Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can You check this DDS log please


  • This topic is locked This topic is locked
28 replies to this topic

#1 olvidadizo

olvidadizo

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:35 PM

Posted 21 December 2013 - 09:06 PM

Hi I did use Avast paid for anti virus, till their last major up-date. After doing the up-date it put My XP in to a cycle of re-boots. after 8 or 9 of these, I done a safe mode start up while it was booting up. I was able to delete avast in safe mode and run malwarebytes, it come back clear. But on their site it had happened to lots of People. I got Kaspersky anti virus then, It was a bit bloaty for an XP and kick in with a scan of different kinds and times ( Great if You have a big hard-drive and ram to go with it. Any way, come Patch Tuesday ( which is Wednesday in the UK lol ) I had a go at the up-dates, and they went on forever. So in the end, I tried to click cancel, but it was greyed out. I hit review up-dates and that released Me from the update center. I re-booted and tried again, same gimmick.also the cpu was running at 100% So I thought, right, get shut of Kaspersky, but it wouldn't let Me UN-install it, and wouldn't let Me in to add/remove progs either.

So I went in to safe mode again, but couldn't remove kaspersky from there either. the cpu was running at about 60/70% in safe mode, so I thought try a re-boot and see what happens.
The fan was still working for the Coalition, but by some miracle let Me UN-install Kasperskey.
I then run a malawarebyte scan, it was all clear. done a reboot and installed Avira free antivi. cpu was at better than before, but I get a low virtual memory as soon as I log in now ?? I hope You can help with this please. Thank You in advance ( just in case I bust the laptop in the process ) xmas_smile.gif

..............................

I have posted this on another tech site. I haven't had an answer in 5 or 6 days.. thank You :thumbup2:

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by wayne at 1:28:03 on 2013-12-22
Microsoft Windows XP Home Edition  5.1.2600.3.1252.44.1033.18.989.545 [GMT 0:00]
.
AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\AVC Finger-sensing Pad Driver\FspadSvr.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\keyhook.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\AVC Finger-sensing Pad Driver\fscp.exe
C:\Program Files\Keyboard Manager\Manager Utility\KeyboardManager.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\msdtc.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.co.uk/search?q=google+maps&rls=com.microsoft:en-us:IE-SearchBox&ie=UTF-8&oe=UTF-8&sourceid=ie7&rlz=1I7RNWN&gws_rd=cr&ei=CTSuUqTYKYSUhQfDxYDIBw#q=google+&rls=com.microsoft:en-us:IE-SearchBox
uWindow Title = Windows Internet Explorer provided by Yahoo!
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=yie7c
uURLSearchHooks: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - <orphaned>
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - c:\program files\wot\WOT.dll
TB: WOT: {71576546-354D-41C9-AAE8-31F2EC22BF0D} - c:\program files\wot\WOT.dll
TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - c:\program files\wot\WOT.dll
uRun: [Power2GoExpress] <no file>
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
mRun: [SiS Windows KeyHook] c:\windows\system32\keyhook.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [fscp] c:\program files\avc finger-sensing pad driver\fscp.exe
mRun: [Keyboard Manager Utility] "c:\program files\keyboard manager\manager utility\KeyboardManager.exe" /lang en /H
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [NeroCheck] c:\windows\system32\NeroCheck.exe
mRun: [InCD] c:\program files\ahead\incd\InCD.exe
mRun: [BJCFD] c:\program files\broadjump\client foundation\CFD.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\wayne\startm~1\programs\startup\wkcalrem.lnk - c:\program files\common files\microsoft shared\works shared\WkCalRem.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\utilit~1.lnk - c:\windows\system32\sistray.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: c:\program files\avira\antivir desktop\avsda.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://a1540.g.akamai.net/7/1540/52/20061023/qtinstall.info.apple.com/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://by114fd.bay114.hotmail.msn.com/resources/MsnPUpld.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase370.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1342012978515
DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} - hxxp://fdl.msn.com/public/chat/msnchat45.cab
TCP: NameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{543330AD-2D59-4599-BF95-E62FDE47BA3E} : DHCPNameServer = 194.168.4.100 194.168.8.100
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 127.0.0.1    www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\wayne\application data\mozilla\firefox\profiles\lc79fzjc.default\
FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_170.dll
FF - ExtSQL: 2013-10-27 15:07; anti_banner@kaspersky.com; c:\program files\kaspersky lab\kaspersky internet security 2013\ffext\anti_banner@kaspersky.com
FF - ExtSQL: 2013-10-27 15:07; content_blocker@kaspersky.com; c:\program files\kaspersky lab\kaspersky internet security 2013\ffext\content_blocker@kaspersky.com
FF - ExtSQL: 2013-10-27 15:07; online_banking@kaspersky.com; c:\program files\kaspersky lab\kaspersky internet security 2013\ffext\online_banking@kaspersky.com
FF - ExtSQL: 2013-10-27 15:07; url_advisor@kaspersky.com; c:\program files\kaspersky lab\kaspersky internet security 2013\ffext\url_advisor@kaspersky.com
FF - ExtSQL: 2013-10-27 15:07; virtual_keyboard@kaspersky.com; c:\program files\kaspersky lab\kaspersky internet security 2013\ffext\virtual_keyboard@kaspersky.com
FF - ExtSQL: 2013-10-29 16:09; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2013-12-13 37352]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2013-10-10 120088]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2013-12-13 440376]
R2 AntiVirService;Avira Real-Time Protection;c:\program files\avira\antivir desktop\avguard.exe [2013-12-13 440376]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2013-12-13 90400]
R2 FspadSvc;FspadSvc;c:\program files\avc finger-sensing pad driver\FspadSvr.exe [2005-9-30 520192]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-9-21 54752]
R3 fspad;AVC Finger-sensing Pad Driver for Windows 2000/XP;c:\windows\system32\drivers\fspad.sys [2005-9-30 14848]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
.
=============== Created Last 30 ================
.
.
==================== Find3M  ====================
.
2013-11-13 02:59:42    150528    ----a-w-    c:\windows\system32\imagehlp.dll
2013-11-07 05:38:51    591360    ----a-w-    c:\windows\system32\rpcrt4.dll
2013-11-06 01:03:31    7168    ----a-w-    c:\windows\system32\xpsp4res.dll
2013-10-30 02:26:17    1879040    ----a-w-    c:\windows\system32\win32k.sys
2013-10-29 07:57:34    920064    ----a-w-    c:\windows\system32\wininet.dll
2013-10-29 07:57:33    43520    ----a-w-    c:\windows\system32\licmgr10.dll
2013-10-29 07:57:33    18944    ----a-w-    c:\windows\system32\corpol.dll
2013-10-29 07:57:33    1469440    ----a-w-    c:\windows\system32\inetcpl.cpl
2013-10-29 00:45:02    385024    ----a-w-    c:\windows\system32\html.iec
2013-10-23 23:45:49    172032    ----a-w-    c:\windows\system32\scrrun.dll
2013-10-12 15:56:19    278528    ----a-w-    c:\windows\system32\oakley.dll
2013-10-09 13:12:48    287744    ----a-w-    c:\windows\system32\gdi32.dll
2013-10-07 10:59:21    603136    ----a-w-    c:\windows\system32\crypt32.dll
.
============= FINISH:  1:29:34.35 ===============

 

Attached Files


Edited by hamluis, 22 December 2013 - 02:03 PM.
Edited to add pertinent data - Hamluis.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:35 AM

Posted 27 December 2013 - 08:55 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/518230 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 olvidadizo

olvidadizo
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:35 PM

Posted 30 December 2013 - 06:19 AM

First, I can't find the original CD/DVD for My windows XP Home edition, If I did get one? It's a 32 bit.

I would like You to look for anything that shouldn't be on My Laptop, or anything I can " safetly " get shut of. Thank You.

..............

DDS log

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by wayne at 11:00:16 on 2013-12-30
Microsoft Windows XP Home Edition  5.1.2600.3.1252.44.1033.18.989.625 [GMT 0:00]
.
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\AVC Finger-sensing Pad Driver\FspadSvr.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\keyhook.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\AVC Finger-sensing Pad Driver\fscp.exe
C:\Program Files\Keyboard Manager\Manager Utility\KeyboardManager.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.co.uk/search?q=google+maps&rls=com.microsoft:en-us:IE-SearchBox&ie=UTF-8&oe=UTF-8&sourceid=ie7&rlz=1I7RNWN&gws_rd=cr&ei=CTSuUqTYKYSUhQfDxYDIBw#q=google+&rls=com.microsoft:en-us:IE-SearchBox
uWindow Title = Windows Internet Explorer provided by Yahoo!
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=yie7c
uURLSearchHooks: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - <orphaned>
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - c:\program files\wot\WOT.dll
TB: WOT: {71576546-354D-41C9-AAE8-31F2EC22BF0D} - c:\program files\wot\WOT.dll
TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - c:\program files\wot\WOT.dll
uRun: [Power2GoExpress] <no file>
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
mRun: [SiS Windows KeyHook] c:\windows\system32\keyhook.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [fscp] c:\program files\avc finger-sensing pad driver\fscp.exe
mRun: [Keyboard Manager Utility] "c:\program files\keyboard manager\manager utility\KeyboardManager.exe" /lang en /H
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [NeroCheck] c:\windows\system32\NeroCheck.exe
mRun: [InCD] c:\program files\ahead\incd\InCD.exe
mRun: [BJCFD] c:\program files\broadjump\client foundation\CFD.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\wayne\startm~1\programs\startup\wkcalrem.lnk - c:\program files\common files\microsoft shared\works shared\WkCalRem.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\utilit~1.lnk - c:\windows\system32\sistray.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: c:\program files\avira\antivir desktop\avsda.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://a1540.g.akamai.net/7/1540/52/20061023/qtinstall.info.apple.com/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://by114fd.bay114.hotmail.msn.com/resources/MsnPUpld.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase370.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1342012978515
DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} - hxxp://fdl.msn.com/public/chat/msnchat45.cab
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\wayne\application data\mozilla\firefox\profiles\lc79fzjc.default\
FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_170.dll
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2013-12-13 37352]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2013-10-10 120088]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2013-12-13 440376]
R2 AntiVirService;Avira Real-Time Protection;c:\program files\avira\antivir desktop\avguard.exe [2013-12-13 440376]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2013-12-13 90400]
R2 FspadSvc;FspadSvc;c:\program files\avc finger-sensing pad driver\FspadSvr.exe [2005-9-30 520192]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-9-21 54752]
R3 fspad;AVC Finger-sensing Pad Driver for Windows 2000/XP;c:\windows\system32\drivers\fspad.sys [2005-9-30 14848]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
.
=============== Created Last 30 ================
.
2013-12-14 23:33:10 -------- d-----w- c:\documents and settings\wayne\application data\SUPERAntiSpyware.com
2013-12-14 23:32:48 -------- d-----w- c:\program files\SUPERAntiSpyware
2013-12-14 23:32:48 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2013-12-13 03:25:04 -------- d-sha-w- c:\windows\Repair
2013-12-13 03:16:09 -------- d-----w- c:\documents and settings\all users\application data\APN
2013-12-13 03:16:08 -------- d-----w- c:\documents and settings\wayne\application data\Avira
2013-12-13 03:12:08 90400 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-12-13 03:12:08 37352 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-12-13 03:12:06 -------- d-----w- c:\program files\Avira
2013-12-13 03:12:06 -------- d-----w- c:\documents and settings\all users\application data\Avira
2013-12-12 15:29:33 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-12 15:29:33 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
==================== Find3M  ====================
.
2013-11-13 02:59:42 150528 ----a-w- c:\windows\system32\imagehlp.dll
2013-11-07 05:38:51 591360 ----a-w- c:\windows\system32\rpcrt4.dll
2013-11-06 01:03:31 7168 ----a-w- c:\windows\system32\xpsp4res.dll
2013-10-30 02:26:17 1879040 ----a-w- c:\windows\system32\win32k.sys
2013-10-29 07:57:34 920064 ----a-w- c:\windows\system32\wininet.dll
2013-10-29 07:57:33 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-10-29 07:57:33 18944 ----a-w- c:\windows\system32\corpol.dll
2013-10-29 07:57:33 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-10-29 00:45:02 385024 ----a-w- c:\windows\system32\html.iec
2013-10-23 23:45:49 172032 ----a-w- c:\windows\system32\scrrun.dll
2013-10-12 15:56:19 278528 ----a-w- c:\windows\system32\oakley.dll
2013-10-09 13:12:48 287744 ----a-w- c:\windows\system32\gdi32.dll
2013-10-07 10:59:21 603136 ----a-w- c:\windows\system32\crypt32.dll
.
============= FINISH: 11:01:39.07 ===============
 

Attached Files



#4 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:10:35 AM

Posted 01 January 2014 - 12:04 PM

Hello olvidadizo, and  :welcome: to the Virus/Trojan/Spyware/Malware Removal forum.

I am oneof4, and I am here to help you!

  • I ask that you refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received and do not proceed if you need clarification.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please do not re-run any programs I suggest. If you encounter problems please stop and tell me about it. When your computer is clean I will alert you of such. I will also provide you with detailed suggestions for prevention.
  • At the top right-center of the topic you will see a button called Follow this topic. If you click on this, another page will open. Please choose Instantly for notification and then clicking on Follow this topic you will be advised when we respond to your topic and facilitate the cleaning of your machine.
  • If after 5 days you have not replied to this topic, I will assume it has been abandoned, and I will close it.
  • I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. :heart: Please be courteous and appreciative for the assistance provided!
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. Your computer fix will be based on the current condition of your computer! Any changes might delay my ability to help you.

==========

We need to see some information about what is happening in your machine.  Please perform the following scans:

Download Security Check by screen317 from http://screen317.spywareinfoforum.org/SecurityCheck.exe
or http://screen317.changelog.fr/SecurityCheck.exe
.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

==========
 
Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note
: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

Best Regards,
oneof4.


#5 olvidadizo

olvidadizo
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:35 PM

Posted 01 January 2014 - 07:26 PM

Hello Oneof4, Thanks for the help :thumbup2:
 ....................................

 Results of screen317's Security Check version 0.99.78  
 Windows XP Service Pack 3 x86   
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
 Avira Free Antivirus    
 Avira successfully updated!
`````````Anti-malware/Other Utilities Check:`````````
 MVPS Hosts File  
 SpywareBlaster 5.0    
 SUPERAntiSpyware     
 Malwarebytes Anti-Malware version 1.75.0.1300  
 CCleaner     
 Adobe Flash Player     11.9.900.170  
 Mozilla Firefox (26.0)
````````Process Check: objlist.exe by Laurent````````  
 Avira Antivir avgnt.exe
 Avira Antivir avguard.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 8%
````````````````````End of Log``````````````````````

..............

next log

....

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-01-2014 01
Ran by wayne (administrator) on FRONTROOM on 02-01-2014 00:06:09
Running from C:\Documents and Settings\wayne\Desktop
Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
() C:\Program Files\AVC Finger-sensing Pad Driver\FspadSvr.exe
(AHEAD Software) C:\Program Files\Ahead\InCD\incdsrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Silicon Integrated Systems Corporation) C:\WINDOWS\system32\Keyhook.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\soundman.exe
(Agere Systems) C:\WINDOWS\AGRSMMSG.exe
() C:\Program Files\AVC Finger-sensing Pad Driver\FsCp.exe
(Quanta Computer Inc.) C:\Program Files\Keyboard Manager\Manager Utility\KeyboardManager.exe
(Cyberlink Corp.) C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
(Ahead Software AG) C:\Program Files\Ahead\InCD\InCD.exe
(BroadJump, Inc.) C:\Program Files\BroadJump\Client Foundation\CFD.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Silicon Integrated Systems Corporation) C:\WINDOWS\system32\sistray.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Recguard] - C:\WINDOWS\SMINST\Recguard.exe [212992 2002-09-13] ()
HKLM\...\Run: [SiSPower] - Rundll32.exe SiSPower.dll,ModeAgent
HKLM\...\Run: [SiS Windows KeyHook] - C:\WINDOWS\system32\Keyhook.exe [32768 2005-08-25] (Silicon Integrated Systems Corporation)
HKLM\...\Run: [SoundMan] - C:\WINDOWS\soundman.exe [90112 2005-09-28] (Realtek Semiconductor Corp.)
HKLM\...\Run: [AGRSMMSG] - C:\WINDOWS\AGRSMMSG.exe [88358 2005-09-28] (Agere Systems)
HKLM\...\Run: [fscp] - C:\Program Files\AVC Finger-sensing Pad Driver\FsCp.exe [972800 2005-05-09] ()
HKLM\...\Run: [Keyboard Manager Utility] - C:\Program Files\Keyboard Manager\Manager Utility\KeyboardManager.exe [3252224 2005-09-28] (Quanta Computer Inc.)
HKLM\...\Run: [RemoteControl] - C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [32768 2004-11-02] (Cyberlink Corp.)
HKLM\...\Run: [NeroCheck] - C:\WINDOWS\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM\...\Run: [InCD] - C:\Program Files\Ahead\InCD\InCD.exe [1208380 2003-07-31] (Ahead Software AG)
HKLM\...\Run: [BJCFD] - C:\Program Files\BroadJump\Client Foundation\CFD.exe [376912 2003-01-27] (BroadJump, Inc.)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-09] (Avira Operations GmbH & Co. KG)
HKCU\...\Run: [Power2GoExpress] - [x]
HKCU\...\Run: [Uniblue RegistryBooster 2] - C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
HKCU\...\Run: [updateMgr] - "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_1_0 -reboot 1
HKCU\...\Run: [QuickTime Task] - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MountPoints2: {f5e1c791-313e-11da-ab7c-806d6172696f} - D:\OEMBranding.exe
HKU\Administrator\...\Run: [Power2GoExpress] - "C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe" /Startup
HKU\Administrator.FRONTROOM\...\Run: [Power2GoExpress] - "C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe" /Startup
HKU\Default User\...\Run: [Power2GoExpress] - "C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe" /Startup
HKU\Guest\...\Run: [Power2GoExpress] - "C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe" /Startup
HKU\Guest\...\Run: [QuickTime Task] - "C:\Program Files\QuickTime\qttask.exe" -atboottime
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Utility Tray.lnk
ShortcutTarget: Utility Tray.lnk -> C:\WINDOWS\system32\sistray.exe (Silicon Integrated Systems Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.uk/search?q=google+maps&rls=com.microsoft:en-us:IE-SearchBox&ie=UTF-8&oe=UTF-8&sourceid=ie7&rlz=1I7RNWN&gws_rd=cr&ei=CTSuUqTYKYSUhQfDxYDIBw#q=google+&rls=com.microsoft:en-us:IE-SearchBox
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
HKCU\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&fr=yie7c
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?rd=1&ucc=GB&dcc=GB&opt=0&ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xE0E3AFD0EFF5CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://news.yahoo.com
URLSearchHook: HKCU - (No Name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -  No File
SearchScopes: HKLM - {1AB9E258-1622-499D-9B70-E06C8CCB79C6} URL = http://search.yahoo.com/search?p={searchTerms}&fr=yie7c
SearchScopes: HKLM - {271CE34B-9DD1-44D9-BE31-6AC143E9AFF3} URL = http://answers.yahoo.com/search/search_result?p={searchTerms}&fr=yie7c
SearchScopes: HKLM - {6638B77B-D0DF-461F-9133-220D6020A463} URL = http://images.search.yahoo.com/search/images?p={searchTerms}&fr=yie7c
SearchScopes: HKLM - {9D9EFC7F-8E7D-4CF9-80C4-ECEB6B6FD37F} URL = http://local.yahoo.com/results?stx={searchTerms}&fr=yie7c
SearchScopes: HKLM - {BF1521BC-70FF-4303-9EC1-21ACA993D9BD} URL = http://news.search.yahoo.com/search/news?p={searchTerms}&fr=yie7c
SearchScopes: HKLM - {C60EBE12-0A1D-4B8B-82D6-5CFD294BE6C7} URL = http://shopping.yahoo.com/search?p={searchTerms}&fr=yie7c
SearchScopes: HKLM - {DBF4149D-43D5-4B05-A96F-6B51870D738F} URL = http://video.yahoo.com/video/search?p={searchTerms}&fr=yie7c
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {1AB9E258-1622-499D-9B70-E06C8CCB79C6} URL =
SearchScopes: HKCU - {244B8542-3029-45C9-8883-C12B6EEDD37E} URL = http://news.search.yahoo.com/search/news?p={searchTerms}&fr=yie7c
SearchScopes: HKCU - {45A3C3D9-9D23-44D9-8430-9F20A6C68129} URL = http://search.yahoo.com/search?p={searchTerms}&fr=yie7c
SearchScopes: HKCU - {5C25324E-46D1-40A7-B954-F50A511FC201} URL = http://answers.yahoo.com/search/search_result?p={searchTerms}&fr=yie7c
SearchScopes: HKCU - {697037D4-431D-4447-B4A8-A16EBDC7B08E} URL = http://local.yahoo.com/results?stx={searchTerms}&fr=yie7c
SearchScopes: HKCU - {6B8F3C3B-860D-49BF-9C86-DC3E711275AC} URL = http://shopping.yahoo.com/search?p={searchTerms}&fr=yie7c
SearchScopes: HKCU - {B68B28A8-8DB6-41A3-AA8D-26582D3EBE16} URL = http://video.yahoo.com/video/search?p={searchTerms}&fr=yie7c
SearchScopes: HKCU - {C650DA52-49A8-419D-AF8A-8E985D7E2CBB} URL = http://images.search.yahoo.com/search/images?p={searchTerms}&fr=yie7c
BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
Toolbar: HKLM - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} -  No File
Toolbar: HKCU - No Name - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -  No File
Toolbar: HKCU - No Name - {C4069E3A-68F1-403E-B40E-20066696354B} -  No File
Toolbar: HKCU - No Name - {4982D40A-C53B-4615-B15B-B5B5E98D167C} -  No File
Toolbar: HKCU - WOT - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - No Name - {41564952-412D-5637-00A7-7A786E7484D7} -  No File
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://a1540.g.akamai.net/7/1540/52/20061023/qtinstall.info.apple.com/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://by114fd.bay114.hotmail.msn.com/resources/MsnPUpld.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase370.cab
DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} http://fdl.msn.com/public/chat/msnchat45.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)
Winsock: Catalog9 14 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 15 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 16 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100

FireFox:
========
FF ProfilePath: C:\Documents and Settings\wayne\Application Data\Mozilla\Firefox\Profiles\lc79fzjc.default
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @java.com/DTPlugin,version=10.5.1 - C:\WINDOWS\system32\npDeployJava1.dll No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/RhapsodyPlayerEngine,version=1.1 - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF SearchPlugin: C:\Documents and Settings\wayne\Application Data\Mozilla\Firefox\Profiles\lc79fzjc.default\searchplugins\duckduckgo.xml
FF SearchPlugin: C:\Documents and Settings\wayne\Application Data\Mozilla\Firefox\Profiles\lc79fzjc.default\searchplugins\wot-safe-search.xml
FF Extension: British English Dictionary - C:\Documents and Settings\wayne\Application Data\Mozilla\Firefox\Profiles\lc79fzjc.default\Extensions\en-GB@dictionaries.addons.mozilla.org
FF Extension: WOT - C:\Documents and Settings\wayne\Application Data\Mozilla\Firefox\Profiles\lc79fzjc.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF Extension: NoScript - C:\Documents and Settings\wayne\Application Data\Mozilla\Firefox\Profiles\lc79fzjc.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: Adblock Plus - C:\Documents and Settings\wayne\Application Data\Mozilla\Firefox\Profiles\lc79fzjc.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

========================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [120088 2013-10-10] (SUPERAntiSpyware.com)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440376 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440376 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 FspadSvc; C:\Program Files\AVC Finger-sensing Pad Driver\FspadSvr.exe [520192 2005-02-17] ()
R2 InCDsrv; C:\Program Files\Ahead\InCD\InCDsrv.exe [794686 2003-07-31] (AHEAD Software)

==================== Drivers (Whitelisted) ====================

R0 abp480n5; C:\Windows\System32\DRIVERS\ABP480N5.SYS [23552 2004-08-04] (Microsoft Corporation)
R3 ALCXWDM; C:\Windows\System32\drivers\ALCXWDM.SYS [3724544 2005-09-28] (Realtek Semiconductor Corp.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-12-09] (Avira Operations GmbH & Co. KG)
S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R1 Cdr4_xp; C:\Windows\System32\Drivers\Cdr4_xp.sys [9072 2007-10-17] (Sonic Solutions)
R1 Cdralw2k; C:\Windows\System32\Drivers\Cdralw2k.sys [9200 2007-10-17] (Sonic Solutions)
R3 fspad; C:\Windows\System32\DRIVERS\fspad.sys [14848 2005-05-09] (Asia Vital Components Co.,Ltd.)
R2 fssfltr; C:\Windows\System32\DRIVERS\fssfltr_tdi.sys [54752 2009-08-05] (Microsoft Corporation)
R4 InCDfs; C:\Windows\System32\Drivers\InCDfs.sys [87040 2003-07-31] ()
R1 InCDPass; C:\Windows\System32\DRIVERS\InCDPass.sys [28464 2003-07-31] (Ahead Software)
U1 InCDrec; C:\Windows\System32\Drivers\InCDrec.sys [5264 2003-07-31] (Ahead Software AG)
S3 ms_mpu401; C:\Windows\System32\drivers\msmpu401.sys [2944 2001-08-17] (Microsoft Corporation)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S3 QCMerced; C:\Windows\System32\DRIVERS\LVCM.sys [472396 2002-09-20] (Logitech Inc.)
R3 qkbfiltr; C:\Windows\System32\drivers\qkbfiltr.sys [31360 2005-08-10] (Quanta Computer, Inc.)
S3 qmofiltr; C:\Windows\System32\drivers\qmofiltr.sys [7936 2005-05-05] (Quanta Computer, Inc.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SiS315; C:\Windows\System32\DRIVERS\sisgrp.sys [261632 2005-09-28] (Silicon Integrated Systems Corporation)
R1 SiSkp; C:\Windows\System32\DRIVERS\srvkp.sys [11904 2005-09-28] (Silicon Integrated Systems Corporation)
S3 SISNIC; C:\Windows\System32\DRIVERS\sisnic.sys [32768 2004-08-04] (SiS Corporation)
R3 SISNICXP; C:\Windows\System32\DRIVERS\sisnicxp.sys [32768 2005-09-28] (SiS Corporation)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-12-09] (Avira GmbH)
S3 k750bus; system32\DRIVERS\k750bus.sys [x]
S3 k750mdfl; system32\DRIVERS\k750mdfl.sys [x]
S3 k750mdm; system32\DRIVERS\k750mdm.sys [x]
S3 k750mgmt; system32\DRIVERS\k750mgmt.sys [x]
S3 k750obex; system32\DRIVERS\k750obex.sys [x]
U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S3 wanatw; system32\DRIVERS\wanatw4.sys [x]
U1 WS2IFSL;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-02 00:06 - 2014-01-02 00:07 - 00016553 _____ C:\Documents and Settings\wayne\Desktop\FRST.txt
2014-01-02 00:05 - 2014-01-02 00:05 - 00000000 ____D C:\FRST
2014-01-02 00:03 - 2014-01-02 00:03 - 00000848 _____ C:\Documents and Settings\wayne\My Documents\checkup.txt
2014-01-01 23:57 - 2014-01-01 23:57 - 01064481 _____ (Farbar) C:\Documents and Settings\wayne\Desktop\FRST.exe
2013-12-26 20:29 - 2013-12-26 20:29 - 00000754 _____ C:\WINDOWS\WORDPAD.INI
2013-12-22 12:46 - 2013-12-22 12:46 - 01028034 _____ C:\Documents and Settings\wayne\My Documents\firefox bookmarks.html
2013-12-22 01:58 - 2013-12-22 01:58 - 00000000 _____ C:\Documents and Settings\wayne\defogger_reenable
2013-12-17 16:46 - 2013-12-17 16:46 - 00000000 ____D C:\Documents and Settings\the boss\Application Data\SUPERAntiSpyware.com
2013-12-15 23:30 - 2013-12-15 23:30 - 00000000 ____D C:\Documents and Settings\the boss\Application Data\Avira
2013-12-14 23:33 - 2013-12-14 23:33 - 00000000 ____D C:\Documents and Settings\wayne\Application Data\SUPERAntiSpyware.com
2013-12-14 23:32 - 2013-12-20 01:34 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-12-14 23:32 - 2013-12-14 23:32 - 00001678 _____ C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
2013-12-14 23:32 - 2013-12-14 23:32 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
2013-12-14 23:32 - 2013-12-14 23:32 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2013-12-13 03:25 - 2013-12-13 03:25 - 00000000 __SHD C:\WINDOWS\Repair
2013-12-13 03:16 - 2013-12-13 03:16 - 00000000 ____D C:\Documents and Settings\wayne\Application Data\Avira
2013-12-13 03:16 - 2013-12-13 03:16 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\APN
2013-12-13 03:12 - 2013-12-13 03:12 - 00001707 _____ C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk
2013-12-13 03:12 - 2013-12-13 03:12 - 00000000 ____D C:\Program Files\Avira
2013-12-13 03:12 - 2013-12-13 03:12 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Avira
2013-12-13 03:12 - 2013-12-13 03:12 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Avira
2013-12-13 03:12 - 2013-12-09 11:37 - 00135648 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2013-12-13 03:12 - 2013-12-09 11:37 - 00090400 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2013-12-13 03:12 - 2013-12-09 11:37 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys
2013-12-13 03:12 - 2013-12-09 11:37 - 00028520 _____ (Avira GmbH) C:\WINDOWS\system32\Drivers\ssmdrv.sys
2013-12-13 02:54 - 2013-12-13 02:54 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2904266$
2013-12-13 02:54 - 2013-12-13 02:54 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2898715$
2013-12-13 02:49 - 2013-12-13 02:49 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893984$
2013-12-13 02:49 - 2013-12-13 02:49 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893294$
2013-12-13 01:43 - 2013-12-13 01:43 - 00000000 ____D C:\Documents and Settings\Administrator.FRONTROOM\Application Data\Malwarebytes
2013-12-12 18:29 - 2014-01-01 13:13 - 00007954 _____ C:\WINDOWS\SchedLgU.Txt
2013-12-12 15:29 - 2013-12-12 15:39 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2013-12-12 15:29 - 2013-12-12 15:39 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-12-12 14:30 - 2013-12-12 18:27 - 00065536 _____ C:\WINDOWS\system32\config\Windows .evt
2013-12-11 22:54 - 2013-12-11 22:54 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2892075$
2013-12-10 20:10 - 2013-12-10 20:10 - 00000000 ____D C:\Program Files\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2014-01-02 00:07 - 2014-01-02 00:06 - 00016553 _____ C:\Documents and Settings\wayne\Desktop\FRST.txt
2014-01-02 00:05 - 2014-01-02 00:05 - 00000000 ____D C:\FRST
2014-01-02 00:03 - 2014-01-02 00:03 - 00000848 _____ C:\Documents and Settings\wayne\My Documents\checkup.txt
2014-01-01 23:57 - 2014-01-01 23:57 - 01064481 _____ (Farbar) C:\Documents and Settings\wayne\Desktop\FRST.exe
2014-01-01 23:05 - 2006-12-05 01:24 - 00000000 ____D C:\Program Files\SpywareBlaster
2014-01-01 22:52 - 2005-09-09 17:38 - 00001158 _____ C:\WINDOWS\system32\wpa.dbl
2014-01-01 22:49 - 2005-09-09 17:50 - 01877591 _____ C:\WINDOWS\WindowsUpdate.log
2014-01-01 22:48 - 2005-09-09 17:54 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2014-01-01 22:48 - 2005-09-09 10:47 - 00000159 _____ C:\WINDOWS\wiadebug.log
2014-01-01 22:48 - 2005-09-09 10:47 - 00000050 _____ C:\WINDOWS\wiaservc.log
2014-01-01 13:13 - 2013-12-12 18:29 - 00007954 _____ C:\WINDOWS\SchedLgU.Txt
2014-01-01 13:13 - 2005-12-10 04:09 - 00000178 ___SH C:\Documents and Settings\wayne\ntuser.ini
2014-01-01 13:13 - 2005-12-10 04:09 - 00000000 ____D C:\Documents and Settings\wayne
2014-01-01 13:09 - 2005-12-11 05:47 - 00000000 __SHD C:\Documents and Settings\wayne\UserData
2013-12-31 23:58 - 2013-02-03 15:45 - 00000000 ____D C:\Documents and Settings\wayne\Application Data\SumatraPDF
2013-12-31 21:34 - 2009-02-21 20:10 - 00000000 ____D C:\Documents and Settings\wayne\Desktop\in a jam
2013-12-31 13:53 - 2007-03-04 20:18 - 00000000 ____D C:\WINDOWS\system32\NtmsData
2013-12-31 13:20 - 2005-09-09 17:49 - 00000000 ____D C:\WINDOWS\Registration
2013-12-28 02:15 - 2009-03-27 12:46 - 00000178 ___SH C:\Documents and Settings\the boss\ntuser.ini
2013-12-28 02:15 - 2009-03-27 12:46 - 00000000 ____D C:\Documents and Settings\the boss
2013-12-26 20:29 - 2013-12-26 20:29 - 00000754 _____ C:\WINDOWS\WORDPAD.INI
2013-12-22 12:46 - 2013-12-22 12:46 - 01028034 _____ C:\Documents and Settings\wayne\My Documents\firefox bookmarks.html
2013-12-22 01:58 - 2013-12-22 01:58 - 00000000 _____ C:\Documents and Settings\wayne\defogger_reenable
2013-12-20 01:34 - 2013-12-14 23:32 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-12-17 16:46 - 2013-12-17 16:46 - 00000000 ____D C:\Documents and Settings\the boss\Application Data\SUPERAntiSpyware.com
2013-12-15 23:30 - 2013-12-15 23:30 - 00000000 ____D C:\Documents and Settings\the boss\Application Data\Avira
2013-12-14 23:33 - 2013-12-14 23:33 - 00000000 ____D C:\Documents and Settings\wayne\Application Data\SUPERAntiSpyware.com
2013-12-14 23:32 - 2013-12-14 23:32 - 00001678 _____ C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
2013-12-14 23:32 - 2013-12-14 23:32 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
2013-12-14 23:32 - 2013-12-14 23:32 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2013-12-13 03:25 - 2013-12-13 03:25 - 00000000 __SHD C:\WINDOWS\Repair
2013-12-13 03:16 - 2013-12-13 03:16 - 00000000 ____D C:\Documents and Settings\wayne\Application Data\Avira
2013-12-13 03:16 - 2013-12-13 03:16 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\APN
2013-12-13 03:12 - 2013-12-13 03:12 - 00001707 _____ C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk
2013-12-13 03:12 - 2013-12-13 03:12 - 00000000 ____D C:\Program Files\Avira
2013-12-13 03:12 - 2013-12-13 03:12 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Avira
2013-12-13 03:12 - 2013-12-13 03:12 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Avira
2013-12-13 03:00 - 2005-09-09 10:44 - 00153976 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-12-13 02:54 - 2013-12-13 02:54 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2904266$
2013-12-13 02:54 - 2013-12-13 02:54 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2898715$
2013-12-13 02:54 - 2013-07-09 18:50 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-12-13 02:54 - 2007-02-15 01:18 - 01120318 _____ C:\WINDOWS\system32\TZLog.log
2013-12-13 02:49 - 2013-12-13 02:49 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893984$
2013-12-13 02:49 - 2013-12-13 02:49 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893294$
2013-12-13 02:49 - 2005-12-11 03:57 - 88123800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-12-13 01:45 - 2013-10-24 00:21 - 00000178 ___SH C:\Documents and Settings\Administrator.FRONTROOM\ntuser.ini
2013-12-13 01:43 - 2013-12-13 01:43 - 00000000 ____D C:\Documents and Settings\Administrator.FRONTROOM\Application Data\Malwarebytes
2013-12-12 18:27 - 2013-12-12 14:30 - 00065536 _____ C:\WINDOWS\system32\config\Windows .evt
2013-12-12 17:13 - 2005-09-09 17:55 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2013-12-12 15:39 - 2013-12-12 15:29 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2013-12-12 15:39 - 2013-12-12 15:29 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-12-12 15:39 - 2005-12-10 04:09 - 00000000 ____D C:\Documents and Settings\wayne\Local Settings\Application Data\Adobe
2013-12-12 15:06 - 2005-09-09 10:40 - 00000000 ____D C:\WINDOWS\Help
2013-12-12 14:30 - 2012-05-24 13:02 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB926139-v2$
2013-12-11 22:54 - 2013-12-11 22:54 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2892075$
2013-12-11 20:34 - 2005-12-10 04:09 - 00001599 _____ C:\Documents and Settings\wayne\Start Menu\Programs\Remote Assistance.lnk
2013-12-10 20:11 - 2012-10-11 20:08 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-12-10 20:10 - 2013-12-10 20:10 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-12-09 15:17 - 2005-09-09 17:38 - 00000227 _____ C:\WINDOWS\SYSTEM.INI
2013-12-09 11:37 - 2013-12-13 03:12 - 00135648 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2013-12-09 11:37 - 2013-12-13 03:12 - 00090400 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2013-12-09 11:37 - 2013-12-13 03:12 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys
2013-12-09 11:37 - 2013-12-13 03:12 - 00028520 _____ (Avira GmbH) C:\WINDOWS\system32\Drivers\ssmdrv.sys

Some content of TEMP:
====================
C:\Documents and Settings\wayne\Local Settings\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

next log

......

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 01-01-2014 01
Ran by wayne at 2014-01-02 00:07:57
Running from C:\Documents and Settings\wayne\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Disabled - Up to date) {AD166499-45F9-482A-A743-FDD3350758C7}

==================== Installed Programs ======================

Adobe Flash Player 11 ActiveX (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (Version: 11.9.900.170 - Adobe Systems Incorporated)
Agere Systems AC'97 Modem (Version:  - )
Ahead InCD (Version:  - )
Ahead Nero Burning ROM (Version:  - )
Ahead NeroVision Express (Version:  - )
Apple Application Support (Version: 1.0 - Apple Inc.)
Apple Software Update (Version: 2.1.1.116 - Apple Inc.)
AVC Finger-sensing Pad Driver (Version: v7.0.8.0 - )
Avira Free Antivirus (Version: 14.0.2.286 - Avira)
BroadJump Client Foundation (Version:  - )
CCleaner (Version: 4.02 - Piriform)
Critical Update for Windows Media Player 11 (KB959772) (Version:  - Microsoft Corporation)
CVE-2013-3893 (Version:  - )
Disc2Phone (Version: 1.3.0.106 - Sony Media Software)
Junk Mail filter update (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Keyboard Manager Utility (Version: 1.90.0000 - Publisher)
Keyboard Manager Utility (Version: 1.90.0000 - Publisher) Hidden
Learn2 Player (Uninstall Only) (Version:  - )
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (Version:  - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1 - Microsoft Corporation)
Microsoft Internationalized Domain Names Mitigation APIs (Version:  - Microsoft Corporation) Hidden
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 (Version:  - Microsoft Corporation) Hidden
Microsoft National Language Support Downlevel APIs (Version:  - Microsoft Corporation) Hidden
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (Version: 08.05.0818 - Microsoft Corporation)
Mozilla Firefox 26.0 (x86 en-US) (Version: 26.0 - Mozilla)
Mozilla Maintenance Service (Version: 26.0 - Mozilla)
MSN (Version:  - )
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB925672) (Version: 4.20.9839.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0 - Microsoft Corporation)
PowerDVD (Version:  - CyberLink Corporation)
Realtek AC'97 Audio (Version: 5.17 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.94 (Version: 1.94 - VS Revo Group)
Rhapsody Player Engine (Version: 1.1.0 - RealNetworks)
Roxio Burn Engine (Version: 2.5.0000 - Roxio) Hidden
RPS CRT (Version: 8.0.28 - Virgin Broadband) Hidden
RPS CRT (Version: 9.0.34 - Virgin Media) Hidden
Segoe UI (Version: 14.0.4327.805 - Microsoft Corp) Hidden
SiS 900 PCI Fast Ethernet Adapter Driver (Version:  - )
SiS VGA Utilities (Version:  - )
SiSAGP driver (Version: 1.21 - )
SpywareBlaster 5.0 (Version: 5.0.0 - BrightFort LLC)
SumatraPDF 2.4 (Version: 2.4 - Krzysztof Kowalczyk)
SUPERAntiSpyware (Version: 5.7.1010 - SUPERAntiSpyware.com)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB969497) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB976749) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB980182) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2141007) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2467659) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2541763) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2607712) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2616676) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2641690) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2718704) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2736233) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951072-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB951978) (Version: 1 - Microsoft Corporation) Hidden
Update for Windows XP (KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB955839) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB961503) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB967715) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971737) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973687) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (Version: 1 - Microsoft Corporation)
VLC media player 2.1.1 (Version: 2.1.1 - VideoLAN)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Genuine Advantage Notifications (KB905474) (Version: 1.7.0017.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 7 (Version: 20061017.133151 - Microsoft Corporation) Hidden
Windows Internet Explorer 8 (Version: 20090308.140743 - Microsoft Corporation)
Windows Live Call (Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Essentials (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 14.0.8093.805 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 14.0.8081.709 - Microsoft Corporation) Hidden
Windows Live Sign-in Assistant (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Live Writer (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Media Format 11 runtime (Version:  - )
Windows Media Format 11 runtime (Version:  - Microsoft Corporation) Hidden
Windows Media Player 11 (Version:  - )
Windows Media Player 11 (Version:  - Microsoft Corporation) Hidden
Windows PowerShell™ 1.0 (Version: 2 - Microsoft Corporation)
Windows XP Service Pack 3 (Version: 20080414.031525 - Microsoft Corporation)
WOT for Internet Explorer (Version: 13.9.2.0 - WOT Services Oy)

==================== Restore Points  =========================

24-10-2013 00:47:17 avast! antivirus system restore point
25-10-2013 10:07:32 System Checkpoint
27-10-2013 07:45:21 System Checkpoint
27-10-2013 14:49:43 First Restore Point
27-10-2013 15:09:02 First Restore Point
28-10-2013 20:46:56 System Checkpoint
29-10-2013 16:08:58 Software Distribution Service 3.0
31-10-2013 12:03:19 System Checkpoint
02-11-2013 12:55:52 System Checkpoint
05-11-2013 14:05:26 System Checkpoint
07-11-2013 13:56:54 System Checkpoint
09-11-2013 13:54:15 System Checkpoint
13-11-2013 21:53:05 Software Distribution Service 3.0
17-11-2013 11:16:29 System Checkpoint
18-11-2013 21:04:40 System Checkpoint
22-11-2013 11:32:24 System Checkpoint
24-11-2013 16:22:41 System Checkpoint
26-11-2013 09:31:02 System Checkpoint
27-11-2013 12:22:03 System Checkpoint
28-11-2013 13:15:48 System Checkpoint
01-12-2013 21:50:25 System Checkpoint
03-12-2013 10:42:29 System Checkpoint
04-12-2013 11:54:19 System Checkpoint
05-12-2013 13:42:16 System Checkpoint
07-12-2013 09:39:19 System Checkpoint
08-12-2013 10:54:30 System Checkpoint
09-12-2013 14:03:21 System Checkpoint
11-12-2013 19:24:39 System Checkpoint
11-12-2013 22:37:19 Software Distribution Service 3.0
12-12-2013 03:46:35 Software Distribution Service 3.0
12-12-2013 14:29:44 Installed %1 %2.
12-12-2013 19:58:24 Software Distribution Service 3.0
13-12-2013 01:54:17 Software Distribution Service 3.0
13-12-2013 02:32:50 Removed Kaspersky Internet Security 2013.
13-12-2013 02:47:17 Software Distribution Service 3.0
13-12-2013 05:01:24 Removed Avira SearchFree Toolbar
13-12-2013 21:13:54 Software Distribution Service 3.0
15-12-2013 00:18:04 System Checkpoint
16-12-2013 16:27:53 System Checkpoint
17-12-2013 18:12:14 System Checkpoint
18-12-2013 22:19:04 System Checkpoint
19-12-2013 22:47:15 System Checkpoint
21-12-2013 09:13:44 System Checkpoint
22-12-2013 10:31:12 System Checkpoint
24-12-2013 09:18:24 System Checkpoint
26-12-2013 09:06:12 System Checkpoint
29-12-2013 20:51:39 System Checkpoint
31-12-2013 12:19:20 System Checkpoint

==================== Hosts content: ==========================

2005-09-29 22:53 - 2013-03-02 18:56 - 00445930 ____R C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    100sexlinks.com
127.0.0.1    www.10sek.com
127.0.0.1    10sek.com
127.0.0.1    www.1-2005-search.com
127.0.0.1    1-2005-search.com
127.0.0.1    www.123fporn.info
127.0.0.1    123fporn.info
127.0.0.1    123haustiereundmehr.com
127.0.0.1    www.123haustiereundmehr.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\Low Battery Alarm Program.job => ?

==================== Loaded Modules (whitelisted) =============

2013-12-13 03:12 - 2013-12-09 11:37 - 00394808 _____ () C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
2007-11-17 13:49 - 2001-09-23 15:41 - 00524377 _____ () C:\WINDOWS\system32\stlport_4_0_0_DDR.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/20/2013 09:06:06 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007041d.

Error: (12/13/2013 05:00:44 AM) (Source: MsiInstaller) (User: FRONTROOM)
Description: Product: Avira SearchFree Toolbar -- Error 25001. The following applications must be closed before continuing the uninstall:

Internet Explorer

Error: (12/13/2013 05:00:35 AM) (Source: MsiInstaller) (User: FRONTROOM)
Description: Product: Avira SearchFree Toolbar -- Error 25001. The following applications must be closed before continuing the uninstall:

Internet Explorer

Error: (12/13/2013 04:58:54 AM) (Source: MsiInstaller) (User: FRONTROOM)
Description: Product: Avira SearchFree Toolbar -- Error 25001. The following applications must be closed before continuing the uninstall:

Internet Explorer

Error: (12/13/2013 04:57:42 AM) (Source: MsiInstaller) (User: FRONTROOM)
Description: Product: Avira SearchFree Toolbar -- Error 25001. The following applications must be closed before continuing the uninstall:

Internet Explorer

Error: (12/12/2013 05:46:39 PM) (Source: MsiInstaller) (User: FRONTROOM)
Description: Product: Microsoft Baseline Security Analyzer 2.3 -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2755. The arguments are: 3, C:\Documents and Settings\wayne\Local Settings\Temporary Internet Files\Content.IE5\UL9F3QNA\MBSASetup-x86-EN[1].msi,

Error: (12/12/2013 04:44:55 PM) (Source: Application Hang) (User: )
Description: Fault bucket 724433971.

Error: (12/12/2013 04:36:22 PM) (Source: Application Hang) (User: )
Description: Hanging application helpctr.exe, version 5.1.2600.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (12/12/2013 02:19:49 PM) (Source: Application Hang) (User: )
Description: Fault bucket 1180947459.

Error: (12/12/2013 02:19:25 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.


System errors:
=============
Error: (12/27/2013 05:06:30 PM) (Source: Service Control Manager) (User: )
Description: The IMAPI CD-Burning COM Service service failed to start due to the following error:
%%1053

Error: (12/27/2013 05:06:30 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.

Error: (12/20/2013 09:06:10 AM) (Source: Service Control Manager) (User: )
Description: The Volume Shadow Copy service failed to start due to the following error:
%%1053

Error: (12/20/2013 09:06:10 AM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the Volume Shadow Copy service to connect.

Error: (12/20/2013 09:06:06 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1053" attempting to start the service VSS with arguments ""
in order to run the server:
{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}

Error: (12/19/2013 05:15:13 PM) (Source: 0) (User: )
Description: \Device\Ide\IdePort0

Error: (12/19/2013 05:15:02 PM) (Source: 0) (User: )
Description: \Device\Ide\IdePort0

Error: (12/19/2013 05:14:01 PM) (Source: 0) (User: )
Description: \Device\Ide\IdePort0

Error: (12/19/2013 05:13:40 PM) (Source: 0) (User: )
Description: \Device\Ide\IdePort0

Error: (12/19/2013 05:13:29 PM) (Source: 0) (User: )
Description: \Device\Ide\IdePort0


Microsoft Office Sessions:
=========================
Error: (12/20/2013 09:06:06 AM) (Source: VSS)(User: )
Description: CoCreateInstance0x8007041d

Error: (12/13/2013 05:00:44 AM) (Source: MsiInstaller)(User: FRONTROOM)
Description: Product: Avira SearchFree Toolbar -- Error 25001. The following applications must be closed before continuing the uninstall:

Internet Explorer(NULL)(NULL)(NULL)

Error: (12/13/2013 05:00:35 AM) (Source: MsiInstaller)(User: FRONTROOM)
Description: Product: Avira SearchFree Toolbar -- Error 25001. The following applications must be closed before continuing the uninstall:

Internet Explorer(NULL)(NULL)(NULL)

Error: (12/13/2013 04:58:54 AM) (Source: MsiInstaller)(User: FRONTROOM)
Description: Product: Avira SearchFree Toolbar -- Error 25001. The following applications must be closed before continuing the uninstall:

Internet Explorer(NULL)(NULL)(NULL)

Error: (12/13/2013 04:57:42 AM) (Source: MsiInstaller)(User: FRONTROOM)
Description: Product: Avira SearchFree Toolbar -- Error 25001. The following applications must be closed before continuing the uninstall:

Internet Explorer(NULL)(NULL)(NULL)

Error: (12/12/2013 05:46:39 PM) (Source: MsiInstaller)(User: FRONTROOM)
Description: Product: Microsoft Baseline Security Analyzer 2.3 -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2755. The arguments are: 3, C:\Documents and Settings\wayne\Local Settings\Temporary Internet Files\Content.IE5\UL9F3QNA\MBSASetup-x86-EN[1].msi, (NULL)(NULL)(NULL)

Error: (12/12/2013 04:44:55 PM) (Source: Application Hang)(User: )
Description: 724433971

Error: (12/12/2013 04:36:22 PM) (Source: Application Hang)(User: )
Description: helpctr.exe5.1.2600.5512hungapp0.0.0.000000000

Error: (12/12/2013 02:19:49 PM) (Source: Application Hang)(User: )
Description: 1180947459

Error: (12/12/2013 02:19:25 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000


==================== Memory info ===========================

Percentage of memory in use: 39%
Total physical RAM: 989.48 MB
Available physical RAM: 601.52 MB
Total Pagefile: 1234.48 MB
Available Pagefile: 748.15 MB
Total Virtual: 2047.88 MB
Available Virtual: 1945.5 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:33.11 GB) (Free:11.22 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 37 GB) (Disk ID: 51FD30A0)
Partition 1: (Active) - (Size=33 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=4 GB) - (Type=12)

==================== End Of Log ============================

I hope I done it right, Cheers.
 



#6 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:10:35 AM

Posted 01 January 2014 - 11:13 PM

Hey :)

 

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

==========

 

 

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Best Regards,
oneof4.


#7 olvidadizo

olvidadizo
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:35 PM

Posted 02 January 2014 - 08:24 AM

# AdwCleaner v3.016 - Report created 02/01/2014 at 11:06:02
# Updated 23/12/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : wayne - FRONTROOM
# Running from : C:\Documents and Settings\wayne\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Found : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Classes\S
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Key Found : HKLM\Software\Viewpoint
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Documents and Settings\wayne\Application Data\Mozilla\Firefox\Profiles\lc79fzjc.default\prefs.js ]

Line Found : user_pref("extensions.wrc.SearchRules.rambler.ru.style", ".WRCN {display:none} .search-results .title + .WRCN {display:inline !important; background: url(\"IMAGE\") right no-repeat}");

[ File : C:\Documents and Settings\the boss\Application Data\Mozilla\Firefox\Profiles\0o2lkiz2.default\prefs.js ]

Line Found : user_pref("extensions.wrc.SearchRules.rambler.ru.style", ".WRCN {display:none} .search-results .title + .WRCN {display:inline !important; background: url(\"IMAGE\") right no-repeat}");

*************************

AdwCleaner[R0].txt - [3127 octets] - [02/01/2014 11:06:02]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [3187 octets] ##########

..................

Just going to try and do the JRT scan now.

.........

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.9 (01.01.2014:1)
OS: Microsoft Windows XP x86
Ran by wayne on 02/01/2014 at 13:34:40.84
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\uniblue registrybooster 2
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\axmetastream.metastreamctl
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\axmetastream.metastreamctl.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\axmetastream.metastreamctlsecondary
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\axmetastream.metastreamctlsecondary.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\s
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{5C25324E-46D1-40A7-B954-F50A511FC201}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{FA7982C5-3CB2-4995-A656-EB8BFD2AD665}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{271CE34B-9DD1-44D9-BE31-6AC143E9AFF3}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\apn"





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 02/01/2014 at 13:40:40.46
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Edited by olvidadizo, 02 January 2014 - 09:00 AM.


#8 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:10:35 AM

Posted 02 January 2014 - 05:41 PM

Hey :)

 

Double click on AdwCleaner.exe to run the tool again.

  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
  • This time click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

 

Also, update me on how the computer is behaving.


Best Regards,
oneof4.


#9 olvidadizo

olvidadizo
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:35 PM

Posted 02 January 2014 - 07:22 PM

Hi oneof4 :thumbup2:  That was scary ;-) But it re-booted OK, not a paper weight yet lol. I had to delete " Vlc player" it was out of date. I'll put a new one on later. Here's the log, thank You.

...........

...........

# AdwCleaner v3.016 - Report created 02/01/2014 at 23:55:51
# Updated 23/12/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : wayne - FRONTROOM
# Running from : C:\Documents and Settings\wayne\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Key Deleted : HKLM\Software\Viewpoint
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Documents and Settings\wayne\Application Data\Mozilla\Firefox\Profiles\lc79fzjc.default\prefs.js ]

Line Deleted : user_pref("extensions.wrc.SearchRules.rambler.ru.style", ".WRCN {display:none} .search-results .title + .WRCN {display:inline !important; background: url(\"IMAGE\") right no-repeat}");

[ File : C:\Documents and Settings\the boss\Application Data\Mozilla\Firefox\Profiles\0o2lkiz2.default\prefs.js ]

Line Deleted : user_pref("extensions.wrc.SearchRules.rambler.ru.style", ".WRCN {display:none} .search-results .title + .WRCN {display:inline !important; background: url(\"IMAGE\") right no-repeat}");

*************************

AdwCleaner[R0].txt - [3267 octets] - [02/01/2014 11:06:02]
AdwCleaner[R1].txt - [2802 octets] - [02/01/2014 23:49:54]
AdwCleaner[S0].txt - [2755 octets] - [02/01/2014 23:55:51]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2815 octets] ##########
 



#10 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:10:35 AM

Posted 02 January 2014 - 08:00 PM

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system


Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Also, update me on how your system is performing after running the fix.

 

Attached Files


Best Regards,
oneof4.


#11 olvidadizo

olvidadizo
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:35 PM

Posted 02 January 2014 - 08:55 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 02-01-2014 01
Ran by wayne at 2014-01-03 01:50:42 Run:1
Running from C:\Documents and Settings\wayne\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
U1 WS2IFSL;
C:\Documents and Settings\wayne\Local Settings\Temp\avgnt.exe
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

*****************

WS2IFSL => Service deleted successfully.
C:\Documents and Settings\wayne\Local Settings\Temp\avgnt.exe => Moved successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":5C321E34" ADS removed successfully.

==== End of Fixlog ====



#12 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:10:35 AM

Posted 02 January 2014 - 09:02 PM

 

Also, update me on how your system is performing after running the fix.


Best Regards,
oneof4.


#13 olvidadizo

olvidadizo
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:35 PM

Posted 02 January 2014 - 09:12 PM

Sorry :-( I forgot that bit. I haven't done a re-boot yet, but went on youtube and another tech site linked to here.

doesn't feel any worse :thumbup2:  So were doing good :crazy:



#14 olvidadizo

olvidadizo
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:35 PM

Posted 02 January 2014 - 09:33 PM

I just done a re-boot and I'm are still here :thumbup2: Nervous stuff this lol



#15 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:10:35 AM

Posted 03 January 2014 - 05:59 PM

Please download Combofix from This Webpage...and read through the instructions there for running the tool.

***Important Note***
Please read through the guidance on that web page carefully and thoroughly...and install the Recovery Console. Using this tool without the Recovery Console installed is NOT RECOMMENDED.

If you have Windows Vista or Windows 7, you can skip the recovery console step...in Vista/7 it's in the System Recovery Options menu. The System Recovery Options menu is on the Windows Vista or Windows 7 installation disc. If Windows doesn't start correctly, you can use these tools to repair startup problems.



The Windows Recovery Console will allow you to boot into a special recovery (repair) mode that is not otherwise available. This allows us to more easily help you should your computer have a problem after an attempted removal of malware.  It's a simple procedure that will only take a few moments.

Once installed, a blue screen prompt should appear that reads as follows:

The Recovery Console was successfully installed.

When you see that screen, please continue as follows:

  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a log file for you. Please post that log back here on your next reply. Thanks!

Note:
Do not mouseclick combofix's window while it's running....that may cause the scan to stall


Best Regards,
oneof4.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users