TechSpot

Virus stopping Avast from updating

By morphy201180
Oct 18, 2015
  1. Hi,

    Can you help. My avast anti virus does not update automatically and I have noticed PC keeps saying there is low disk space even though there is 1tb free space on my hard drive. I ran malware bytes and it detected a program called antidust.exe which I cant remove.

    Recently my computer has also been cutting out and rebooting. I have posted the logs below to see if there is anyway I can remove the virus and get my computer back to normal

    Here are the FRST logs:-

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:18-10-2015
    Ran by Spartan (administrator) on SPARTACUS (18-10-2015 19:16:38)
    Running from C:\
    Loaded Profiles: Spartan (Available Profiles: Spartan)
    Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
    Internet Explorer Version 6 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AVAST Software) E:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (AOMEI Tech Co., Ltd.) E:\Program Files\AOMEI Backupper Standard Edition 2.0.2\ABService.exe
    (Apple Inc.) E:\Program Files\Bonjour\mDNSResponder.exe
    (Nero AG) C:\Program Files\HSMServiceEntry.exe
    (Oracle Corporation) E:\Program Files\Java\jre7\bin\jqs.exe
    () C:\Program Files\HTC Sync\adb.exe
    (NVIDIA Corporation) E:\WINDOWS\system32\nvsvc32.exe
    () E:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
    () E:\Program Files\Subsonic\subsonic-service.exe
    () E:\Program Files\Subsonic\subsonic-service.exe
    (SigmaTel, Inc.) E:\WINDOWS\stsystra.exe
    (AVAST Software) E:\Program Files\AVAST Software\Avast\AvastUI.exe
    () E:\Program Files\Subsonic\subsonic-agent.exe
    (Microsoft Corporation) E:\WINDOWS\system32\wbem\unsecapp.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [SigmatelSysTrayApp] => E:\WINDOWS\stsystra.exe [282624 2006-07-27] (SigmaTel, Inc.)
    HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
    HKLM\...\Run: [nwiz] => nwiz.exe /install
    HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    HKLM\...\Run: [AvastUI.exe] => E:\Program Files\AVAST Software\Avast\AvastUI.exe [6134544 2015-10-02] (AVAST Software)
    HKLM\...\Run: [BCSSync] => C:\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
    HKLM\...\Run: [Adobe ARM] => E:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [998104 2015-07-07] (Adobe Systems Incorporated)
    HKU\S-1-5-21-1078081533-1659004503-725345543-1003\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => "E:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    HKU\S-1-5-21-1078081533-1659004503-725345543-1003\...\Run: [DAEMON Tools Lite] => E:\Program Files\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
    HKU\S-1-5-21-1078081533-1659004503-725345543-1003\...\Run: [GoogleDriveSync] => E:\Program Files\Google\Drive\googledrivesync.exe [22568208 2015-09-11] (Google)
    HKU\S-1-5-21-1078081533-1659004503-725345543-1003\...\MountPoints2: {0d924b42-2949-11e4-a776-000acd196d62} - H:\autorun.exe
    HKU\S-1-5-21-1078081533-1659004503-725345543-1003\...\MountPoints2: {117050c1-6fbe-11e4-b77f-000acd196d62} - G:\HTC_Sync_Manager_PC.exe
    HKU\S-1-5-21-1078081533-1659004503-725345543-1003\...\MountPoints2: {70c33dc7-35ee-11e5-8536-02352a040d7c} - K:\HTC_Sync_Manager_PC.exe
    HKU\S-1-5-21-1078081533-1659004503-725345543-1003\...\MountPoints2: {8e292342-463c-11e4-a66e-000acd196d62} - F:\HTC_Sync_Manager_PC.exe
    HKU\S-1-5-21-1078081533-1659004503-725345543-1003\...\MountPoints2: {e2833743-4a70-11e4-a7a7-000acd196d62} - K:\HTC_Sync_Manager_PC.exe
    HKU\S-1-5-21-1078081533-1659004503-725345543-1003\...\MountPoints2: {e2833745-4a70-11e4-a7a7-000acd196d62} - K:\HTC_Sync_Manager_PC.exe
    ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => E:\Program Files\Google\Drive\googledrivesync32.dll [2015-09-11] (Google)
    ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => E:\Program Files\Google\Drive\googledrivesync32.dll [2015-09-11] (Google)
    ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => E:\Program Files\Google\Drive\googledrivesync32.dll [2015-09-11] (Google)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => E:\Program Files\AVAST Software\Avast\ashShell.dll [2015-10-02] (AVAST Software)
    ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
    Startup: E:\Documents and Settings\All Users\Start Menu\Programs\Startup\Plex.lnk [2013-05-12]
    ShortcutTarget: Plex.lnk -> E:\Program Files\Plex\Plex Media Center\Plex.exe (No File)
    Startup: E:\Documents and Settings\All Users\Start Menu\Programs\Startup\Subsonic.lnk [2013-05-11]
    ShortcutTarget: Subsonic.lnk -> E:\Program Files\Subsonic\subsonic-agent.exe ()

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Winsock: Catalog5 04 E:\Program Files\Bonjour\mdnsNSP.dll [152864 2010-10-07] (Apple Inc.)
    Hosts: Hosts file not detected in the default directory
    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
    Tcpip\..\Interfaces\{4C30C0C2-C813-4332-BD76-ED8A21061772}: [NameServer] 192.168.0.1
    Tcpip\..\Interfaces\{7375FB1F-F5B3-4D7F-96FD-146750802B92}: [DhcpNameServer] 192.168.0.1

    Internet Explorer:
    ==================
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    URLSearchHook: HKU\S-1-5-21-1078081533-1659004503-725345543-1003 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - E:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
    BHO: BitComet Helper -> {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} -> C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll [2013-11-29] (BitComet)
    BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> E:\Program Files\Java\jre7\bin\ssv.dll [2014-10-18] (Oracle Corporation)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> E:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-10-18] (Oracle Corporation)

    FireFox:
    ========
    FF Plugin: @adobe.com/FlashPlayer -> E:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll [2014-09-09] ()
    FF Plugin: @java.com/DTPlugin,version=10.71.2 -> E:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-10-18] (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> E:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-10-18] (Oracle Corporation)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> E:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
    FF Plugin: @microsoft.com/WPF,version=3.5 -> E:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
    FF Plugin: @tools.google.com/Google Update;version=3 -> E:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-18] (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 -> E:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-18] (Google Inc.)
    FF Plugin: @videolan.org/vlc,version=2.1.3 -> E:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
    FF Plugin: @videolan.org/vlc,version=2.1.5 -> E:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
    FF Plugin: @videolan.org/vlc,version=2.2.1 -> E:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
    FF Plugin: Adobe Reader -> E:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
    FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - E:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF Extension: Microsoft .NET Framework Assistant - E:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-02-11] [not signed]
    FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - E:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: Avast Online Security - E:\Program Files\AVAST Software\Avast\WebRep\FF [2014-07-07] [not signed]

    Chrome:
    =======
    CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3323924&octid=EB_ORIGINAL_CTID&ISID=MACBA25C6-6D57-4FFA-8F88-9B3E66A87213&SearchSource=55&CUI=&UM=6&UP=SP9BDA504E-851E-4E1F-BC5C-F26C898B87B9&SSPV=
    CHR StartupUrls: Default -> "hxxp://search.conduit.com/?ctid=CT3325290&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=5&UP=SP9BDA504E-851E-4E1F-BC5C-F26C898B87B9&SSPV=","hxxp://search.conduit.com/?ctid=CT3325290&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=5&UP=SP9BC0CE04-ABAF-4544-98E9-149FDA8EA4C0&SSPV=","hxxp://websearch.exitingsearch.info/?pid=2644&r=2014/03/22&hid=7143877000232757666&lg=EN&cc=GB&unqvl=50","hxxp://search.conduit.com/?ctid=CT3325290&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=5&UP=SPC0E83CDB-49D3-495A-833C-DCDF59A2424D&SSPV=","hxxp://www.msn.com/?pc=AV01","hxxp://search.conduit.com/?ctid=CT3325290&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=5&UP=SP6B6F3D42-F44F-4D92-8DAF-929D8489F182&SSPV=","hxxps://uk.yahoo.com/?fr=hp-avast&type=avastbcl"
    CHR Profile: E:\Documents and Settings\Spartan\Local Settings\Application Data\Google\Chrome\User Data\Default
    CHR Extension: (Google Docs) - E:\Documents and Settings\Spartan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-08]
    CHR Extension: (Google Drive) - E:\Documents and Settings\Spartan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-08]
    CHR Extension: (Google Voice Search Hotword (Beta)) - E:\Documents and Settings\Spartan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-07-29]
    CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - E:\Documents and Settings\Spartan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2015-07-29]
    CHR Extension: (YouTube) - E:\Documents and Settings\Spartan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-08]
    CHR Extension: (Google Search) - E:\Documents and Settings\Spartan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-08]
    CHR Extension: (Google Docs Offline) - E:\Documents and Settings\Spartan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-17]
    CHR Extension: (Avast Online Security) - E:\Documents and Settings\Spartan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-07-08]
    CHR Extension: (Chrome Hotword Shared Module) - E:\Documents and Settings\Spartan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-24]
    CHR Extension: (Application Launcher for Drive (by Google)) - E:\Documents and Settings\Spartan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-08]
    CHR Extension: (Chrome Web Store Payments) - E:\Documents and Settings\Spartan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-08]
    CHR Extension: (Gmail) - E:\Documents and Settings\Spartan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-08]
    CHR HKLM\...\Chrome\Extension: [dhigneefebkcagnpnpbibganpmfgebnk] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - E:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-07-29]
    CHR HKU\S-1-5-21-1078081533-1659004503-725345543-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 avast! Antivirus; E:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-10-02] (AVAST Software)
    R2 Backupper Service; E:\Program Files\AOMEI Backupper Standard Edition 2.0.2\ABService.exe [29912 2014-08-21] (AOMEI Tech Co., Ltd.)
    R2 HTCMonitorService; C:\Program Files\HSMServiceEntry.exe [87368 2014-06-27] (Nero AG)
    R2 JavaQuickStarterService; E:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-10-18] (Oracle Corporation)
    S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
    S3 Microsoft SharePoint Workspace Audit Service; C:\Office14\GROOVE.EXE [30963576 2010-01-21] (Microsoft Corporation)
    R2 PassThru Service; E:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
    R2 Subsonic; E:\Program Files\Subsonic\subsonic-service.exe [259584 2013-04-17] () [File not signed]
    S3 WmdmPmSN; C:\WINDOWS\system32\mspmsnsv.dll [X]
    S3 WsDrvInst; C:\Program Files\Dr.Fone for Android\DriverInstall.exe [X]

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R0 ambakdrv; E:\WINDOWS\System32\ambakdrv.sys [26424 2014-08-19] () [File not signed]
    R1 AmdK8; E:\WINDOWS\System32\DRIVERS\AmdK8.sys [36864 2006-07-02] (Advanced Micro Devices)
    R2 ammntdrv; E:\WINDOWS\system32\ammntdrv.sys [129720 2014-08-19] () [File not signed]
    R2 amwrtdrv; E:\WINDOWS\system32\amwrtdrv.sys [14392 2014-08-19] () [File not signed]
    R2 aswHwid; E:\WINDOWS\system32\drivers\aswHwid.sys [24016 2015-10-02] (AVAST Software)
    R2 aswMonFlt; E:\WINDOWS\system32\drivers\aswMonFlt.sys [76000 2015-10-02] (AVAST Software)
    R1 aswRdr; E:\WINDOWS\system32\drivers\aswRdr.sys [55200 2015-10-02] (AVAST Software)
    R0 aswRvrt; E:\WINDOWS\system32\Drivers\aswRvrt.sys [49776 2015-10-02] (AVAST Software)
    R1 aswSnx; E:\WINDOWS\system32\drivers\aswSnx.sys [789296 2015-10-02] (AVAST Software)
    R1 aswSP; E:\WINDOWS\system32\drivers\aswSP.sys [434184 2015-10-02] (AVAST Software)
    R3 aswStmXP; E:\WINDOWS\system32\drivers\aswStmXP.sys [157888 2015-10-02] (AVAST Software)
    S3 aswTdi; E:\WINDOWS\system32\drivers\aswTdi.sys [57888 2015-10-02] (AVAST Software)
    R0 aswVmm; E:\WINDOWS\system32\Drivers\aswVmm.sys [208664 2015-10-02] (AVAST Software)
    R1 dtsoftbus01; E:\WINDOWS\System32\DRIVERS\dtsoftbus01.sys [243128 2014-08-21] (Disc Soft Ltd)
    R1 mbamchameleon; E:\WINDOWS\system32\drivers\mbamchameleon.sys [121560 2015-10-18] (Malwarebytes)
    R3 MBAMProtector; E:\WINDOWS\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
    R0 nvata; E:\WINDOWS\System32\DRIVERS\nvata.sys [105472 2007-08-25] (NVIDIA Corporation)
    S3 qcserxp; E:\WINDOWS\System32\DRIVERS\qcserxp.sys [103424 2009-01-24] (QUALCOMM Incorporated)
    S3 rtl8139; E:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2008-04-13] (Realtek Semiconductor Corporation)
    R3 serenum; E:\WINDOWS\System32\DRIVERS\nuvserenum.sys [17920 2014-01-12] (Windows (R) Win 7 DDK provider)
    R3 Serial; E:\WINDOWS\System32\DRIVERS\nuvserial.sys [76288 2014-01-12] (Nuvoton Technology Corp.)
    R0 sptd; E:\WINDOWS\System32\Drivers\sptd.sys [320120 2014-07-24] (Duplex Secure Ltd.)
    R3 STHDA; E:\WINDOWS\System32\drivers\sthda.sys [1171464 2006-07-27] (SigmaTel, Inc.)
    S4 IntelIde; no ImagePath
    S3 lmimirr; system32\DRIVERS\lmimirr.sys [X]
    U3 a4yy8xcs; no ImagePath

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-10-18 19:16 - 2015-10-18 19:16 - 00000000 ____D E:\FRST
    2015-10-18 18:59 - 2015-10-18 19:00 - 00000000 ___SD E:\ComboFix
    2015-10-18 18:59 - 2011-06-26 07:45 - 00256000 _____ E:\WINDOWS\PEV.exe
    2015-10-18 18:59 - 2010-11-07 18:20 - 00208896 _____ E:\WINDOWS\MBR.exe
    2015-10-18 18:59 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) E:\WINDOWS\NIRCMD.exe
    2015-10-18 18:59 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) E:\WINDOWS\SWREG.exe
    2015-10-18 18:59 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) E:\WINDOWS\SWSC.exe
    2015-10-18 18:59 - 2000-08-31 01:00 - 00212480 _____ (SteelWerX) E:\WINDOWS\SWXCACLS.exe
    2015-10-18 18:59 - 2000-08-31 01:00 - 00098816 _____ E:\WINDOWS\sed.exe
    2015-10-18 18:59 - 2000-08-31 01:00 - 00080412 _____ E:\WINDOWS\grep.exe
    2015-10-18 18:59 - 2000-08-31 01:00 - 00068096 _____ E:\WINDOWS\zip.exe
    2015-10-18 18:58 - 2015-10-18 18:59 - 00000000 ____D E:\Qoobox
    2015-10-18 18:58 - 2015-10-18 18:58 - 05636101 ____R (Swearware) E:\Documents and Settings\Spartan\Desktop\ComboFix.exe
    2015-10-18 18:58 - 2015-10-18 18:58 - 00000000 ____D E:\WINDOWS\erdnt
    2015-10-18 18:55 - 2015-10-18 18:57 - 00000000 ____D E:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
    2015-10-18 18:54 - 2015-10-18 18:57 - 00000000 ____D E:\Documents and Settings\Spartan\Desktop\mbar
    2015-10-18 18:54 - 2015-10-18 18:54 - 16563352 _____ (Malwarebytes Corp.) E:\Documents and Settings\Spartan\Desktop\mbar-1.09.3.1001.exe
    2015-10-18 18:44 - 2015-10-18 18:53 - 00000000 ____D E:\Documents and Settings\All Users\Application Data\RogueKiller
    2015-10-18 18:44 - 2015-10-18 18:44 - 18832456 _____ E:\Documents and Settings\Spartan\Desktop\RogueKiller.exe
    2015-10-18 18:44 - 2015-10-18 18:44 - 00035064 _____ E:\WINDOWS\system32\Drivers\TrueSight.sys
    2015-10-14 13:09 - 2015-10-14 13:09 - 00000000 ___HD E:\WINDOWS\PIF
    2015-10-02 10:22 - 2015-10-02 10:21 - 00313472 _____ (AVAST Software) E:\WINDOWS\system32\aswBoot.exe
    2015-10-02 10:21 - 2015-10-02 10:21 - 00043112 _____ (AVAST Software) E:\WINDOWS\avastSS.scr
    2015-09-21 15:20 - 2015-09-21 15:20 - 00000000 ____D E:\Documents and Settings\Spartan\Application Data\HMYGSetting
    2015-09-21 15:18 - 2015-09-21 15:18 - 00000000 ____D E:\Program Files\Common Files\Wondershare
    2015-09-21 15:18 - 2015-09-21 15:18 - 00000000 ____D E:\Documents and Settings\Spartan\Local Settings\Application Data\Wondershare
    2015-09-21 15:17 - 2015-09-23 01:47 - 00000000 ___HD E:\Program Files\DrFoneAndroid_Temp
    2015-09-21 15:17 - 2015-09-21 15:20 - 00000000 ____D E:\Documents and Settings\All Users\Application Data\Wondershare
    2015-09-21 15:17 - 2015-09-21 15:17 - 00000000 ____D E:\Documents and Settings\Spartan\Application Data\Wondershare
    2015-09-18 19:11 - 2015-09-18 19:11 - 00001024 ____H E:\SYSTAG.BIN

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-10-18 19:16 - 2014-10-02 21:33 - 00000000 ____D E:\Documents and Settings\Spartan\Local Settings\Temp
    2015-10-18 19:00 - 2012-07-20 11:06 - 00032566 _____ E:\WINDOWS\SchedLgU.Txt
    2015-10-18 19:00 - 2012-07-20 11:06 - 00000006 ____H E:\WINDOWS\Tasks\SA.DAT
    2015-10-18 18:55 - 2014-10-12 01:14 - 00170200 ____C (Malwarebytes) E:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2015-10-18 18:55 - 2014-07-07 02:13 - 00121560 _____ (Malwarebytes) E:\WINDOWS\system32\Drivers\mbamchameleon.sys
    2015-10-18 18:45 - 2012-07-20 11:44 - 00592924 ____C E:\WINDOWS\system32\PerfStringBackup.INI
    2015-10-18 18:42 - 2015-08-20 04:08 - 00000000 ____D E:\Documents and Settings\Spartan\Local Settings\Application Data\HTC MediaHub
    2015-10-18 18:41 - 2014-07-08 22:28 - 00000882 _____ E:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    2015-10-18 18:41 - 2014-07-07 02:09 - 00000364 ____H E:\WINDOWS\Tasks\avast! Emergency Update.job
    2015-10-18 18:41 - 2012-07-20 11:47 - 00000159 ____C E:\WINDOWS\wiadebug.log
    2015-10-18 18:41 - 2012-07-20 11:47 - 00000050 ____C E:\WINDOWS\wiaservc.log
    2015-10-18 18:41 - 2012-07-20 11:24 - 00081409 ____C E:\WINDOWS\system32\nvapps.xml
    2015-10-18 18:40 - 2012-07-20 11:24 - 00000000 ____D E:\WINDOWS\nview
    2015-10-18 18:40 - 2012-07-20 11:07 - 00000178 __SHC E:\Documents and Settings\Spartan\ntuser.ini
    2015-10-18 18:40 - 2012-07-20 11:07 - 00000000 ____D E:\Documents and Settings\Spartan
    2015-10-18 18:40 - 2012-07-20 10:57 - 02067330 ____C E:\WINDOWS\WindowsUpdate.log
    2015-10-18 18:28 - 2014-07-07 02:36 - 00065536 _____ E:\WINDOWS\system32\config\OAlerts.evt
    2015-10-18 18:28 - 2001-10-05 01:16 - 00002206 ____C E:\WINDOWS\system32\wpa.dbl
    2015-10-18 18:22 - 2014-07-08 22:28 - 00000886 _____ E:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    2015-10-18 12:54 - 2015-02-19 14:05 - 00000410 _____ E:\WINDOWS\brwmark.ini
    2015-10-14 14:45 - 2014-07-09 18:39 - 00000000 ____D E:\Documents and Settings\Spartan\Application Data\vlc
    2015-10-14 13:09 - 2015-07-29 13:34 - 00629269 _____ E:\WINDOWS\setupapi.log
    2015-10-09 01:52 - 2012-07-20 11:06 - 00000000 ____D E:\Documents and Settings\LocalService\Local Settings\Temp
    2015-10-06 16:11 - 2015-08-05 17:22 - 00000000 ____D E:\Documents and Settings\Spartan\My Documents\Outlook Files
    2015-10-05 01:25 - 2014-10-05 19:28 - 00000000 ____D E:\Documents and Settings\All Users\Start Menu\Programs\Google Drive
    2015-10-05 01:25 - 2014-10-05 18:46 - 00001767 _____ E:\Documents and Settings\All Users\Desktop\Google Slides.lnk
    2015-10-05 01:25 - 2014-10-05 18:46 - 00001765 _____ E:\Documents and Settings\All Users\Desktop\Google Sheets.lnk
    2015-10-05 01:25 - 2014-10-05 18:46 - 00001755 _____ E:\Documents and Settings\All Users\Desktop\Google Docs.lnk
    2015-10-02 10:22 - 2015-07-29 13:34 - 00157888 _____ (AVAST Software) E:\WINDOWS\system32\Drivers\aswStmXP.sys
    2015-10-02 10:22 - 2014-09-30 07:29 - 00175362 ____C E:\WINDOWS\Wdf01009Inst.log
    2015-10-02 10:22 - 2014-07-07 02:48 - 00024016 _____ (AVAST Software) E:\WINDOWS\system32\Drivers\aswHwid.sys
    2015-10-02 10:22 - 2014-07-07 02:09 - 00434184 _____ (AVAST Software) E:\WINDOWS\system32\Drivers\aswSP.sys
    2015-10-02 10:22 - 2014-07-07 02:09 - 00208664 _____ (AVAST Software) E:\WINDOWS\system32\Drivers\aswVmm.sys
    2015-10-02 10:22 - 2014-07-07 02:09 - 00076000 _____ (AVAST Software) E:\WINDOWS\system32\Drivers\aswMonFlt.sys
    2015-10-02 10:22 - 2014-07-07 02:09 - 00057888 _____ (AVAST Software) E:\WINDOWS\system32\Drivers\aswTdi.sys
    2015-10-02 10:22 - 2014-07-07 02:09 - 00055200 _____ (AVAST Software) E:\WINDOWS\system32\Drivers\aswRdr.sys
    2015-10-02 10:22 - 2014-07-07 02:09 - 00049776 _____ (AVAST Software) E:\WINDOWS\system32\Drivers\aswRvrt.sys
    2015-10-02 10:21 - 2014-07-07 02:09 - 00789296 _____ (AVAST Software) E:\WINDOWS\system32\Drivers\aswSnx.sys
    2015-09-29 00:23 - 2014-07-08 22:31 - 00001813 _____ E:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
    2015-09-23 01:43 - 2013-11-05 18:36 - 00028118 _____ E:\WINDOWS\setupact.log
    2015-09-22 23:11 - 2014-07-07 02:14 - 00000000 ____D E:\Documents and Settings\Spartan\Application Data\BitComet
    2015-09-22 21:55 - 2014-09-30 07:22 - 00000000 ____D E:\Documents and Settings\Spartan\Local Settings\Application Data\Downloaded Installations
    2015-09-19 19:50 - 2012-07-20 11:22 - 00000000 ____D E:\Documents and Settings\Spartan\Local Settings\Application Data\Google
    2015-09-18 19:11 - 2014-09-12 13:59 - 00000082 ____C E:\WINDOWS\system32\winsevr.dat
    2015-09-18 19:11 - 2014-09-12 13:59 - 00000000 ____D E:\Program Files\AOMEI Backupper Standard Edition 2.0.2
    2015-09-18 19:11 - 2014-09-12 13:59 - 00000000 ____D E:\Documents and Settings\All Users\Application Data\AomeiBR

    ==================== Files in the root of some directories =======

    2012-07-20 11:10 - 2014-09-06 21:30 - 0030208 ____C () E:\Documents and Settings\Spartan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    Some files in TEMP:
    ====================
    E:\Documents and Settings\Spartan\Local Settings\Temp\dllnt_dump.dll
    E:\Documents and Settings\Spartan\Local Settings\Temp\i4jdel0.exe


    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    E:\WINDOWS\explorer.exe => File is digitally signed
    E:\WINDOWS\system32\winlogon.exe => File is digitally signed
    E:\WINDOWS\system32\svchost.exe => File is digitally signed
    E:\WINDOWS\system32\services.exe => File is digitally signed
    E:\WINDOWS\system32\User32.dll => File is digitally signed
    E:\WINDOWS\system32\userinit.exe => File is digitally signed
    E:\WINDOWS\system32\rpcss.dll => File is digitally signed
    E:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    E:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

    ==================== End of FRST.txt ============================
     
  2. morphy201180

    morphy201180 TS Enthusiast Topic Starter Posts: 79

    Additional scan result of Farbar Recovery Scan Tool (x86) Version:18-10-2015
    Ran by Spartan (2015-10-18 19:17:07)
    Running from C:\
    Microsoft Windows XP Professional Service Pack 3 (X86) (2012-07-20 10:00:24)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-1078081533-1659004503-725345543-500 - Administrator - Enabled)
    ASPNET (S-1-5-21-1078081533-1659004503-725345543-1005 - Limited - Enabled)
    Guest (S-1-5-21-1078081533-1659004503-725345543-501 - Limited - Enabled)
    HelpAssistant (S-1-5-21-1078081533-1659004503-725345543-1000 - Limited - Disabled)
    Spartan (S-1-5-21-1078081533-1659004503-725345543-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Spartan
    SUPPORT_388945a0 (S-1-5-21-1078081533-1659004503-725345543-1002 - Limited - Disabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: AVG Anti-Virus Free Edition 2012 (Enabled - Up to date) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    AV: avast! Antivirus (Enabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.8.0.870 - Adobe Systems Incorporated)
    Adobe Flash Player 15 ActiveX & Plugin (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.152 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
    AOMEI Backupper Standard Edition 2.0.2 (HKLM\...\{A83692F5-3E9B-4E95-9E7E-B5DF5536C09F}_is1) (Version: - AOMEI Technology Co., Ltd.)
    Avast Free Antivirus (HKLM\...\Avast) (Version: 10.4.2233 - AVAST Software)
    BitComet 1.39 (HKLM\...\BitComet) (Version: 1.39 - CometNetwork)
    BitTorrent (HKU\S-1-5-21-1078081533-1659004503-725345543-1003\...\BitTorrent) (Version: 7.9.3.40761 - BitTorrent Inc.)
    Bonjour (HKLM\...\{2A981294-F14C-4F0F-9627-D793270922F8}) (Version: 2.0.4.0 - Apple Inc.)
    Broadcom Gigabit Integrated Controller (HKLM\...\{FC57FC53-104C-415C-98D7-B05E659461A9}) (Version: 10.50.03 - Broadcom Corporation)
    Bulk Rename Utility 2.7.1.3 (HKLM\...\Bulk Rename Utility_is1) (Version: - TGRMN Software)
    DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
    Free YouTube to MP3 Converter version 3.12.61.805 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.61.805 - DVDVideoSoft Ltd.)
    Google Chrome (HKLM\...\Google Chrome) (Version: 45.0.2454.101 - Google Inc.)
    Google Drive (HKLM\...\{CF772DD2-4767-49AE-B764-EACA6F6CD9AE}) (Version: 1.25.0286.7715 - Google, Inc.)
    Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (Version: 1.3.28.15 - Google Inc.) Hidden
    HTC Driver Installer (HKLM\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.16.0.001 - HTC Corporation)
    HTC Sync Manager (HKLM\...\{231D0C79-98A6-4693-A366-36DE7D7346EC}) (Version: 3.1.54.2 - HTC)
    IPTInstaller (HKLM\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
    Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
    JavaFX 2.1.1 (HKLM\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
    Lagarith Lossless Codec (1.3.27) (HKLM\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version: - )
    Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
    Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
    Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
    Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
    Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft User-Mode Driver Framework Feature Pack 1.0 (Beta2) (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{2af972c7-13b0-4978-92a8-fee26a4fb4e9}) (Version: 12.0.21005.1 - Корпорация Майкрософт)
    Mp3tag v2.55a (HKLM\...\Mp3tag) (Version: v2.55a - Florian Heidenreich)
    MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
    NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.57.35 - NVIDIA Corporation)
    Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
    SAM CoDeC Pack (HKLM\...\SAM CoDeC Pack) (Version: 5.60 - www.SamLab.ws)
    SigmaTel Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 5.10.4820.0 - SigmaTel)
    Subsonic (HKLM\...\Subsonic) (Version: - )
    Support and Drivers (HKLM\...\Support and Drivers 1.4.1.4) (Version: 1.4.1.4 - Drivers et Pilotes)
    Support and Drivers (Version: 1.4.1.4 - Drivers et Pilotes) Hidden
    SyncBack (HKLM\...\SyncBack_is1) (Version: - 2BrightSparks)
    SyncBackFree (HKLM\...\SyncBackFree_is1) (Version: 6.3.7.0 - 2BrightSparks)
    TeraCopy 2.27 (HKLM\...\TeraCopy_is1) (Version: - Code Sector)
    Ut Video Codec Suite (HKLM\...\utvideo_is1) (Version: 14.2.0 - UMEZAWA Takeshi)
    Virtual DJ - Atomix Productions (HKLM\...\Virtual DJ - Atomix Productions) (Version: - )
    VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
    WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
    Winamp (HKLM\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
    Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
    WinRAR 4.20 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
    x264vfw - H.264/MPEG-4 AVC codec (remove only) (HKLM\...\x264vfw) (Version: - )
    XML Paper Specification Shared Components Pack 1.0 (Version: - Microsoft Corporation) Hidden
    Xvid MPEG-4 Video Codec (HKLM\...\Xvid_is1) (Version: - )

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-1078081533-1659004503-725345543-1003_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> E:\Documents and Settings\Spartan\Local Settings\Application Data\Google\Update\1.3.21.135\psuser.dl (the data entry has 12 more characters).
    CustomCLSID: HKU\S-1-5-21-1078081533-1659004503-725345543-1003_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> E:\Documents and Settings\Spartan\Local Settings\Application Data\Google\Update\1.3.21.145\psuser.dl (the data entry has 12 more characters).
    CustomCLSID: HKU\S-1-5-21-1078081533-1659004503-725345543-1003_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> E:\Documents and Settings\Spartan\Local Settings\Application Data\Google\Update\1.3.21.123\psuser.dl (the data entry has 12 more characters).
    CustomCLSID: HKU\S-1-5-21-1078081533-1659004503-725345543-1003_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> E:\Documents and Settings\Spartan\Local Settings\Application Data\Google\Update\1.3.21.153\psuser.dl (the data entry has 12 more characters).
    CustomCLSID: HKU\S-1-5-21-1078081533-1659004503-725345543-1003_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> E:\Documents and Settings\Spartan\Local Settings\Application Data\Google\Update\1.3.21.149\psuser.dl (the data entry has 12 more characters).
    CustomCLSID: HKU\S-1-5-21-1078081533-1659004503-725345543-1003_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> E:\Documents and Settings\Spartan\Local Settings\Application Data\Google\Update\1.3.22.3\psuser.dll (the data entry has 10 more characters).
    CustomCLSID: HKU\S-1-5-21-1078081533-1659004503-725345543-1003_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> E:\Documents and Settings\Spartan\Local Settings\Application Data\Google\Update\1.3.21.165\psuser.dl (the data entry has 12 more characters).
    CustomCLSID: HKU\S-1-5-21-1078081533-1659004503-725345543-1003_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> E:\Documents and Settings\Spartan\Local Settings\Application Data\Google\Update\1.3.21.115\psuser.dl (the data entry has 12 more characters).
    CustomCLSID: HKU\S-1-5-21-1078081533-1659004503-725345543-1003_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> E:\Documents and Settings\Spartan\Local Settings\Application Data\Google\Update\1.3.21.111\psuser.dl (the data entry has 12 more characters).

    ==================== Restore Points =========================


    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: E:\WINDOWS\Tasks\avast! Emergency Update.job => E:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
    Task: E:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => E:\Program Files\Google\Update\GoogleUpdate.exe
    Task: E:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => E:\Program Files\Google\Update\GoogleUpdate.exe
    Task: E:\WINDOWS\Tasks\SyncBackFree Supernatural.job => E:\Program Files\2BrightSparks\SyncBackFree\SyncBackFree.exe-m Supernatural E:\Program Files\2BrightSparks\SyncBackFreeSpartan!Task created by SyncBackFree.exe

    ==================== Loaded Modules (Whitelisted) ==============

    2015-07-29 13:34 - 2015-10-02 10:21 - 00103376 _____ () E:\Program Files\AVAST Software\Avast\log.dll
    2015-07-29 13:34 - 2015-10-02 10:21 - 00123976 _____ () E:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
    2015-10-18 18:31 - 2015-10-18 18:31 - 02994032 _____ () E:\Program Files\AVAST Software\Avast\defs\15101801\algo.dll
    2010-01-09 20:18 - 2010-01-09 20:18 - 04254560 _____ () E:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
    2010-01-21 01:34 - 2010-01-21 01:34 - 08793952 _____ () C:\Office14\1033\GrooveIntlResource.dll
    2013-11-18 17:32 - 2011-10-26 18:41 - 00305664 _____ () E:\Program Files\TeraCopy\TeraCopyExt.dll
    2012-07-20 11:24 - 2006-10-03 14:07 - 00196608 _____ () E:\WINDOWS\system32\nvapi.dll
    2012-07-20 11:24 - 2006-10-03 14:07 - 00466944 _____ () E:\WINDOWS\system32\nvshell.dll
    2013-11-18 17:32 - 2011-10-26 18:41 - 00325120 _____ () E:\Program Files\TeraCopy\TeraCopy.dll
    2014-09-12 13:59 - 2014-08-21 11:23 - 00270040 _____ () E:\Program Files\AOMEI Backupper Standard Edition 2.0.2\UiLogic.dll
    2014-09-12 13:59 - 2014-08-21 11:22 - 00229080 _____ () E:\Program Files\AOMEI Backupper Standard Edition 2.0.2\diskmgr.dll
    2014-09-12 13:59 - 2014-08-21 11:22 - 00265944 _____ () E:\Program Files\AOMEI Backupper Standard Edition 2.0.2\Comn.dll
    2014-09-12 13:59 - 2014-08-21 11:23 - 00077528 _____ () E:\Program Files\AOMEI Backupper Standard Edition 2.0.2\Ldm.dll
    2014-09-12 13:59 - 2014-08-21 11:22 - 00061144 _____ () E:\Program Files\AOMEI Backupper Standard Edition 2.0.2\Device.dll
    2014-09-12 13:59 - 2014-08-21 11:22 - 00257752 _____ () E:\Program Files\AOMEI Backupper Standard Edition 2.0.2\BrFat.dll
    2014-09-12 13:59 - 2014-08-21 11:22 - 00376536 _____ () E:\Program Files\AOMEI Backupper Standard Edition 2.0.2\BrNtfs.dll
    2014-09-12 13:59 - 2014-08-21 11:22 - 00106200 _____ () E:\Program Files\AOMEI Backupper Standard Edition 2.0.2\FuncLogic.dll
    2014-09-12 13:59 - 2014-08-21 11:22 - 00233176 _____ () E:\Program Files\AOMEI Backupper Standard Edition 2.0.2\Clone.dll
    2014-09-12 13:59 - 2014-08-21 11:23 - 00335576 _____ () E:\Program Files\AOMEI Backupper Standard Edition 2.0.2\ImgFile.dll
    2014-09-12 13:59 - 2014-08-21 11:22 - 00028376 _____ () E:\Program Files\AOMEI Backupper Standard Edition 2.0.2\Encrypt.dll
    2014-09-12 13:59 - 2014-08-21 11:22 - 00073432 _____ () E:\Program Files\AOMEI Backupper Standard Edition 2.0.2\Compress.dll
    2014-09-12 13:59 - 2014-08-21 11:22 - 00093912 _____ () E:\Program Files\AOMEI Backupper Standard Edition 2.0.2\BrVol.dll
    2014-09-12 13:59 - 2014-08-21 11:22 - 00188120 _____ () E:\Program Files\AOMEI Backupper Standard Edition 2.0.2\GptBcd.dll
    2014-09-12 13:59 - 2014-08-21 11:22 - 00147160 _____ () E:\Program Files\AOMEI Backupper Standard Edition 2.0.2\FlBackup.dll
    2014-09-12 13:59 - 2014-08-21 11:22 - 00478936 _____ () E:\Program Files\AOMEI Backupper Standard Edition 2.0.2\EnumFolder.dll
    2014-09-12 13:59 - 2014-08-21 11:22 - 00102104 _____ () E:\Program Files\AOMEI Backupper Standard Edition 2.0.2\Backup.dll
    2014-09-12 13:59 - 2014-08-21 11:22 - 00098008 _____ () E:\Program Files\AOMEI Backupper Standard Edition 2.0.2\BrLog.dll
    2014-09-12 13:59 - 2013-01-17 17:38 - 02403504 _____ () E:\Program Files\AOMEI Backupper Standard Edition 2.0.2\QtCore4.dll
    2015-07-14 15:35 - 2015-07-14 15:35 - 00030720 _____ () C:\Program Files\DbAccess.dll
    2015-07-14 15:35 - 2015-07-14 15:35 - 00607016 _____ () C:\Program Files\sqlite3.dll
    2015-07-14 15:36 - 2015-07-14 15:36 - 00059392 _____ () C:\Program Files\NAdvLog.dll
    2015-07-14 15:35 - 2015-07-14 15:35 - 00035864 _____ () C:\Program Files\NFileCacheDBAccess.dll
    2015-07-14 15:36 - 2015-07-14 15:36 - 00079888 _____ () C:\Program Files\ninstallerhelper.dll
    2015-07-14 15:37 - 2015-07-14 15:37 - 00129016 _____ () C:\Program Files\zlib1.dll
    2015-07-14 15:39 - 2015-07-14 15:39 - 00223240 _____ () C:\Program Files\DevConnMon.dll
    2015-07-14 15:37 - 2015-07-14 15:37 - 00821240 _____ () C:\Program Files\HTC Sync\adb.exe
    2013-10-17 15:27 - 2013-10-17 15:27 - 00166912 _____ () E:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
    2013-04-17 21:26 - 2013-04-17 21:26 - 00259584 _____ () E:\Program Files\Subsonic\subsonic-service.exe
    2015-07-24 07:25 - 2015-10-02 10:22 - 40539648 _____ () E:\Program Files\AVAST Software\Avast\libcef.dll
    2013-04-17 21:26 - 2013-04-17 21:26 - 00253952 _____ () E:\Program Files\Subsonic\subsonic-agent.exe

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE trusted site: HKU\S-1-5-21-1078081533-1659004503-725345543-1003\...\dell.com -> dell.com


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-1078081533-1659004503-725345543-1003\Control Panel\Desktop\\Wallpaper -> E:\Documents and Settings\Spartan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    DNS Servers: 192.168.0.1
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)


    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    DomainProfile\AuthorizedApplications: [E:\Program Files\Winamp\winamp.exe] => Enabled:Winamp
    DomainProfile\AuthorizedApplications: [E:\Program Files\HTC\HTC Sync Manager\HTCSyncManager.exe] => Enabled:HTCSyncManager
    DomainProfile\AuthorizedApplications: [C:\HTCSyncManager.exe] => Enabled:HTCSyncManager
    DomainProfile\AuthorizedApplications: [C:\Program Files\HTCSyncManager.exe] => Enabled:HTCSyncManager
    StandardProfile\AuthorizedApplications: [E:\Program Files\XBMC\XBMC.exe] => Enabled:XBMC
    StandardProfile\AuthorizedApplications: [E:\Program Files\AVG\AVG2012\avgmfapx.exe] => Enabled:AVG Installer
    StandardProfile\AuthorizedApplications: [E:\Program Files\Team MediaPortal\MediaPortal TV Server\TvService.exe] => Enabled:MediaPortal TV Server
    StandardProfile\AuthorizedApplications: [E:\Program Files\Team MediaPortal\MediaPortal\MediaPortal.exe] => Enabled:MediaPortal
    StandardProfile\AuthorizedApplications: [E:\Program Files\Team MediaPortal\MediaPortal TV Server\SetupTv.exe] => Enabled:MediaPortal TV Setup
    StandardProfile\AuthorizedApplications: [E:\Program Files\Bonjour\mDNSResponder.exe] => Enabled:Bonjour Service
    StandardProfile\AuthorizedApplications: [E:\WINDOWS\system32\javaw.exe] => Enabled:Java(TM) Platform SE binary
    StandardProfile\AuthorizedApplications: [E:\Program Files\Subsonic\subsonic-service.exe] => Enabled:Subsonic Service
    StandardProfile\AuthorizedApplications: [E:\Program Files\Subsonic\subsonic-agent.exe] => Enabled:Subsonic Agent
    StandardProfile\AuthorizedApplications: [E:\Program Files\Subsonic\subsonic-agent-elevated.exe] => Enabled:Subsonic Agent (Elevated)
    StandardProfile\AuthorizedApplications: [E:\Program Files\Plex\Plex Media Center\Plex.exe] => Enabled:plex Media Center
    StandardProfile\AuthorizedApplications: [E:\Documents and Settings\Spartan\Application Data\BitTorrent\BitTorrent.exe] => Enabled:BitTorrent
    StandardProfile\AuthorizedApplications: [E:\Program Files\Winamp\winamp.exe] => Enabled:Winamp
    StandardProfile\AuthorizedApplications: [E:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
    StandardProfile\AuthorizedApplications: [E:\Program Files\HTC\HTC Sync Manager\HTCSyncManager.exe] => Enabled:HTCSyncManager
    StandardProfile\AuthorizedApplications: [C:\HTCSyncManager.exe] => Enabled:HTCSyncManager
    StandardProfile\AuthorizedApplications: [C:\Program Files\BitTorrent.exe] => Enabled:BitTorrent
    StandardProfile\AuthorizedApplications: [C:\Program Files\BitComet\BitComet.exe] => Enabled:BitComet.exe
    StandardProfile\AuthorizedApplications: [C:\Program Files\HTCSyncManager.exe] => Enabled:HTCSyncManager
    DomainProfile\GloballyOpenPorts: [139:TCP] => Enabled:mad:xpsp2res.dll,-22004
    DomainProfile\GloballyOpenPorts: [445:TCP] => Enabled:mad:xpsp2res.dll,-22005
    DomainProfile\GloballyOpenPorts: [137:UDP] => Enabled:mad:xpsp2res.dll,-22001
    DomainProfile\GloballyOpenPorts: [138:UDP] => Enabled:mad:xpsp2res.dll,-22002
    DomainProfile\GloballyOpenPorts: [3389:TCP] => Enabled:mad:xpsp2res.dll,-22009
    StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
    StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
    StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
    StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Enabled:mad:xpsp2res.dll,-22002
    StandardProfile\GloballyOpenPorts: [3306:TCP] => Enabled:MySQL
    StandardProfile\GloballyOpenPorts: [3389:TCP] => Enabled:mad:xpsp2res.dll,-22009
    StandardProfile\GloballyOpenPorts: [18741:TCP] => Enabled:BitComet 18741 TCP
    StandardProfile\GloballyOpenPorts: [18741:UDP] => Enabled:BitComet 18741 UDP
    StandardProfile\GloballyOpenPorts: [25800:TCP] => Enabled:BitCometBeta 25800 TCP
    StandardProfile\GloballyOpenPorts: [25800:UDP] => Enabled:BitCometBeta 25800 UDP

    ==================== Faulty Device Manager Devices =============

    Name: A2PS1GP2 IDE Controller
    Description: A2PS1GP2 IDE Controller
    Class Guid: {4D36E97B-E325-11CE-BFC1-08002BE10318}
    Manufacturer: (Standard mass storage controllers)
    Service: a4yy8xcs
    Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
    Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
    Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (10/18/2015 06:48:39 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong

    Error: (10/18/2015 06:48:39 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong

    Error: (10/18/2015 06:27:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong

    Error: (10/18/2015 11:29:35 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong

    Error: (10/18/2015 11:29:35 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong

    Error: (10/18/2015 11:08:12 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong

    Error: (10/18/2015 11:08:12 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong

    Error: (10/18/2015 10:55:12 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong

    Error: (10/18/2015 10:55:12 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong

    Error: (10/18/2015 10:53:40 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong


    System errors:
    =============
    Error: (10/18/2015 06:41:31 PM) (Source: 0) (EventID: 1) (User: )
    Description: 0xC0000001HarddiskVolume2

    Error: (10/18/2015 06:41:24 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    atapi
    PCIIde

    Error: (10/09/2015 01:52:30 AM) (Source: 0) (EventID: 4307) (User: )
    Description:

    Error: (10/09/2015 01:48:09 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Subsonic service terminated unexpectedly. It has done this 1 time(s).

    Error: (10/09/2015 01:48:09 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Internet Pass-Through Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.

    Error: (10/09/2015 01:48:09 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).

    Error: (10/09/2015 01:48:08 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).

    Error: (10/09/2015 01:48:08 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).

    Error: (10/09/2015 01:48:08 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The AOMEI Backupper Scheduler Service service terminated unexpectedly. It has done this 1 time(s).

    Error: (10/09/2015 01:48:08 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The HTCMonitorService service terminated unexpectedly. It has done this 1 time(s).


    ==================== Memory info ===========================

    Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 5600+
    Percentage of memory in use: 24%
    Total physical RAM: 3518.36 MB
    Available physical RAM: 2656.28 MB
    Total Virtual: 5405.44 MB
    Available Virtual: 4861.42 MB

    ==================== Drives ================================

    Drive c: (Max's Hard Drive) (Fixed) (Total:1853.25 GB) (Free:970.59 GB) NTFS ==>[drive with boot components (Windows XP)]
    Drive e: () (Fixed) (Total:9.76 GB) (Free:0.02 GB) NTFS
    Drive h: (CD2) (CDROM) (Total:0.59 GB) (Free:0 GB) CDFS
    Drive j: (Movie Drive and Back up) (Fixed) (Total:931.51 GB) (Free:116.72 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 3BF95568)
    Partition 1: (Not Active) - (Size=9.8 GB) - (Type=OF Extended)
    Partition 2: (Active) - (Size=1853.2 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 1 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: CBCE2081)
    Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

    ==================== End of Addition.txt ============================
     
  3. Broni

    Broni Malware Annihilator Posts: 52,884   +344

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===================================

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2
    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
    [​IMG] Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
    NOTE. If you already have MBAM 2.0 installed scroll down.
    • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
    • Click Finish.
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.
    If you already have MBAM 2.0 installed:
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.
    How to get logs:
    (Export log to save as txt)
    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Export'.
    • Click 'Text file (*.txt)'
    • In the Save File dialog box which appears, click on Desktop.
    • In the File name: box type a name for your scan log.
    • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
    • Click Ok
    • Attach that saved log to your next reply.
    (Copy to clipboard for pasting into forum replies or tickets)
    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Copy to Clipboard'
    • Paste the contents of the clipboard into your reply.
    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.
    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
     
  4. morphy201180

    morphy201180 TS Enthusiast Topic Starter Posts: 79

    Please see the results of the logs. Rogue killer didnt detect anything so the log was blank.

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 18/10/2015
    Scan Time: 20:39:50
    Logfile: mbam.txt
    Administrator: Yes

    Version: 2.2.0.1024
    Malware Database: v2015.10.18.04
    Rootkit Database: v2015.10.16.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows XP Service Pack 3
    CPU: x86
    File System: NTFS
    User: Spartan

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 318965
    Time Elapsed: 5 min, 15 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 1
    PUP.Optional.Conduit, E:\Documents and Settings\Spartan\Local Settings\Application Data\Google\Chrome\User Data\Default\Secure Preferences, Good: ("session":{"restore_on_startup":4,"startup_urls":["https://www.malwarebytes.org/restorebrowser/"]}}), Bad: ("session":{"restore_on_startup":4,"startup_urls":["http://search.conduit.com/?ctid=CT3...=SP9BDA504E-851E-4E1F-BC5C-F26C898B87B9&SSPV=","http://search.conduit.com/?ctid=CT3...=SP9BC0CE04-ABAF-4544-98E9-149FDA8EA4C0&SSPV=","http://websearch.exitingsearch.info...&hid=7143877000232757666&lg=EN&cc=GB&unqvl=50","http://search.conduit.com/?ctid=CT3...=SPC0E83CDB-49D3-495A-833C-DCDF59A2424D&SSPV=","http://www.msn.com/?pc=AV01","http://search.conduit.com/?ctid=CT3...=SP6B6F3D42-F44F-4D92-8DAF-929D8489F182&SSPV=","https://uk.yahoo.com/?fr=hp-avast&type=avastbcl"]},"sync":{"remaining_rollback_tries":0}}), Replaced,[4e1eff595c2f1c1ab6abf47d3bc96f91]

    Physical Sectors: 0
    (No malicious items detected)


    (end)

    # AdwCleaner v5.014 - Logfile created 18/10/2015 at 20:49:32
    # Updated 18/10/2015 by Xplode
    # Database : 2015-10-18.5 [Server]
    # Operating system : Microsoft Windows XP Service Pack 3 (x86)
    # Username : Spartan - SPARTACUS
    # Running from : E:\Documents and Settings\Spartan\Desktop\adwcleaner_5.014.exe
    # Option : Cleaning
    # Support : http://toolslib.net/forum

    ***** [ Services ] *****


    ***** [ Folders ] *****


    ***** [ Files ] *****

    [-] File Deleted : E:\Documents and Settings\Spartan\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_websearch.exitingsearch.info_0.localstorage
    [-] File Deleted : E:\Documents and Settings\Spartan\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_websearch.exitingsearch.info_0.localstorage-journal

    ***** [ DLLs ] *****


    ***** [ Shortcuts ] *****


    ***** [ Scheduled tasks ] *****


    ***** [ Registry ] *****

    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{363F46BE-27B4-4C8D-99E7-B1E049B84376}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{90A9B7D2-3794-45EA-9E23-140E3938D2D9}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A753A1EC-973E-4718-AF8E-A3F554D45C44}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02AFA80F-4BEE-41FD-8572-214B58A9EF90}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
    [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
    [-] Key Deleted : HKU\.DEFAULT\Software\AVG Secure Search
    [-] Key Deleted : HKCU\Software\IGearSettings
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\464AA55239C100F32AF2D438EDDC0F47
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5652BA3D5FB98AE31B337BF0AF939856
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EB95E1AFCBABE3DB9ECCC669B99494

    ***** [ Web browsers ] *****

    [-] [E:\Documents and Settings\Spartan\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : uk.ask.com
    [-] [E:\Documents and Settings\Spartan\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : search.conduit.com
    [-] [E:\Documents and Settings\Spartan\Local Settings\Application Data\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] Deleted : hxxp://www.trovi.com/?gd=&ctid=CT3323924&octid=EB_ORIGINAL_CTID&ISID=MACBA25C6-6D57-4FFA-8F88-9B3E66A87213&SearchSource=55&CUI=&UM=6&UP=SP9BDA504E-851E-4E1F-BC5C-F26C898B87B9&SSPV=

    *************************

    :: Winsock settings cleared

    ########## EOF - E:\AdwCleaner\AdwCleaner[C1].txt - [3382 bytes] ##########

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 7.6.4 (09.28.2015:1)
    OS: Microsoft Windows XP x86
    Ran by Spartan on 18/10/2015 at 20:54:51.14
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Tasks



    ~~~ Registry Values



    ~~~ Registry Keys



    ~~~ Files



    ~~~ Folders

    Successfully deleted: [Folder] E:\WINDOWS\System32\ai_recyclebin



    ~~~ Chrome


    [E:\Documents and Settings\Spartan\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences] - default search provider reset

    [E:\Documents and Settings\Spartan\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

    [E:\Documents and Settings\Spartan\Local Settings\Application Data\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

    [E:\Documents and Settings\Spartan\Local Settings\Application Data\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
    []





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 18/10/2015 at 20:57:16.78
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  5. Broni

    Broni Malware Annihilator Posts: 52,884   +344

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  6. morphy201180

    morphy201180 TS Enthusiast Topic Starter Posts: 79

    When I try to run combo fix it says that it can detect avg scanner running but I do not have AVG
     
  7. morphy201180

    morphy201180 TS Enthusiast Topic Starter Posts: 79

    Combo fix log

    ComboFix 15-10-15.01 - Spartan 18/10/2015 21:42:13.1.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3518.1972 [GMT 1:00]
    Running from: e:\documents and settings\Spartan\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    e:\windows\system32\Cache
    e:\windows\system32\Cache\26c630d098e22dd5.fb
    e:\windows\system32\Cache\272512937d9e61a4.fb
    e:\windows\system32\Cache\287204568329e189.fb
    e:\windows\system32\Cache\28bc8f716fd76a47.fb
    e:\windows\system32\Cache\2c53092c95605355.fb
    e:\windows\system32\Cache\31a0997e9a5b5eb3.fb
    e:\windows\system32\Cache\32c84fe32bb74d60.fb
    e:\windows\system32\Cache\3917078cb68ec657.fb
    e:\windows\system32\Cache\44426d243f33153b.fb
    e:\windows\system32\Cache\45e1358c99e84bd0.fb
    e:\windows\system32\Cache\57ace658b503d1c2.fb
    e:\windows\system32\Cache\590ba23ce359fd0c.fb
    e:\windows\system32\Cache\610289e025a3ee9a.fb
    e:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
    e:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
    e:\windows\system32\Cache\6d03dad1035885d3.fb
    e:\windows\system32\Cache\84994c250618a233.fb
    e:\windows\system32\Cache\95f567698be8a182.fb
    e:\windows\system32\Cache\a83b90561df23def.fb
    e:\windows\system32\Cache\a8556537add6dfc5.fb
    e:\windows\system32\Cache\ad10a52aff5e038d.fb
    e:\windows\system32\Cache\c1fa887b03019701.fb
    e:\windows\system32\Cache\c4d28dca2e7648be.fb
    e:\windows\system32\Cache\d201ef9910cd39de.fb
    e:\windows\system32\Cache\d2e94710a5708128.fb
    e:\windows\system32\Cache\d79b9dfe81484ec4.fb
    e:\windows\system32\Cache\f998975c9cc711ee.fb
    .
    .
    ((((((((((((((((((((((((( Files Created from 2015-09-18 to 2015-10-18 )))))))))))))))))))))))))))))))
    .
    .
    2015-10-18 19:48 . 2015-10-18 19:49 -------- d-----w- E:\AdwCleaner
    2015-10-18 18:16 . 2015-10-18 18:17 -------- d-----w- E:\FRST
    2015-10-18 17:55 . 2015-10-18 17:57 -------- d-----w- e:\documents and settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
    2015-10-18 17:44 . 2015-10-18 19:29 35064 ----a-w- e:\windows\system32\drivers\TrueSight.sys
    2015-10-18 17:44 . 2015-10-18 17:53 -------- d-----w- e:\documents and settings\All Users\Application Data\RogueKiller
    2015-10-14 12:09 . 2015-10-14 12:09 -------- d--h--w- e:\windows\PIF
    2015-10-02 09:22 . 2015-10-02 09:21 313472 ----a-w- e:\windows\system32\aswBoot.exe
    2015-10-02 09:21 . 2015-10-02 09:21 43112 ----a-w- e:\windows\avastSS.scr
    2015-09-21 14:20 . 2015-09-21 14:20 -------- d-----w- e:\documents and settings\Spartan\Application Data\HMYGSetting
    2015-09-21 14:18 . 2015-09-21 14:18 -------- d-----w- e:\documents and settings\Spartan\Local Settings\Application Data\Wondershare
    2015-09-21 14:18 . 2015-09-21 14:18 -------- d-----w- e:\program files\Common Files\Wondershare
    2015-09-21 14:17 . 2015-09-21 14:20 -------- d-----w- e:\documents and settings\All Users\Application Data\Wondershare
    2015-09-21 14:17 . 2015-09-23 00:47 -------- d--h--w- e:\program files\DrFoneAndroid_Temp
    2015-09-21 14:17 . 2015-09-21 14:17 -------- d-----w- e:\documents and settings\Spartan\Application Data\Wondershare
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2015-10-18 19:39 . 2014-10-12 00:14 170200 -c--a-w- e:\windows\system32\drivers\MBAMSwissArmy.sys
    2015-10-05 08:50 . 2014-07-07 01:13 121560 ----a-w- e:\windows\system32\drivers\mbamchameleon.sys
    2015-10-05 08:50 . 2014-07-07 01:13 23256 ----a-w- e:\windows\system32\drivers\mbam.sys
    2015-10-02 09:22 . 2015-07-29 12:34 157888 ----a-w- e:\windows\system32\drivers\aswStmXP.sys
    2015-10-02 09:22 . 2014-07-07 01:48 24016 ----a-w- e:\windows\system32\drivers\aswHwid.sys
    2015-10-02 09:22 . 2014-07-07 01:09 57888 ----a-w- e:\windows\system32\drivers\aswTdi.sys
    2015-10-02 09:22 . 2014-07-07 01:09 434184 ----a-w- e:\windows\system32\drivers\aswSP.sys
    2015-10-02 09:22 . 2014-07-07 01:09 208664 ----a-w- e:\windows\system32\drivers\aswVmm.sys
    2015-10-02 09:22 . 2014-07-07 01:09 76000 ----a-w- e:\windows\system32\drivers\aswMonFlt.sys
    2015-10-02 09:22 . 2014-07-07 01:09 55200 ----a-w- e:\windows\system32\drivers\aswRdr.sys
    2015-10-02 09:22 . 2014-07-07 01:09 49776 ----a-w- e:\windows\system32\drivers\aswRvrt.sys
    2015-10-02 09:21 . 2014-07-07 01:09 789296 ----a-w- e:\windows\system32\drivers\aswSnx.sys
    2015-08-05 02:53 . 2015-08-08 16:09 26640 ----a-w- e:\windows\system32\normaliz.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveBlacklisted]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
    2015-09-11 11:56 576840 ----a-w- e:\program files\Google\Drive\googledrivesync32.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveSynced]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
    2015-09-11 11:56 576840 ----a-w- e:\program files\Google\Drive\googledrivesync32.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveSyncing]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
    2015-09-11 11:56 576840 ----a-w- e:\program files\Google\Drive\googledrivesync32.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2015-10-02 09:21 696120 ----a-w- e:\program files\AVAST Software\Avast\ashShell.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DAEMON Tools Lite"="e:\program files\DAEMON Tools Lite\DTLite.exe" [2014-03-04 3696912]
    "GoogleDriveSync"="e:\program files\Google\Drive\googledrivesync.exe" [2015-09-11 22568208]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SigmatelSysTrayApp"="stsystra.exe" [2006-07-27 282624]
    "NvCplDaemon"="e:\windows\system32\NvCpl.dll" [2006-10-03 7630848]
    "nwiz"="nwiz.exe" [2006-10-03 1617920]
    "NvMediaCenter"="e:\windows\system32\NvMcTray.dll" [2006-10-03 86016]
    "AvastUI.exe"="e:\program files\AVAST Software\Avast\AvastUI.exe" [2015-10-02 6134544]
    "BCSSync"="c:\office14\BCSSync.exe" [2010-01-21 91520]
    "Adobe ARM"="e:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2015-07-07 998104]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="e:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
    .
    e:\documents and settings\All Users\Start Menu\Programs\Startup\
    Subsonic.lnk - e:\program files\Subsonic\subsonic-agent.exe [2013-4-17 253952]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "SoftwareSASGeneration"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "e:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "e:\\WINDOWS\\system32\\javaw.exe"=
    "e:\\Program Files\\Subsonic\\subsonic-service.exe"=
    "e:\\Program Files\\Subsonic\\subsonic-agent.exe"=
    "e:\\Program Files\\Subsonic\\subsonic-agent-elevated.exe"=
    "e:\\Program Files\\Winamp\\winamp.exe"=
    "e:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
    "c:\\Program Files\\BitTorrent.exe"=
    "c:\\Program Files\\BitComet\\BitComet.exe"=
    "c:\\Program Files\\HTCSyncManager.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3306:TCP"= 3306:TCP:MySQL
    "3389:TCP"= 3389:TCP:mad:xpsp2res.dll,-22009
    "18741:TCP"= 18741:TCP:BitComet 18741 TCP
    "18741:UDP"= 18741:UDP:BitComet 18741 UDP
    "25800:TCP"= 25800:TCP:BitCometBeta 25800 TCP
    "25800:UDP"= 25800:UDP:BitCometBeta 25800 UDP
    .
    R0 ambakdrv;ambakdrv;e:\windows\system32\ambakdrv.sys [9/12/2014 1:59 PM 26424]
    R0 aswRvrt;avast! Revert;e:\windows\system32\drivers\aswRvrt.sys [7/7/2014 2:09 AM 49776]
    R0 aswVmm;avast! VM Monitor;e:\windows\system32\drivers\aswVmm.sys [7/7/2014 2:09 AM 208664]
    R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
    R1 aswSnx;aswSnx;e:\windows\system32\drivers\aswSnx.sys [7/7/2014 2:09 AM 789296]
    R1 aswSP;aswSP;e:\windows\system32\drivers\aswSP.sys [7/7/2014 2:09 AM 434184]
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;e:\windows\system32\drivers\dtsoftbus01.sys [8/21/2014 4:45 PM 243128]
    R2 ammntdrv;ammntdrv;e:\windows\system32\ammntdrv.sys [9/12/2014 1:59 PM 129720]
    R2 amwrtdrv;amwrtdrv;e:\windows\system32\amwrtdrv.sys [9/12/2014 1:59 PM 14392]
    R2 aswHwid;avast! HardwareID;e:\windows\system32\drivers\aswHwid.sys [7/7/2014 2:48 AM 24016]
    R2 aswMonFlt;aswMonFlt;e:\windows\system32\drivers\aswMonFlt.sys [7/7/2014 2:09 AM 76000]
    R2 PassThru Service;Internet Pass-Through Service;e:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [10/17/2013 3:27 PM 166912]
    R3 aswStmXP;Avast StreamFilter Driver;e:\windows\system32\drivers\aswStmXP.sys [7/29/2015 1:34 PM 157888]
    R3 dc3d;MS Hardware Device Detection Driver (USB);e:\windows\system32\drivers\dc3d.sys [9/30/2014 7:28 AM 45288]
    R3 MBAMProtector;MBAMProtector;e:\windows\system32\drivers\mbam.sys [7/7/2014 2:13 AM 23256]
    S2 Backupper Service;AOMEI Backupper Scheduler Service;e:\program files\AOMEI Backupper Standard Edition 2.0.2\ABService.exe [9/12/2014 1:59 PM 29912]
    S2 HTCMonitorService;HTCMonitorService;c:\program files\HSMServiceEntry.exe [6/27/2014 10:24 AM 87368]
    S2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [8/8/2015 11:19 PM 1135416]
    S3 HTCAND32;HTC Device Driver;e:\windows\system32\drivers\ANDROIDUSB.sys [8/20/2015 4:04 AM 24576]
    S3 htcnprot;HTC NDIS Protocol Driver;e:\windows\system32\drivers\htcnprot.sys [10/17/2013 3:27 PM 21248]
    S3 qcserxp;HTC Diagnostic Port;e:\windows\system32\drivers\qcserxp.sys [7/31/2015 5:16 PM 103424]
    S3 WsDrvInst;Wondershare Driver Install Service;c:\program files\Dr.Fone for Android\DriverInstall.exe --> c:\program files\Dr.Fone for Android\DriverInstall.exe [?]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2015-09-28 23:23 997704 ----a-w- e:\program files\Google\Chrome\Application\45.0.2454.101\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2015-10-18 e:\windows\Tasks\avast! Emergency Update.job
    - e:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2015-10-02 09:21]
    .
    2015-10-18 e:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - e:\program files\Google\Update\GoogleUpdate.exe [2014-07-08 02:09]
    .
    2015-10-18 e:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - e:\program files\Google\Update\GoogleUpdate.exe [2014-07-08 02:09]
    .
    2013-02-08 e:\windows\Tasks\SyncBackFree Supernatural.job
    - e:\program files\2BrightSparks\SyncBackFree\SyncBackFree.exe [2013-02-05 13:45]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com
    mStart Page = hxxp://www.google.com
    mSearch Bar = hxxp://www.google.com
    uInternet Settings,ProxyOverride = *.local
    IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
    IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
    IE: E&xport to Microsoft Excel - c:\office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\office14\ONBttnIE.dll/105
    Trusted Zone: dell.com
    TCP: DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{4C30C0C2-C813-4332-BD76-ED8A21061772}: NameServer = 192.168.0.1
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - e:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
    e:\documents and settings\All Users\Start Menu\Programs\Startup\Plex.lnk - e:\program files\Plex\Plex Media Center\Plex.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2015-10-18 21:45
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-1078081533-1659004503-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)
    .
    Completion time: 2015-10-18 21:46:23
    ComboFix-quarantined-files.txt 2015-10-18 20:46
    .
    Pre-Run: 404,951,040 bytes free
    Post-Run: 423,944,192 bytes free
    .
    - - End Of File - - C763531205B9D6F083CAB388A65783A3
    8F558EB6672622401DA993E1E865C861
     
  8. Broni

    Broni Malware Annihilator Posts: 52,884   +344

    Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Make sure you checkmark Addition.txt box.
    • Press Scan button.
    • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
     
  9. morphy201180

    morphy201180 TS Enthusiast Topic Starter Posts: 79

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:18-10-2015
    Ran by Spartan (administrator) on SPARTACUS (18-10-2015 21:59:18)
    Running from E:\Documents and Settings\Spartan\Desktop
    Loaded Profiles: Spartan (Available Profiles: Spartan)
    Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
    Internet Explorer Version 6 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AVAST Software) E:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (AVAST Software) E:\Program Files\AVAST Software\Avast\AvastUI.exe
    (Microsoft Corporation) E:\WINDOWS\system32\wbem\unsecapp.exe
    () E:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
    (Google Inc.) E:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) E:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) E:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) E:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) E:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) E:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) E:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) E:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) E:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) E:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) E:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) E:\Program Files\Google\Chrome\Application\chrome.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [SigmatelSysTrayApp] => E:\WINDOWS\stsystra.exe [282624 2006-07-27] (SigmaTel, Inc.)
    HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
    HKLM\...\Run: [nwiz] => nwiz.exe /install
    HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    HKLM\...\Run: [AvastUI.exe] => E:\Program Files\AVAST Software\Avast\AvastUI.exe [6134544 2015-10-02] (AVAST Software)
    HKLM\...\Run: [BCSSync] => C:\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
    HKLM\...\Run: [Adobe ARM] => E:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [998104 2015-07-07] (Adobe Systems Incorporated)
    HKU\S-1-5-21-1078081533-1659004503-725345543-1003\...\Run: [DAEMON Tools Lite] => E:\Program Files\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
    HKU\S-1-5-21-1078081533-1659004503-725345543-1003\...\Run: [GoogleDriveSync] => E:\Program Files\Google\Drive\googledrivesync.exe [22568208 2015-09-11] (Google)
    ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => E:\Program Files\Google\Drive\googledrivesync32.dll [2015-09-11] (Google)
    ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => E:\Program Files\Google\Drive\googledrivesync32.dll [2015-09-11] (Google)
    ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => E:\Program Files\Google\Drive\googledrivesync32.dll [2015-09-11] (Google)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => E:\Program Files\AVAST Software\Avast\ashShell.dll [2015-10-02] (AVAST Software)
    ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
    Startup: E:\Documents and Settings\All Users\Start Menu\Programs\Startup\Subsonic.lnk [2013-05-11]
    ShortcutTarget: Subsonic.lnk -> E:\Program Files\Subsonic\subsonic-agent.exe ()

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Winsock: Catalog5 04 E:\Program Files\Bonjour\mdnsNSP.dll [152864 2010-10-07] (Apple Inc.)
    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
    Tcpip\..\Interfaces\{4C30C0C2-C813-4332-BD76-ED8A21061772}: [NameServer] 192.168.0.1
    Tcpip\..\Interfaces\{7375FB1F-F5B3-4D7F-96FD-146750802B92}: [DhcpNameServer] 192.168.0.1

    Internet Explorer:
    ==================
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\S-1-5-21-1078081533-1659004503-725345543-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
    HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\S-1-5-21-1078081533-1659004503-725345543-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    URLSearchHook: HKU\S-1-5-21-1078081533-1659004503-725345543-1003 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - E:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
    BHO: BitComet Helper -> {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} -> C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll [2013-11-29] (BitComet)
    BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> E:\Program Files\Java\jre7\bin\ssv.dll [2014-10-18] (Oracle Corporation)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> E:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-10-18] (Oracle Corporation)

    FireFox:
    ========
    FF Plugin: @adobe.com/FlashPlayer -> E:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll [2014-09-09] ()
    FF Plugin: @java.com/DTPlugin,version=10.71.2 -> E:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-10-18] (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> E:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-10-18] (Oracle Corporation)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> E:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
    FF Plugin: @microsoft.com/WPF,version=3.5 -> E:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
    FF Plugin: @tools.google.com/Google Update;version=3 -> E:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-18] (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 -> E:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-18] (Google Inc.)
    FF Plugin: @videolan.org/vlc,version=2.1.3 -> E:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
    FF Plugin: @videolan.org/vlc,version=2.1.5 -> E:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
    FF Plugin: @videolan.org/vlc,version=2.2.1 -> E:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
    FF Plugin: Adobe Reader -> E:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
    FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - E:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF Extension: Microsoft .NET Framework Assistant - E:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-02-11] [not signed]
    FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - E:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: Avast Online Security - E:\Program Files\AVAST Software\Avast\WebRep\FF [2014-07-07] [not signed]

    Chrome:
    =======
    CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3323924&octid=EB_ORIGINAL_CTID&ISID=MACBA25C6-6D57-4FFA-8F88-9B3E66A87213&SearchSource=55&CUI=&UM=6&UP=SP9BDA504E-851E-4E1F-BC5C-F26C898B87B9&SSPV=
    CHR StartupUrls: Default -> "hxxp://search.conduit.com/?ctid=CT3325290&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=5&UP=SP9BDA504E-851E-4E1F-BC5C-F26C898B87B9&SSPV=","hxxp://search.conduit.com/?ctid=CT3325290&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=5&UP=SP9BC0CE04-ABAF-4544-98E9-149FDA8EA4C0&SSPV=","hxxp://websearch.exitingsearch.info/?pid=2644&r=2014/03/22&hid=7143877000232757666&lg=EN&cc=GB&unqvl=50","hxxp://search.conduit.com/?ctid=CT3325290&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=5&UP=SPC0E83CDB-49D3-495A-833C-DCDF59A2424D&SSPV=","hxxp://www.msn.com/?pc=AV01","hxxp://search.conduit.com/?ctid=CT3325290&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=5&UP=SP6B6F3D42-F44F-4D92-8DAF-929D8489F182&SSPV=","hxxps://uk.yahoo.com/?fr=hp-avast&type=avastbcl"
    CHR Profile: E:\Documents and Settings\Spartan\Local Settings\Application Data\Google\Chrome\User Data\Default
    CHR Extension: (Google Docs) - E:\Documents and Settings\Spartan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-08]
    CHR Extension: (Google Drive) - E:\Documents and Settings\Spartan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-08]
    CHR Extension: (Google Voice Search Hotword (Beta)) - E:\Documents and Settings\Spartan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-07-29]
    CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - E:\Documents and Settings\Spartan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2015-07-29]
    CHR Extension: (YouTube) - E:\Documents and Settings\Spartan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-08]
    CHR Extension: (Google Search) - E:\Documents and Settings\Spartan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-08]
    CHR Extension: (Google Docs Offline) - E:\Documents and Settings\Spartan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-17]
    CHR Extension: (Avast Online Security) - E:\Documents and Settings\Spartan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-07-08]
    CHR Extension: (Chrome Hotword Shared Module) - E:\Documents and Settings\Spartan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-24]
    CHR Extension: (Application Launcher for Drive (by Google)) - E:\Documents and Settings\Spartan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-08]
    CHR Extension: (Chrome Web Store Payments) - E:\Documents and Settings\Spartan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-08]
    CHR Extension: (Gmail) - E:\Documents and Settings\Spartan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-08]
    CHR HKLM\...\Chrome\Extension: [dhigneefebkcagnpnpbibganpmfgebnk] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - E:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-07-29]
    CHR HKU\S-1-5-21-1078081533-1659004503-725345543-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 avast! Antivirus; E:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-10-02] (AVAST Software)
    S2 Backupper Service; E:\Program Files\AOMEI Backupper Standard Edition 2.0.2\ABService.exe [29912 2014-08-21] (AOMEI Tech Co., Ltd.)
    S2 HTCMonitorService; C:\Program Files\HSMServiceEntry.exe [87368 2014-06-27] (Nero AG)
    S2 JavaQuickStarterService; E:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-10-18] (Oracle Corporation)
    S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
    S3 Microsoft SharePoint Workspace Audit Service; C:\Office14\GROOVE.EXE [30963576 2010-01-21] (Microsoft Corporation)
    R2 PassThru Service; E:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
    S2 Subsonic; E:\Program Files\Subsonic\subsonic-service.exe [259584 2013-04-17] () [File not signed]
    S3 WmdmPmSN; C:\WINDOWS\system32\mspmsnsv.dll [X]
    S3 WsDrvInst; C:\Program Files\Dr.Fone for Android\DriverInstall.exe [X]

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R0 ambakdrv; E:\WINDOWS\System32\ambakdrv.sys [26424 2014-08-19] () [File not signed]
    R1 AmdK8; E:\WINDOWS\System32\DRIVERS\AmdK8.sys [36864 2006-07-02] (Advanced Micro Devices)
    R2 ammntdrv; E:\WINDOWS\system32\ammntdrv.sys [129720 2014-08-19] () [File not signed]
    R2 amwrtdrv; E:\WINDOWS\system32\amwrtdrv.sys [14392 2014-08-19] () [File not signed]
    R2 aswHwid; E:\WINDOWS\system32\drivers\aswHwid.sys [24016 2015-10-02] (AVAST Software)
    R2 aswMonFlt; E:\WINDOWS\system32\drivers\aswMonFlt.sys [76000 2015-10-02] (AVAST Software)
    R1 aswRdr; E:\WINDOWS\system32\drivers\aswRdr.sys [55200 2015-10-02] (AVAST Software)
    R0 aswRvrt; E:\WINDOWS\system32\Drivers\aswRvrt.sys [49776 2015-10-02] (AVAST Software)
    R1 aswSnx; E:\WINDOWS\system32\drivers\aswSnx.sys [789296 2015-10-02] (AVAST Software)
    R1 aswSP; E:\WINDOWS\system32\drivers\aswSP.sys [434184 2015-10-02] (AVAST Software)
    R3 aswStmXP; E:\WINDOWS\system32\drivers\aswStmXP.sys [157888 2015-10-02] (AVAST Software)
    S3 aswTdi; E:\WINDOWS\system32\drivers\aswTdi.sys [57888 2015-10-02] (AVAST Software)
    R0 aswVmm; E:\WINDOWS\system32\Drivers\aswVmm.sys [208664 2015-10-02] (AVAST Software)
    R1 dtsoftbus01; E:\WINDOWS\System32\DRIVERS\dtsoftbus01.sys [243128 2014-08-21] (Disc Soft Ltd)
    R3 MBAMProtector; E:\WINDOWS\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
    R0 nvata; E:\WINDOWS\System32\DRIVERS\nvata.sys [105472 2007-08-25] (NVIDIA Corporation)
    S3 qcserxp; E:\WINDOWS\System32\DRIVERS\qcserxp.sys [103424 2009-01-24] (QUALCOMM Incorporated)
    S3 rtl8139; E:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2008-04-13] (Realtek Semiconductor Corporation)
    R3 serenum; E:\WINDOWS\System32\DRIVERS\nuvserenum.sys [17920 2014-01-12] (Windows (R) Win 7 DDK provider)
    R3 Serial; E:\WINDOWS\System32\DRIVERS\nuvserial.sys [76288 2014-01-12] (Nuvoton Technology Corp.)
    R0 sptd; E:\WINDOWS\System32\Drivers\sptd.sys [320120 2014-07-24] (Duplex Secure Ltd.)
    R3 STHDA; E:\WINDOWS\System32\drivers\sthda.sys [1171464 2006-07-27] (SigmaTel, Inc.)
    U3 a3vdfb38; E:\WINDOWS\system32\Drivers\a3vdfb38.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
    U3 catchme; \??\E:\DOCUME~1\Spartan\LOCALS~1\Temp\catchme.sys [X]
    S4 IntelIde; no ImagePath
    S3 lmimirr; system32\DRIVERS\lmimirr.sys [X]
    U3 mbr; \??\E:\ComboFix\mbr.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-10-18 21:59 - 2015-10-18 21:59 - 00017311 _____ E:\Documents and Settings\Spartan\Desktop\FRST.txt
    2015-10-18 21:58 - 2015-10-18 21:58 - 01700864 _____ (Farbar) E:\Documents and Settings\Spartan\Desktop\FRST.exe
    2015-10-18 21:46 - 2015-10-18 21:59 - 00000000 ____D E:\Documents and Settings\Spartan\Local Settings\temp
    2015-10-18 21:46 - 2015-10-18 21:46 - 00013496 _____ E:\ComboFix.txt
    2015-10-18 21:46 - 2015-10-18 21:46 - 00000000 ____D E:\Documents and Settings\NetworkService\Local Settings\temp
    2015-10-18 21:24 - 2015-10-18 21:24 - 05636101 ____R (Swearware) E:\Documents and Settings\Spartan\Desktop\ComboFix.exe
    2015-10-18 20:57 - 2015-10-18 20:57 - 00001279 _____ E:\Documents and Settings\Spartan\Desktop\JRT.txt
    2015-10-18 20:54 - 2015-10-18 20:54 - 01801288 _____ (Malwarebytes) E:\Documents and Settings\Spartan\Desktop\JRT.exe
    2015-10-18 20:53 - 2015-10-18 20:53 - 00003461 _____ E:\Documents and Settings\Spartan\Desktop\AdwCleaner[C1].txt
    2015-10-18 20:48 - 2015-10-18 20:49 - 00000000 ____D E:\AdwCleaner
    2015-10-18 20:47 - 2015-10-18 20:47 - 01691648 _____ E:\Documents and Settings\Spartan\Desktop\adwcleaner_5.014.exe
    2015-10-18 20:37 - 2015-10-18 20:37 - 22908888 _____ (Malwarebytes ) E:\Documents and Settings\Spartan\Desktop\mbam-setup-2.2.0.1024.exe
    2015-10-18 20:35 - 2015-10-18 20:35 - 00000002 _____ E:\Documents and Settings\Spartan\Desktop\rk.txt
    2015-10-18 20:28 - 2015-10-18 20:28 - 18832456 _____ E:\Documents and Settings\Spartan\Desktop\RogueKiller.exe
    2015-10-18 19:16 - 2015-10-18 21:59 - 00000000 ____D E:\FRST
    2015-10-18 18:59 - 2011-06-26 07:45 - 00256000 _____ E:\WINDOWS\PEV.exe
    2015-10-18 18:59 - 2010-11-07 18:20 - 00208896 _____ E:\WINDOWS\MBR.exe
    2015-10-18 18:59 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) E:\WINDOWS\NIRCMD.exe
    2015-10-18 18:59 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) E:\WINDOWS\SWREG.exe
    2015-10-18 18:59 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) E:\WINDOWS\SWSC.exe
    2015-10-18 18:59 - 2000-08-31 01:00 - 00212480 _____ (SteelWerX) E:\WINDOWS\SWXCACLS.exe
    2015-10-18 18:59 - 2000-08-31 01:00 - 00098816 _____ E:\WINDOWS\sed.exe
    2015-10-18 18:59 - 2000-08-31 01:00 - 00080412 _____ E:\WINDOWS\grep.exe
    2015-10-18 18:59 - 2000-08-31 01:00 - 00068096 _____ E:\WINDOWS\zip.exe
    2015-10-18 18:58 - 2015-10-18 21:46 - 00000000 ____D E:\Qoobox
    2015-10-18 18:58 - 2015-10-18 21:45 - 00000000 ____D E:\WINDOWS\erdnt
    2015-10-18 18:55 - 2015-10-18 18:57 - 00000000 ____D E:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
    2015-10-18 18:44 - 2015-10-18 20:29 - 00035064 _____ E:\WINDOWS\system32\Drivers\TrueSight.sys
    2015-10-18 18:44 - 2015-10-18 18:53 - 00000000 ____D E:\Documents and Settings\All Users\Application Data\RogueKiller
    2015-10-14 13:09 - 2015-10-14 13:09 - 00000000 ___HD E:\WINDOWS\PIF
    2015-10-02 10:22 - 2015-10-02 10:21 - 00313472 _____ (AVAST Software) E:\WINDOWS\system32\aswBoot.exe
    2015-10-02 10:21 - 2015-10-02 10:21 - 00043112 _____ (AVAST Software) E:\WINDOWS\avastSS.scr
    2015-09-21 15:20 - 2015-09-21 15:20 - 00000000 ____D E:\Documents and Settings\Spartan\Application Data\HMYGSetting
    2015-09-21 15:18 - 2015-09-21 15:18 - 00000000 ____D E:\Program Files\Common Files\Wondershare
    2015-09-21 15:18 - 2015-09-21 15:18 - 00000000 ____D E:\Documents and Settings\Spartan\Local Settings\Application Data\Wondershare
    2015-09-21 15:17 - 2015-09-23 01:47 - 00000000 ___HD E:\Program Files\DrFoneAndroid_Temp
    2015-09-21 15:17 - 2015-09-21 15:20 - 00000000 ____D E:\Documents and Settings\All Users\Application Data\Wondershare
    2015-09-21 15:17 - 2015-09-21 15:17 - 00000000 ____D E:\Documents and Settings\Spartan\Application Data\Wondershare
    2015-09-18 19:11 - 2015-09-18 19:11 - 00001024 ____H E:\SYSTAG.BIN

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-10-18 21:46 - 2012-07-20 11:06 - 00000006 ____H E:\WINDOWS\Tasks\SA.DAT
    2015-10-18 21:46 - 2012-07-20 11:01 - 00000000 __SHD E:\Documents and Settings\NetworkService
    2015-10-18 21:45 - 2001-10-05 01:16 - 00000227 _____ E:\WINDOWS\system.ini
    2015-10-18 21:25 - 2012-07-20 11:06 - 00032566 _____ E:\WINDOWS\SchedLgU.Txt
    2015-10-18 21:22 - 2014-07-08 22:28 - 00000886 _____ E:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    2015-10-18 20:56 - 2014-07-07 02:09 - 00000364 ____H E:\WINDOWS\Tasks\avast! Emergency Update.job
    2015-10-18 20:51 - 2015-08-20 04:08 - 00000000 ____D E:\Documents and Settings\Spartan\Local Settings\Application Data\HTC MediaHub
    2015-10-18 20:51 - 2012-07-20 11:47 - 00000159 ____C E:\WINDOWS\wiadebug.log
    2015-10-18 20:51 - 2012-07-20 11:47 - 00000050 ____C E:\WINDOWS\wiaservc.log
    2015-10-18 20:51 - 2012-07-20 11:24 - 00081409 ____C E:\WINDOWS\system32\nvapps.xml
    2015-10-18 20:50 - 2014-07-08 22:28 - 00000882 _____ E:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    2015-10-18 20:49 - 2012-07-20 11:07 - 00000178 __SHC E:\Documents and Settings\Spartan\ntuser.ini
    2015-10-18 20:49 - 2012-07-20 11:07 - 00000000 ____D E:\Documents and Settings\Spartan
    2015-10-18 20:49 - 2012-07-20 10:57 - 02068098 ____C E:\WINDOWS\WindowsUpdate.log
    2015-10-18 20:39 - 2014-10-12 01:14 - 00170200 ____C (Malwarebytes) E:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2015-10-18 20:39 - 2014-07-07 02:13 - 00000702 _____ E:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    2015-10-18 20:39 - 2014-07-07 02:13 - 00000000 ____D E:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
    2015-10-18 20:28 - 2012-07-20 11:44 - 00592924 ____C E:\WINDOWS\system32\PerfStringBackup.INI
    2015-10-18 18:40 - 2012-07-20 11:24 - 00000000 ____D E:\WINDOWS\nview
    2015-10-18 18:28 - 2014-07-07 02:36 - 00065536 _____ E:\WINDOWS\system32\config\OAlerts.evt
    2015-10-18 18:28 - 2001-10-05 01:16 - 00002206 ____C E:\WINDOWS\system32\wpa.dbl
    2015-10-18 12:54 - 2015-02-19 14:05 - 00000410 _____ E:\WINDOWS\brwmark.ini
    2015-10-14 14:45 - 2014-07-09 18:39 - 00000000 ____D E:\Documents and Settings\Spartan\Application Data\vlc
    2015-10-14 13:09 - 2015-07-29 13:34 - 00629269 _____ E:\WINDOWS\setupapi.log
    2015-10-09 01:52 - 2012-07-20 11:06 - 00000000 ____D E:\Documents and Settings\LocalService\Local Settings\Temp
    2015-10-06 16:11 - 2015-08-05 17:22 - 00000000 ____D E:\Documents and Settings\Spartan\My Documents\Outlook Files
    2015-10-05 09:50 - 2014-07-07 02:13 - 00121560 _____ (Malwarebytes) E:\WINDOWS\system32\Drivers\mbamchameleon.sys
    2015-10-05 09:50 - 2014-07-07 02:13 - 00023256 _____ (Malwarebytes) E:\WINDOWS\system32\Drivers\mbam.sys
    2015-10-05 01:25 - 2014-10-05 19:28 - 00000000 ____D E:\Documents and Settings\All Users\Start Menu\Programs\Google Drive
    2015-10-05 01:25 - 2014-10-05 18:46 - 00001767 _____ E:\Documents and Settings\All Users\Desktop\Google Slides.lnk
    2015-10-05 01:25 - 2014-10-05 18:46 - 00001765 _____ E:\Documents and Settings\All Users\Desktop\Google Sheets.lnk
    2015-10-05 01:25 - 2014-10-05 18:46 - 00001755 _____ E:\Documents and Settings\All Users\Desktop\Google Docs.lnk
    2015-10-02 10:22 - 2015-07-29 13:34 - 00157888 _____ (AVAST Software) E:\WINDOWS\system32\Drivers\aswStmXP.sys
    2015-10-02 10:22 - 2014-09-30 07:29 - 00175362 ____C E:\WINDOWS\Wdf01009Inst.log
    2015-10-02 10:22 - 2014-07-07 02:48 - 00024016 _____ (AVAST Software) E:\WINDOWS\system32\Drivers\aswHwid.sys
    2015-10-02 10:22 - 2014-07-07 02:09 - 00434184 _____ (AVAST Software) E:\WINDOWS\system32\Drivers\aswSP.sys
    2015-10-02 10:22 - 2014-07-07 02:09 - 00208664 _____ (AVAST Software) E:\WINDOWS\system32\Drivers\aswVmm.sys
    2015-10-02 10:22 - 2014-07-07 02:09 - 00076000 _____ (AVAST Software) E:\WINDOWS\system32\Drivers\aswMonFlt.sys
    2015-10-02 10:22 - 2014-07-07 02:09 - 00057888 _____ (AVAST Software) E:\WINDOWS\system32\Drivers\aswTdi.sys
    2015-10-02 10:22 - 2014-07-07 02:09 - 00055200 _____ (AVAST Software) E:\WINDOWS\system32\Drivers\aswRdr.sys
    2015-10-02 10:22 - 2014-07-07 02:09 - 00049776 _____ (AVAST Software) E:\WINDOWS\system32\Drivers\aswRvrt.sys
    2015-10-02 10:21 - 2014-07-07 02:09 - 00789296 _____ (AVAST Software) E:\WINDOWS\system32\Drivers\aswSnx.sys
    2015-09-29 00:23 - 2014-07-08 22:31 - 00001813 _____ E:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
    2015-09-23 01:43 - 2013-11-05 18:36 - 00028118 _____ E:\WINDOWS\setupact.log
    2015-09-22 23:11 - 2014-07-07 02:14 - 00000000 ____D E:\Documents and Settings\Spartan\Application Data\BitComet
    2015-09-22 21:55 - 2014-09-30 07:22 - 00000000 ____D E:\Documents and Settings\Spartan\Local Settings\Application Data\Downloaded Installations
    2015-09-19 19:50 - 2012-07-20 11:22 - 00000000 ____D E:\Documents and Settings\Spartan\Local Settings\Application Data\Google
    2015-09-18 19:11 - 2014-09-12 13:59 - 00000082 ____C E:\WINDOWS\system32\winsevr.dat
    2015-09-18 19:11 - 2014-09-12 13:59 - 00000000 ____D E:\Program Files\AOMEI Backupper Standard Edition 2.0.2
    2015-09-18 19:11 - 2014-09-12 13:59 - 00000000 ____D E:\Documents and Settings\All Users\Application Data\AomeiBR

    ==================== Files in the root of some directories =======

    2012-07-20 11:10 - 2014-09-06 21:30 - 0030208 ____C () E:\Documents and Settings\Spartan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    E:\WINDOWS\explorer.exe => File is digitally signed
    E:\WINDOWS\system32\winlogon.exe => File is digitally signed
    E:\WINDOWS\system32\svchost.exe => File is digitally signed
    E:\WINDOWS\system32\services.exe => File is digitally signed
    E:\WINDOWS\system32\User32.dll => File is digitally signed
    E:\WINDOWS\system32\userinit.exe => File is digitally signed
    E:\WINDOWS\system32\rpcss.dll => File is digitally signed
    E:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    E:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

    ==================== End of FRST.txt ============================
     
  10. morphy201180

    morphy201180 TS Enthusiast Topic Starter Posts: 79

    Additional scan result of Farbar Recovery Scan Tool (x86) Version:18-10-2015
    Ran by Spartan (2015-10-18 22:00:00)
    Running from E:\Documents and Settings\Spartan\Desktop
    Microsoft Windows XP Professional Service Pack 3 (X86) (2012-07-20 10:00:24)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-1078081533-1659004503-725345543-500 - Administrator - Enabled)
    ASPNET (S-1-5-21-1078081533-1659004503-725345543-1005 - Limited - Enabled)
    Guest (S-1-5-21-1078081533-1659004503-725345543-501 - Limited - Enabled)
    HelpAssistant (S-1-5-21-1078081533-1659004503-725345543-1000 - Limited - Disabled)
    Spartan (S-1-5-21-1078081533-1659004503-725345543-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Spartan
    SUPPORT_388945a0 (S-1-5-21-1078081533-1659004503-725345543-1002 - Limited - Disabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: AVG Anti-Virus Free Edition 2012 (Enabled - Up to date) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    AV: avast! Antivirus (Enabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.8.0.870 - Adobe Systems Incorporated)
    Adobe Flash Player 15 ActiveX & Plugin (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.152 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
    AOMEI Backupper Standard Edition 2.0.2 (HKLM\...\{A83692F5-3E9B-4E95-9E7E-B5DF5536C09F}_is1) (Version: - AOMEI Technology Co., Ltd.)
    Avast Free Antivirus (HKLM\...\Avast) (Version: 10.4.2233 - AVAST Software)
    BitComet 1.39 (HKLM\...\BitComet) (Version: 1.39 - CometNetwork)
    BitTorrent (HKU\S-1-5-21-1078081533-1659004503-725345543-1003\...\BitTorrent) (Version: 7.9.3.40761 - BitTorrent Inc.)
    Bonjour (HKLM\...\{2A981294-F14C-4F0F-9627-D793270922F8}) (Version: 2.0.4.0 - Apple Inc.)
    Broadcom Gigabit Integrated Controller (HKLM\...\{FC57FC53-104C-415C-98D7-B05E659461A9}) (Version: 10.50.03 - Broadcom Corporation)
    Bulk Rename Utility 2.7.1.3 (HKLM\...\Bulk Rename Utility_is1) (Version: - TGRMN Software)
    DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
    Free YouTube to MP3 Converter version 3.12.61.805 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.61.805 - DVDVideoSoft Ltd.)
    Google Chrome (HKLM\...\Google Chrome) (Version: 45.0.2454.101 - Google Inc.)
    Google Drive (HKLM\...\{CF772DD2-4767-49AE-B764-EACA6F6CD9AE}) (Version: 1.25.0286.7715 - Google, Inc.)
    Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (Version: 1.3.28.15 - Google Inc.) Hidden
    HTC Driver Installer (HKLM\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.16.0.001 - HTC Corporation)
    HTC Sync Manager (HKLM\...\{231D0C79-98A6-4693-A366-36DE7D7346EC}) (Version: 3.1.54.2 - HTC)
    IPTInstaller (HKLM\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
    Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
    JavaFX 2.1.1 (HKLM\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
    Lagarith Lossless Codec (1.3.27) (HKLM\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version: - )
    Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
    Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
    Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
    Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
    Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft User-Mode Driver Framework Feature Pack 1.0 (Beta2) (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{2af972c7-13b0-4978-92a8-fee26a4fb4e9}) (Version: 12.0.21005.1 - Корпорация Майкрософт)
    Mp3tag v2.55a (HKLM\...\Mp3tag) (Version: v2.55a - Florian Heidenreich)
    MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
    NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.57.35 - NVIDIA Corporation)
    Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
    SAM CoDeC Pack (HKLM\...\SAM CoDeC Pack) (Version: 5.60 - www.SamLab.ws)
    SigmaTel Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 5.10.4820.0 - SigmaTel)
    Subsonic (HKLM\...\Subsonic) (Version: - )
    Support and Drivers (HKLM\...\Support and Drivers 1.4.1.4) (Version: 1.4.1.4 - Drivers et Pilotes)
    Support and Drivers (Version: 1.4.1.4 - Drivers et Pilotes) Hidden
    SyncBack (HKLM\...\SyncBack_is1) (Version: - 2BrightSparks)
    SyncBackFree (HKLM\...\SyncBackFree_is1) (Version: 6.3.7.0 - 2BrightSparks)
    TeraCopy 2.27 (HKLM\...\TeraCopy_is1) (Version: - Code Sector)
    Ut Video Codec Suite (HKLM\...\utvideo_is1) (Version: 14.2.0 - UMEZAWA Takeshi)
    Virtual DJ - Atomix Productions (HKLM\...\Virtual DJ - Atomix Productions) (Version: - )
    VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
    WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
    Winamp (HKLM\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
    Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
    WinRAR 4.20 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
    x264vfw - H.264/MPEG-4 AVC codec (remove only) (HKLM\...\x264vfw) (Version: - )
    XML Paper Specification Shared Components Pack 1.0 (Version: - Microsoft Corporation) Hidden
    Xvid MPEG-4 Video Codec (HKLM\...\Xvid_is1) (Version: - )

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-1078081533-1659004503-725345543-1003_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> E:\Documents and Settings\Spartan\Local Settings\Application Data\Google\Update\1.3.21.135\psuser.dl (the data entry has 12 more characters).
    CustomCLSID: HKU\S-1-5-21-1078081533-1659004503-725345543-1003_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> E:\Documents and Settings\Spartan\Local Settings\Application Data\Google\Update\1.3.21.145\psuser.dl (the data entry has 12 more characters).
    CustomCLSID: HKU\S-1-5-21-1078081533-1659004503-725345543-1003_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> E:\Documents and Settings\Spartan\Local Settings\Application Data\Google\Update\1.3.21.123\psuser.dl (the data entry has 12 more characters).
    CustomCLSID: HKU\S-1-5-21-1078081533-1659004503-725345543-1003_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> E:\Documents and Settings\Spartan\Local Settings\Application Data\Google\Update\1.3.21.153\psuser.dl (the data entry has 12 more characters).
    CustomCLSID: HKU\S-1-5-21-1078081533-1659004503-725345543-1003_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> E:\Documents and Settings\Spartan\Local Settings\Application Data\Google\Update\1.3.21.149\psuser.dl (the data entry has 12 more characters).
    CustomCLSID: HKU\S-1-5-21-1078081533-1659004503-725345543-1003_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> E:\Documents and Settings\Spartan\Local Settings\Application Data\Google\Update\1.3.22.3\psuser.dll (the data entry has 10 more characters).
    CustomCLSID: HKU\S-1-5-21-1078081533-1659004503-725345543-1003_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> E:\Documents and Settings\Spartan\Local Settings\Application Data\Google\Update\1.3.21.165\psuser.dl (the data entry has 12 more characters).
    CustomCLSID: HKU\S-1-5-21-1078081533-1659004503-725345543-1003_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> E:\Documents and Settings\Spartan\Local Settings\Application Data\Google\Update\1.3.21.115\psuser.dl (the data entry has 12 more characters).
    CustomCLSID: HKU\S-1-5-21-1078081533-1659004503-725345543-1003_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> E:\Documents and Settings\Spartan\Local Settings\Application Data\Google\Update\1.3.21.111\psuser.dl (the data entry has 12 more characters).

    ==================== Restore Points =========================

    18-10-2015 20:54:54 JRT Pre-Junkware Removal

    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2015-10-18 21:45 - 2015-10-18 21:45 - 00000027 ____A E:\WINDOWS\system32\Drivers\etc\hosts

    127.0.0.1 localhost

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: E:\WINDOWS\Tasks\avast! Emergency Update.job => E:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
    Task: E:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => E:\Program Files\Google\Update\GoogleUpdate.exe
    Task: E:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => E:\Program Files\Google\Update\GoogleUpdate.exe
    Task: E:\WINDOWS\Tasks\SyncBackFree Supernatural.job => E:\Program Files\2BrightSparks\SyncBackFree\SyncBackFree.exe-m Supernatural E:\Program Files\2BrightSparks\SyncBackFreeSpartan!Task created by SyncBackFree.exe

    ==================== Loaded Modules (Whitelisted) ==============

    2015-07-29 13:34 - 2015-10-02 10:21 - 00103376 _____ () E:\Program Files\AVAST Software\Avast\log.dll
    2015-07-29 13:34 - 2015-10-02 10:21 - 00123976 _____ () E:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
    2015-10-18 18:31 - 2015-10-18 18:31 - 02994032 _____ () E:\Program Files\AVAST Software\Avast\defs\15101801\algo.dll
    2015-07-24 07:25 - 2015-10-02 10:22 - 40539648 _____ () E:\Program Files\AVAST Software\Avast\libcef.dll
    2013-10-17 15:27 - 2013-10-17 15:27 - 00166912 _____ () E:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
    2010-01-09 20:18 - 2010-01-09 20:18 - 04254560 _____ () E:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
    2010-01-21 01:34 - 2010-01-21 01:34 - 08793952 _____ () C:\Office14\1033\GrooveIntlResource.dll
    2008-04-14 01:11 - 2008-04-14 01:11 - 00059904 _____ () E:\WINDOWS\system32\devenum.dll
    2008-04-14 01:12 - 2008-04-14 01:12 - 00014336 _____ () E:\WINDOWS\system32\msdmo.dll
    2015-09-29 00:23 - 2015-09-24 03:34 - 16487752 _____ () E:\Program Files\Google\Chrome\Application\45.0.2454.101\PepperFlash\pepflashplayer.dll
    2014-07-09 20:11 - 2014-02-10 13:44 - 04592128 ____C () E:\Documents and Settings\Spartan\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
    2014-07-09 20:11 - 2014-02-10 13:44 - 00112128 ____C () E:\Documents and Settings\Spartan\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE trusted site: HKU\S-1-5-21-1078081533-1659004503-725345543-1003\...\dell.com -> dell.com


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-1078081533-1659004503-725345543-1003\Control Panel\Desktop\\Wallpaper -> E:\Documents and Settings\Spartan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    DNS Servers: 192.168.0.1
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)


    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    DomainProfile\AuthorizedApplications: [E:\Program Files\Winamp\winamp.exe] => Enabled:Winamp
    DomainProfile\AuthorizedApplications: [E:\Program Files\HTC\HTC Sync Manager\HTCSyncManager.exe] => Enabled:HTCSyncManager
    DomainProfile\AuthorizedApplications: [C:\HTCSyncManager.exe] => Enabled:HTCSyncManager
    DomainProfile\AuthorizedApplications: [C:\Program Files\HTCSyncManager.exe] => Enabled:HTCSyncManager
    StandardProfile\AuthorizedApplications: [E:\Program Files\Bonjour\mDNSResponder.exe] => Enabled:Bonjour Service
    StandardProfile\AuthorizedApplications: [E:\WINDOWS\system32\javaw.exe] => Enabled:Java(TM) Platform SE binary
    StandardProfile\AuthorizedApplications: [E:\Program Files\Subsonic\subsonic-service.exe] => Enabled:Subsonic Service
    StandardProfile\AuthorizedApplications: [E:\Program Files\Subsonic\subsonic-agent.exe] => Enabled:Subsonic Agent
    StandardProfile\AuthorizedApplications: [E:\Program Files\Subsonic\subsonic-agent-elevated.exe] => Enabled:Subsonic Agent (Elevated)
    StandardProfile\AuthorizedApplications: [E:\Program Files\Winamp\winamp.exe] => Enabled:Winamp
    StandardProfile\AuthorizedApplications: [E:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
    StandardProfile\AuthorizedApplications: [C:\Program Files\BitTorrent.exe] => Enabled:BitTorrent
    StandardProfile\AuthorizedApplications: [C:\Program Files\BitComet\BitComet.exe] => Enabled:BitComet.exe
    StandardProfile\AuthorizedApplications: [C:\Program Files\HTCSyncManager.exe] => Enabled:HTCSyncManager
    DomainProfile\GloballyOpenPorts: [139:TCP] => Enabled:mad:xpsp2res.dll,-22004
    DomainProfile\GloballyOpenPorts: [445:TCP] => Enabled:mad:xpsp2res.dll,-22005
    DomainProfile\GloballyOpenPorts: [137:UDP] => Enabled:mad:xpsp2res.dll,-22001
    DomainProfile\GloballyOpenPorts: [138:UDP] => Enabled:mad:xpsp2res.dll,-22002
    DomainProfile\GloballyOpenPorts: [3389:TCP] => Enabled:mad:xpsp2res.dll,-22009
    StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
    StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
    StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
    StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Enabled:mad:xpsp2res.dll,-22002
    StandardProfile\GloballyOpenPorts: [3306:TCP] => Enabled:MySQL
    StandardProfile\GloballyOpenPorts: [3389:TCP] => Enabled:mad:xpsp2res.dll,-22009
    StandardProfile\GloballyOpenPorts: [18741:TCP] => Enabled:BitComet 18741 TCP
    StandardProfile\GloballyOpenPorts: [18741:UDP] => Enabled:BitComet 18741 UDP
    StandardProfile\GloballyOpenPorts: [25800:TCP] => Enabled:BitCometBeta 25800 TCP
    StandardProfile\GloballyOpenPorts: [25800:UDP] => Enabled:BitCometBeta 25800 UDP

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (10/18/2015 08:42:39 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong

    Error: (10/18/2015 08:38:41 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application mbam.exe, version 2.3.55.0, faulting module msvcr100.dll, version 10.0.40219.325, fault address 0x0008d6fd.
    Processing media-specific event for [mbam.exe!ws!]

    Error: (10/18/2015 08:31:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong

    Error: (10/18/2015 08:23:58 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application , version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
    Processing media-specific event for [!ws!]

    Error: (10/18/2015 08:18:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong

    Error: (10/18/2015 06:48:39 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong

    Error: (10/18/2015 06:48:39 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong

    Error: (10/18/2015 06:27:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong

    Error: (10/18/2015 11:29:35 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong

    Error: (10/18/2015 11:29:35 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong


    System errors:
    =============
    Error: (10/18/2015 08:55:15 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Internet Pass-Through Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.

    Error: (10/18/2015 08:55:14 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Subsonic service terminated unexpectedly. It has done this 1 time(s).

    Error: (10/18/2015 08:55:14 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).

    Error: (10/18/2015 08:55:14 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The HTCMonitorService service terminated unexpectedly. It has done this 1 time(s).

    Error: (10/18/2015 08:55:14 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).

    Error: (10/18/2015 08:55:14 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).

    Error: (10/18/2015 08:55:14 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The AOMEI Backupper Scheduler Service service terminated unexpectedly. It has done this 1 time(s).

    Error: (10/18/2015 08:49:32 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s).

    Error: (10/18/2015 08:49:32 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Subsonic service terminated unexpectedly. It has done this 1 time(s).

    Error: (10/18/2015 08:49:32 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Internet Pass-Through Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.


    ==================== Memory info ===========================

    Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 5600+
    Percentage of memory in use: 45%
    Total physical RAM: 3518.36 MB
    Available physical RAM: 1913.4 MB
    Total Virtual: 5405.5 MB
    Available Virtual: 3766.37 MB

    ==================== Drives ================================

    Drive c: (Max's Hard Drive) (Fixed) (Total:1853.25 GB) (Free:970.59 GB) NTFS ==>[drive with boot components (Windows XP)]
    Drive e: () (Fixed) (Total:9.76 GB) (Free:0.4 GB) NTFS
    Drive h: (CD2) (CDROM) (Total:0.59 GB) (Free:0 GB) CDFS
    Drive j: (Movie Drive and Back up) (Fixed) (Total:931.51 GB) (Free:116.72 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 3BF95568)
    Partition 1: (Not Active) - (Size=9.8 GB) - (Type=OF Extended)
    Partition 2: (Active) - (Size=1853.2 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 1 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: CBCE2081)
    Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

    ==================== End of Addition.txt ============================
     
  11. Broni

    Broni Malware Annihilator Posts: 52,884   +344

    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
     

    Attached Files:

  12. morphy201180

    morphy201180 TS Enthusiast Topic Starter Posts: 79

    Fix result of Farbar Recovery Scan Tool (x86) Version:18-10-2015
    Ran by Spartan (2015-10-19 00:26:25) Run:1
    Running from E:\Documents and Settings\Spartan\Desktop
    Loaded Profiles: Spartan (Available Profiles: Spartan)
    Boot Mode: Normal

    ==============================================

    fixlist content:
    *****************
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\S-1-5-21-1078081533-1659004503-725345543-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3323924&octid=EB_ORIGINAL_CTID&ISID=MACBA25C6-6D57-4FFA-8F88-9B3E66A87213&SearchSource=55&CUI=&UM=6&UP=SP9BDA504E-851E-4E1F-BC5C-F26C898B87B9&SSPV=
    CHR StartupUrls: Default -> "hxxp://search.conduit.com/?ctid=CT3325290&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=5&UP=SP9BDA504E-851E-4E1F-BC5C-F26C898B87B9&SSPV=","hxxp://search.conduit.com/?ctid=CT3325290&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=5&UP=SP9BC0CE04-ABAF-4544-98E9-149FDA8EA4C0&SSPV=","hxxp://websearch.exitingsearch.info/?pid=2644&r=2014/03/22&hid=7143877000232757666&lg=EN&cc=GB&unqvl=50","hxxp://search.conduit.com/?ctid=CT3325290&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=5&UP=SPC0E83CDB-49D3-495A-833C-DCDF59A2424D&SSPV=","hxxp://www.msn.com/?pc=AV01","hxxp://search.conduit.com/?ctid=CT3325290&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=5&UP=SP6B6F3D42-F44F-4D92-8DAF-929D8489F182&SSPV=","hxxps://uk.yahoo.com/?fr=hp-avast&type=avastbcl"
    CHR HKLM\...\Chrome\Extension: [dhigneefebkcagnpnpbibganpmfgebnk] - hxxps://clients2.google.com/service/update2/crx
    CHR HKU\S-1-5-21-1078081533-1659004503-725345543-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
    S3 WmdmPmSN; C:\WINDOWS\system32\mspmsnsv.dll [X]
    S3 WsDrvInst; C:\Program Files\Dr.Fone for Android\DriverInstall.exe [X]
    U3 a3vdfb38; E:\WINDOWS\system32\Drivers\a3vdfb38.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
    U3 catchme; \??\E:\DOCUME~1\Spartan\LOCALS~1\Temp\catchme.sys [X]
    S4 IntelIde; no ImagePath
    S3 lmimirr; system32\DRIVERS\lmimirr.sys [X]
    U3 mbr; \??\E:\ComboFix\mbr.sys [X]
    E:\WINDOWS\system32\Drivers\a3vdfb38.sys
    2012-07-20 11:10 - 2014-09-06 21:30 - 0030208 ____C () E:\Documents and Settings\Spartan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    *****************

    "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
    "HKU\S-1-5-21-1078081533-1659004503-725345543-1003\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
    Chrome HomePage => removed successfully.
    Chrome StartupUrls => removed successfully.
    "HKLM\SOFTWARE\Google\Chrome\Extensions\dhigneefebkcagnpnpbibganpmfgebnk" => key removed successfully.
    "HKU\S-1-5-21-1078081533-1659004503-725345543-1003\SOFTWARE\Google\Chrome\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh" => key removed successfully.
    WmdmPmSN => service removed successfully.
    WsDrvInst => service removed successfully.
    a3vdfb38 => service removed successfully.
    catchme => service removed successfully.
    IntelIde => service removed successfully.
    lmimirr => service removed successfully.
    mbr => service removed successfully.
    Could not move "E:\WINDOWS\system32\Drivers\a3vdfb38.sys" => Scheduled to move on reboot.
    E:\Documents and Settings\Spartan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully

    Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-10-19 00:29:46)

    E:\WINDOWS\system32\Drivers\a3vdfb38.sys => is moved successfully

    ==== End of Fixlog 00:29:46 ====
     
  13. Broni

    Broni Malware Annihilator Posts: 52,884   +344

    If Avast still won't update reinstall it.

    Then...

    Last scans...

    [​IMG] Download Security Check from here or here and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
    NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


    [​IMG] Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services

    Press "Scan".
    It will create a log (FSS.txt) in the same directory the tool is run.
    Please copy and paste the log to your reply.


    [​IMG] Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    [​IMG] Download Sophos Free Virus Removal Tool and save it to your desktop.
    • Double click the icon and select Run
    • Click Next
    • Select I accept the terms in this license agreement, then click Next twice
    • Click Install
    • Click Finish to launch the program
    • Once the virus database has been updated click Start Scanning
    • If any threats are found click Details, then View log file... (bottom left hand corner)
    • Copy and paste the results in your reply
    • Close the Notepad document, close the Threat Details screen, then click Start cleanup
    • Click Exit to close the program
     
  14. morphy201180

    morphy201180 TS Enthusiast Topic Starter Posts: 79

    Results of screen317's Security Check version 1.009
    Windows XP Service Pack 3 x86
    Internet Explorer 6 Out of date!
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    AVG Anti-Virus Free Edition 2012
    avast! Antivirus
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    JavaFX 2.1.1
    Java 7 Update 71
    Java version 32-bit out of Date!
    Adobe Flash Player 15.0.0.152 Flash Player out of Date!
    Adobe Reader XI
    Google Chrome (45.0.2454.101)
    Google Chrome (45.0.2454.99)
    ````````Process Check: objlist.exe by Laurent````````
    AVAST Software Avast AvastSvc.exe
    AVAST Software Avast AvastUI.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive E:: 52% Defragment your hard drive soon! (Do NOT defrag if SSD!)
    ````````````````````End of Log``````````````````````

    Farbar Service Scanner Version: 26-07-2015
    Ran by Spartan (administrator) on 19-10-2015 at 02:28:06
    Running from "E:\Documents and Settings\Spartan\Desktop"
    Microsoft Windows XP Professional Service Pack 3 (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Policy:
    ========================


    Security Center:
    ============


    Windows Update:
    ============
    wuauserv Service is not running. Checking service configuration:
    The start type of wuauserv service is OK.
    The ImagePath of wuauserv service is OK.
    The ServiceDll of wuauserv service is OK.


    Windows Autoupdate Disabled Policy:
    ============================


    Other Services:
    ==============


    File Check:
    ========
    E:\WINDOWS\system32\dhcpcsvc.dll => File is digitally signed
    E:\WINDOWS\system32\Drivers\afd.sys => File is digitally signed
    E:\WINDOWS\system32\Drivers\netbt.sys => File is digitally signed
    E:\WINDOWS\system32\Drivers\tcpip.sys => File is digitally signed
    E:\WINDOWS\system32\Drivers\ipsec.sys => File is digitally signed
    E:\WINDOWS\system32\dnsrslvr.dll => File is digitally signed
    E:\WINDOWS\system32\ipnathlp.dll => File is digitally signed
    E:\WINDOWS\system32\netman.dll => File is digitally signed
    E:\WINDOWS\system32\wbem\WMIsvc.dll => File is digitally signed
    E:\WINDOWS\system32\srsvc.dll => File is digitally signed
    E:\WINDOWS\system32\Drivers\sr.sys => File is digitally signed
    E:\WINDOWS\system32\wscsvc.dll => File is digitally signed
    E:\WINDOWS\system32\wbem\WMIsvc.dll => File is digitally signed
    E:\WINDOWS\system32\wuauserv.dll => File is digitally signed
    E:\WINDOWS\system32\qmgr.dll => File is digitally signed
    E:\WINDOWS\system32\es.dll => File is digitally signed
    E:\WINDOWS\system32\cryptsvc.dll => File is digitally signed
    E:\WINDOWS\system32\svchost.exe => File is digitally signed
    E:\WINDOWS\system32\rpcss.dll => File is digitally signed
    E:\WINDOWS\system32\services.exe => File is digitally signed

    Extra List:
    =======
    aswTdi(9) Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
    0x09000000050000000100000002000000030000000400000009000000080000000600000007000000
    IpSec Tag value is correct.

    **** End of log ****

    2015-10-19 01:47:30.250 Sophos Virus Removal Tool version 2.5.4
    2015-10-19 01:47:30.250 Copyright (c) 2009-2014 Sophos Limited. All rights reserved.

    2015-10-19 01:47:30.250 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

    2015-10-19 01:47:30.250 Windows version 5.1 SP 3.0 Service Pack 3 build 2600 SM=0x100 PT=0x1 Win32
    2015-10-19 01:47:30.250 Checking for updates...
    2015-10-19 01:47:30.296 Update progress: proxy server not available
    2015-10-19 01:47:42.359 Option all = no
    2015-10-19 01:47:42.359 Option recurse = yes
    2015-10-19 01:47:42.359 Option archive = no
    2015-10-19 01:47:42.359 Option service = yes
    2015-10-19 01:47:42.359 Option confirm = yes
    2015-10-19 01:47:42.359 Option sxl = yes
    2015-10-19 01:47:42.359 Option max-data-age = 35
    2015-10-19 01:47:42.359 Option EnableSafeClean = yes
    2015-10-19 01:47:46.093 Option vdl-logging = yes
    2015-10-19 01:47:46.125 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
    2015-10-19 01:47:46.125 Machine ID: 928b0724285a445b99f2b5c7c4d52d62
    2015-10-19 01:47:46.125 Component SVRTcli.exe version 2.5.4
    2015-10-19 01:47:46.140 Component control.dll version 2.5.4
    2015-10-19 01:47:46.140 Component SVRTservice.exe version 2.5.4
    2015-10-19 01:47:46.140 Component engine\osdp.dll version 1.44.1.2230
    2015-10-19 01:47:46.140 Component engine\veex.dll version 3.63.0.2230
    2015-10-19 01:47:46.140 Component engine\savi.dll version 9.0.0.2230
    2015-10-19 01:47:46.140 Component rkdisk.dll version 1.5.30.0
    2015-10-19 01:47:46.140 Version info: Product version 2.5.4
    2015-10-19 01:47:46.140 Version info: Detection engine 3.63.0
    2015-10-19 01:47:46.140 Version info: Detection data 5.20
    2015-10-19 01:47:46.140 Version info: Build date 10/13/2015
    2015-10-19 01:47:46.140 Version info: Data files added 163
    2015-10-19 01:47:46.140 Version info: Last successful update (not yet updated)
    2015-10-19 01:47:50.250 Downloading updates...
    2015-10-19 01:47:50.250 Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0
    2015-10-19 01:47:50.250 Update progress: [I49502] Found supplement SAVIW32 LATEST
    2015-10-19 01:47:50.250 Update progress: [I49502] Found supplement IDE521 LATEST
    2015-10-19 01:47:50.250 Update progress: [I49502] Found supplement IDE522 LATEST
    2015-10-19 01:47:50.250 Update progress: [I49502] Found supplement IDE523 LATEST
    2015-10-19 01:47:50.250 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
    2015-10-19 01:47:50.250 Update progress: [I19463] Syncing product SAVIW32 61
    2015-10-19 01:47:51.265 Update progress: [I19463] Syncing product IDE521 142
    2015-10-19 01:47:51.484 Installing updates...
    2015-10-19 01:47:52.890 Error level 1
    2015-10-19 01:47:52.906 Update progress: [I19463] Syncing product IDE522 23
    2015-10-19 01:47:52.906 Update progress: [I19463] Syncing product IDE523 1
    2015-10-19 01:48:02.031 Update successful
    2015-10-19 01:48:16.656 Option all = no
    2015-10-19 01:48:16.656 Option recurse = yes
    2015-10-19 01:48:16.656 Option archive = no
    2015-10-19 01:48:16.656 Option service = yes
    2015-10-19 01:48:16.656 Option confirm = yes
    2015-10-19 01:48:16.656 Option sxl = yes
    2015-10-19 01:48:16.656 Option max-data-age = 35
    2015-10-19 01:48:16.656 Option EnableSafeClean = yes
    2015-10-19 01:48:16.734 Option vdl-logging = yes
    2015-10-19 01:48:16.734 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
    2015-10-19 01:48:16.734 Machine ID: 928b0724285a445b99f2b5c7c4d52d62
    2015-10-19 01:48:16.734 Component SVRTcli.exe version 2.5.4
    2015-10-19 01:48:16.734 Component control.dll version 2.5.4
    2015-10-19 01:48:16.734 Component SVRTservice.exe version 2.5.4
    2015-10-19 01:48:16.734 Component engine\osdp.dll version 1.44.1.2230
    2015-10-19 01:48:16.734 Component engine\veex.dll version 3.63.0.2230
    2015-10-19 01:48:16.734 Component engine\savi.dll version 9.0.0.2230
    2015-10-19 01:48:16.734 Component rkdisk.dll version 1.5.30.0
    2015-10-19 01:48:16.734 Version info: Product version 2.5.4
    2015-10-19 01:48:16.734 Version info: Detection engine 3.63.0
    2015-10-19 01:48:16.734 Version info: Detection data 5.20
    2015-10-19 01:48:16.734 Version info: Build date 10/13/2015
    2015-10-19 01:48:16.734 Version info: Data files added 163
    2015-10-19 01:48:16.734 Version info: Last successful update 10/19/2015 2:48:02 AM

    2015-10-19 03:19:14.703 Could not check C:\2015 hannah back up\Downloads\setup_3.3.63.exe (virus scan failed)
    2015-10-19 04:10:01.640 >>> Virus 'Mal/Generic-S' found in file C:\Downloads\Virtual DJ PRO v8.0.2265 + PlugIns Incl. Crack [TechTools.NET]\Virtual DJ PRO v8.0.2265 + PlugIns Incl. Crack [TechTools.NET]\Plug-Ins\SoundEffect\Lazer (from Multi-Flanger only)\MultiFlangerOption.exe
    2015-10-19 04:10:01.656 >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1078081533-1659004503-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
    2015-10-19 04:10:01.656 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
    2015-10-19 04:10:01.656 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
    2015-10-19 04:10:01.656 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500
    2015-10-19 04:10:01.656 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
    2015-10-19 04:10:01.671 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1208
    2015-10-19 04:19:10.343 Could not open E:\Documents and Settings\Spartan\Local Settings\Application Data\Google\Chrome\User Data\Default\Current Session
    2015-10-19 04:19:10.406 Could not check E:\Documents and Settings\Spartan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Rules\LOCK (virus scan failed)
    2015-10-19 04:19:10.421 Could not check E:\Documents and Settings\Spartan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension State\LOCK (virus scan failed)
    2015-10-19 04:19:14.484 Could not check E:\Documents and Settings\Spartan\Local Settings\Application Data\Google\Chrome\User Data\Default\File System\Origins\LOCK (virus scan failed)
    2015-10-19 04:19:14.515 Could not check E:\Documents and Settings\Spartan\Local Settings\Application Data\Google\Chrome\User Data\Default\GCM Store\LOCK (virus scan failed)
    2015-10-19 04:19:14.828 Could not check E:\Documents and Settings\Spartan\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\LOCK (virus scan failed)
    2015-10-19 04:19:18.609 Could not check E:\Documents and Settings\Spartan\Local Settings\Application Data\Google\Chrome\User Data\Default\Service Worker\Database\LOCK (virus scan failed)
    2015-10-19 04:19:18.687 Could not check E:\Documents and Settings\Spartan\Local Settings\Application Data\Google\Chrome\User Data\Default\Session Storage\LOCK (virus scan failed)
    2015-10-19 04:19:26.109 Could not check E:\Documents and Settings\Spartan\Local Settings\Application Data\Google\Drive\ip_lockfile (virus scan failed)
    2015-10-19 04:19:26.109 Could not check E:\Documents and Settings\Spartan\Local Settings\Application Data\Google\Drive\lockfile (virus scan failed)
    2015-10-19 04:19:26.171 Could not check E:\Documents and Settings\Spartan\Local Settings\Application Data\Google\Drive\user_default\lockfile (virus scan failed)
    2015-10-19 04:39:05.656 The following items will be cleaned up:
    2015-10-19 04:39:05.671 Mal/Generic-S
    2015-10-19 10:48:05.281 Threat 'Mal/Generic-S' has been cleaned up.
    2015-10-19 10:48:05.281 File "C:\Downloads\Virtual DJ PRO v8.0.2265 + PlugIns Incl. Crack [TechTools.NET]\Virtual DJ PRO v8.0.2265 + PlugIns Incl. Crack [TechTools.NET]\Plug-Ins\SoundEffect\Lazer (from Multi-Flanger only)\MultiFlangerOption.exe" belongs to malware 'Mal/Generic-S'.
    2015-10-19 10:48:05.281 File "C:\Downloads\Virtual DJ PRO v8.0.2265 + PlugIns Incl. Crack [TechTools.NET]\Virtual DJ PRO v8.0.2265 + PlugIns Incl. Crack [TechTools.NET]\Plug-Ins\SoundEffect\Lazer (from Multi-Flanger only)\MultiFlangerOption.exe" has been cleaned up.
    2015-10-19 10:48:05.281 Removal successful
    2015-10-19 10:48:05.312 Contents of SafeClean bin directory:
    2015-10-19 10:48:05.328 {
    2015-10-19 10:48:05.328 RecordID : "0000000000000001",
    2015-10-19 10:48:05.328 ItemType : "1",
    2015-10-19 10:48:05.328 Location : "C:\Downloads\Virtual DJ PRO v8.0.2265 + PlugIns Incl. Crack [TechTools.NET]\Virtual DJ PRO v8.0.2265 + PlugIns Incl. Crack [TechTools.NET]\Plug-Ins\SoundEffect\Lazer (from Multi-Flanger only)\",
    2015-10-19 10:48:05.328 FileName : "MultiFlangerOption.exe",
    2015-10-19 10:48:05.328 ThreatName : "Mal/Generic-S",
    2015-10-19 10:48:05.328 Checksum : "53ea009a4591eaaa76273d8781967a63ff82a32e3689eafeb57401bf7a2387cc",
    2015-10-19 10:48:05.328 TimeStamp : "Mon Oct 19 11:48:00 2015"
    2015-10-19 10:48:05.328 }
    2015-10-19 10:48:06.343 Error level 0
     
  15. Broni

    Broni Malware Annihilator Posts: 52,884   +344

    [​IMG] What about Avast? Working now?

    [​IMG] There are some AVG leftovers. Please run AVG Remover to remove them: http://www.avg.com/us-en/utilities

    [​IMG] Update Adobe Flash Player: http://get.adobe.com/flashplayer/
    Make sure you UN-check Yes, install McAfee Security Scan Plus

    NOTE 1: Beginning with Adobe Flash Version 11.3, the universal installer includes the 32-bit and 64-bit versions of the Flash Player.
    NOTE 2: While installing make sure you UN-check any extra garbage which wants to install alongside.

    [​IMG] Update your Java version here: http://www.java.com/en/download/manual.jsp
    Alternate download: http://www.filehippo.com/search?q=java

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.
    Note 2: If you're running 64-bit system make sure you install BOTH, 32-bit and 64-bit Java.

    =================================

    Your computer is clean [​IMG]

    1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
    This is a very crucial step so make sure you don't skip it.
    Download [​IMG]DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

    Double-click Delfix.exe to start the tool.
    Make sure the following items are checked:
    • Activate UAC (optional; some users prefer to keep it off)
    • Remove disinfection tools
    • Create registry backup
    • Purge System Restore
    • Reset system settings
    Now click "Run" and wait patiently.
    Once finished a logfile will be created. You don't have to attach it to your next reply.

    2. Make sure Windows Updates are current.

    3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    4. Check if your browser plugins are up to date.
    Firefox - https://www.mozilla.org/en-US/plugincheck/
    other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    11. Read:
    How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
    Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
    About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

    12. Please, let me know, how your computer is doing.
     
  16. Broni

    Broni Malware Annihilator Posts: 52,884   +344

    The issue seems to be resolved.
     
  17. morphy201180

    morphy201180 TS Enthusiast Topic Starter Posts: 79

    Thanks for your help. Computer is working fine
     
  18. Broni

    Broni Malware Annihilator Posts: 52,884   +344

    You're very welcome [​IMG]
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...