-29 00:30 . 2013-12-29 00:30 108680 ----a-w- c:\windows\system32\drivers\s115mdm.sys.bak
    2013-12-29 00:30 . 2013-12-29 00:30 12032 ----a-w- c:\windows\system32\drivers\riodrv.sys.bak
    2013-12-29 00:30 . 2013-12-29 00:30 67072 ----a-w- c:\windows\system32\drivers\RimUsb.sys.bak
    2013-12-29 00:30 . 2013-12-29 00:30 59136 ----a-w- c:\windows\system32\drivers\rfcomm.sys.bak
    2013-12-29 00:30 . 2013-12-29 00:30 57600 ----a-w- c:\windows\system32\drivers\redbook.sys.bak
    2013-12-29 00:30 . 2013-12-29 00:30 35840 ----a-w- c:\windows\system32\drivers\RimSerial.sys.bak
    2013-12-29 00:30 . 2013-12-29 00:30 196224 ----a-w- c:\windows\system32\drivers\rdpdr.sys.bak
    2013-12-29 00:30 . 2013-12-29 00:30 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys.bak
    2013-12-29 00:30 . 2013-12-29 00:30 13776 ----a-w- c:\windows\system32\drivers\recagent.sys.bak
    2013-12-29 00:30 . 2013-12-29 00:30 12032 ----a-w- c:\windows\system32\drivers\rio8drv.sys.bak
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}"= "c:\program files\AVAST Software\Avast\aswWebRepIE.dll" [2013-12-28 1138536]
    .
    [HKEY_CLASSES_ROOT\clsid\{cc1a175a-e45b-41ed-a30c-c9b1d7a0c02f}]
    [HKEY_CLASSES_ROOT\TypeLib\{6B795924-95E7-4D31-8521-407360C3AA0B}]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2013-12-28 22:07 259464 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1MediaIconsOverlay]
    @="{1EC23CFF-4C58-458f-924C-8519AEF61B32}"
    [HKEY_CLASSES_ROOT\CLSID\{1EC23CFF-4C58-458f-924C-8519AEF61B32}]
    2013-06-11 21:47 225280 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Media Tools\MediaIconsOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
    "RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2013-01-17 267792]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888]
    "AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2013-12-28 3764024]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2013-4-18 563224]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2013-04-04 21:06 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
    2009-11-15 09:42 33120 ----a-w- c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
    2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
    2004-08-04 12:00 208952 ----a-w- c:\windows\ime\IMJP8_1\imjpmig.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    2010-04-16 21:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    2005-11-04 17:03 7307264 ----a-w- c:\windows\system32\nvcpl.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    2005-11-04 17:03 86016 ----a-w- c:\windows\system32\nvmctray.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    2005-05-25 21:02 1519616 ----a-w- c:\windows\system32\nwiz.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
    2004-08-04 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
    2004-08-04 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
    2004-11-02 19:24 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RIMBBLaunchAgent.exe]
    2013-01-17 16:08 267792 ----a-w- c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RIMDeviceManager]
    2013-03-07 16:02 2226704 ----a-w- c:\program files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
    2007-04-17 05:28 577536 ----a-r- c:\windows\soundman.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "iPod Service"=3 (0x3)
    "UserAccess7"=2 (0x2)
    "StarWindServiceAE"=2 (0x2)
    "StarWindService"=2 (0x2)
    "RoxLiveShare9"=2 (0x2)
    "ose"=3 (0x3)
    "NVSvc"=2 (0x2)
    "nSvcLog"=2 (0x2)
    "nSvcIp"=2 (0x2)
    "JavaQuickStarterService"=2 (0x2)
    "idsvc"=3 (0x3)
    "IDriverT"=3 (0x3)
    "gusvc"=3 (0x3)
    "gupdatem"=3 (0x3)
    "gupdate"=2 (0x2)
    "ForcewareWebInterface"=2 (0x2)
    "ForceWare Intelligent Application Manager (IAM)"=2 (0x2)
    "avgfws9"=2 (0x2)
    "avg9wd"=2 (0x2)
    "Apple Mobile Device"=2 (0x2)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Winamp\\winamp.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
    "AllowInboundEchoRequest"= 1 (0x1)
    .
    R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [28/12/2013 22:01 12112]
    R0 aswNdis2;avast! Firewall NDIS Driver;c:\windows\system32\drivers\aswNdis2.sys [28/12/2013 22:01 252336]
    R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [11/08/2013 16:13 49944]
    R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [11/08/2013 16:13 180248]
    R0 nvcchflt;NVIDIA Disk Cache Filter Driver;c:\windows\system32\drivers\nvcchflt.sys [11/02/2005 17:11 16640]
    R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12/06/2010 18:31 691696]
    R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [28/12/2013 22:01 26136]
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [11/08/2013 16:13 775952]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [11/08/2013 16:13 410528]
    R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [11/08/2013 16:13 67824]
    R2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [28/12/2013 22:01 113704]
    R3 Blackberry Device Manager;BlackBerry Device Manager;c:\program files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [18/01/2013 17:10 577536]
    S2 aswFsBlk;aswFsBlk; [x]
    S3 PSI;PSI;c:\windows\system32\drivers\psi_mf_x86.sys [18/04/2013 13:55 16024]
    S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\drivers\s115bus.sys [23/04/2007 12:54 83208]
    S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\drivers\s115mdfl.sys [23/04/2007 12:54 15112]
    S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\drivers\s115mdm.sys [23/04/2007 12:54 108680]
    S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s115mgmt.sys [23/04/2007 12:54 100488]
    S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\drivers\s115obex.sys [23/04/2007 12:54 98568]
    S3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [12/06/2010 18:33 223128]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2013-12-27 15:12 1210320 ----a-w- c:\program files\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-12-28 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-13 23:53]
    .
    2013-12-28 c:\windows\Tasks\avast! Emergency Update.job
    - c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2013-08-11 22:07]
    .
    2013-12-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore1ceffe1ad33e28a.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2013-06-25 12:40]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.co.uk/
    IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
    IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    IE: Free YouTube Download - c:\program files\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
    IE: Free YouTube to MP3 Converter - c:\program files\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
    TCP: DhcpNameServer = 192.168.1.254
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2013-12-29 14:42
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TrueSight]
    "ImagePath"="\??\"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'explorer.exe'(684)
    c:\windows\system32\WININET.dll
    c:\windows\system32\msi.dll
    c:\documents and settings\All Users\Application Data\Microsoft\Media Tools\MediaIconsOverlays.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    .
    Completion time: 2013-12-29 14:49:02
    ComboFix-quarantined-files.txt 2013-12-29 14:48
    .
    Pre-Run: 29,592,383,488 bytes free
    Post-Run: 29,562,372,096 bytes free
    .
    - - End Of File - - 194CED0BD852B95ADA38F4903251457F
    8F558EB6672622401DA993E1E865C861
     
  7. Broni

    Broni Malware Annihilator Posts: 48,033   +271

    Looks good.

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

    [​IMG] Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  8. morphy201180

    morphy201180 TS Rookie Topic Starter Posts: 31

    Hi Broni,

    As requested please see below logs from Adw Cleaner and JRT:-

    # AdwCleaner v3.016 - Report created 29/12/2013 at 22:24:21
    # Updated 23/12/2013 by Xplode
    # Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
    # Username : Max - MAX
    # Running from : C:\Documents and Settings\Max\Desktop\adwcleaner.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\driverscanner
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
    Key Deleted : HKCU\Software\ParetoLogic
    Key Deleted : HKLM\Software\ParetoLogic
    Key Deleted : HKLM\Software\Uniblue
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536

    ***** [ Browsers ] *****

    -\\ Internet Explorer v8.0.6001.18702


    -\\ Google Chrome v31.0.1650.63

    [ File : C:\Documents and Settings\Max\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


    *************************

    AdwCleaner[R0].txt - [1680 octets] - [29/12/2013 22:20:13]
    AdwCleaner[S0].txt - [1525 octets] - [29/12/2013 22:24:21]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1585 octets] ##########


    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.0.8 (11.05.2013:1)
    OS: Microsoft Windows XP x86
    Ran by Max on 29/12/2013 at 22:37:50.54
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys



    ~~~ Files



    ~~~ Folders

    Successfully deleted: [Folder] "C:\Documents and Settings\All Users\start menu\programs\uniblue"





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 29/12/2013 at 22:43:40.95
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  9. morphy201180

    morphy201180 TS Rookie Topic Starter Posts: 31

    Here are the OTL logs:-

    OTL logfile created on: 29/12/2013 22:47:02 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Max\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    511.48 Mb Total Physical Memory | 294.72 Mb Available Physical Memory | 57.62% Memory free
    1.22 Gb Paging File | 0.90 Gb Available in Paging File | 73.65% Paging File free
    Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 146.88 Gb Total Space | 27.36 Gb Free Space | 18.63% Space Free | Partition Type: NTFS
    Drive I: | 931.51 Gb Total Space | 18.77 Gb Free Space | 2.02% Space Free | Partition Type: NTFS

    Computer Name: MAX | User Name: Max | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/12/29 22:46:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Max\Desktop\OTL.exe
    PRC - [2013/12/28 22:07:14 | 003,764,024 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
    PRC - [2013/12/28 22:07:14 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    PRC - [2013/12/28 22:06:54 | 000,113,704 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\afwServ.exe
    PRC - [2013/04/18 13:56:22 | 001,227,800 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe
    PRC - [2013/04/18 13:56:14 | 000,659,992 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe
    PRC - [2013/04/18 13:56:10 | 000,563,224 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi_tray.exe
    PRC - [2013/01/18 17:10:18 | 000,577,536 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
    PRC - [2013/01/17 16:08:26 | 000,267,792 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
    PRC - [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


    ========== Modules (No Company Name) ==========

    MOD - [2013/12/29 12:54:24 | 002,153,984 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\13122900\algo.dll
    MOD - [2013/12/28 22:07:19 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
    MOD - [2013/06/11 21:47:44 | 000,225,280 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Microsoft\Media Tools\MediaIconsOverlays.dll
    MOD - [2012/03/11 16:07:38 | 000,159,744 | ---- | M] () -- C:\Program Files\x264 Video Codec\Filters\Haali\mmfinfo.dll
    MOD - [2011/09/08 13:59:52 | 000,024,576 | ---- | M] () -- C:\Program Files\x264 Video Codec\Filters\Haali\mkunicode.dll


    ========== Services (SafeList) ==========

    SRV - [2013/12/28 23:53:39 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2013/12/28 22:07:14 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2013/12/28 22:06:54 | 000,113,704 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
    SRV - [2013/04/18 13:56:22 | 001,227,800 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
    SRV - [2013/04/18 13:56:14 | 000,659,992 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
    SRV - [2013/01/18 17:10:18 | 000,577,536 | ---- | M] (Research In Motion Limited) [On_Demand | Running] -- C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe -- (Blackberry Device Manager)
    SRV - [2011/06/19 17:53:47 | 000,126,976 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\system32\UAService7.exe -- (UserAccess7)
    SRV - [2007/05/28 16:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Disabled | Stopped] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
    SRV - [2005/02/24 16:23:12 | 000,139,264 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)
    SRV - [2005/02/24 16:20:02 | 000,131,133 | ---- | M] (NVIDIA) [Disabled | Stopped] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe -- (nSvcIp)
    SRV - [2005/02/24 16:19:36 | 000,057,409 | ---- | M] (NVIDIA) [Disabled | Stopped] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe -- (nSvcLog)
    SRV - [2004/11/30 09:08:56 | 000,020,543 | ---- | M] (Apache Software Foundation) [Disabled | Stopped] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe -- (ForcewareWebInterface)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Unknown] -- -- (TrueSight)
    DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Max\LOCALS~1\Temp\catchme.sys -- (catchme)
    DRV - File not found [File_System | Auto | Stopped] -- -- (aswFsBlk)
    DRV - File not found [Kernel | On_Demand | Unknown] -- -- (alx0ftna)
    DRV - [2013/12/28 22:07:21 | 000,775,952 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\aswSnx.sys -- (aswSnx)
    DRV - [2013/12/28 22:07:21 | 000,410,528 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
    DRV - [2013/12/28 22:07:21 | 000,180,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswVmm.sys -- (aswVmm)
    DRV - [2013/12/28 22:07:21 | 000,067,824 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV - [2013/12/28 22:07:21 | 000,057,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2013/12/28 22:07:21 | 000,054,832 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (AswRdr)
    DRV - [2013/12/28 22:07:21 | 000,049,944 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswRvrt.sys -- (aswRvrt)
    DRV - [2013/12/28 22:07:07 | 000,026,136 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswKbd.sys -- (aswKbd)
    DRV - [2013/12/28 22:06:54 | 000,252,336 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswNdis2.sys -- (aswNdis2)
    DRV - [2013/09/25 12:15:31 | 000,012,112 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\aswNdis.sys -- (aswNdis)
    DRV - [2013/04/18 13:55:52 | 000,016,024 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psi_mf_x86.sys -- (PSI)
    DRV - [2010/09/13 12:57:40 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
    DRV - [2010/06/12 18:49:17 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
    DRV - [2010/06/12 18:33:40 | 000,223,128 | ---- | M] (Alcohol Soft Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vaxscsi.sys -- (vaxscsi)
    DRV - [2010/04/28 07:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
    DRV - [2010/02/11 12:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
    DRV - [2007/04/26 06:20:48 | 004,030,144 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM)
    DRV - [2007/04/23 12:54:50 | 000,100,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s115mgmt.sys -- (s115mgmt)
    DRV - [2007/04/23 12:54:50 | 000,098,568 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s115obex.sys -- (s115obex)
    DRV - [2007/04/23 12:54:48 | 000,108,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s115mdm.sys -- (s115mdm)
    DRV - [2007/04/23 12:54:48 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s115mdfl.sys -- (s115mdfl)
    DRV - [2007/04/23 12:54:46 | 000,083,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s115bus.sys -- (s115bus)
    DRV - [2005/02/24 16:04:58 | 000,012,928 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
    DRV - [2005/02/24 16:04:56 | 000,033,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
    DRV - [2005/02/11 17:11:32 | 000,016,640 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvcchflt.sys -- (nvcchflt)
    DRV - [2005/02/11 17:11:02 | 000,089,856 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvatabus.sys -- (nvatabus)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-21-823518204-1547161642-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    IE - HKU\S-1-5-21-823518204-1547161642-839522115-1004\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-21-823518204-1547161642-839522115-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKU\S-1-5-21-823518204-1547161642-839522115-1004\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKU\S-1-5-21-823518204-1547161642-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    ========== FireFox ==========

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@rim.com/npappworld: C:\Program Files\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()
    FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Documents and Settings\Max\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll File not found

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmconverter@gmail.com: C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2012/10/30 11:38:17 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fbphotozoom@installdaddy.com: C:\Program Files\fbphotozoom\fbphotozoom15.xpi

    [2012/03/20 17:31:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\extensions
    [2012/03/20 17:31:49 | 000,000,000 | ---D | M] (uTorrentControl Community Toolbar) -- C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\extensions\{e9df9360-97f8-4690-afe6-996c80790da4}
    [2013/03/26 22:06:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2012/01/12 08:58:30 | 000,917,816 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll
    [2010/07/12 16:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:eek:mniboxStartMarginParameter}ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
    CHR - homepage: http://www.google.co.uk/
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
    CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
    CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
    CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
    CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll
    CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
    CHR - plugin: BlackBerry AppWorld (Enabled) = C:\Program Files\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll
    CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - Extension: Google Docs = C:\Documents and Settings\Max\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
    CHR - Extension: Google Drive = C:\Documents and Settings\Max\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
    CHR - Extension: YouTube = C:\Documents and Settings\Max\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
    CHR - Extension: Google Search = C:\Documents and Settings\Max\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
    CHR - Extension: Freemake Video Converter = C:\Documents and Settings\Max\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj\1.0.0_0\
    CHR - Extension: DVDVideoSoft Browser Extension = C:\Documents and Settings\Max\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.2_0\
    CHR - Extension: Google Wallet = C:\Documents and Settings\Max\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
    CHR - Extension: Gmail = C:\Documents and Settings\Max\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2013/02/18 19:52:31 | 000,000,191 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: 127.0.0.1 serial.alcohol-soft.com
    O1 - Hosts: 127.0.0.1 www.alcohol-soft.com
    O1 - Hosts: 127.0.0.1 images.alcohol-soft.com
    O1 - Hosts: 127.0.0.1 trial.alcohol-soft.com
    O1 - Hosts: 127.0.0.1 alcohol-soft.com
    O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
    O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-823518204-1547161642-839522115-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-823518204-1547161642-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-21-823518204-1547161642-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-21-823518204-1547161642-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
    O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
    O8 - Extra context menu item: Free YouTube Download - C:\Program Files\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm ()
    O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm ()
    O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1351086641375 (MUWebControl Class)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{46B03ACA-D47D-4E37-BA15-FA6D2FEBA269}: DhcpNameServer = 192.168.1.254
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\Max\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Max\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2010/06/12 14:35:24 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/12/29 22:46:05 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Max\Desktop\OTL.exe
    [2013/12/29 22:35:59 | 001,034,531 | ---- | C] (Thisisu) -- C:\Documents and Settings\Max\Desktop\JRT.exe
    [2013/12/29 22:19:43 | 000,000,000 | ---D | C] -- C:\AdwCleaner
    [2013/12/29 14:42:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
    [2013/12/29 10:24:04 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2013/12/29 10:24:04 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2013/12/29 10:24:04 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2013/12/29 10:24:04 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2013/12/29 10:23:47 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2013/12/29 10:17:01 | 005,158,590 | R--- | C] (Swearware) -- C:\Documents and Settings\Max\Desktop\ComboFix.exe
    [2013/12/29 00:41:14 | 000,104,664 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
    [2013/12/29 00:40:28 | 000,051,416 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
    [2013/12/29 00:40:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Max\Desktop\mbar
    [2013/12/29 00:30:42 | 000,009,600 | ---- | C] (Leadtek Research Inc.) -- C:\WINDOWS\System32\drivers\WINFOXIO.sys.bak
    [2013/12/29 00:30:40 | 000,223,128 | ---- | C] (Alcohol Soft Co., Ltd.) -- C:\WINDOWS\System32\drivers\vaxscsi.sys.bak
    [2013/12/29 00:30:26 | 000,691,696 | ---- | C] (Duplex Secure Ltd.) -- C:\WINDOWS\System32\drivers\sptd.sys.bak
    [2013/12/29 00:30:23 | 000,098,568 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s115obex.sys.bak
    [2013/12/29 00:30:23 | 000,012,424 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s115whnt.sys.bak
    [2013/12/29 00:30:23 | 000,012,424 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s115wh.sys.bak
    [2013/12/29 00:30:22 | 000,108,680 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s115mdm.sys.bak
    [2013/12/29 00:30:22 | 000,100,488 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s115mgmt.sys.bak
    [2013/12/29 00:30:22 | 000,083,208 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s115bus.sys.bak
    [2013/12/29 00:30:22 | 000,015,112 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s115mdfl.sys.bak
    [2013/12/29 00:30:22 | 000,012,424 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s115cmnt.sys.bak
    [2013/12/29 00:30:22 | 000,012,424 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s115cm.sys.bak
    [2013/12/29 00:30:19 | 000,016,024 | ---- | C] (Secunia) -- C:\WINDOWS\System32\drivers\psi_mf_x86.sys.bak
    [2013/12/29 00:30:09 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys.bak
    [2013/12/29 00:27:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Max\Desktop\RK_Quarantine
    [2013/12/28 22:11:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Max\Application Data\AVAST Software
    [2013/12/28 22:08:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avast
    [2013/12/28 22:01:34 | 000,252,336 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswNdis2.sys
    [2013/12/28 22:01:34 | 000,104,752 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFW.sys
    [2013/12/28 22:01:33 | 000,026,136 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswKbd.sys
    [2013/12/28 22:01:19 | 000,012,112 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswNdis.sys
    [2006/06/16 19:31:04 | 006,003,072 | ---- | C] (Alcohol Soft) -- C:\Documents and Settings\Max\Application Data\a120_195_4212_retail.exe
    [2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2013/12/29 22:46:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Max\Desktop\OTL.exe
    [2013/12/29 22:36:34 | 001,034,531 | ---- | M] (Thisisu) -- C:\Documents and Settings\Max\Desktop\JRT.exe
    [2013/12/29 22:28:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2013/12/29 22:19:04 | 001,233,962 | ---- | M] () -- C:\Documents and Settings\Max\Desktop\adwcleaner.exe
    [2013/12/29 18:31:58 | 000,000,364 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
    [2013/12/29 18:30:38 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2013/12/29 10:17:52 | 005,158,590 | R--- | M] (Swearware) -- C:\Documents and Settings\Max\Desktop\ComboFix.exe
    [2013/12/29 00:41:14 | 000,104,664 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
    [2013/12/29 00:40:28 | 000,051,416 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
    [2013/12/29 00:30:42 | 000,009,600 | ---- | M] (Leadtek Research Inc.) -- C:\WINDOWS\System32\drivers\WINFOXIO.sys.bak
    [2013/12/29 00:30:40 | 000,223,128 | ---- | M] (Alcohol Soft Co., Ltd.) -- C:\WINDOWS\System32\drivers\vaxscsi.sys.bak
    [2013/12/29 00:30:31 | 000,015,616 | ---- | M] () -- C:\WINDOWS\System32\drivers\TrueSight.sys.bak
    [2013/12/29 00:30:28 | 000,005,632 | ---- | M] () -- C:\WINDOWS\System32\drivers\StarOpen.sys.bak
    [2013/12/29 00:30:23 | 000,100,488 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s115mgmt.sys.bak
    [2013/12/29 00:30:23 | 000,098,568 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s115obex.sys.bak
    [2013/12/29 00:30:23 | 000,012,424 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s115whnt.sys.bak
    [2013/12/29 00:30:23 | 000,012,424 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s115wh.sys.bak
    [2013/12/29 00:30:22 | 000,108,680 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s115mdm.sys.bak
    [2013/12/29 00:30:22 | 000,083,208 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s115bus.sys.bak
    [2013/12/29 00:30:22 | 000,015,112 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s115mdfl.sys.bak
    [2013/12/29 00:30:22 | 000,012,424 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s115cmnt.sys.bak
    [2013/12/29 00:30:22 | 000,012,424 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s115cm.sys.bak
    [2013/12/29 00:30:19 | 000,016,024 | ---- | M] (Secunia) -- C:\WINDOWS\System32\drivers\psi_mf_x86.sys.bak
    [2013/12/29 00:30:09 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys.bak
    [2013/12/29 00:25:28 | 003,810,304 | ---- | M] () -- C:\Documents and Settings\Max\Desktop\RogueKiller.exe
    [2013/12/28 23:54:12 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
    [2013/12/28 22:08:21 | 000,001,799 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! SafeZone.lnk
    [2013/12/28 22:08:21 | 000,001,739 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Internet Security.lnk
    [2013/12/28 22:07:21 | 000,775,952 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
    [2013/12/28 22:07:21 | 000,410,528 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
    [2013/12/28 22:07:21 | 000,180,248 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
    [2013/12/28 22:07:21 | 000,067,824 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys
    [2013/12/28 22:07:21 | 000,057,672 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
    [2013/12/28 22:07:21 | 000,054,832 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
    [2013/12/28 22:07:21 | 000,049,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
    [2013/12/28 22:07:20 | 000,270,240 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
    [2013/12/28 22:07:20 | 000,043,152 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
    [2013/12/28 22:07:07 | 000,026,136 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswKbd.sys
    [2013/12/28 22:06:54 | 000,252,336 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswNdis2.sys
    [2013/12/28 22:01:31 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
    [2013/12/28 17:43:37 | 000,086,016 | ---- | M] () -- C:\Documents and Settings\Max\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2013/12/27 16:56:54 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
    [2013/12/27 15:51:29 | 000,000,654 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Winamp.lnk
    [2013/12/27 15:13:18 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
    [2013/12/24 19:02:42 | 042,546,573 | ---- | M] () -- C:\Documents and Settings\Max\My Documents\my mix.mp3
    [2013/12/23 13:19:58 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1ceffe1ad33e28a.job
    [2013/12/23 13:05:07 | 000,473,186 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2013/12/23 13:05:07 | 000,076,104 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2013/12/22 16:58:08 | 095,808,783 | ---- | M] () -- C:\Documents and Settings\Max\Desktop\New Tings.mp3
    [2013/12/19 13:11:28 | 000,104,752 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFW.sys
    [2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2013/12/29 22:18:32 | 001,233,962 | ---- | C] () -- C:\Documents and Settings\Max\Desktop\adwcleaner.exe
    [2013/12/29 13:08:48 | 001,327,264 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    [2013/12/29 10:24:04 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2013/12/29 10:24:04 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2013/12/29 10:24:04 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2013/12/29 10:24:04 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2013/12/29 10:24:04 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2013/12/29 00:30:31 | 000,015,616 | ---- | C] () -- C:\WINDOWS\System32\drivers\TrueSight.sys.bak
    [2013/12/29 00:30:28 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys.bak
    [2013/12/29 00:24:40 | 003,810,304 | ---- | C] () -- C:\Documents and Settings\Max\Desktop\RogueKiller.exe
    [2013/12/28 22:08:21 | 000,001,799 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! SafeZone.lnk
    [2013/12/28 21:57:17 | 000,001,739 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Internet Security.lnk
    [2013/12/24 11:14:09 | 093,487,856 | ---- | C] () -- C:\Documents and Settings\Max\Desktop\fastmix.mp3
    [2013/12/24 11:13:48 | 095,808,783 | ---- | C] () -- C:\Documents and Settings\Max\Desktop\New Tings.mp3
    [2013/12/23 13:19:58 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1ceffe1ad33e28a.job
    [2013/08/11 16:13:52 | 000,180,248 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
    [2013/08/11 16:13:52 | 000,049,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
    [2013/06/12 01:37:36 | 000,015,616 | ---- | C] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
    [2013/06/11 22:39:27 | 002,180,448 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2013/06/11 22:07:28 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2013/04/17 20:32:17 | 001,072,544 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
    [2013/04/17 20:32:17 | 001,072,544 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
    [2013/04/17 20:32:17 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
    [2013/02/08 04:03:08 | 002,816,504 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
    [2012/10/16 03:22:15 | 000,027,520 | ---- | C] () -- C:\Documents and Settings\Max\Local Settings\Application Data\dt.dat
    [2012/06/05 13:56:20 | 000,000,640 | ---- | C] () -- C:\WINDOWS\EFXP.INI
    [2012/02/16 01:41:27 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
    [2012/01/22 03:54:09 | 001,746,870 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-823518204-1547161642-839522115-1004-0.dat
    [2012/01/22 03:54:06 | 000,335,222 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
    [2010/12/27 01:06:23 | 000,000,149 | ---- | C] () -- C:\Documents and Settings\Max\default.pls
    [2010/12/25 23:53:44 | 000,000,256 | ---- | C] () -- C:\Documents and Settings\Max\pool.bin
    [2010/10/04 22:38:54 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Max\Local Settings\Application Data\rx_image32.Cache
    [2010/09/13 12:59:07 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
    [2010/07/02 17:42:52 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Max\Application Data\Cricket2009.exe.lock
    [2010/06/13 16:43:37 | 000,086,016 | ---- | C] () -- C:\Documents and Settings\Max\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    ========== ZeroAccess Check ==========

    [2012/11/04 11:18:51 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 00:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 12:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 00:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== LOP Check ==========

    [2013/12/28 22:02:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
    [2011/03/24 10:26:19 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
    [2013/02/14 19:22:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
    [2011/03/15 08:09:13 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
    [2011/10/11 10:21:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileCure
    [2010/09/14 21:14:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flood Light Games
    [2012/10/30 11:39:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Freemake
    [2013/02/24 12:02:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
    [2012/08/11 20:40:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
    [2010/07/04 02:16:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PhotoShow Shared Assets
    [2012/08/22 17:05:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
    [2010/12/26 21:39:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
    [2010/07/04 02:15:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
    [2010/07/04 02:19:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
    [2010/06/12 20:00:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2012/11/03 13:56:32 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
    [2012/11/04 10:56:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\TuneUp Software
    [2013/12/28 22:11:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Max\Application Data\AVAST Software
    [2013/06/25 12:51:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Max\Application Data\BitComet
    [2011/10/29 20:03:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Max\Application Data\Blackberry Desktop
    [2013/03/21 20:53:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Max\Application Data\CallingID
    [2013/02/14 19:22:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Max\Application Data\Canon
    [2013/02/25 12:06:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Max\Application Data\DVDVideoSoft
    [2010/09/14 21:14:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Max\Application Data\Flood Light Games
    [2010/07/16 20:14:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Max\Application Data\HandBrake
    [2011/06/19 14:16:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Max\Application Data\MysteryStudio
    [2010/12/30 22:57:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Max\Application Data\Research In Motion
    [2011/03/06 08:13:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Max\Application Data\Samsung
    [2010/07/04 02:16:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Max\Application Data\Simple Star
    [2012/11/03 10:36:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Max\Application Data\TuneUp Software
    [2011/05/29 17:14:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Max\Application Data\Ubisoft
    [2013/02/18 11:37:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Max\Application Data\Unity

    ========== Purity Check ==========



    < End of report >
     
  10. morphy201180

    morphy201180 TS Rookie Topic Starter Posts: 31

    Here is the other OTL log (extras):-

    OTL Extras logfile created on: 29/12/2013 22:47:02 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Max\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    511.48 Mb Total Physical Memory | 294.72 Mb Available Physical Memory | 57.62% Memory free
    1.22 Gb Paging File | 0.90 Gb Available in Paging File | 73.65% Paging File free
    Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 146.88 Gb Total Space | 27.36 Gb Free Space | 18.63% Space Free | Partition Type: NTFS
    Drive I: | 931.51 Gb Total Space | 18.77 Gb Free Space | 2.02% Space Free | Partition Type: NTFS

    Computer Name: MAX | User Name: Max | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

    [HKEY_USERS\S-1-5-21-823518204-1547161642-839522115-1004\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    htafile [open] -- "%1" %*
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
    Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
    Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
    Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "UpdatesDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019 -- (Microsoft Corporation)
    "C:\Program Files\Winamp\winamp.exe" = C:\Program Files\Winamp\winamp.exe:*:Enabled:Winamp -- (Nullsoft, Inc.)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019 -- (Microsoft Corporation)
    "C:\Program Files\Winamp\winamp.exe" = C:\Program Files\Winamp\winamp.exe:*:Enabled:Winamp -- (Nullsoft, Inc.)
    "C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Windows Explorer -- (Microsoft Corporation)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{14C35072-D7D0-4B29-B5BF-C94E426D77E9}" = Sky Broadband
    "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
    "{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
    "{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
    "{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
    "{52E225FC-FCB4-41F7-837B-6E37FB05BD7B}" = Adobe AIR
    "{598420E8-E9F9-4FAE-9B6C-599FDF2F611A}" = BlackBerry App World Browser Plugin
    "{5BBD0D3F-E4B2-4EE4-806A-07A95D4E2683}" = Sky Broadband Browser Branding
    "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
    "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
    "{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
    "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
    "{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.05)
    "{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
    "{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
    "{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
    "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
    "{BE5B0450-DCCB-4FE9-93E2-3B38D88A745B}" = BlackBerry Desktop Software 7.1
    "{BFBC6337-B7B9-4AEE-BC19-CA910EED755D}" = Adobe Flash Player 11 Plugin
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D066C0E0-A915-11D5-B078-00C0F6A04C3E}" =
    "{D92FF8EB-BD77-40AE-B68B-A6BFC6F8661D}" = Windows Live Family Safety
    "{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
    "{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
    "{F68424BE-F5EE-4011-8D02-AD0DBB1BD758}" = BlackBerry Device Software Updater
    "{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
    "{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "avast" = avast! Internet Security
    "BitComet" = BitComet 1.35
    "BlackBerry_Desktop" = BlackBerry Desktop Software 7.1
    "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 5.0.22.128
    "Free YouTube Download_is1" = Free YouTube Download version 3.2.0.128
    "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.0.128
    "Google Chrome" = Google Chrome
    "InstallShield_{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager
    "InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
    "Revo Uninstaller" = Revo Uninstaller 1.94
    "Secunia PSI" = Secunia PSI (3.0.0.7009)
    "Tweaking.com - Windows Repair (All in One)" = Tweaking.com - Windows Repair (All in One)
    "Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
    "VLC media player" = VLC media player 2.1.2
    "Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    "WIC" = Windows Imaging Component
    "Winamp" = Winamp
    "Windows Media Format Runtime" = Windows Media Format Runtime
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "WinRAR archiver" = WinRAR archiver

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-823518204-1547161642-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Winamp Detect" = Winamp Detector Plug-in

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 29/12/2013 18:30:31 | Computer Name = MAX | Source = ESENT | ID = 412
    Description = wuaueng.dll (2624) SUS20ClientDataStore: Unable to read the header
    of logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb00039.log. Error -501.

    Error - 29/12/2013 18:30:31 | Computer Name = MAX | Source = ESENT | ID = 454
    Description = wuauclt (2624) Database recovery/restore failed with unexpected error
    -1852.

    Error - 29/12/2013 18:30:32 | Computer Name = MAX | Source = ESENT | ID = 412
    Description = wuaueng.dll (2860) SUS20ClientDataStore: Unable to read the header
    of logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb00039.log. Error -501.

    Error - 29/12/2013 18:30:32 | Computer Name = MAX | Source = ESENT | ID = 454
    Description = wuauclt (2860) Database recovery/restore failed with unexpected error
    -1852.

    Error - 29/12/2013 18:30:33 | Computer Name = MAX | Source = ESENT | ID = 412
    Description = wuaueng.dll (2648) SUS20ClientDataStore: Unable to read the header
    of logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb00039.log. Error -501.

    Error - 29/12/2013 18:30:33 | Computer Name = MAX | Source = ESENT | ID = 454
    Description = wuauclt (2648) Database recovery/restore failed with unexpected error
    -1852.

    Error - 29/12/2013 18:30:35 | Computer Name = MAX | Source = ESENT | ID = 412
    Description = wuaueng.dll (3096) SUS20ClientDataStore: Unable to read the header
    of logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb00039.log. Error -501.

    Error - 29/12/2013 18:30:35 | Computer Name = MAX | Source = ESENT | ID = 454
    Description = wuauclt (3096) Database recovery/restore failed with unexpected error
    -1852.

    Error - 29/12/2013 18:30:36 | Computer Name = MAX | Source = ESENT | ID = 412
    Description = wuaueng.dll (2996) SUS20ClientDataStore: Unable to read the header
    of logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb00039.log. Error -501.

    Error - 29/12/2013 18:30:36 | Computer Name = MAX | Source = ESENT | ID = 454
    Description = wuauclt (2996) Database recovery/restore failed with unexpected error
    -1852.

    [ System Events ]
    Error - 29/12/2013 18:24:34 | Computer Name = MAX | Source = Service Control Manager | ID = 7034
    Description = The Secunia PSI Agent service terminated unexpectedly. It has done
    this 1 time(s).

    Error - 29/12/2013 18:24:34 | Computer Name = MAX | Source = Service Control Manager | ID = 7034
    Description = The Windows User Mode Driver Framework service terminated unexpectedly.
    It has done this 1 time(s).

    Error - 29/12/2013 18:24:34 | Computer Name = MAX | Source = Service Control Manager | ID = 7034
    Description = The Application Layer Gateway Service service terminated unexpectedly.
    It has done this 1 time(s).

    Error - 29/12/2013 18:24:34 | Computer Name = MAX | Source = Service Control Manager | ID = 7031
    Description = The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated
    unexpectedly. It has done this 1 time(s). The following corrective action will
    be taken in 0 milliseconds: Restart the service.

    Error - 29/12/2013 18:24:34 | Computer Name = MAX | Source = Service Control Manager | ID = 7034
    Description = The Secunia Update Agent service terminated unexpectedly. It has
    done this 1 time(s).

    Error - 29/12/2013 18:24:34 | Computer Name = MAX | Source = Service Control Manager | ID = 7009
    Description = Timeout (30000 milliseconds) waiting for the Windows Presentation
    Foundation Font Cache 3.0.0.0 service to connect.

    Error - 29/12/2013 18:24:34 | Computer Name = MAX | Source = Service Control Manager | ID = 7000
    Description = The Windows Presentation Foundation Font Cache 3.0.0.0 service failed
    to start due to the following error: %%1053

    Error - 29/12/2013 18:24:34 | Computer Name = MAX | Source = Service Control Manager | ID = 7034
    Description = The Blackberry Device Manager service terminated unexpectedly. It
    has done this 1 time(s).

    Error - 29/12/2013 18:27:08 | Computer Name = MAX | Source = DCOM | ID = 10010
    Description = The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not register
    with DCOM within the required timeout.

    Error - 29/12/2013 18:28:53 | Computer Name = MAX | Source = Service Control Manager | ID = 7000
    Description = The aswFsBlk service failed to start due to the following error: %%2


    < End of report >
     
  11. Broni

    Broni Malware Annihilator Posts: 48,033   +271

    [​IMG]
    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Code:
    :OTL
    DRV - File not found [Kernel | On_Demand | Unknown] -- -- (TrueSight)
    DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Max\LOCALS~1\Temp\catchme.sys -- (catchme)
    DRV - File not found [File_System | Auto | Stopped] -- -- (aswFsBlk)
    DRV - File not found [Kernel | On_Demand | Unknown] -- -- (alx0ftna)
    
    
    :Services
    
    :Reg
    
    :Files
    C:\FRST
    
    :Commands
    [purity]
    [emptytemp]
    [emptyjava]
    [emptyflash]
    [Reboot]
    
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

    Last scans...

    [​IMG] Download Security Check from here or here and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.


    [​IMG] Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
      • Other Services
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    [​IMG] Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    [​IMG] Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
     
  12. morphy201180

    morphy201180 TS Rookie Topic Starter Posts: 31

    Please see below logs:-

    NB The ESET scan detected 3 trojans and quarantined them. I haven't deleted them.

    All processes killed
    ========== OTL ==========
    Error: No service named TrueSight was found to stop!
    Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TrueSight deleted successfully.
    Service PCIDump stopped successfully!
    Service PCIDump deleted successfully!
    Service catchme stopped successfully!
    Service catchme deleted successfully!
    File C:\DOCUME~1\Max\LOCALS~1\Temp\catchme.sys not found.
    Service aswFsBlk stopped successfully!
    Service aswFsBlk deleted successfully!
    Error: No service named alx0ftna was found to stop!
    Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\alx0ftna deleted successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    File\Folder C:\FRST not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 57472 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes
    ->Flash cache emptied: 0 bytes

    User: Max
    ->Temp folder emptied: 2282635 bytes
    ->Temporary Internet Files folder emptied: 49428 bytes
    ->Java cache emptied: 0 bytes
    ->Google Chrome cache emptied: 8085111 bytes
    ->Flash cache emptied: 57856 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Flash cache emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 18133896 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 27.00 mb


    [EMPTYJAVA]

    User: Administrator

    User: All Users

    User: Default User

    User: LocalService

    User: Max
    ->Java cache emptied: 0 bytes

    User: NetworkService

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: Administrator
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Flash cache emptied: 0 bytes

    User: Max
    ->Flash cache emptied: 0 bytes

    User: NetworkService
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 12292013_230329

    Files\Folders moved on Reboot...
    File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...

    Results of screen317's Security Check version 0.99.77
    Windows XP Service Pack 3 x86
    Internet Explorer 8
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    avast! Internet Security
    `````````Anti-malware/Other Utilities Check:`````````
    Secunia PSI (3.0.0.7009)
    Malwarebytes Anti-Malware version 1.75.0.1300
    Adobe Flash Player 11.8.800.94
    Adobe Reader XI
    Google Chrome 28.0.1500.95
    Google Chrome 31.0.1650.63
    ````````Process Check: objlist.exe by Laurent````````
    AVAST Software Avast AvastSvc.exe
    AVAST Software Avast afwServ.exe
    AVAST Software Avast AvastUI.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C:: 1%
    ````````````````````End of Log``````````````````````

    Farbar Service Scanner Version: 05-12-2013
    Ran by Max (administrator) on 29-12-2013 at 23:42:17
    Running from "C:\Documents and Settings\Max\Desktop"
    Microsoft Windows XP Home Edition Service Pack 3 (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Security Center:
    ============


    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Other Services:
    ==============


    File Check:
    ========
    C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
    C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
    C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
    C:\WINDOWS\system32\netman.dll => MD5 is legit
    C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\WINDOWS\system32\srsvc.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
    C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
    C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
    C:\WINDOWS\system32\qmgr.dll => MD5 is legit
    C:\WINDOWS\system32\es.dll => MD5 is legit
    C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
    C:\WINDOWS\system32\svchost.exe => MD5 is legit
    C:\WINDOWS\system32\rpcss.dll => MD5 is legit
    C:\WINDOWS\system32\services.exe => MD5 is legit

    Extra List:
    =======
    aswTdi(19) fssfltr(9) Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4) Tcpip6(11)
    0x13000000050000000100000002000000030000000400000013000000080000000B0000000C0000000A0000000D0000000E0000000F000000100000001100000012000000060000000700000009000000
    IpSec Tag value is correct.

    **** End of log ****

    C:\Documents and Settings\All Users\Application Data\Microsoft\Media Tools\temp\tmp11.exe a variant of Win32/Kryptik.BRRA trojan cleaned by deleting - quarantined
    C:\Documents and Settings\All Users\Application Data\Microsoft\Media Tools\temp\tmpD0.exe Win32/Boaxxe.BE trojan cleaned by deleting - quarantined
    C:\Program Files\x264 Video Codec\Filters\Haali\mmdinfo.dll Win32/Sathurbot.A trojan cleaned by deleting - quarantined
     
  13. Broni

    Broni Malware Annihilator Posts: 48,033   +271

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [emptyjava]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure Windows Updates are current.

    4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Check if your browser plugins are up to date.
    Firefox - https://www.mozilla.org/en-US/plugincheck/
    other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)

    6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    7. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    8. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly.

    9. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    10. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    11. (Windows XP only) Run defrag at your convenience.

    12. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    13. Read:
    How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
    Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

    14. Please, let me know, how your computer is doing.
     
  14. morphy201180

    morphy201180 TS Rookie Topic Starter Posts: 31

    Here is the last log. Do I need to do anything with the 3 trojans which have been quarantined by the Eset scan?

    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Flash cache emptied: 0 bytes

    User: Max
    ->Temp folder emptied: 693 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Java cache emptied: 0 bytes
    ->Google Chrome cache emptied: 9260810 bytes
    ->Flash cache emptied: 0 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 18133896 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 26.00 mb


    [EMPTYFLASH]

    User: Administrator
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Flash cache emptied: 0 bytes

    User: Max
    ->Flash cache emptied: 0 bytes

    User: NetworkService
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    [EMPTYJAVA]

    User: Administrator

    User: All Users

    User: Default User

    User: LocalService

    User: Max
    ->Java cache emptied: 0 bytes

    User: NetworkService

    Total Java Files Cleaned = 0.00 mb

    Error creating restore point.

    OTL by OldTimer - Version 3.2.69.0 log created on 12302013_021947

    Files\Folders moved on Reboot...
    File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...
     
  15. Broni

    Broni Malware Annihilator Posts: 48,033   +271

    You can delete files in Eset quarantine folder.

    14. Please, let me know, how your computer is doing.
     
  16. Broni

    Broni Malware Annihilator Posts: 48,033   +271

    The issue seems to be resolved.
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.