View Full Version : computer extremely slow and full of trojans
Edgecrusher
2012-10-21, 20:01
hi, my computer is very slow on start up and including internet. makes it difficult to watch videos on youtube.
DDS (Ver_2012-10-19.01) - NTFS_x86
Internet Explorer: 6.0.2900.5512
Run by Home at 18:49:24 on 2012-10-21
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.768.306 [GMT 1:00]
.
AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\temp\mixersel.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files\NETGEAR\WNDA3200\WNDA3200WPSMgr.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\NETGEAR\WNDA3200\WifiDevChkSvc.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3227982
uSearch Page = hxxp://search.live.com
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://uk.search.yahoo.com/search?fr=mcafee&p=%s%s
mSearchAssistant = hxxp://search.live.com/sphome.aspx
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
BHO: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - c:\program files\windows live\toolbar\wltcore.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Spotify Web Helper] "c:\program files\spotify\data\SpotifyWebHelper.exe"
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [Mixersel] c:\windows\temp\mixersel.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [D-Link D-Link Wireless N DWA-140] c:\program files\d-link\d-link wireless n dwa-140\AirNCFG.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wnda3200\WNDA3200WPSMgr.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
TCP: Interfaces\{178F3F01-59E9-4B64-A167-017FBD2D3F6C} : DHCPNameServer = 192.168.1.254 192.168.1.254
TCP: Interfaces\{DBF607C1-DE27-4DCE-9317-192C135086B0} : NameServer = 85.17.255.198,46.19.33.120
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\home\application data\mozilla\firefox\profiles\vfv1tlv3.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3227982&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=mcafee&p=
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_287.dll
.
============= SERVICES / DRIVERS ===============
.
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2012-9-22 65848]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2011-10-5 36000]
R1 RapportCerberus_42020;RapportCerberus_42020;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\baseline\RapportCerberus32_42020.sys [2012-8-11 228376]
R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2012-9-22 71480]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2012-9-22 166840]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-10-5 86224]
R2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2011-10-5 110032]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-10-5 83392]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2011-7-29 54760]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe [2011-7-29 95232]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2012-9-22 976728]
R2 WDCS_WNDA3200;NETGEAR WNDA3200 Device Checking Service;c:\program files\netgear\wnda3200\WifiDevChkSvc.exe [2012-5-6 167936]
R3 ctlsb16;Creative SB16/AWE32/AWE64 Driver (WDM);c:\windows\system32\drivers\ctlsb16.sys [2012-9-14 96256]
R3 ELNK3;3Com EtherLink III;c:\windows\system32\drivers\elnk3.sys [2012-9-14 25159]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [2012-5-6 57440]
R3 RapportIaso;RapportIaso;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\39624\RapportIaso.sys [2012-6-8 21520]
R3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2012-6-8 560896]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-2 250808]
S3 ALSysIO;ALSysIO;\??\c:\docume~1\home\locals~1\temp\alsysio.sys --> c:\docume~1\home\locals~1\temp\ALSysIO.sys [?]
S3 AR9271;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [2012-5-6 1759584]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files\netgear\wnda3200\jswpsapi.exe [2012-5-6 360529]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-6-11 115168]
.
=============== Created Last 30 ================
.
2012-10-13 13:31:10 96224 ----a-w- c:\program files\mozilla firefox\webapprt-stub.exe
2012-10-13 13:31:10 157272 ----a-w- c:\program files\mozilla firefox\webapp-uninstaller.exe
2012-10-13 13:29:59 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
2012-10-13 13:29:58 73696 ----a-w- c:\program files\mozilla firefox\breakpadinjector.dll
2012-10-13 13:29:58 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2012-10-13 13:29:58 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2012-10-13 13:29:58 18912 ----a-w- c:\program files\mozilla firefox\AccessibleMarshal.dll
2012-10-13 13:29:58 116192 ----a-w- c:\program files\mozilla firefox\crashreporter.exe
2012-09-30 17:46:24 -------- d-----w- c:\program files\iPod
2012-09-30 17:45:38 -------- d-----w- c:\program files\iTunes
2012-09-30 17:45:38 -------- d-----w- c:\documents and settings\all users\application data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2012-09-22 15:34:42 65848 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
.
==================== Find3M ====================
.
2012-10-09 18:14:57 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-09 18:14:55 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-07 16:04:46 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-30 20:29:36 81920 ----a-w- c:\windows\system32\ieencode.dll
2012-08-30 20:29:36 667136 ----a-w- c:\windows\system32\wininet.dll
2012-08-30 20:29:36 61952 ----a-w- c:\windows\system32\tdc.ocx
2012-08-30 19:10:00 65536 ----a-w- c:\windows\system32\OpenCL.dll
2012-08-28 13:00:25 369664 ----a-w- c:\windows\system32\html.iec
2012-08-24 13:53:22 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-21 13:29:19 2192896 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58:06 2069632 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-08-21 12:01:22 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-21 12:01:22 106928 ----a-w- c:\windows\system32\GEARAspi.dll
.
============= FINISH: 18:51:01.57 ===============
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-21 18:52:35
-----------------------------
18:52:35.562 OS Version: Windows 5.1.2600 Service Pack 3
18:52:35.562 Number of processors: 1 586 0x703
18:52:35.562 ComputerName: FAMILYPC-0F08F1 UserName: Home
18:52:36.453 Initialize success
18:52:51.645 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
18:52:51.645 Disk 0 Vendor: SAMSUNG_SP0802N TK100-24 Size: 76351MB BusType: 3
18:52:51.655 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-c
18:52:51.655 Disk 1 Vendor: WDC_WD102AA 05.05B05 Size: 9787MB BusType: 3
18:52:51.665 Disk 0 MBR read successfully
18:52:51.675 Disk 0 MBR scan
18:52:51.675 Disk 0 Windows XP default MBR code
18:52:51.675 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76340 MB offset 63
18:52:51.685 Disk 0 scanning sectors +156344580
18:52:51.765 Disk 0 scanning C:\WINDOWS\system32\drivers
18:53:15.319 Service scanning
18:53:35.278 Modules scanning
18:53:50.039 Disk 0 trace - called modules:
18:53:50.069 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys PCIIDEX.SYS
18:53:50.420 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82fd6ab8]
18:53:50.420 3 CLASSPNP.SYS[f758efd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x82f85b00]
18:53:50.420 Scan finished successfully
18:54:11.590 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Home\Desktop\MBR.dat"
18:54:11.610 The log file has been saved successfully to "C:\Documents and Settings\Home\Desktop\aswMBRlog.txt"
TechieRanger
2012-10-22, 22:18
Hi, and welcome to our malware removal forum!
My name is Richard and I'll be happy to help you with your computer problems.
Please be advised that I am currently in training, so my responses will need to be approved by one of our experts before I post them. This is only to ensure you are receiving accurate instructions. It may cause a delay in my replies.
Please note the following:
The cleaning process is not instant as logs can take time to research. Sit tight and please be patient.
I will be working on your malware issues. This may or may not solve other issues you may have with your system.
While we are fixing your problems, do NOT install/re-install any programs or run any fixes or scanners unless told to do so.
Ensure that your anti-virus definitions are up-to-date.
I would advise backing up all your important documents, personal data files and photos to a CD or DVD drive.
Do not back up any Applications (programs). These should be re-installed from the original source CD(s) or website(s).
During the course of our cleanup, please do not do any additional online work or surfing until we have verified that your system is clean.
I suggest printing out each set of instructions and reading the entire post before proceeding. It will make following them easier.
Be sure to follow the directions and run tools/scans in the order listed.
If you do not reply to your topic, it will be closed after 3 days.
I will return as soon as possible with more instructions.
Regards,
Richard:greeting:
Edgecrusher
2012-10-23, 18:34
i will be waiting further instructions.
TechieRanger
2012-10-25, 04:13
Please know that I have not forgotten about you.:)
I am waiting for one of our experts to review my response before I post it. This is only to ensure you are receiving accurate instructions. It may cause a delay in my replies.
I will return as soon as possible with the instructions.:2thumb:
Regards,
Richard:greeting:
TechieRanger
2012-10-26, 00:50
Thanks for your patience.:)
ADWCLEANER
----------------------------
Download AdwCleaner from here (http://general-changelog-team.fr/en/tools/15-adwcleaner) and save it to your Desktop.
Double click on AdwCleaner.exe to run the tool.
Click on Search.
A log file will automatically open after the scan has finished.
Please post the content of that log in your reply.
You can find the log file at C:\AdwCleaner[Rn].txt as well - (n is the scan number.)
Next
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your Desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Check the boxes beside LOP Check and Purity Check.
Under Custom Scan paste this in
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
services.exe
/md5stop
%systemroot%\*. /rp /s
%systemdrive%\$Recycle.Bin|@;true;true;true
DRIVES
CREATERESTOREPOINT
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
You may need two posts to fit them both in.
In your next reply, please provide the following:
AdwCleaner log.
OTL log.
Description of how your PC is running.
Regards,
Richard:greeting:
Edgecrusher
2012-10-26, 19:25
# AdwCleaner v2.005 - Logfile created 10/26/2012 at 18:23:04
# Updated 14/10/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Home - FAMILYPC-0F08F1
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Home\My Documents\Downloads\AdwCleaner.exe
# Option [Search]
***** [Services] *****
***** [Files / Folders] *****
File Found : C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\vfv1tlv3.default\searchplugins\Conduit.xml
Folder Found : C:\DOCUME~1\Home\LOCALS~1\Temp\boost_interprocess
Folder Found : C:\Documents and Settings\All Users\Application Data\IBUpdaterService
Folder Found : C:\Documents and Settings\All Users\Application Data\InstallMate
Folder Found : C:\Documents and Settings\All Users\Application Data\Premium
Folder Found : C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\vfv1tlv3.default\ConduitCommon
Folder Found : C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\vfv1tlv3.default\extensions\staged
Folder Found : C:\Documents and Settings\Home\Local Settings\Application Data\Conduit
Folder Found : C:\Program Files\Conduit
***** [Registry] *****
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\ConduitSearchScopes
Key Found : HKCU\Software\Cr_Installer
Key Found : HKCU\Software\DataMngr
Key Found : HKCU\Software\DataMngr_Toolbar
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1631550F-191D-4826-B069-D9439253D926}
Key Found : HKCU\Software\PriceGong
Key Found : HKCU\Software\SmartBar
Key Found : HKCU\Software\Softonic
Key Found : HKLM\Software\bProtector
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3227982
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\DataMngr
Key Found : HKLM\Software\Freeze.com
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011501160}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011501160}
Key Found : HKU\S-1-5-21-1645522239-1708537768-1343024091-1004\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Found : HKU\S-1-5-21-1645522239-1708537768-1343024091-1004\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Value Found : HKCU\Software\Mozilla\Firefox\Extensions [specialsavings@superfish.com]
***** [Internet Browsers] *****
-\\ Internet Explorer v6.0.2900.5512
[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT3227982
[HKCU\Software\Microsoft\Internet Explorer\Main - bProtector Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT3227980
-\\ Mozilla Firefox v16.0.1 (en-GB)
Profile name : default
File : C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\vfv1tlv3.default\prefs.js
Found : user_pref("CT3227982..clientLogIsEnabled", false);
Found : user_pref("CT3227982..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Found : user_pref("CT3227982..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Found : user_pref("CT3227982.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Found : user_pref("CT3227982.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Found : user_pref("CT3227982.BrowserCompStateIsOpen_9221552460232570768", true);
Found : user_pref("CT3227982.CTID", "CT3227982");
Found : user_pref("CT3227982.CurrentServerDate", "13-8-2012");
Found : user_pref("CT3227982.DSChangedManually", false);
Found : user_pref("CT3227982.DSInstall", true);
Found : user_pref("CT3227982.DSProtectChoice", false);
Found : user_pref("CT3227982.DSProtectCount", 1);
Found : user_pref("CT3227982.DialogsAlignMode", "LTR");
Found : user_pref("CT3227982.DialogsGetterLastCheckTime", "Mon Aug 13 2012 20:16:01 GMT+0100 (GMT Daylight T[...]
Found : user_pref("CT3227982.DownloadReferralCookieData", "");
Found : user_pref("CT3227982.FirstServerDate", "13-8-2012");
Found : user_pref("CT3227982.FirstTime", true);
Found : user_pref("CT3227982.FirstTimeFF3", true);
Found : user_pref("CT3227982.FirstTimeHiddenVer", true);
Found : user_pref("CT3227982.FixPageNotFoundErrors", true);
Found : user_pref("CT3227982.GroupingServerCheckInterval", 1440);
Found : user_pref("CT3227982.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Found : user_pref("CT3227982.HPInstall", true);
Found : user_pref("CT3227982.HasUserGlobalKeys", true);
Found : user_pref("CT3227982.HomePageProtectorEnabled", true);
Found : user_pref("CT3227982.HomepageBeforeUnload", "hxxp://search.conduit.com/?ctid=CT3227982&SearchSource=[...]
Found : user_pref("CT3227982.Initialize", true);
Found : user_pref("CT3227982.InitializeCommonPrefs", true);
Found : user_pref("CT3227982.InstallationAndCookieDataSentCount", 1);
Found : user_pref("CT3227982.InstallationId", "installbrain");
Found : user_pref("CT3227982.InstallationType", "ConduitNSISIntegration");
Found : user_pref("CT3227982.InstalledDate", "Mon Aug 13 2012 20:16:01 GMT+0100 (GMT Daylight Time)");
Found : user_pref("CT3227982.InvalidateCache", false);
Found : user_pref("CT3227982.IsAlertDBUpdated", true);
Found : user_pref("CT3227982.IsGrouping", false);
Found : user_pref("CT3227982.IsInitSetupIni", true);
Found : user_pref("CT3227982.IsMulticommunity", false);
Found : user_pref("CT3227982.IsOpenThankYouPage", false);
Found : user_pref("CT3227982.IsOpenUninstallPage", true);
Found : user_pref("CT3227982.LanguagePackLastCheckTime", "Mon Aug 13 2012 20:16:07 GMT+0100 (GMT Daylight Ti[...]
Found : user_pref("CT3227982.LanguagePackReloadIntervalMM", 1440);
Found : user_pref("CT3227982.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Found : user_pref("CT3227982.LastLogin_3.15.0.0", "Mon Aug 13 2012 21:08:36 GMT+0100 (GMT Daylight Time)");
Found : user_pref("CT3227982.LatestVersion", "3.14.1.0");
Found : user_pref("CT3227982.Locale", "en");
Found : user_pref("CT3227982.MCDetectTooltipHeight", "83");
Found : user_pref("CT3227982.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Found : user_pref("CT3227982.MCDetectTooltipWidth", "295");
Found : user_pref("CT3227982.MyStuffEnabledAtInstallation", true);
Found : user_pref("CT3227982.OriginalFirstVersion", "3.15.0.0");
Found : user_pref("CT3227982.RadioIsPodcast", false);
Found : user_pref("CT3227982.RadioLastCheckTime", "Mon Aug 13 2012 21:08:43 GMT+0100 (GMT Daylight Time)");
Found : user_pref("CT3227982.RadioLastUpdateIPServer", "3");
Found : user_pref("CT3227982.RadioLastUpdateServer", "3");
Found : user_pref("CT3227982.RadioMediaID", "9962");
Found : user_pref("CT3227982.RadioMediaType", "Media Player");
Found : user_pref("CT3227982.RadioMenuSelectedID", "EBRadioMenu_CT32279829962");
Found : user_pref("CT3227982.RadioShrinkedFromSetup", false);
Found : user_pref("CT3227982.RadioStationName", "California%20Rock");
Found : user_pref("CT3227982.RadioStationURL", "hxxp://feedlive.net/california.asx");
Found : user_pref("CT3227982.SavedHomepage", "hxxp://search.conduit.com/?ctid=CT3227980&SearchSource=13");
Found : user_pref("CT3227982.SearchCaption", "appbario8 Customized Web Search");
Found : user_pref("CT3227982.SearchEngineBeforeUnload", "Secure Search");
Found : user_pref("CT3227982.SearchFromAddressBarIsInit", true);
Found : user_pref("CT3227982.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT322[...]
Found : user_pref("CT3227982.SearchInNewTabEnabled", true);
Found : user_pref("CT3227982.SearchInNewTabIntervalMM", 1440);
Found : user_pref("CT3227982.SearchInNewTabLastCheckTime", "Mon Aug 13 2012 21:08:40 GMT+0100 (GMT Daylight [...]
Found : user_pref("CT3227982.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Found : user_pref("CT3227982.SearchProtectorEnabled", false);
Found : user_pref("CT3227982.SearchProtectorToolbarDisabled", false);
Found : user_pref("CT3227982.SendProtectorDataViaLogin", true);
Found : user_pref("CT3227982.ServiceMapLastCheckTime", "Mon Aug 13 2012 20:14:28 GMT+0100 (GMT Daylight Time[...]
Found : user_pref("CT3227982.SettingsLastCheckTime", "Mon Aug 13 2012 20:16:00 GMT+0100 (GMT Daylight Time)"[...]
Found : user_pref("CT3227982.SettingsLastUpdate", "1344850466");
Found : user_pref("CT3227982.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT3227982&SearchSource=13");
Found : user_pref("CT3227982.ThirdPartyComponentsInterval", 504);
Found : user_pref("CT3227982.ThirdPartyComponentsLastCheck", "Mon Aug 13 2012 20:14:28 GMT+0100 (GMT Dayligh[...]
Found : user_pref("CT3227982.ThirdPartyComponentsLastUpdate", "1331805997");
Found : user_pref("CT3227982.ToolbarShrinkedFromSetup", false);
Found : user_pref("CT3227982.TrusteLinkUrl", "hxxp://trust.conduit.com/CT3227982");
Found : user_pref("CT3227982.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Found : user_pref("CT3227982.UserID", "UN49853975388931193");
Found : user_pref("CT3227982.ValidationData_Toolbar", 0);
Found : user_pref("CT3227982.alertChannelId", "1663751");
Found : user_pref("CT3227982.autoDisableScopes", -1);
Found : user_pref("CT3227982.backendstorage.bday_installdate", "31332D37");
Found : user_pref("CT3227982.backendstorage.bday_installfromtoolbar", "796573");
Found : user_pref("CT3227982.backendstorage.ct3227982ads1", "25374225323261647325323225334125354225374225323[...]
Found : user_pref("CT3227982.backendstorage.ct3227982current_term", "");
Found : user_pref("CT3227982.backendstorage.ct3227982sdate", "2D31");
Found : user_pref("CT3227982.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Found : user_pref("CT3227982.globalFirstTimeInfoLastCheckTime", "Mon Aug 13 2012 20:14:29 GMT+0100 (GMT Dayl[...]
Found : user_pref("CT3227982.homepageProtectorEnableByLogin", true);
Found : user_pref("CT3227982.initDone", true);
Found : user_pref("CT3227982.isFirstRadioInstallation", false);
Found : user_pref("CT3227982.myStuffEnabled", true);
Found : user_pref("CT3227982.myStuffPublihserMinWidth", 400);
Found : user_pref("CT3227982.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Found : user_pref("CT3227982.myStuffServiceIntervalMM", 1440);
Found : user_pref("CT3227982.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Found : user_pref("CT3227982.navigateToUrlOnSearch", false);
Found : user_pref("CT3227982.revertSettingsEnabled", true);
Found : user_pref("CT3227982.searchProtectorDialogDelayInSec", 10);
Found : user_pref("CT3227982.searchProtectorEnableByLogin", true);
Found : user_pref("CT3227982.testingCtid", "");
Found : user_pref("CT3227982.toolbarAppMetaDataLastCheckTime", "Mon Aug 13 2012 20:16:00 GMT+0100 (GMT Dayli[...]
Found : user_pref("CT3227982.toolbarContextMenuLastCheckTime", "Mon Aug 13 2012 20:16:07 GMT+0100 (GMT Dayli[...]
Found : user_pref("CT3227982.usagesFlag", 2);
Found : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3227982&Search[...]
Found : user_pref("CommunityToolbar.ConduitSearchList", "appbario8 Customized Web Search");
Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3227982/CT3227982[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3227982", [...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3227982",[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"3ae[...]
Found : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Documents and Settings\\Home\\Application [...]
Found : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.15.0.0");
Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.conduit.com/ResultsExt.asp[...]
Found : user_pref("CommunityToolbar.ToolbarsList", "CT3227982");
Found : user_pref("CommunityToolbar.ToolbarsList2", "CT3227982");
Found : user_pref("CommunityToolbar.ToolbarsList4", "CT3227982");
Found : user_pref("CommunityToolbar.globalUserId", "06517215-b3e9-41fe-8768-760576433d43");
Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT3227982");
Found : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Mon Aug 13 2012 20:14:2[...]
Found : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Found : user_pref("CommunityToolbar.notifications.locale", "en");
Found : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Found : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Mon Aug 13 2012 20:14:28 GMT+0100 (G[...]
Found : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Found : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Found : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Found : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Found : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Found : user_pref("CommunityToolbar.notifications.userId", "44423814-4715-44fd-adeb-d6b8323892e9");
Found : user_pref("CommunityToolbar.originalHomepage", "hxxp://search.conduit.com/?ctid=CT3227980&SearchSour[...]
Found : user_pref("CommunityToolbar.originalSearchEngine", "appbario8 Customized Web Search");
Found : user_pref("browser.search.defaultenginename", "appbario8 Customized Web Search");
Found : user_pref("browser.search.defaultthis.engineName", "appbario8 Customized Web Search");
Found : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3227982&Sea[...]
Found : user_pref("browser.search.order.1", "appbario8 Customized Web Search");
Found : user_pref("extensions.addonfox.addit.remoteInstallItems", "{ \"software\": {\"1\": {\"id\": \"1\",\"[...]
*************************
AdwCleaner[R1].txt - [15268 octets] - [26/10/2012 18:23:04]
########## EOF - C:\AdwCleaner[R1].txt - [15329 octets] ##########
Edgecrusher
2012-10-26, 21:40
OTL logfile created on: 26/10/2012 18:30:29 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Home\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
767.54 Mb Total Physical Memory | 560.73 Mb Available Physical Memory | 73.06% Memory free
2.12 Gb Paging File | 1.67 Gb Available in Paging File | 79.08% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.55 Gb Total Space | 37.88 Gb Free Space | 50.82% Space Free | Partition Type: NTFS
Drive D: | 9.54 Gb Total Space | 5.85 Gb Free Space | 61.31% Space Free | Partition Type: NTFS
Computer Name: FAMILYPC-0F08F1 | User Name: Home | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\Home\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
PRC - C:\Program Files\Trusteer\Rapport\bin\RapportService.exe (Trusteer Ltd.)
PRC - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - c:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\NETGEAR\WNDA3200\WNDA3200WPSMgr.exe (NETGEAR)
PRC - C:\Program Files\NETGEAR\WNDA3200\WifiDevChkSvc.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
PRC - C:\WINDOWS\Temp\mixersel.exe (Realtek Semiconductor Corp.)
========== Modules (No Company Name) ==========
MOD - C:\Program Files\Trusteer\Rapport\bin\js32.dll ()
MOD - C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll ()
MOD - C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\39624\RapportMS.dll ()
MOD - C:\WINDOWS\system32\quartz.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\NETGEAR\WNDA3200\WPSLib.dll ()
MOD - C:\Program Files\NETGEAR\WNDA3200\WifiDevChkSvc.exe ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\nvapi.dll ()
========== Services (SafeList) ==========
SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (RapportMgmtService) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
SRV - (McAfee SiteAdvisor Service) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (WDCS_WNDA3200) -- C:\Program Files\NETGEAR\WNDA3200\WifiDevChkSvc.exe ()
SRV - (jswpsapi) -- C:\Program Files\NETGEAR\WNDA3200\jswpsapi.exe (Atheros Communications, Inc.)
========== Driver Services (SafeList) ==========
DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (ALSysIO) -- C:\DOCUME~1\Home\LOCALS~1\Temp\ALSysIO.sys File not found
DRV - (RapportCerberus_43926) -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus32_43926.sys ()
DRV - (RapportPG) -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (Trusteer Ltd.)
DRV - (RapportEI) -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys (Trusteer Ltd.)
DRV - (RapportKELL) -- C:\WINDOWS\system32\drivers\RapportKELL.sys (Trusteer Ltd.)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\WINDOWS\system32\drivers\avkmgr.sys (Avira GmbH)
DRV - (AR9271) -- C:\WINDOWS\system32\drivers\athuw.sys (Atheros Communications, Inc.)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (fssfltr) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation)
DRV - (JSWSCIMD) -- C:\WINDOWS\system32\drivers\jswscimd.sys (Atheros Communications, Inc.)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (rt2870) -- C:\WINDOWS\system32\drivers\rt2870.sys (Ralink Technology, Corp.)
DRV - (ANIO) -- C:\WINDOWS\system32\ANIO.sys (Alpha Networks Inc.)
DRV - (ALCXWDM) -- C:\WINDOWS\system32\drivers\alcxwdm.sys (Realtek Semiconductor Corp.)
DRV - (rtl8139) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (ctlsb16) -- C:\WINDOWS\system32\drivers\ctlsb16.sys (Copyright (C) Creative Technology Ltd. 1994-2001)
DRV - (ELNK3) -- C:\WINDOWS\system32\drivers\elnk3.sys (3Com Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://search.conduit.com?SearchSource=10&ctid=CT3227980
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT3227982
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKCU\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{398B7CF9-BCF9-46EA-8A8D-E0B4C5AAB69E}: "URL" = http://uk.search.yahoo.com/search?fr=mcafee&p={SearchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3227980
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "appbario8 Customized Web Search"
FF - prefs.js..browser.search.defaultthis.engineName: "appbario8 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3227982&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "appbario8 Customized Web Search"
FF - prefs.js..browser.search.selectedEngine: "Secure Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledAddons: {ad48108d-92a6-4eb9-87e4-978aca1dbae4}:1.2.1
FF - prefs.js..extensions.enabledAddons: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20120926
FF - prefs.js..extensions.enabledAddons: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.5.8
FF - prefs.js..extensions.enabledAddons: {4ED1F68A-5463-4931-9384-8FFF5ED91D92}:3.5.0
FF - prefs.js..keyword.URL: "http://uk.search.yahoo.com/search?fr=mcafee&p="
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2012/09/30 17:28:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/11/13 22:18:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/10/13 14:31:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/10/13 14:30:09 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\specialsavings@superfish.com: C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles/vfv1tlv3.default\extensions\specialsavings@superfish.com
[2011/07/29 21:40:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Home\Application Data\Mozilla\Extensions
[2012/10/26 17:39:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\vfv1tlv3.default\extensions
[2012/10/03 08:05:59 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\vfv1tlv3.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012/10/26 17:39:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\vfv1tlv3.default\extensions\staged
[2012/10/19 18:24:34 | 000,529,693 | ---- | M] () (No name found) -- C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\vfv1tlv3.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012/01/12 08:59:35 | 000,292,116 | ---- | M] () (No name found) -- C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\vfv1tlv3.default\extensions\{ad48108d-92a6-4eb9-87e4-978aca1dbae4}.xpi
[2012/10/26 17:39:50 | 000,530,068 | ---- | M] () (No name found) -- C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\vfv1tlv3.default\extensions\staged\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012/08/07 17:23:28 | 000,000,921 | ---- | M] () -- C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\vfv1tlv3.default\searchplugins\conduit.xml
[2012/10/13 14:30:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/09/30 17:28:27 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
[2012/10/13 14:31:09 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/06/11 19:29:30 | 000,001,525 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/09/30 18:04:46 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/06/11 19:29:30 | 000,000,935 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/06/11 19:29:30 | 000,001,166 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/08/13 21:12:22 | 000,002,027 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2012/10/13 14:31:00 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012/06/11 19:29:30 | 000,001,121 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml
O1 HOSTS File: ([2004/08/04 13:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {0cc09160-108c-4759-bab1-5c12c216e005} - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [D-Link D-Link Wireless N DWA-140] C:\Program Files\D-Link\D-Link Wireless N DWA-140\AirNCFG.exe (D-Link)
O4 - HKLM..\Run: [Mixersel] C:\WINDOWS\Temp\mixersel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Program Files\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WNDA3200 Smart Wizard.lnk = C:\Program Files\NETGEAR\WNDA3200\WNDA3200WPSMgr.exe (NETGEAR)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{178F3F01-59E9-4B64-A167-017FBD2D3F6C}: DhcpNameServer = 192.168.1.254 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DBF607C1-DE27-4DCE-9317-192C135086B0}: NameServer = 85.17.255.198,46.19.33.120
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/07/29 20:08:20 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [1997/01/01 01:45:54 | 000,000,000 | -H-- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{cb3910b0-97bd-11e1-a032-00012e0b40db}\Shell - "" = AutoRun
O33 - MountPoints2\{cb3910b0-97bd-11e1-a032-00012e0b40db}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{cb3910b0-97bd-11e1-a032-00012e0b40db}\Shell\AutoRun\command - "" = E:\AutoInst.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2012/10/21 18:49:24 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Home\Start Menu\Programs\Administrative Tools
[2012/10/13 14:29:56 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/09/30 18:51:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2012/09/30 18:46:24 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/09/30 18:45:38 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/09/30 18:45:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2012/09/30 18:29:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Apple Computer
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/10/26 18:11:20 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/10/26 17:24:48 | 000,088,566 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012/10/26 17:24:04 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/10/26 17:23:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/10/21 18:55:22 | 000,003,309 | ---- | M] () -- C:\Documents and Settings\Home\Desktop\attach.zip
[2012/10/21 18:54:11 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Home\Desktop\MBR.dat
[2012/10/10 23:25:46 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/10/09 19:14:57 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/10/09 19:14:55 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/09/30 19:57:48 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/30 18:51:39 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2012/09/30 17:31:18 | 000,000,000 | ---- | M] () -- C:\extensions.sqlite
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/10/21 18:55:22 | 000,003,309 | ---- | C] () -- C:\Documents and Settings\Home\Desktop\attach.zip
[2012/10/21 18:54:11 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Home\Desktop\MBR.dat
[2012/09/30 18:51:39 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2012/09/30 17:31:18 | 000,000,000 | ---- | C] () -- C:\extensions.sqlite
[2012/04/15 00:46:31 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/02/16 12:06:17 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/08/21 23:20:01 | 000,018,944 | ---- | C] () -- C:\Documents and Settings\Home\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/29 22:51:53 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2011/07/29 22:51:31 | 000,135,168 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2011/07/29 21:40:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/07/29 20:53:17 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/07/29 20:52:09 | 000,098,256 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/29 20:10:25 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/07/29 20:05:45 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
========== ZeroAccess Check ==========
[2011/07/29 23:52:06 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2012/08/30 21:29:36 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 13:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 01:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2012/09/30 18:51:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2012/08/13 20:14:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IBUpdaterService
[2011/12/13 19:49:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2011/12/13 19:47:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Premium
[2011/07/29 23:06:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2011/08/01 00:58:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/12/16 10:50:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\DDMSettings
[2012/10/25 19:53:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\Spotify
[2011/08/01 16:32:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\Thinstall
[2011/07/29 23:08:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\Trusteer
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
< MD5 for: EXPLORER.EXE >
[2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004/08/04 13:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
< MD5 for: SERVICES.EXE >
[2009/02/06 12:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008/04/14 01:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2008/04/14 01:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\ServicePackFiles\i386\services.exe
[2009/02/06 12:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/06 12:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe
[2004/08/04 13:00:00 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\$NtServicePackUninstall$\services.exe
< MD5 for: SVCHOST.EXE >
[2008/04/14 01:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/14 01:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2012/09/07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2004/08/04 13:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
< MD5 for: USERINIT.EXE >
[2004/08/04 13:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/14 01:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 01:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe
< MD5 for: WINLOGON.EXE >
[2004/08/04 13:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2012/09/07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/14 01:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 01:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe
< %systemroot%\*. /rp /s >
< %systemdrive%\$Recycle.Bin|@;true;true;true >
========== Drive Information ==========
Physical Drives
---------------
Drive: \\\\.\\PHYSICALDRIVE0 - Fixed\thard disk media
Interface type: IDE
Media Type: Fixed\thard disk media
Model: SAMSUNG SP0802N
Partitions: 1
Status: OK
Status Info: 0
Drive: \\\\.\\PHYSICALDRIVE1 - Fixed\thard disk media
Interface type: IDE
Media Type: Fixed\thard disk media
Model: WDC WD102AA
Partitions: 1
Status: OK
Status Info: 0
Partitions
---------------
DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 75.00GB
Starting Offset: 32256
Hidden sectors: 0
DeviceID: Disk #1, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 10.00GB
Starting Offset: 32256
Hidden sectors: 0
========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790 -> Junction
[C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e -> Junction
< End of report >
Edgecrusher
2012-10-26, 21:56
OTL Extras logfile created on: 26/10/2012 18:30:29 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Home\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
767.54 Mb Total Physical Memory | 560.73 Mb Available Physical Memory | 73.06% Memory free
2.12 Gb Paging File | 1.67 Gb Available in Paging File | 79.08% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.55 Gb Total Space | 37.88 Gb Free Space | 50.82% Space Free | Partition Type: NTFS
Drive D: | 9.54 Gb Total Space | 5.85 Gb Free Space | 61.31% Space Free | Partition Type: NTFS
Computer Name: FAMILYPC-0F08F1 | User Name: Home | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\Spotify\spotify.exe" = C:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify Ltd)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v1.5.2.3456
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}" = ANIO Service
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B02F55E-7E6B-4226-8E67-76514D33FD41}_is1" = NETGEAR WNDA3200 wireless adapter Setup
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{D7D2F494-89E3-42ED-8A2B-75BDD9B464CB}" = D-Link Wireless N DWA-140
"{D92FF8EB-BD77-40AE-B68B-A6BFC6F8661D}" = Windows Live Family Safety
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"DivX Setup" = DivX Setup
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 16.0.1 (x86 en-GB)" = Mozilla Firefox 16.0.1 (x86 en-GB)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Drivers" = NVIDIA Drivers
"Rapport_msi" = Rapport
"Spotify" = Spotify
"WIC" = Windows Imaging Component
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Spotify" = Spotify
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 17/10/2012 14:28:16 | Computer Name = FAMILYPC-0F08F1 | Source = Bonjour Service | ID = 100
Description = 404: ERROR: read_msg errno 10053 (An established connection was aborted
by the software in your host machine.)
Error - 20/10/2012 07:07:11 | Computer Name = FAMILYPC-0F08F1 | Source = Bonjour Service | ID = 100
Description = ERROR: mDNSPlatformReadTCP - recv: 10053
Error - 20/10/2012 07:07:11 | Computer Name = FAMILYPC-0F08F1 | Source = Bonjour Service | ID = 100
Description = 396: ERROR: read_msg errno 10053 (An established connection was aborted
by the software in your host machine.)
Error - 20/10/2012 12:04:23 | Computer Name = FAMILYPC-0F08F1 | Source = VSS | ID = 5013
Description = Volume Shadow Copy Service error: Shadow Copy writer RemovableStorageManager
called routine OpenNtmsSessionW which failed with status 0x800708ca (converted
to 0x800423f4).
Error - 21/10/2012 06:38:58 | Computer Name = FAMILYPC-0F08F1 | Source = Bonjour Service | ID = 100
Description = ERROR: mDNSPlatformReadTCP - recv: 10053
Error - 21/10/2012 06:38:58 | Computer Name = FAMILYPC-0F08F1 | Source = Bonjour Service | ID = 100
Description = 404: ERROR: read_msg errno 10053 (An established connection was aborted
by the software in your host machine.)
Error - 23/10/2012 11:58:06 | Computer Name = FAMILYPC-0F08F1 | Source = Bonjour Service | ID = 100
Description = ERROR: mDNSPlatformReadTCP - recv: 10053
Error - 23/10/2012 11:58:06 | Computer Name = FAMILYPC-0F08F1 | Source = Bonjour Service | ID = 100
Description = 408: ERROR: read_msg errno 10053 (An established connection was aborted
by the software in your host machine.)
Error - 23/10/2012 12:16:56 | Computer Name = FAMILYPC-0F08F1 | Source = Bonjour Service | ID = 100
Description = ERROR: mDNSPlatformReadTCP - recv: 10053
Error - 23/10/2012 12:16:56 | Computer Name = FAMILYPC-0F08F1 | Source = Bonjour Service | ID = 100
Description = 404: ERROR: read_msg errno 10053 (An established connection was aborted
by the software in your host machine.)
[ System Events ]
Error - 24/10/2012 14:51:39 | Computer Name = FAMILYPC-0F08F1 | Source = Service Control Manager | ID = 7000
Description = The IMAPI CD-Burning COM Service service failed to start due to the
following error: %%1053
Error - 24/10/2012 14:51:41 | Computer Name = FAMILYPC-0F08F1 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the NVSvc service.
Error - 25/10/2012 02:18:40 | Computer Name = FAMILYPC-0F08F1 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.72 for the Network Card with network
address 00265A0CA3C3 has been denied by the DHCP server 10.130.161.17 (The DHCP
Server sent a DHCPNACK message).
Error - 25/10/2012 12:19:17 | Computer Name = FAMILYPC-0F08F1 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.72 for the Network Card with network
address 00265A0CA3C3 has been denied by the DHCP server 10.130.161.17 (The DHCP
Server sent a DHCPNACK message).
Error - 25/10/2012 12:23:24 | Computer Name = FAMILYPC-0F08F1 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM
Service service to connect.
Error - 25/10/2012 12:23:24 | Computer Name = FAMILYPC-0F08F1 | Source = Service Control Manager | ID = 7000
Description = The IMAPI CD-Burning COM Service service failed to start due to the
following error: %%1053
Error - 25/10/2012 12:23:26 | Computer Name = FAMILYPC-0F08F1 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the NVSvc service.
Error - 26/10/2012 12:28:41 | Computer Name = FAMILYPC-0F08F1 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM
Service service to connect.
Error - 26/10/2012 12:28:41 | Computer Name = FAMILYPC-0F08F1 | Source = Service Control Manager | ID = 7000
Description = The IMAPI CD-Burning COM Service service failed to start due to the
following error: %%1053
Error - 26/10/2012 12:28:45 | Computer Name = FAMILYPC-0F08F1 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the NVSvc service.
< End of report >
computer is running fine, but not sure on when starting it up and waiting like 5 mins to load. and its still the same when trying to watch youtube videos. it plays the videos, but it looks like their out of sync, which it isnt. same for when watching imdb movie trailers.
Edgecrusher
2012-10-26, 23:06
just restarted the computer and still took the same amount of time to load up the desktop. also, i remember avira and malwarebytes detected around 193-200 viruses, which werent able to get rid of them all completly.
TechieRanger
2012-10-28, 00:41
NameServer = 85.17.255.198,46.19.33.120
Do these DNS server IP addresses look familiar? :)
Next
Please post the Malwarebytes Anti-Malware and Avira logs (if possible).:cool:
The Malwarebytes Anti-Malware log can be found by:
Selecting the Logs tab when the application is started.
Navigating to C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
Next
RE-RUN ADWCLEANER
----------------------------
Run AdwCleaner and select Delete.
Once done it will ask to reboot, allow the reboot.
On reboot a log will be produced, please attach the content of the log to your next reply.
Next
Please run OTL.exe.
Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:OTL
O3 - HKLM\..\Toolbar: (no name) - {0cc09160-108c-4759-bab1-5c12c216e005} - No CLSID value found.
O33 - MountPoints2\{cb3910b0-97bd-11e1-a032-00012e0b40db}\Shell - "" = AutoRun
O33 - MountPoints2\{cb3910b0-97bd-11e1-a032-00012e0b40db}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{cb3910b0-97bd-11e1-a032-00012e0b40db}\Shell\AutoRun\command - "" = E:\AutoInst.exe
:Files
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[emptytemp]
Then click the Run Fix button at the top.
Let the program run unhindered, reboot when it is done.
Then post the results of the log it produces.
In your next reply, please provide the following:
AdwCleaner log.
OTL log.
Malwarebytes Anti-Malware and Avira logs (if possible).
Update on how your PC is running.
Regards,
Richard:greeting:
Edgecrusher
2012-10-30, 12:28
NameServer = 85.17.255.198,46.19.33.120
no they dont. not sure what thats about. will be posting malwarebytes log today. but avira doesnt give logs, only detections in a info box.
Edgecrusher
2012-10-30, 19:32
nevermind. i managed to get the avira log.
Avira Free Antivirus
Report file date: 30 October 2012 10:32
Scanning for 4424836 virus strains and unwanted programs.
The program is running as an unrestricted full version.
Online services are available.
Licensee : Avira Free Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Microsoft Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : FAMILYPC-0F08F1
Version information:
BUILD.DAT : 12.0.0.1199 40869 Bytes 07/09/2012 22:20:00
AVSCAN.EXE : 12.3.0.33 468472 Bytes 10/08/2012 19:10:01
AVSCAN.DLL : 12.3.0.15 54736 Bytes 10/06/2012 22:09:38
LUKE.DLL : 12.3.0.15 68304 Bytes 10/06/2012 22:09:40
AVSCPLR.DLL : 12.3.0.14 97032 Bytes 10/06/2012 22:09:40
AVREG.DLL : 12.3.0.17 232200 Bytes 10/06/2012 22:09:40
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 10:59:22
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14/12/2010 10:59:22
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20/12/2011 10:59:22
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01/02/2012 00:03:29
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28/03/2012 13:00:02
VBASE005.VDF : 7.11.34.116 4034048 Bytes 29/06/2012 23:28:38
VBASE006.VDF : 7.11.41.250 4902400 Bytes 06/09/2012 14:36:52
VBASE007.VDF : 7.11.45.207 2363904 Bytes 11/10/2012 22:42:50
VBASE008.VDF : 7.11.45.208 2048 Bytes 11/10/2012 22:42:50
VBASE009.VDF : 7.11.45.209 2048 Bytes 11/10/2012 22:42:50
VBASE010.VDF : 7.11.45.210 2048 Bytes 11/10/2012 22:42:51
VBASE011.VDF : 7.11.45.211 2048 Bytes 11/10/2012 22:42:51
VBASE012.VDF : 7.11.45.212 2048 Bytes 11/10/2012 22:42:51
VBASE013.VDF : 7.11.45.213 2048 Bytes 11/10/2012 22:42:51
VBASE014.VDF : 7.11.46.65 220160 Bytes 16/10/2012 18:11:12
VBASE015.VDF : 7.11.46.153 173568 Bytes 18/10/2012 18:27:31
VBASE016.VDF : 7.11.46.223 162304 Bytes 19/10/2012 00:10:40
VBASE017.VDF : 7.11.47.35 126464 Bytes 22/10/2012 21:29:44
VBASE018.VDF : 7.11.47.95 175616 Bytes 24/10/2012 21:31:18
VBASE019.VDF : 7.11.47.177 164352 Bytes 26/10/2012 16:30:16
VBASE020.VDF : 7.11.47.229 143360 Bytes 28/10/2012 10:14:26
VBASE021.VDF : 7.11.47.230 2048 Bytes 28/10/2012 10:14:26
VBASE022.VDF : 7.11.47.231 2048 Bytes 28/10/2012 10:14:27
VBASE023.VDF : 7.11.47.232 2048 Bytes 28/10/2012 10:14:27
VBASE024.VDF : 7.11.47.233 2048 Bytes 28/10/2012 10:14:27
VBASE025.VDF : 7.11.47.234 2048 Bytes 28/10/2012 10:14:27
VBASE026.VDF : 7.11.47.235 2048 Bytes 28/10/2012 10:14:27
VBASE027.VDF : 7.11.47.236 2048 Bytes 28/10/2012 10:14:28
VBASE028.VDF : 7.11.47.237 2048 Bytes 28/10/2012 10:14:28
VBASE029.VDF : 7.11.47.238 2048 Bytes 28/10/2012 10:14:28
VBASE030.VDF : 7.11.47.239 2048 Bytes 28/10/2012 10:14:28
VBASE031.VDF : 7.11.48.34 136192 Bytes 29/10/2012 10:28:41
Engine version : 8.2.10.187
AEVDF.DLL : 8.1.2.10 102772 Bytes 10/07/2012 11:07:34
AESCRIPT.DLL : 8.1.4.60 463227 Bytes 05/10/2012 21:50:27
AESCN.DLL : 8.1.9.2 131444 Bytes 29/09/2012 14:37:03
AESBX.DLL : 8.2.5.12 606578 Bytes 14/06/2012 22:12:59
AERDL.DLL : 8.1.9.15 639348 Bytes 21/12/2011 10:59:20
AEPACK.DLL : 8.3.0.38 811382 Bytes 29/09/2012 14:37:03
AEOFFICE.DLL : 8.1.2.48 201082 Bytes 29/09/2012 14:37:02
AEHEUR.DLL : 8.1.4.118 5423480 Bytes 11/10/2012 22:42:57
AEHELP.DLL : 8.1.25.2 258423 Bytes 11/10/2012 22:42:54
AEGEN.DLL : 8.1.5.38 434548 Bytes 29/09/2012 14:36:58
AEEXP.DLL : 8.2.0.6 115060 Bytes 11/10/2012 22:42:58
AEEMU.DLL : 8.1.3.2 393587 Bytes 10/07/2012 11:07:33
AECORE.DLL : 8.1.28.2 201079 Bytes 29/09/2012 14:36:58
AEBB.DLL : 8.1.1.3 53621 Bytes 18/10/2012 18:27:34
AVWINLL.DLL : 12.3.0.15 27344 Bytes 10/06/2012 22:09:36
AVPREF.DLL : 12.3.0.15 51920 Bytes 10/06/2012 22:09:38
AVREP.DLL : 12.3.0.15 179208 Bytes 10/06/2012 22:09:40
AVARKT.DLL : 12.3.0.15 211408 Bytes 10/06/2012 22:09:37
AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 10/06/2012 22:09:37
SQLITE3.DLL : 3.7.0.1 398288 Bytes 10/06/2012 22:09:40
AVSMTP.DLL : 12.3.0.32 63480 Bytes 10/08/2012 19:10:01
NETNT.DLL : 12.3.0.15 17104 Bytes 10/06/2012 22:09:40
RCIMAGE.DLL : 12.3.0.31 4445944 Bytes 10/08/2012 19:09:48
RCTEXT.DLL : 12.3.0.31 97784 Bytes 10/08/2012 19:09:49
Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp
Logging.............................: default
Primary action......................: Interactive
Secondary action....................: Ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: extended
Start of the scan: 30 October 2012 10:32
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Starting search for hidden objects.
The scan of running processes will be started
Scan process 'rsmsink.exe' - '28' Module(s) have been scanned
Scan process 'msdtc.exe' - '40' Module(s) have been scanned
Scan process 'dllhost.exe' - '60' Module(s) have been scanned
Scan process 'dllhost.exe' - '45' Module(s) have been scanned
Scan process 'vssvc.exe' - '48' Module(s) have been scanned
Scan process 'plugin-container.exe' - '54' Module(s) have been scanned
Scan process 'avscan.exe' - '72' Module(s) have been scanned
Scan process 'firefox.exe' - '117' Module(s) have been scanned
Scan process 'wlcomm.exe' - '69' Module(s) have been scanned
Scan process 'alg.exe' - '33' Module(s) have been scanned
Scan process 'iPodService.exe' - '29' Module(s) have been scanned
Scan process 'rundll32.exe' - '30' Module(s) have been scanned
Scan process 'avshadow.exe' - '26' Module(s) have been scanned
Scan process 'WifiDevChkSvc.exe' - '15' Module(s) have been scanned
Scan process 'SeaPort.exe' - '51' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '37' Module(s) have been scanned
Scan process 'mcsacore.exe' - '54' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '28' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '57' Module(s) have been scanned
Scan process 'avguard.exe' - '56' Module(s) have been scanned
Scan process 'WNDA3200WPSMgr.exe' - '35' Module(s) have been scanned
Scan process 'SpotifyWebHelper.exe' - '32' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '130' Module(s) have been scanned
Scan process 'ctfmon.exe' - '25' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '58' Module(s) have been scanned
Scan process 'RunDLL32.exe' - '29' Module(s) have been scanned
Scan process 'DivXUpdate.exe' - '51' Module(s) have been scanned
Scan process 'avgnt.exe' - '66' Module(s) have been scanned
Scan process 'mixersel.exe' - '21' Module(s) have been scanned
Scan process 'SOUNDMAN.EXE' - '25' Module(s) have been scanned
Scan process 'svchost.exe' - '33' Module(s) have been scanned
Scan process 'sched.exe' - '38' Module(s) have been scanned
Scan process 'Explorer.EXE' - '87' Module(s) have been scanned
Scan process 'spoolsv.exe' - '53' Module(s) have been scanned
Scan process 'svchost.exe' - '37' Module(s) have been scanned
Scan process 'svchost.exe' - '32' Module(s) have been scanned
Scan process 'svchost.exe' - '148' Module(s) have been scanned
Scan process 'svchost.exe' - '39' Module(s) have been scanned
Scan process 'svchost.exe' - '53' Module(s) have been scanned
Scan process 'lsass.exe' - '63' Module(s) have been scanned
Scan process 'services.exe' - '27' Module(s) have been scanned
Scan process 'winlogon.exe' - '71' Module(s) have been scanned
Scan process 'csrss.exe' - '12' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned
Starting to scan executable files (registry).
The registry was scanned ( '1615' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\Documents and Settings\Home\My Documents\Downloads\avira_free_antivirus_en.exe
[WARNING] The file is password protected
Begin scan in 'D:\'
D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AlexaRelated.zip
[WARNING] The file is password protected
D:\Program Files\CCTV\CCTV Video Client\uninstall.exe
[WARNING] Invalid end of file
End of the scan: 30 October 2012 17:35
Used time: 7:02:54 Hour(s)
The scan has been done completely.
13838 Scanned directories
304301 Files were scanned
0 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 Files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
304301 Files not concerned
3880 Archives were scanned
3 Warnings
0 Notes
283375 Objects were scanned with rootkit scan
0 Hidden objects were found
TechieRanger
2012-10-30, 22:25
Thanks for the information:bigthumb:
Please post the old Malwarebytes Anti-Malware and Avira logs (if possible) from the previous scans which detected around 193-200 items. No worries if you don't have the Avira log.:)
Older Malwarebytes Anti-Malware logs can be found by navigating to C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
Regards,
Richard:greeting:
Edgecrusher
2012-10-30, 22:57
Avira Free Antivirus
Report file date: 20 October 2012 15:43
Scanning for 4376603 virus strains and unwanted programs.
The program is running as an unrestricted full version.
Online services are available.
Licensee : Avira Free Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Microsoft Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : FAMILYPC-0F08F1
Version information:
BUILD.DAT : 12.0.0.1199 40869 Bytes 07/09/2012 22:20:00
AVSCAN.EXE : 12.3.0.33 468472 Bytes 10/08/2012 19:10:01
AVSCAN.DLL : 12.3.0.15 54736 Bytes 10/06/2012 22:09:38
LUKE.DLL : 12.3.0.15 68304 Bytes 10/06/2012 22:09:40
AVSCPLR.DLL : 12.3.0.14 97032 Bytes 10/06/2012 22:09:40
AVREG.DLL : 12.3.0.17 232200 Bytes 10/06/2012 22:09:40
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 10:59:22
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14/12/2010 10:59:22
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20/12/2011 10:59:22
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01/02/2012 00:03:29
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28/03/2012 13:00:02
VBASE005.VDF : 7.11.34.116 4034048 Bytes 29/06/2012 23:28:38
VBASE006.VDF : 7.11.41.250 4902400 Bytes 06/09/2012 14:36:52
VBASE007.VDF : 7.11.45.207 2363904 Bytes 11/10/2012 22:42:50
VBASE008.VDF : 7.11.45.208 2048 Bytes 11/10/2012 22:42:50
VBASE009.VDF : 7.11.45.209 2048 Bytes 11/10/2012 22:42:50
VBASE010.VDF : 7.11.45.210 2048 Bytes 11/10/2012 22:42:51
VBASE011.VDF : 7.11.45.211 2048 Bytes 11/10/2012 22:42:51
VBASE012.VDF : 7.11.45.212 2048 Bytes 11/10/2012 22:42:51
VBASE013.VDF : 7.11.45.213 2048 Bytes 11/10/2012 22:42:51
VBASE014.VDF : 7.11.46.65 220160 Bytes 16/10/2012 18:11:12
VBASE015.VDF : 7.11.46.153 173568 Bytes 18/10/2012 18:27:31
VBASE016.VDF : 7.11.46.223 162304 Bytes 19/10/2012 00:10:40
VBASE017.VDF : 7.11.46.224 2048 Bytes 19/10/2012 00:10:41
VBASE018.VDF : 7.11.46.225 2048 Bytes 19/10/2012 00:10:42
VBASE019.VDF : 7.11.46.226 2048 Bytes 19/10/2012 00:10:42
VBASE020.VDF : 7.11.46.227 2048 Bytes 19/10/2012 00:10:43
VBASE021.VDF : 7.11.46.228 2048 Bytes 19/10/2012 00:10:43
VBASE022.VDF : 7.11.46.229 2048 Bytes 19/10/2012 00:10:44
VBASE023.VDF : 7.11.46.230 2048 Bytes 19/10/2012 00:10:44
VBASE024.VDF : 7.11.46.231 2048 Bytes 19/10/2012 00:10:45
VBASE025.VDF : 7.11.46.232 2048 Bytes 19/10/2012 00:10:45
VBASE026.VDF : 7.11.46.233 2048 Bytes 19/10/2012 00:10:45
VBASE027.VDF : 7.11.46.234 2048 Bytes 19/10/2012 00:10:46
VBASE028.VDF : 7.11.46.235 2048 Bytes 19/10/2012 00:10:46
VBASE029.VDF : 7.11.46.236 2048 Bytes 19/10/2012 00:10:47
VBASE030.VDF : 7.11.46.237 2048 Bytes 19/10/2012 00:10:47
VBASE031.VDF : 7.11.46.240 2048 Bytes 20/10/2012 00:10:47
Engine version : 8.2.10.187
AEVDF.DLL : 8.1.2.10 102772 Bytes 10/07/2012 11:07:34
AESCRIPT.DLL : 8.1.4.60 463227 Bytes 05/10/2012 21:50:27
AESCN.DLL : 8.1.9.2 131444 Bytes 29/09/2012 14:37:03
AESBX.DLL : 8.2.5.12 606578 Bytes 14/06/2012 22:12:59
AERDL.DLL : 8.1.9.15 639348 Bytes 21/12/2011 10:59:20
AEPACK.DLL : 8.3.0.38 811382 Bytes 29/09/2012 14:37:03
AEOFFICE.DLL : 8.1.2.48 201082 Bytes 29/09/2012 14:37:02
AEHEUR.DLL : 8.1.4.118 5423480 Bytes 11/10/2012 22:42:57
AEHELP.DLL : 8.1.25.2 258423 Bytes 11/10/2012 22:42:54
AEGEN.DLL : 8.1.5.38 434548 Bytes 29/09/2012 14:36:58
AEEXP.DLL : 8.2.0.6 115060 Bytes 11/10/2012 22:42:58
AEEMU.DLL : 8.1.3.2 393587 Bytes 10/07/2012 11:07:33
AECORE.DLL : 8.1.28.2 201079 Bytes 29/09/2012 14:36:58
AEBB.DLL : 8.1.1.3 53621 Bytes 18/10/2012 18:27:34
AVWINLL.DLL : 12.3.0.15 27344 Bytes 10/06/2012 22:09:36
AVPREF.DLL : 12.3.0.15 51920 Bytes 10/06/2012 22:09:38
AVREP.DLL : 12.3.0.15 179208 Bytes 10/06/2012 22:09:40
AVARKT.DLL : 12.3.0.15 211408 Bytes 10/06/2012 22:09:37
AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 10/06/2012 22:09:37
SQLITE3.DLL : 3.7.0.1 398288 Bytes 10/06/2012 22:09:40
AVSMTP.DLL : 12.3.0.32 63480 Bytes 10/08/2012 19:10:01
NETNT.DLL : 12.3.0.15 17104 Bytes 10/06/2012 22:09:40
RCIMAGE.DLL : 12.3.0.31 4445944 Bytes 10/08/2012 19:09:48
RCTEXT.DLL : 12.3.0.31 97784 Bytes 10/08/2012 19:09:49
Configuration settings for the scan:
Jobname.............................: AVGuardAsyncScan
Configuration file..................: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\AVGUARD_508285cc\guard_slideup.avp
Logging.............................: default
Primary action......................: Repair
Secondary action....................: Quarantine
Scan master boot sector.............: on
Scan boot sector....................: off
Process scan........................: on
Scan registry.......................: off
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: Complete
Start of the scan: 20 October 2012 15:43
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'plugin-container.exe' - '1' Module(s) have been scanned
Scan process 'mbam.exe' - '1' Module(s) have been scanned
Scan process 'spotify.exe' - '1' Module(s) have been scanned
Scan process 'saui.exe' - '1' Module(s) have been scanned
Scan process 'plugin-container.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'wlcomm.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'avshadow.exe' - '1' Module(s) have been scanned
Scan process 'WifiDevChkSvc.exe' - '1' Module(s) have been scanned
Scan process 'SeaPort.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'mcsacore.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'WNDA3200WPSMgr.exe' - '1' Module(s) have been scanned
Scan process 'SpotifyWebHelper.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'RunDLL32.exe' - '1' Module(s) have been scanned
Scan process 'DivXUpdate.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'mixersel.exe' - '1' Module(s) have been scanned
Scan process 'SOUNDMAN.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
Starting the file scan:
Begin scan in 'D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150015.dll'
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150015.dll
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '54841893.qua'.
Begin scan in 'D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150033.dll'
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150033.dll
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '4c133734.qua'.
End of the scan: 20 October 2012 15:48
Used time: 05:02 Minute(s)
The scan has been done completely.
0 Scanned directories
45 Files were scanned
2 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 Files were deleted
0 Viruses and unwanted programs were repaired
2 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
43 Files not concerned
0 Archives were scanned
0 Warnings
2 Notes
Edgecrusher
2012-10-30, 22:58
Avira Free Antivirus
Report file date: 20 October 2012 16:40
Scanning for 4376603 virus strains and unwanted programs.
The program is running as an unrestricted full version.
Online services are available.
Licensee : Avira Free Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Microsoft Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : FAMILYPC-0F08F1
Version information:
BUILD.DAT : 12.0.0.1199 40869 Bytes 07/09/2012 22:20:00
AVSCAN.EXE : 12.3.0.33 468472 Bytes 10/08/2012 19:10:01
AVSCAN.DLL : 12.3.0.15 54736 Bytes 10/06/2012 22:09:38
LUKE.DLL : 12.3.0.15 68304 Bytes 10/06/2012 22:09:40
AVSCPLR.DLL : 12.3.0.14 97032 Bytes 10/06/2012 22:09:40
AVREG.DLL : 12.3.0.17 232200 Bytes 10/06/2012 22:09:40
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 10:59:22
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14/12/2010 10:59:22
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20/12/2011 10:59:22
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01/02/2012 00:03:29
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28/03/2012 13:00:02
VBASE005.VDF : 7.11.34.116 4034048 Bytes 29/06/2012 23:28:38
VBASE006.VDF : 7.11.41.250 4902400 Bytes 06/09/2012 14:36:52
VBASE007.VDF : 7.11.45.207 2363904 Bytes 11/10/2012 22:42:50
VBASE008.VDF : 7.11.45.208 2048 Bytes 11/10/2012 22:42:50
VBASE009.VDF : 7.11.45.209 2048 Bytes 11/10/2012 22:42:50
VBASE010.VDF : 7.11.45.210 2048 Bytes 11/10/2012 22:42:51
VBASE011.VDF : 7.11.45.211 2048 Bytes 11/10/2012 22:42:51
VBASE012.VDF : 7.11.45.212 2048 Bytes 11/10/2012 22:42:51
VBASE013.VDF : 7.11.45.213 2048 Bytes 11/10/2012 22:42:51
VBASE014.VDF : 7.11.46.65 220160 Bytes 16/10/2012 18:11:12
VBASE015.VDF : 7.11.46.153 173568 Bytes 18/10/2012 18:27:31
VBASE016.VDF : 7.11.46.223 162304 Bytes 19/10/2012 00:10:40
VBASE017.VDF : 7.11.46.224 2048 Bytes 19/10/2012 00:10:41
VBASE018.VDF : 7.11.46.225 2048 Bytes 19/10/2012 00:10:42
VBASE019.VDF : 7.11.46.226 2048 Bytes 19/10/2012 00:10:42
VBASE020.VDF : 7.11.46.227 2048 Bytes 19/10/2012 00:10:43
VBASE021.VDF : 7.11.46.228 2048 Bytes 19/10/2012 00:10:43
VBASE022.VDF : 7.11.46.229 2048 Bytes 19/10/2012 00:10:44
VBASE023.VDF : 7.11.46.230 2048 Bytes 19/10/2012 00:10:44
VBASE024.VDF : 7.11.46.231 2048 Bytes 19/10/2012 00:10:45
VBASE025.VDF : 7.11.46.232 2048 Bytes 19/10/2012 00:10:45
VBASE026.VDF : 7.11.46.233 2048 Bytes 19/10/2012 00:10:45
VBASE027.VDF : 7.11.46.234 2048 Bytes 19/10/2012 00:10:46
VBASE028.VDF : 7.11.46.235 2048 Bytes 19/10/2012 00:10:46
VBASE029.VDF : 7.11.46.236 2048 Bytes 19/10/2012 00:10:47
VBASE030.VDF : 7.11.46.237 2048 Bytes 19/10/2012 00:10:47
VBASE031.VDF : 7.11.46.240 2048 Bytes 20/10/2012 00:10:47
Engine version : 8.2.10.187
AEVDF.DLL : 8.1.2.10 102772 Bytes 10/07/2012 11:07:34
AESCRIPT.DLL : 8.1.4.60 463227 Bytes 05/10/2012 21:50:27
AESCN.DLL : 8.1.9.2 131444 Bytes 29/09/2012 14:37:03
AESBX.DLL : 8.2.5.12 606578 Bytes 14/06/2012 22:12:59
AERDL.DLL : 8.1.9.15 639348 Bytes 21/12/2011 10:59:20
AEPACK.DLL : 8.3.0.38 811382 Bytes 29/09/2012 14:37:03
AEOFFICE.DLL : 8.1.2.48 201082 Bytes 29/09/2012 14:37:02
AEHEUR.DLL : 8.1.4.118 5423480 Bytes 11/10/2012 22:42:57
AEHELP.DLL : 8.1.25.2 258423 Bytes 11/10/2012 22:42:54
AEGEN.DLL : 8.1.5.38 434548 Bytes 29/09/2012 14:36:58
AEEXP.DLL : 8.2.0.6 115060 Bytes 11/10/2012 22:42:58
AEEMU.DLL : 8.1.3.2 393587 Bytes 10/07/2012 11:07:33
AECORE.DLL : 8.1.28.2 201079 Bytes 29/09/2012 14:36:58
AEBB.DLL : 8.1.1.3 53621 Bytes 18/10/2012 18:27:34
AVWINLL.DLL : 12.3.0.15 27344 Bytes 10/06/2012 22:09:36
AVPREF.DLL : 12.3.0.15 51920 Bytes 10/06/2012 22:09:38
AVREP.DLL : 12.3.0.15 179208 Bytes 10/06/2012 22:09:40
AVARKT.DLL : 12.3.0.15 211408 Bytes 10/06/2012 22:09:37
AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 10/06/2012 22:09:37
SQLITE3.DLL : 3.7.0.1 398288 Bytes 10/06/2012 22:09:40
AVSMTP.DLL : 12.3.0.32 63480 Bytes 10/08/2012 19:10:01
NETNT.DLL : 12.3.0.15 17104 Bytes 10/06/2012 22:09:40
RCIMAGE.DLL : 12.3.0.31 4445944 Bytes 10/08/2012 19:09:48
RCTEXT.DLL : 12.3.0.31 97784 Bytes 10/08/2012 19:09:49
Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp
Logging.............................: default
Primary action......................: Interactive
Secondary action....................: Ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: extended
Start of the scan: 20 October 2012 16:40
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Master boot sector HD2
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Starting search for hidden objects.
The scan of running processes will be started
Scan process 'msdtc.exe' - '40' Module(s) have been scanned
Scan process 'dllhost.exe' - '60' Module(s) have been scanned
Scan process 'dllhost.exe' - '45' Module(s) have been scanned
Scan process 'vssvc.exe' - '48' Module(s) have been scanned
Scan process 'avscan.exe' - '72' Module(s) have been scanned
Scan process 'plugin-container.exe' - '67' Module(s) have been scanned
Scan process 'spotify.exe' - '81' Module(s) have been scanned
Scan process 'saui.exe' - '26' Module(s) have been scanned
Scan process 'plugin-container.exe' - '75' Module(s) have been scanned
Scan process 'firefox.exe' - '159' Module(s) have been scanned
Scan process 'wlcomm.exe' - '68' Module(s) have been scanned
Scan process 'alg.exe' - '33' Module(s) have been scanned
Scan process 'iPodService.exe' - '29' Module(s) have been scanned
Scan process 'rundll32.exe' - '30' Module(s) have been scanned
Scan process 'avshadow.exe' - '26' Module(s) have been scanned
Scan process 'WifiDevChkSvc.exe' - '15' Module(s) have been scanned
Scan process 'SeaPort.exe' - '51' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '37' Module(s) have been scanned
Scan process 'mcsacore.exe' - '59' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '28' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '57' Module(s) have been scanned
Scan process 'avguard.exe' - '59' Module(s) have been scanned
Scan process 'WNDA3200WPSMgr.exe' - '35' Module(s) have been scanned
Scan process 'SpotifyWebHelper.exe' - '32' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '132' Module(s) have been scanned
Scan process 'ctfmon.exe' - '25' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '58' Module(s) have been scanned
Scan process 'RunDLL32.exe' - '29' Module(s) have been scanned
Scan process 'DivXUpdate.exe' - '51' Module(s) have been scanned
Scan process 'avgnt.exe' - '68' Module(s) have been scanned
Scan process 'mixersel.exe' - '21' Module(s) have been scanned
Scan process 'SOUNDMAN.EXE' - '25' Module(s) have been scanned
Scan process 'svchost.exe' - '33' Module(s) have been scanned
Scan process 'sched.exe' - '38' Module(s) have been scanned
Scan process 'Explorer.EXE' - '87' Module(s) have been scanned
Scan process 'spoolsv.exe' - '53' Module(s) have been scanned
Scan process 'svchost.exe' - '37' Module(s) have been scanned
Scan process 'svchost.exe' - '32' Module(s) have been scanned
Scan process 'svchost.exe' - '153' Module(s) have been scanned
Scan process 'svchost.exe' - '39' Module(s) have been scanned
Scan process 'svchost.exe' - '53' Module(s) have been scanned
Scan process 'lsass.exe' - '63' Module(s) have been scanned
Scan process 'services.exe' - '27' Module(s) have been scanned
Scan process 'winlogon.exe' - '71' Module(s) have been scanned
Scan process 'csrss.exe' - '12' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned
Starting to scan executable files (registry).
The registry was scanned ( '1633' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\Documents and Settings\Home\My Documents\Downloads\avira_free_antivirus_en.exe
[WARNING] The file is password protected
Begin scan in 'D:\'
D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AlexaRelated.zip
[WARNING] The file is password protected
D:\Program Files\CCTV\CCTV Video Client\uninstall.exe
[WARNING] Invalid end of file
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1149998.sys
[DETECTION] Is the TR/Rootkit.Gen Trojan
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1149999.exe
[DETECTION] Is the TR/Agent.BACI Trojan
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150000.dll
[DETECTION] Is the TR/Spy.Gen Trojan
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150001.dll
[DETECTION] Is the TR/PSW.Online.apxy Trojan
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150002.exe
[DETECTION] Is the TR/Agent.BACI Trojan
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150003.dll
[DETECTION] Is the TR/PSW.Online.bir Trojan
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150004.dll
[DETECTION] Is the TR/Spy.Gen Trojan
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150005.dll
[DETECTION] Is the TR/Crypt.NSPM.Gen Trojan
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150006.exe
[DETECTION] Is the TR/Agent.avwp Trojan
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150007.exe
[DETECTION] Is the TR/Agent.BACI Trojan
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150008.dll
[DETECTION] Is the TR/PSW.Online.bir Trojan
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150009.dll
[DETECTION] Is the TR/Spy.Gen Trojan
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150010.dll
[DETECTION] Is the TR/Spy.Gen Trojan
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150011.exe
[DETECTION] Is the TR/PSW.MultiFirst.W Trojan
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150012.exe
[DETECTION] Is the TR/Agent.BACI Trojan
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150013.dll
[DETECTION] Is the TR/PSW.Online.bir Trojan
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150014.dll
[DETECTION] Is the TR/Spy.Gen Trojan
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150016.dll
[DETECTION] Is the TR/PSW.Online.bir Trojan
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150017.dll
[DETECTION] Is the TR/Spy.Gen Trojan
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150018.dll
[DETECTION] Is the TR/PSW.Online.bin Trojan
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150019.dll
[DETECTION] Is the TR/PSW.O.ttyw.28672 Trojan
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150020.dll
[DETECTION] Is the TR/Spy.Gen Trojan
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150021.dll
[DETECTION] Is the TR/PSW.OnlineGames.ZQO.184 Trojan
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150022.dll
[DETECTION] Is the TR/Agent.arkc.2 Trojan
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150023.dll
[DETECTION] Is the TR/Spy.Gen Trojan
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150024.dll
[DETECTION] Is the TR/Thief.Wow.dhj.6 Trojan
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150025.dll
[DETECTION] Is the TR/Spy.Gen Trojan
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150026.dll
[DETECTION] Is the TR/Spy.Gen Trojan
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150027.dll
[DETECTION] Is the TR/Spy.Gen Trojan
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150028.dll
[DETECTION] Is the TR/Spy.Gen Trojan
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150029.dll
[DETECTION] Is the TR/PSW.OnlineGames.tvbf Trojan
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150030.dll
[DETECTION] Is the TR/Spy.Small.byv.2 Trojan
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150031.dll
[DETECTION] Is the TR/Thief.OnLineGames.txbq.1 Trojan
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150032.dll
[DETECTION] Is the TR/Agent.alwp Trojan
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150034.dll
[DETECTION] Is the TR/Spy.Gen Trojan
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150035.dll
[DETECTION] Is the TR/Agent.annv.4 Trojan
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150036.dll
[DETECTION] Is the TR/Thief.OnLineGames.tvez Trojan
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150037.dll
[DETECTION] Is the TR/SmallGame.AG.1 Trojan
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150038.dll
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Agent.uyi.6 back-door program
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150039.dll
[DETECTION] Is the TR/Thief.OnLineGames.tsyz.4 Trojan
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150040.dll
[DETECTION] Is the TR/Spy.Gen Trojan
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150041.dll
[DETECTION] Is the TR/Spy.Gen Trojan
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150060.dll
[DETECTION] Is the TR/Trash.Gen Trojan
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150061.exe
[DETECTION] Is the TR/Trash.Gen Trojan
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150062.exe
[DETECTION] Is the TR/Trash.Gen Trojan
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150063.dll
[DETECTION] Is the TR/Trash.Gen Trojan
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150064.dll
[DETECTION] Is the TR/Drop.Softomat.AN Trojan
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150065.dll
[DETECTION] Is the TR/Trash.Gen Trojan
Beginning disinfection:
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150065.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '54dbaa89.qua'.
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150064.dll
[DETECTION] Is the TR/Drop.Softomat.AN Trojan
[NOTE] The file was moved to the quarantine directory under the name '4c4c852f.qua'.
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150063.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '1e13dfc7.qua'.
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150062.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '78249002.qua'.
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150061.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '3da0bd3c.qua'.
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150060.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '42bb8f5d.qua'.
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150041.dll
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '0e03a317.qua'.
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150040.dll
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '721be346.qua'.
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150039.dll
[DETECTION] Is the TR/Thief.OnLineGames.tsyz.4 Trojan
[NOTE] The file was moved to the quarantine directory under the name '5f41cc0b.qua'.
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150038.dll
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Agent.uyi.6 back-door program
[NOTE] The file was moved to the quarantine directory under the name '4629f791.qua'.
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150037.dll
[DETECTION] Is the TR/SmallGame.AG.1 Trojan
[NOTE] The file was moved to the quarantine directory under the name '2a75dba1.qua'.
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150036.dll
[DETECTION] Is the TR/Thief.OnLineGames.tvez Trojan
[NOTE] The file was moved to the quarantine directory under the name '5bcce237.qua'.
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150035.dll
[DETECTION] Is the TR/Agent.annv.4 Trojan
[NOTE] The file was moved to the quarantine directory under the name '55d6d2f0.qua'.
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150034.dll
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '10ffabb2.qua'.
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150032.dll
[DETECTION] Is the TR/Agent.alwp Trojan
[NOTE] The file was moved to the quarantine directory under the name '19f4af19.qua'.
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150031.dll
[DETECTION] Is the TR/Thief.OnLineGames.txbq.1 Trojan
[NOTE] The file was moved to the quarantine directory under the name '41b5b670.qua'.
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150030.dll
[DETECTION] Is the TR/Spy.Small.byv.2 Trojan
[NOTE] The file was moved to the quarantine directory under the name '6d41cfbd.qua'.
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150029.dll
[DETECTION] Is the TR/PSW.OnlineGames.tvbf Trojan
[NOTE] The file was moved to the quarantine directory under the name '53bfaf67.qua'.
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150028.dll
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '30b18414.qua'.
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150027.dll
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '1679c409.qua'.
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150026.dll
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '24edbfac.qua'.
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150025.dll
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '2ea894d2.qua'.
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150024.dll
[DETECTION] Is the TR/Thief.Wow.dhj.6 Trojan
[NOTE] The file was moved to the quarantine directory under the name '11fbf098.qua'.
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150023.dll
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '6fd7fcbf.qua'.
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150022.dll
[DETECTION] Is the TR/Agent.arkc.2 Trojan
[NOTE] The file was moved to the quarantine directory under the name '3aaff874.qua'.
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150021.dll
[DETECTION] Is the TR/PSW.OnlineGames.ZQO.184 Trojan
[NOTE] The file was moved to the quarantine directory under the name '3739895c.qua'.
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150020.dll
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '2b649d55.qua'.
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150019.dll
[DETECTION] Is the TR/PSW.O.ttyw.28672 Trojan
[NOTE] The file was moved to the quarantine directory under the name '1ab7d09b.qua'.
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150018.dll
[DETECTION] Is the TR/PSW.Online.bin Trojan
[NOTE] The file was moved to the quarantine directory under the name '76e1c4ad.qua'.
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150017.dll
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '3f7be1ab.qua'.
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150016.dll
[DETECTION] Is the TR/PSW.Online.bir Trojan
[NOTE] The file was moved to the quarantine directory under the name '64eee97a.qua'.
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150014.dll
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '025ce593.qua'.
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150013.dll
[DETECTION] Is the TR/PSW.Online.bir Trojan
[NOTE] The file was moved to the quarantine directory under the name '55d2973b.qua'.
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150012.exe
[DETECTION] Is the TR/Agent.BACI Trojan
[NOTE] The file was moved to the quarantine directory under the name '77a2c04f.qua'.
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150011.exe
[DETECTION] Is the TR/PSW.MultiFirst.W Trojan
[NOTE] The file was moved to the quarantine directory under the name '1fb2bad9.qua'.
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150010.dll
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '3fc4be5c.qua'.
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150009.dll
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '6ae0f8eb.qua'.
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150008.dll
[DETECTION] Is the TR/PSW.Online.bir Trojan
[NOTE] The file was moved to the quarantine directory under the name '0bc0d954.qua'.
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150007.exe
[DETECTION] Is the TR/Agent.BACI Trojan
[NOTE] The file was moved to the quarantine directory under the name '6e6c9bdf.qua'.
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150006.exe
[DETECTION] Is the TR/Agent.avwp Trojan
[NOTE] The file was moved to the quarantine directory under the name '0bbbef7e.qua'.
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150005.dll
[DETECTION] Is the TR/Crypt.NSPM.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '185fd3ed.qua'.
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150004.dll
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '0ae6af51.qua'.
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150003.dll
[DETECTION] Is the TR/PSW.Online.bir Trojan
[NOTE] The file was moved to the quarantine directory under the name '1db6cce3.qua'.
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150002.exe
[DETECTION] Is the TR/Agent.BACI Trojan
[NOTE] The file was moved to the quarantine directory under the name '4794fe73.qua'.
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150001.dll
[DETECTION] Is the TR/PSW.Online.apxy Trojan
[NOTE] The file was moved to the quarantine directory under the name '62998467.qua'.
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150000.dll
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '16c29c14.qua'.
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1149999.exe
[DETECTION] Is the TR/Agent.BACI Trojan
[NOTE] The file was moved to the quarantine directory under the name '34c0ce98.qua'.
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1149998.sys
[DETECTION] Is the TR/Rootkit.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '4153b681.qua'.
End of the scan: 20 October 2012 21:48
Used time: 4:46:34 Hour(s)
The scan has been done completely.
11064 Scanned directories
298671 Files were scanned
48 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 Files were deleted
0 Viruses and unwanted programs were repaired
48 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
298623 Files not concerned
2992 Archives were scanned
3 Warnings
48 Notes
275077 Objects were scanned with rootkit scan
0 Hidden objects were found
Edgecrusher
2012-10-30, 22:59
Avira Free Antivirus
Report file date: 05 October 2012 17:41
Scanning for 4311676 virus strains and unwanted programs.
The program is running as an unrestricted full version.
Online services are available.
Licensee : Avira AntiVir Personal - Free Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Microsoft Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : FAMILYPC-0F08F1
Version information:
BUILD.DAT : 12.0.0.1199 40869 Bytes 07/09/2012 22:20:00
AVSCAN.EXE : 12.3.0.33 468472 Bytes 10/08/2012 19:10:01
AVSCAN.DLL : 12.3.0.15 54736 Bytes 10/06/2012 22:09:38
LUKE.DLL : 12.3.0.15 68304 Bytes 10/06/2012 22:09:40
AVSCPLR.DLL : 12.3.0.14 97032 Bytes 10/06/2012 22:09:40
AVREG.DLL : 12.3.0.17 232200 Bytes 10/06/2012 22:09:40
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 10:59:22
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14/12/2010 10:59:22
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20/12/2011 10:59:22
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01/02/2012 00:03:29
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28/03/2012 13:00:02
VBASE005.VDF : 7.11.34.116 4034048 Bytes 29/06/2012 23:28:38
VBASE006.VDF : 7.11.41.250 4902400 Bytes 06/09/2012 14:36:52
VBASE007.VDF : 7.11.41.251 2048 Bytes 06/09/2012 14:36:53
VBASE008.VDF : 7.11.41.252 2048 Bytes 06/09/2012 14:36:53
VBASE009.VDF : 7.11.41.253 2048 Bytes 06/09/2012 14:36:53
VBASE010.VDF : 7.11.41.254 2048 Bytes 06/09/2012 14:36:53
VBASE011.VDF : 7.11.41.255 2048 Bytes 06/09/2012 14:36:53
VBASE012.VDF : 7.11.42.0 2048 Bytes 06/09/2012 14:36:53
VBASE013.VDF : 7.11.42.1 2048 Bytes 06/09/2012 14:36:54
VBASE014.VDF : 7.11.42.65 203264 Bytes 09/09/2012 14:36:54
VBASE015.VDF : 7.11.42.125 156672 Bytes 11/09/2012 14:36:54
VBASE016.VDF : 7.11.42.171 187904 Bytes 12/09/2012 14:36:55
VBASE017.VDF : 7.11.42.235 141312 Bytes 13/09/2012 14:36:55
VBASE018.VDF : 7.11.43.35 133632 Bytes 15/09/2012 14:36:55
VBASE019.VDF : 7.11.43.89 129024 Bytes 18/09/2012 14:36:55
VBASE020.VDF : 7.11.43.141 130560 Bytes 19/09/2012 14:36:55
VBASE021.VDF : 7.11.43.187 121856 Bytes 21/09/2012 14:36:56
VBASE022.VDF : 7.11.43.251 147456 Bytes 24/09/2012 14:36:56
VBASE023.VDF : 7.11.44.43 152064 Bytes 25/09/2012 14:36:56
VBASE024.VDF : 7.11.44.103 165888 Bytes 27/09/2012 14:36:57
VBASE025.VDF : 7.11.44.167 160256 Bytes 30/09/2012 14:36:57
VBASE026.VDF : 7.11.44.223 199680 Bytes 02/10/2012 21:48:45
VBASE027.VDF : 7.11.45.29 196096 Bytes 04/10/2012 21:47:53
VBASE028.VDF : 7.11.45.30 2048 Bytes 04/10/2012 21:47:53
VBASE029.VDF : 7.11.45.31 2048 Bytes 04/10/2012 21:47:53
VBASE030.VDF : 7.11.45.32 2048 Bytes 04/10/2012 21:47:53
VBASE031.VDF : 7.11.45.34 2048 Bytes 04/10/2012 21:47:54
Engine version : 8.2.10.178
AEVDF.DLL : 8.1.2.10 102772 Bytes 10/07/2012 11:07:34
AESCRIPT.DLL : 8.1.4.58 463226 Bytes 29/09/2012 14:37:04
AESCN.DLL : 8.1.9.2 131444 Bytes 29/09/2012 14:37:03
AESBX.DLL : 8.2.5.12 606578 Bytes 14/06/2012 22:12:59
AERDL.DLL : 8.1.9.15 639348 Bytes 21/12/2011 10:59:20
AEPACK.DLL : 8.3.0.38 811382 Bytes 29/09/2012 14:37:03
AEOFFICE.DLL : 8.1.2.48 201082 Bytes 29/09/2012 14:37:02
AEHEUR.DLL : 8.1.4.108 5329272 Bytes 29/09/2012 14:37:01
AEHELP.DLL : 8.1.24.0 258423 Bytes 29/09/2012 14:36:59
AEGEN.DLL : 8.1.5.38 434548 Bytes 29/09/2012 14:36:58
AEEXP.DLL : 8.2.0.2 115060 Bytes 29/09/2012 14:37:04
AEEMU.DLL : 8.1.3.2 393587 Bytes 10/07/2012 11:07:33
AECORE.DLL : 8.1.28.2 201079 Bytes 29/09/2012 14:36:58
AEBB.DLL : 8.1.1.0 53618 Bytes 21/12/2011 10:59:20
AVWINLL.DLL : 12.3.0.15 27344 Bytes 10/06/2012 22:09:36
AVPREF.DLL : 12.3.0.15 51920 Bytes 10/06/2012 22:09:38
AVREP.DLL : 12.3.0.15 179208 Bytes 10/06/2012 22:09:40
AVARKT.DLL : 12.3.0.15 211408 Bytes 10/06/2012 22:09:37
AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 10/06/2012 22:09:37
SQLITE3.DLL : 3.7.0.1 398288 Bytes 10/06/2012 22:09:40
AVSMTP.DLL : 12.3.0.32 63480 Bytes 10/08/2012 19:10:01
NETNT.DLL : 12.3.0.15 17104 Bytes 10/06/2012 22:09:40
RCIMAGE.DLL : 12.3.0.31 4445944 Bytes 10/08/2012 19:09:48
RCTEXT.DLL : 12.3.0.31 97784 Bytes 10/08/2012 19:09:49
Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp
Logging.............................: default
Primary action......................: Interactive
Secondary action....................: Ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: extended
Start of the scan: 05 October 2012 17:41
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Starting search for hidden objects.
The scan of running processes will be started
Scan process 'rsmsink.exe' - '28' Module(s) have been scanned
Scan process 'saui.exe' - '26' Module(s) have been scanned
Scan process 'msdtc.exe' - '40' Module(s) have been scanned
Scan process 'dllhost.exe' - '60' Module(s) have been scanned
Scan process 'dllhost.exe' - '45' Module(s) have been scanned
Scan process 'vssvc.exe' - '48' Module(s) have been scanned
Scan process 'avscan.exe' - '72' Module(s) have been scanned
Scan process 'plugin-container.exe' - '75' Module(s) have been scanned
Scan process 'firefox.exe' - '130' Module(s) have been scanned
Scan process 'wlcomm.exe' - '68' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '136' Module(s) have been scanned
Scan process 'alg.exe' - '33' Module(s) have been scanned
Scan process 'iPodService.exe' - '29' Module(s) have been scanned
Scan process 'rundll32.exe' - '30' Module(s) have been scanned
Scan process 'avshadow.exe' - '26' Module(s) have been scanned
Scan process 'WifiDevChkSvc.exe' - '15' Module(s) have been scanned
Scan process 'SeaPort.exe' - '51' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '37' Module(s) have been scanned
Scan process 'mcsacore.exe' - '54' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '28' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '57' Module(s) have been scanned
Scan process 'avguard.exe' - '56' Module(s) have been scanned
Scan process 'WNDA3200WPSMgr.exe' - '35' Module(s) have been scanned
Scan process 'SpotifyWebHelper.exe' - '32' Module(s) have been scanned
Scan process 'ctfmon.exe' - '25' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '58' Module(s) have been scanned
Scan process 'RunDLL32.exe' - '29' Module(s) have been scanned
Scan process 'DivXUpdate.exe' - '51' Module(s) have been scanned
Scan process 'avgnt.exe' - '66' Module(s) have been scanned
Scan process 'mixersel.exe' - '21' Module(s) have been scanned
Scan process 'SOUNDMAN.EXE' - '25' Module(s) have been scanned
Scan process 'svchost.exe' - '33' Module(s) have been scanned
Scan process 'sched.exe' - '38' Module(s) have been scanned
Scan process 'Explorer.EXE' - '87' Module(s) have been scanned
Scan process 'spoolsv.exe' - '53' Module(s) have been scanned
Scan process 'svchost.exe' - '37' Module(s) have been scanned
Scan process 'svchost.exe' - '32' Module(s) have been scanned
Scan process 'svchost.exe' - '149' Module(s) have been scanned
Scan process 'svchost.exe' - '39' Module(s) have been scanned
Scan process 'svchost.exe' - '53' Module(s) have been scanned
Scan process 'lsass.exe' - '63' Module(s) have been scanned
Scan process 'services.exe' - '27' Module(s) have been scanned
Scan process 'winlogon.exe' - '71' Module(s) have been scanned
Scan process 'csrss.exe' - '12' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned
Starting to scan executable files (registry).
The registry was scanned ( '1633' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\Documents and Settings\Home\My Documents\Downloads\avira_free_antivirus_en.exe
[WARNING] The file is password protected
Begin scan in 'D:\'
D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AlexaRelated.zip
[WARNING] The file is password protected
D:\Program Files\CCTV\CCTV Video Client\uninstall.exe
[WARNING] Invalid end of file
D:\WINNT\aoto.exe
--> Object
[DETECTION] Is the TR/Drop.Cattivo.A Trojan
D:\WINNT\system32\Aooy.exe
--> Object
[DETECTION] Is the TR/Drop.Cattivo.A Trojan
D:\WINNT\system32\batteo.dll
[DETECTION] Is the TR/Spy.Gen Trojan
D:\WINNT\system32\cenbezn.dll
[DETECTION] Is the TR/Spy.Gen Trojan
D:\WINNT\system32\fliecods.dll
[DETECTION] Is the TR/Thief.OnLineGames.tsyz.4 Trojan
D:\WINNT\system32\HBASKTAO.dll
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Agent.uyi.6 back-door program
D:\WINNT\system32\HBBO.dll
[DETECTION] Is the TR/SmallGame.AG.1 Trojan
D:\WINNT\system32\HBDNF.dll
[DETECTION] Is the TR/Thief.OnLineGames.tvez Trojan
D:\WINNT\system32\HBJTLQ.dll
[DETECTION] Is the TR/Agent.annv.4 Trojan
D:\WINNT\system32\HBKDXY.dll
[DETECTION] Is the TR/Spy.Gen Trojan
D:\WINNT\system32\HBmhly.dll
[DETECTION] Is the TR/Spy.Gen Trojan
D:\WINNT\system32\HBQQFFO.dll
[DETECTION] Is the TR/Agent.alwp Trojan
D:\WINNT\system32\HBQQSG.dll
[DETECTION] Is the TR/Thief.OnLineGames.txbq.1 Trojan
D:\WINNT\system32\HBQQXX.dll
[DETECTION] Is the TR/Spy.Small.byv.2 Trojan
D:\WINNT\system32\HBSHQ.dll
[DETECTION] Is the TR/PSW.OnlineGames.tvbf Trojan
D:\WINNT\system32\HBSOUL.dll
[DETECTION] Is the TR/Spy.Gen Trojan
D:\WINNT\system32\HBTL.dll
[DETECTION] Is the TR/Spy.Gen Trojan
D:\WINNT\system32\HBW2I.dll
[DETECTION] Is the TR/Spy.Gen Trojan
D:\WINNT\system32\HBWD.dll
[DETECTION] Is the TR/Spy.Gen Trojan
D:\WINNT\system32\HBWOW.dll
[DETECTION] Is the TR/Thief.Wow.dhj.6 Trojan
D:\WINNT\system32\HBXY2.dll
[DETECTION] Is the TR/Spy.Gen Trojan
D:\WINNT\system32\HBYY.dll
[DETECTION] Is the TR/Agent.arkc.2 Trojan
D:\WINNT\system32\jolends.dll
[DETECTION] Is the TR/PSW.OnlineGames.ZQO.184 Trojan
D:\WINNT\system32\jonzyan.dll
[DETECTION] Is the TR/Spy.Gen Trojan
D:\WINNT\system32\kandoftt.dll
[DETECTION] Is the TR/PSW.O.ttyw.28672 Trojan
D:\WINNT\system32\lenyuns.dll
[DETECTION] Is the TR/PSW.Online.bin Trojan
D:\WINNT\system32\meyotme.dll
[DETECTION] Is the TR/Spy.Gen Trojan
D:\WINNT\system32\mirwznt.dll
[DETECTION] Is the TR/PSW.Online.bir Trojan
D:\WINNT\system32\qanhllao.dll
[DETECTION] Is the TR/Spy.Gen Trojan
D:\WINNT\system32\qonenx.dll
[DETECTION] Is the TR/Spy.Gen Trojan
D:\WINNT\system32\rexljeh.dll
[DETECTION] Is the TR/PSW.Online.bir Trojan
D:\WINNT\system32\rexljehk.exe
[DETECTION] Is the TR/Agent.BACI Trojan
D:\WINNT\system32\System.exe
[DETECTION] Is the TR/PSW.MultiFirst.W Trojan
D:\WINNT\system32\telmanz.dll
[DETECTION] Is the TR/Spy.Gen Trojan
D:\WINNT\system32\tldcoco.dll
[DETECTION] Is the TR/Spy.Gen Trojan
D:\WINNT\system32\tobaoup.dll
[DETECTION] Is the TR/PSW.Online.bir Trojan
D:\WINNT\system32\tobaoupk.exe
[DETECTION] Is the TR/Agent.BACI Trojan
D:\WINNT\system32\userinit.exe
[DETECTION] Is the TR/Agent.avwp Trojan
D:\WINNT\system32\vordisa.dll
[DETECTION] Is the TR/Crypt.NSPM.Gen Trojan
D:\WINNT\system32\wonlins.dll
[DETECTION] Is the TR/Spy.Gen Trojan
D:\WINNT\system32\xsisco.dll
[DETECTION] Is the TR/PSW.Online.bir Trojan
D:\WINNT\system32\xsiscok.exe
[DETECTION] Is the TR/Agent.BACI Trojan
D:\WINNT\system32\zesttns.dll
[DETECTION] Is the TR/PSW.Online.apxy Trojan
D:\WINNT\system32\zongxim.dll
[DETECTION] Is the TR/Spy.Gen Trojan
D:\WINNT\system32\×ÀÝÉÏÀÍ‹ÁÉÉk.exe
[DETECTION] Is the TR/Agent.BACI Trojan
D:\WINNT\system32\drivers\secdrv.sys
[DETECTION] Is the TR/Rootkit.Gen Trojan
Beginning disinfection:
D:\WINNT\system32\drivers\secdrv.sys
[DETECTION] Is the TR/Rootkit.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '5286c906.qua'.
D:\WINNT\system32\×ÀÝÉÏÀÍ‹ÁÉÉk.exe
[DETECTION] Is the TR/Agent.BACI Trojan
[NOTE] The file was moved to the quarantine directory under the name '4b8fe504.qua'.
D:\WINNT\system32\zongxim.dll
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '1841bc33.qua'.
D:\WINNT\system32\zesttns.dll
[DETECTION] Is the TR/PSW.Online.apxy Trojan
[NOTE] The file was moved to the quarantine directory under the name '7e49f38b.qua'.
D:\WINNT\system32\xsiscok.exe
[DETECTION] Is the TR/Agent.BACI Trojan
[NOTE] The file was moved to the quarantine directory under the name '3bf7dec4.qua'.
D:\WINNT\system32\xsisco.dll
[DETECTION] Is the TR/PSW.Online.bir Trojan
[NOTE] The file was moved to the quarantine directory under the name '44ececa5.qua'.
D:\WINNT\system32\wonlins.dll
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '0851c0eb.qua'.
D:\WINNT\system32\vordisa.dll
[DETECTION] Is the TR/Crypt.NSPM.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '747580bb.qua'.
D:\WINNT\system32\userinit.exe
[DETECTION] Is the TR/Agent.avwp Trojan
[NOTE] The file was moved to the quarantine directory under the name '591aaff2.qua'.
D:\WINNT\system32\tobaoupk.exe
[DETECTION] Is the TR/Agent.BACI Trojan
[NOTE] The file was moved to the quarantine directory under the name '4077946c.qua'.
D:\WINNT\system32\tobaoup.dll
[DETECTION] Is the TR/PSW.Online.bir Trojan
[NOTE] The file was moved to the quarantine directory under the name '2c2bb85d.qua'.
D:\WINNT\system32\tldcoco.dll
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '5d9081c7.qua'.
D:\WINNT\system32\telmanz.dll
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '5382b179.qua'.
D:\WINNT\system32\System.exe
[DETECTION] Is the TR/PSW.MultiFirst.W Trojan
[NOTE] The file was moved to the quarantine directory under the name '1692c857.qua'.
D:\WINNT\system32\rexljehk.exe
[DETECTION] Is the TR/Agent.BACI Trojan
[NOTE] The file was moved to the quarantine directory under the name '1f9ccc90.qua'.
D:\WINNT\system32\rexljeh.dll
[DETECTION] Is the TR/PSW.Online.bir Trojan
[NOTE] The file was moved to the quarantine directory under the name '47ddd5f9.qua'.
D:\WINNT\system32\qonenx.dll
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '6b13ac40.qua'.
D:\WINNT\system32\qanhllao.dll
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '55edccec.qua'.
D:\WINNT\system32\mirwznt.dll
[DETECTION] Is the TR/PSW.Online.bir Trojan
[NOTE] The file was moved to the quarantine directory under the name '36dfe7e7.qua'.
D:\WINNT\system32\meyotme.dll
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '101ea7fe.qua'.
D:\WINNT\system32\lenyuns.dll
[DETECTION] Is the TR/PSW.Online.bin Trojan
[NOTE] The file was moved to the quarantine directory under the name '22bfdc5a.qua'.
D:\WINNT\system32\kandoftt.dll
[DETECTION] Is the TR/PSW.O.ttyw.28672 Trojan
[NOTE] The file was moved to the quarantine directory under the name '28faf758.qua'.
D:\WINNT\system32\jonzyan.dll
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '17a9936b.qua'.
D:\WINNT\system32\jolends.dll
[DETECTION] Is the TR/PSW.OnlineGames.ZQO.184 Trojan
[NOTE] The file was moved to the quarantine directory under the name '69839f4c.qua'.
D:\WINNT\system32\HBYY.dll
[DETECTION] Is the TR/Agent.arkc.2 Trojan
[NOTE] The file was moved to the quarantine directory under the name '3ce89bd2.qua'.
D:\WINNT\system32\HBXY2.dll
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '3171eafa.qua'.
D:\WINNT\system32\HBWOW.dll
[DETECTION] Is the TR/Thief.Wow.dhj.6 Trojan
[NOTE] The file was moved to the quarantine directory under the name '2d2dfef3.qua'.
D:\WINNT\system32\HBWD.dll
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '1cfeb33c.qua'.
D:\WINNT\system32\HBW2I.dll
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '70a8a70a.qua'.
D:\WINNT\system32\HBTL.dll
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '3937820d.qua'.
D:\WINNT\system32\HBSOUL.dll
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '62a38adc.qua'.
D:\WINNT\system32\HBSHQ.dll
[DETECTION] Is the TR/PSW.OnlineGames.tvbf Trojan
[NOTE] The file was moved to the quarantine directory under the name '04118635.qua'.
D:\WINNT\system32\HBQQXX.dll
[DETECTION] Is the TR/Spy.Small.byv.2 Trojan
[NOTE] The file was moved to the quarantine directory under the name '539df49d.qua'.
D:\WINNT\system32\HBQQSG.dll
[DETECTION] Is the TR/Thief.OnLineGames.txbq.1 Trojan
[NOTE] The file was moved to the quarantine directory under the name '71eda3d6.qua'.
D:\WINNT\system32\HBQQFFO.dll
[DETECTION] Is the TR/Agent.alwp Trojan
[NOTE] The file was moved to the quarantine directory under the name '19fdd941.qua'.
D:\WINNT\system32\HBmhly.dll
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '3997ddc4.qua'.
D:\WINNT\system32\HBKDXY.dll
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '6cd59b70.qua'.
D:\WINNT\system32\HBJTLQ.dll
[DETECTION] Is the TR/Agent.annv.4 Trojan
[NOTE] The file was moved to the quarantine directory under the name '0df6bacf.qua'.
D:\WINNT\system32\HBDNF.dll
[DETECTION] Is the TR/Thief.OnLineGames.tvez Trojan
[NOTE] The file was moved to the quarantine directory under the name '6850f844.qua'.
D:\WINNT\system32\HBBO.dll
[DETECTION] Is the TR/SmallGame.AG.1 Trojan
[NOTE] The file was moved to the quarantine directory under the name '0d858ce5.qua'.
D:\WINNT\system32\HBASKTAO.dll
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Agent.uyi.6 back-door program
[NOTE] The file was moved to the quarantine directory under the name '1e60b076.qua'.
D:\WINNT\system32\fliecods.dll
[DETECTION] Is the TR/Thief.OnLineGames.tsyz.4 Trojan
[NOTE] The file was moved to the quarantine directory under the name '0cb1cca6.qua'.
D:\WINNT\system32\cenbezn.dll
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '1be4af1d.qua'.
D:\WINNT\system32\batteo.dll
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '41f89d89.qua'.
D:\WINNT\system32\Aooy.exe
[DETECTION] Is the TR/Drop.Cattivo.A Trojan
[NOTE] The file was moved to the quarantine directory under the name '64c8e793.qua'.
D:\WINNT\aoto.exe
[DETECTION] Is the TR/Drop.Cattivo.A Trojan
[NOTE] The file was moved to the quarantine directory under the name '10aeffe0.qua'.
End of the scan: 06 October 2012 00:29
Used time: 6:42:45 Hour(s)
The scan has been done completely.
12772 Scanned directories
314581 Files were scanned
46 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 Files were deleted
0 Viruses and unwanted programs were repaired
46 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
314535 Files not concerned
3525 Archives were scanned
3 Warnings
46 Notes
276403 Objects were scanned with rootkit scan
0 Hidden objects were found
Edgecrusher
2012-10-30, 23:04
Avira Free Antivirus
Report file date: 02 October 2012 19:15
Scanning for 4294881 virus strains and unwanted programs.
The program is running as an unrestricted full version.
Online services are available.
Licensee : Avira AntiVir Personal - Free Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Microsoft Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : FAMILYPC-0F08F1
Version information:
BUILD.DAT : 12.0.0.1199 40869 Bytes 07/09/2012 22:20:00
AVSCAN.EXE : 12.3.0.33 468472 Bytes 10/08/2012 19:10:01
AVSCAN.DLL : 12.3.0.15 54736 Bytes 10/06/2012 22:09:38
LUKE.DLL : 12.3.0.15 68304 Bytes 10/06/2012 22:09:40
AVSCPLR.DLL : 12.3.0.14 97032 Bytes 10/06/2012 22:09:40
AVREG.DLL : 12.3.0.17 232200 Bytes 10/06/2012 22:09:40
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 10:59:22
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14/12/2010 10:59:22
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20/12/2011 10:59:22
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01/02/2012 00:03:29
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28/03/2012 13:00:02
VBASE005.VDF : 7.11.34.116 4034048 Bytes 29/06/2012 23:28:38
VBASE006.VDF : 7.11.41.250 4902400 Bytes 06/09/2012 14:36:52
VBASE007.VDF : 7.11.41.251 2048 Bytes 06/09/2012 14:36:53
VBASE008.VDF : 7.11.41.252 2048 Bytes 06/09/2012 14:36:53
VBASE009.VDF : 7.11.41.253 2048 Bytes 06/09/2012 14:36:53
VBASE010.VDF : 7.11.41.254 2048 Bytes 06/09/2012 14:36:53
VBASE011.VDF : 7.11.41.255 2048 Bytes 06/09/2012 14:36:53
VBASE012.VDF : 7.11.42.0 2048 Bytes 06/09/2012 14:36:53
VBASE013.VDF : 7.11.42.1 2048 Bytes 06/09/2012 14:36:54
VBASE014.VDF : 7.11.42.65 203264 Bytes 09/09/2012 14:36:54
VBASE015.VDF : 7.11.42.125 156672 Bytes 11/09/2012 14:36:54
VBASE016.VDF : 7.11.42.171 187904 Bytes 12/09/2012 14:36:55
VBASE017.VDF : 7.11.42.235 141312 Bytes 13/09/2012 14:36:55
VBASE018.VDF : 7.11.43.35 133632 Bytes 15/09/2012 14:36:55
VBASE019.VDF : 7.11.43.89 129024 Bytes 18/09/2012 14:36:55
VBASE020.VDF : 7.11.43.141 130560 Bytes 19/09/2012 14:36:55
VBASE021.VDF : 7.11.43.187 121856 Bytes 21/09/2012 14:36:56
VBASE022.VDF : 7.11.43.251 147456 Bytes 24/09/2012 14:36:56
VBASE023.VDF : 7.11.44.43 152064 Bytes 25/09/2012 14:36:56
VBASE024.VDF : 7.11.44.103 165888 Bytes 27/09/2012 14:36:57
VBASE025.VDF : 7.11.44.167 160256 Bytes 30/09/2012 14:36:57
VBASE026.VDF : 7.11.44.168 2048 Bytes 30/09/2012 14:36:57
VBASE027.VDF : 7.11.44.169 2048 Bytes 30/09/2012 14:36:57
VBASE028.VDF : 7.11.44.170 2048 Bytes 30/09/2012 14:36:57
VBASE029.VDF : 7.11.44.171 2048 Bytes 30/09/2012 14:36:57
VBASE030.VDF : 7.11.44.172 2048 Bytes 30/09/2012 14:36:57
VBASE031.VDF : 7.11.44.208 136704 Bytes 01/10/2012 21:47:26
Engine version : 8.2.10.178
AEVDF.DLL : 8.1.2.10 102772 Bytes 10/07/2012 11:07:34
AESCRIPT.DLL : 8.1.4.58 463226 Bytes 29/09/2012 14:37:04
AESCN.DLL : 8.1.9.2 131444 Bytes 29/09/2012 14:37:03
AESBX.DLL : 8.2.5.12 606578 Bytes 14/06/2012 22:12:59
AERDL.DLL : 8.1.9.15 639348 Bytes 21/12/2011 10:59:20
AEPACK.DLL : 8.3.0.38 811382 Bytes 29/09/2012 14:37:03
AEOFFICE.DLL : 8.1.2.48 201082 Bytes 29/09/2012 14:37:02
AEHEUR.DLL : 8.1.4.108 5329272 Bytes 29/09/2012 14:37:01
AEHELP.DLL : 8.1.24.0 258423 Bytes 29/09/2012 14:36:59
AEGEN.DLL : 8.1.5.38 434548 Bytes 29/09/2012 14:36:58
AEEXP.DLL : 8.2.0.2 115060 Bytes 29/09/2012 14:37:04
AEEMU.DLL : 8.1.3.2 393587 Bytes 10/07/2012 11:07:33
AECORE.DLL : 8.1.28.2 201079 Bytes 29/09/2012 14:36:58
AEBB.DLL : 8.1.1.0 53618 Bytes 21/12/2011 10:59:20
AVWINLL.DLL : 12.3.0.15 27344 Bytes 10/06/2012 22:09:36
AVPREF.DLL : 12.3.0.15 51920 Bytes 10/06/2012 22:09:38
AVREP.DLL : 12.3.0.15 179208 Bytes 10/06/2012 22:09:40
AVARKT.DLL : 12.3.0.15 211408 Bytes 10/06/2012 22:09:37
AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 10/06/2012 22:09:37
SQLITE3.DLL : 3.7.0.1 398288 Bytes 10/06/2012 22:09:40
AVSMTP.DLL : 12.3.0.32 63480 Bytes 10/08/2012 19:10:01
NETNT.DLL : 12.3.0.15 17104 Bytes 10/06/2012 22:09:40
RCIMAGE.DLL : 12.3.0.31 4445944 Bytes 10/08/2012 19:09:48
RCTEXT.DLL : 12.3.0.31 97784 Bytes 10/08/2012 19:09:49
Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp
Logging.............................: default
Primary action......................: Interactive
Secondary action....................: Ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: extended
Start of the scan: 02 October 2012 19:15
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Starting search for hidden objects.
The scan of running processes will be started
Scan process 'rsmsink.exe' - '28' Module(s) have been scanned
Scan process 'msdtc.exe' - '40' Module(s) have been scanned
Scan process 'dllhost.exe' - '60' Module(s) have been scanned
Scan process 'dllhost.exe' - '45' Module(s) have been scanned
Scan process 'vssvc.exe' - '48' Module(s) have been scanned
Scan process 'avscan.exe' - '72' Module(s) have been scanned
Scan process 'avcenter.exe' - '70' Module(s) have been scanned
Scan process 'wlcomm.exe' - '69' Module(s) have been scanned
Scan process 'alg.exe' - '33' Module(s) have been scanned
Scan process 'iPodService.exe' - '29' Module(s) have been scanned
Scan process 'rundll32.exe' - '30' Module(s) have been scanned
Scan process 'avshadow.exe' - '26' Module(s) have been scanned
Scan process 'WifiDevChkSvc.exe' - '15' Module(s) have been scanned
Scan process 'SeaPort.exe' - '51' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '37' Module(s) have been scanned
Scan process 'mcsacore.exe' - '54' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '28' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '57' Module(s) have been scanned
Scan process 'avguard.exe' - '56' Module(s) have been scanned
Scan process 'WNDA3200WPSMgr.exe' - '35' Module(s) have been scanned
Scan process 'SpotifyWebHelper.exe' - '32' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '136' Module(s) have been scanned
Scan process 'ctfmon.exe' - '25' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '58' Module(s) have been scanned
Scan process 'RunDLL32.exe' - '29' Module(s) have been scanned
Scan process 'DivXUpdate.exe' - '51' Module(s) have been scanned
Scan process 'avgnt.exe' - '66' Module(s) have been scanned
Scan process 'mixersel.exe' - '21' Module(s) have been scanned
Scan process 'SOUNDMAN.EXE' - '25' Module(s) have been scanned
Scan process 'svchost.exe' - '33' Module(s) have been scanned
Scan process 'sched.exe' - '38' Module(s) have been scanned
Scan process 'Explorer.EXE' - '86' Module(s) have been scanned
Scan process 'spoolsv.exe' - '53' Module(s) have been scanned
Scan process 'svchost.exe' - '37' Module(s) have been scanned
Scan process 'svchost.exe' - '32' Module(s) have been scanned
Scan process 'svchost.exe' - '147' Module(s) have been scanned
Scan process 'svchost.exe' - '39' Module(s) have been scanned
Scan process 'svchost.exe' - '53' Module(s) have been scanned
Scan process 'lsass.exe' - '63' Module(s) have been scanned
Scan process 'services.exe' - '27' Module(s) have been scanned
Scan process 'winlogon.exe' - '71' Module(s) have been scanned
Scan process 'csrss.exe' - '12' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned
Starting to scan executable files (registry).
The registry was scanned ( '1632' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\Documents and Settings\Home\My Documents\Downloads\avira_free_antivirus_en.exe
[WARNING] The file is password protected
C:\Documents and Settings\Home\My Documents\Downloads\install_flashplayer11x32_mssd_aih.exe
[WARNING] The file is password protected
Begin scan in 'D:\'
D:\Documents and Settings\Administrator\Local Settings\Temp\1a007.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\Administrator\Local Settings\Temp\20abe.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\Administrator\Local Settings\Temp\38b29.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AlexaRelated.zip
[WARNING] The file is password protected
D:\Documents and Settings\thu\Local Settings\Temp\100.tmp
--> Object
[DETECTION] Is the TR/Drop.Spy.Pca.A.2 Trojan
D:\Documents and Settings\thu\Local Settings\Temp\1008758
[0] Archive type: NSIS
--> ProgramFilesDir/33.exe
[DETECTION] Is the TR/Obfuscated.kah Trojan
D:\Documents and Settings\thu\Local Settings\Temp\1012952
--> Object
[1] Archive type: RSRC
--> Object
--> Object
[DETECTION] Is the TR/Drop.Spy.Pca.A.2 Trojan
D:\Documents and Settings\thu\Local Settings\Temp\1013304
[0] Archive type: NSIS
--> ProgramFilesDir/33.exe
[DETECTION] Is the TR/Obfuscated.kah Trojan
D:\Documents and Settings\thu\Local Settings\Temp\1024149
--> Object
[1] Archive type: RSRC
--> Object
--> Object
[DETECTION] Is the TR/Drop.Spy.Pca.A.2 Trojan
D:\Documents and Settings\thu\Local Settings\Temp\1032803
[0] Archive type: NSIS
--> ProgramFilesDir/33.exe
[DETECTION] Is the TR/Obfuscated.kah Trojan
D:\Documents and Settings\thu\Local Settings\Temp\1042796
--> Object
[1] Archive type: RSRC
--> Object
--> Object
[DETECTION] Is the TR/Drop.Spy.Pca.A.2 Trojan
D:\Documents and Settings\thu\Local Settings\Temp\1051218
--> Object
[1] Archive type: RSRC
--> Object
--> Object
[DETECTION] Is the TR/Drop.Spy.Pca.A.2 Trojan
D:\Documents and Settings\thu\Local Settings\Temp\1070616
[0] Archive type: NSIS
--> ProgramFilesDir/33.exe
[DETECTION] Is the TR/Obfuscated.kah Trojan
D:\Documents and Settings\thu\Local Settings\Temp\1075563
--> Object
[1] Archive type: RSRC
--> Object
--> Object
[DETECTION] Is the TR/Drop.Spy.Pca.A.2 Trojan
D:\Documents and Settings\thu\Local Settings\Temp\1076514
--> Object
[1] Archive type: RSRC
--> Object
--> Object
[DETECTION] Is the TR/Drop.Spy.Pca.A.2 Trojan
D:\Documents and Settings\thu\Local Settings\Temp\1081923
[0] Archive type: NSIS
--> ProgramFilesDir/33.exe
[DETECTION] Is the TR/Obfuscated.kah Trojan
D:\Documents and Settings\thu\Local Settings\Temp\1091226
--> Object
[1] Archive type: RSRC
--> Object
--> Object
[DETECTION] Is the TR/Drop.Spy.Pca.A.2 Trojan
D:\Documents and Settings\thu\Local Settings\Temp\1093088
--> Object
[1] Archive type: RSRC
--> Object
--> Object
[DETECTION] Is the TR/Drop.Spy.Pca.A.2 Trojan
D:\Documents and Settings\thu\Local Settings\Temp\1093540
[0] Archive type: NSIS
--> ProgramFilesDir/33.exe
[DETECTION] Is the TR/Obfuscated.kah Trojan
D:\Documents and Settings\thu\Local Settings\Temp\1098105
--> Object
[1] Archive type: RSRC
--> Object
--> Object
[DETECTION] Is the TR/Drop.Spy.Pca.A.2 Trojan
D:\Documents and Settings\thu\Local Settings\Temp\1098676
--> Object
[1] Archive type: RSRC
--> Object
--> Object
[DETECTION] Is the TR/Drop.Spy.Pca.A.2 Trojan
D:\Documents and Settings\thu\Local Settings\Temp\1103554
[0] Archive type: NSIS
--> ProgramFilesDir/33.exe
[DETECTION] Is the TR/Obfuscated.kah Trojan
D:\Documents and Settings\thu\Local Settings\Temp\1126647
[0] Archive type: NSIS
--> ProgramFilesDir/33.exe
[DETECTION] Is the TR/Obfuscated.kah Trojan
D:\Documents and Settings\thu\Local Settings\Temp\1128049
[0] Archive type: NSIS
--> ProgramFilesDir/33.exe
[DETECTION] Is the TR/Obfuscated.kah Trojan
D:\Documents and Settings\thu\Local Settings\Temp\113.tmp
--> Object
[DETECTION] Is the TR/Drop.Spy.Pca.A.2 Trojan
D:\Documents and Settings\thu\Local Settings\Temp\1142971
[0] Archive type: NSIS
--> ProgramFilesDir/33.exe
[DETECTION] Is the TR/Obfuscated.kah Trojan
D:\Documents and Settings\thu\Local Settings\Temp\1143702
[0] Archive type: NSIS
--> ProgramFilesDir/33.exe
[DETECTION] Is the TR/Obfuscated.kah Trojan
D:\Documents and Settings\thu\Local Settings\Temp\1155990
[0] Archive type: NSIS
--> ProgramFilesDir/33.exe
[DETECTION] Is the TR/Obfuscated.kah Trojan
D:\Documents and Settings\thu\Local Settings\Temp\1157963
[0] Archive type: NSIS
--> ProgramFilesDir/33.exe
[DETECTION] Is the TR/Obfuscated.kah Trojan
D:\Documents and Settings\thu\Local Settings\Temp\1184561
[0] Archive type: NSIS
--> ProgramFilesDir/33.exe
[DETECTION] Is the TR/Obfuscated.kah Trojan
D:\Documents and Settings\thu\Local Settings\Temp\1191169
--> Object
[1] Archive type: RSRC
--> Object
--> Object
[DETECTION] Is the TR/Drop.Spy.Pca.A.2 Trojan
D:\Documents and Settings\thu\Local Settings\Temp\120.tmp
--> Object
[DETECTION] Is the TR/Drop.Spy.Pca.A.2 Trojan
D:\Documents and Settings\thu\Local Settings\Temp\1222364
--> Object
[1] Archive type: RSRC
--> Object
--> Object
[DETECTION] Is the TR/Drop.Spy.Pca.A.2 Trojan
D:\Documents and Settings\thu\Local Settings\Temp\1276353
[0] Archive type: NSIS
--> ProgramFilesDir/33.exe
[DETECTION] Is the TR/Obfuscated.kah Trojan
D:\Documents and Settings\thu\Local Settings\Temp\1285586
[0] Archive type: NSIS
--> ProgramFilesDir/33.exe
[DETECTION] Is the TR/Obfuscated.kah Trojan
D:\Documents and Settings\thu\Local Settings\Temp\12B.tmp
--> Object
[DETECTION] Is the TR/Drop.Spy.Pca.A.2 Trojan
D:\Documents and Settings\thu\Local Settings\Temp\13af1.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\13e31.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\13ec7.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\14025.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\14039.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\14089.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\1410c.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\14184.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\14224.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\14292.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\14397.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\14780.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\147d0.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\14820.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\14848.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\1499302
--> Object
[1] Archive type: RSRC
--> Object
--> Object
[DETECTION] Is the TR/Drop.Spy.Pca.A.2 Trojan
D:\Documents and Settings\thu\Local Settings\Temp\14a1f.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\14a8d.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\14b0f.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\14bec.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\14e08.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\14f7b.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\15039.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\1509d.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\1517779
--> Object
[1] Archive type: RSRC
--> Object
--> Object
[DETECTION] Is the TR/Drop.Spy.Pca.A.2 Trojan
D:\Documents and Settings\thu\Local Settings\Temp\151a2.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\1550787
[0] Archive type: NSIS
--> ProgramFilesDir/33.exe
[DETECTION] Is the TR/Obfuscated.kah Trojan
D:\Documents and Settings\thu\Local Settings\Temp\1576c.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\157f8.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\15852.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\1586949
[0] Archive type: NSIS
--> ProgramFilesDir/33.exe
[DETECTION] Is the TR/Obfuscated.kah Trojan
D:\Documents and Settings\thu\Local Settings\Temp\1588e.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\15E.tmp
--> Object
[DETECTION] Is the TR/Drop.Spy.Pca.A.2 Trojan
D:\Documents and Settings\thu\Local Settings\Temp\1606b.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\161ac.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\16292.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\16473.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\1649b.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\168ac.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\169bb.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\16c8c.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\16ce6.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\16e80.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\177.tmp
--> Object
[DETECTION] Is the TR/Drop.Spy.Pca.A.2 Trojan
D:\Documents and Settings\thu\Local Settings\Temp\17a79.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\17b55.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\17E.tmp
--> Object
[DETECTION] Is the TR/Drop.Spy.Pca.A.2 Trojan
D:\Documents and Settings\thu\Local Settings\Temp\1822e.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\18238.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\1868445
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
D:\Documents and Settings\thu\Local Settings\Temp\1884208
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
D:\Documents and Settings\thu\Local Settings\Temp\18a0b.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\192ce.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\19906.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\1A5.tmp
--> Object
[DETECTION] Is the TR/Drop.Spy.Pca.A.2 Trojan
D:\Documents and Settings\thu\Local Settings\Temp\1a6e9.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\1afc0.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\1ba1e.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\1bdfe.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\1cd67.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\1E.tmp
--> Object
[DETECTION] Is the TR/Drop.Spy.Pca.A.2 Trojan
D:\Documents and Settings\thu\Local Settings\Temp\1ea14.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\208934
[DETECTION] Is the TR/Agent.BACI Trojan
D:\Documents and Settings\thu\Local Settings\Temp\2415040
[0] Archive type: NSIS
--> ProgramFilesDir/33.exe
[DETECTION] Is the TR/Obfuscated.kah Trojan
D:\Documents and Settings\thu\Local Settings\Temp\2417032
--> Object
[1] Archive type: RSRC
--> Object
--> Object
[DETECTION] Is the TR/Drop.Spy.Pca.A.2 Trojan
D:\Documents and Settings\thu\Local Settings\Temp\243a9.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\2469168
[0] Archive type: NSIS
--> ProgramFilesDir/33.exe
[DETECTION] Is the TR/Obfuscated.kah Trojan
D:\Documents and Settings\thu\Local Settings\Temp\2580a.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\25b36.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\29.tmp
--> Object
[DETECTION] Is the TR/Drop.Spy.Pca.A.2 Trojan
D:\Documents and Settings\thu\Local Settings\Temp\2ada2.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\2bcbb.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\2e6c9.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\2eccf.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\30253.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\3261e.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\34.tmp
--> Object
[DETECTION] Is the TR/Drop.Spy.Pca.A.2 Trojan
D:\Documents and Settings\thu\Local Settings\Temp\3633874
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
D:\Documents and Settings\thu\Local Settings\Temp\3c808.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\3D.tmp
--> Object
[DETECTION] Is the TR/Drop.Spy.Pca.A.2 Trojan
D:\Documents and Settings\thu\Local Settings\Temp\3dbe8e.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\4080083
--> Object
[1] Archive type: RSRC
--> Object
--> Object
[DETECTION] Is the TR/Drop.Spy.Pca.A.2 Trojan
D:\Documents and Settings\thu\Local Settings\Temp\4130617
[0] Archive type: NSIS
--> ProgramFilesDir/33.exe
[DETECTION] Is the TR/Obfuscated.kah Trojan
D:\Documents and Settings\thu\Local Settings\Temp\4194846
[DETECTION] Is the TR/Agent.BACJ Trojan
D:\Documents and Settings\thu\Local Settings\Temp\4a694.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\506186
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
D:\Documents and Settings\thu\Local Settings\Temp\530201
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
D:\Documents and Settings\thu\Local Settings\Temp\537161
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
D:\Documents and Settings\thu\Local Settings\Temp\538182
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
D:\Documents and Settings\thu\Local Settings\Temp\545253
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
D:\Documents and Settings\thu\Local Settings\Temp\548297
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
D:\Documents and Settings\thu\Local Settings\Temp\5514cf.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\557861
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
D:\Documents and Settings\thu\Local Settings\Temp\566253
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
D:\Documents and Settings\thu\Local Settings\Temp\57.tmp
--> Object
[DETECTION] Is the TR/Drop.Spy.Pca.A.2 Trojan
D:\Documents and Settings\thu\Local Settings\Temp\579512
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
D:\Documents and Settings\thu\Local Settings\Temp\580523
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
D:\Documents and Settings\thu\Local Settings\Temp\585150
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
D:\Documents and Settings\thu\Local Settings\Temp\587593
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
D:\Documents and Settings\thu\Local Settings\Temp\589136
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
D:\Documents and Settings\thu\Local Settings\Temp\604518
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
D:\Documents and Settings\thu\Local Settings\Temp\612309
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
D:\Documents and Settings\thu\Local Settings\Temp\625578
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
D:\Documents and Settings\thu\Local Settings\Temp\660348
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
D:\Documents and Settings\thu\Local Settings\Temp\689210
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
D:\Documents and Settings\thu\Local Settings\Temp\694347
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
D:\Documents and Settings\thu\Local Settings\Temp\6A.tmp
--> Object
[DETECTION] Is the TR/Drop.Spy.Pca.A.2 Trojan
D:\Documents and Settings\thu\Local Settings\Temp\73.tmp
--> Object
[DETECTION] Is the TR/Drop.Spy.Pca.A.2 Trojan
D:\Documents and Settings\thu\Local Settings\Temp\898741
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
D:\Documents and Settings\thu\Local Settings\Temp\92.tmp
--> Object
[DETECTION] Is the TR/Drop.Spy.Pca.A.2 Trojan
D:\Documents and Settings\thu\Local Settings\Temp\933501
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
D:\Documents and Settings\thu\Local Settings\Temp\936331
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
D:\Documents and Settings\thu\Local Settings\Temp\944945
--> Object
[1] Archive type: RSRC
--> Object
--> Object
[DETECTION] Is the TR/Drop.Spy.Pca.A.2 Trojan
D:\Documents and Settings\thu\Local Settings\Temp\957532
--> Object
[1] Archive type: RSRC
--> Object
--> Object
[DETECTION] Is the TR/Drop.Spy.Pca.A.2 Trojan
D:\Documents and Settings\thu\Local Settings\Temp\958164
--> Object
[1] Archive type: RSRC
--> Object
--> Object
[DETECTION] Is the TR/Drop.Spy.Pca.A.2 Trojan
D:\Documents and Settings\thu\Local Settings\Temp\97.tmp
--> Object
[DETECTION] Is the TR/Drop.Spy.Pca.A.2 Trojan
D:\Documents and Settings\thu\Local Settings\Temp\976461
--> Object
[1] Archive type: RSRC
--> Object
--> Object
[DETECTION] Is the TR/Drop.Spy.Pca.A.2 Trojan
D:\Documents and Settings\thu\Local Settings\Temp\990589
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
D:\Documents and Settings\thu\Local Settings\Temp\995529
[0] Archive type: NSIS
--> ProgramFilesDir/33.exe
[DETECTION] Is the TR/Obfuscated.kah Trojan
D:\Documents and Settings\thu\Local Settings\Temp\A4.tmp
--> Object
[DETECTION] Is the TR/Drop.Spy.Pca.A.2 Trojan
D:\Documents and Settings\thu\Local Settings\Temp\BB.tmp
--> Object
[DETECTION] Is the TR/Drop.Spy.Pca.A.2 Trojan
D:\Documents and Settings\thu\Local Settings\Temp\E0.tmp
--> Object
[DETECTION] Is the TR/Drop.Spy.Pca.A.2 Trojan
D:\Program Files\CCTV\CCTV Video Client\uninstall.exe
[WARNING] Invalid end of file
D:\Program Files\Internet Explorer\Sys_NtMe.Zys
[DETECTION] Is the TR/ATRAPS.Gen Trojan
D:\Program Files\Internet Explorer\UnixsMe.Jmp
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
D:\Program Files\Internet Explorer\VitnNt64.987
[DETECTION] Is the TR/ATRAPS.Gen Trojan
D:\Program Files\Internet Explorer\VneNt64.Jmp
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
Edgecrusher
2012-10-30, 23:09
i couldnt post the middle part of the last avira log, since it was too long. so i've attached it instead.
Edgecrusher
2012-10-30, 23:11
End of the scan: 03 October 2012 00:37
Used time: 5:18:02 Hour(s)
The scan has been canceled!
11139 Scanned directories
242758 Files were scanned
183 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 Files were deleted
0 Viruses and unwanted programs were repaired
161 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
242575 Files not concerned
2355 Archives were scanned
4 Warnings
161 Notes
the thing about this current computer is that it has been changed, cos my other PC broke due to the faulty motherboard. but this current computer i have now is much more older than my previous. this one is ridiculously old from the 90's. it was originally from a cousins workplace. when i scanned it the day i got it, thats when it detected all the serious amounts of viruses. and the only thing that was kept from my old computer was the hard drive, which is now in this one. also i have a very new recent wireless usb stick connected to this old piece of junk. i dont think streaming youtube videos works that well on this computer.
Edgecrusher
2012-10-30, 23:22
Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org
Database version: v2012.09.30.04
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
Home :: FAMILYPC-0F08F1 [administrator]
06/10/2012 12:50:18
mbam-log-2012-10-06 (12-50-18).txt
Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 299115
Time elapsed: 6 hour(s), 56 minute(s), 33 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 8
D:\Program Files\Funshion Online\Funshion\RouterSetting.dll (PUP.Funshion) -> Quarantined and deleted successfully.
D:\Program Files\Funshion Online\Funshion\Uninstall.exe (PUP.Funshion) -> Quarantined and deleted successfully.
D:\Program Files\Funshion Online\Funshion\Funshion.exe (PUP.Funshion) -> Quarantined and deleted successfully.
D:\Program Files\Funshion Online\Funshion\funshionplugin2.dll (PUP.Funshion) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150042.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150043.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
D:\WINNT\wpcap.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.
D:\WINNT\Packet.dll (HackTool.Agent) -> Quarantined and deleted successfully.
(end)
Edgecrusher
2012-10-30, 23:23
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org
Database version: v2012.08.14.03
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
Home :: FAMILYPC-0F08F1 [administrator]
14/08/2012 17:21:04
mbam-log-2012-08-14 (17-21-04).txt
Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 246949
Time elapsed: 2 hour(s), 41 minute(s), 27 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 1
HKCU\SOFTWARE\CROSSRIDER (Adware.GamePlayLab) -> Quarantined and deleted successfully.
Registry Values Detected: 1
HKCU\Software\Crossrider|215AppVerifier (Adware.GamePlayLab) -> Data: b4edf610b03bfba29960106d8a56aee3 -> Quarantined and deleted successfully.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 5
C:\Documents and Settings\Home\Local Settings\Temp\softonic_ssk_conduit.exe (PUP.BundleInstaller.IB) -> Quarantined and deleted successfully.
C:\Documents and Settings\Home\My Documents\Downloads\coretemp_1236.exe (PUP.BundleOffers.IIQ) -> Quarantined and deleted successfully.
C:\Program Files\Uninstall Information\ib_uninst_383\uninstall.exe (PUP.BundleInstaller.IB) -> Quarantined and deleted successfully.
C:\Program Files\Uninstall Information\ib_uninst_567\uninstall.exe (PUP.BundleInstaller.IB) -> Quarantined and deleted successfully.
C:\Program Files\Uninstall Information\ib_uninst_569\uninstall.exe (PUP.BundleInstaller.IB) -> Quarantined and deleted successfully.
(end)
Edgecrusher
2012-10-30, 23:58
# AdwCleaner v2.005 - Logfile created 10/30/2012 at 22:47:40
# Updated 14/10/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Home - FAMILYPC-0F08F1
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Home\My Documents\Downloads\AdwCleaner.exe
# Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
File Deleted : C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\vfv1tlv3.default\searchplugins\Conduit.xml
Folder Deleted : C:\DOCUME~1\Home\LOCALS~1\Temp\boost_interprocess
Folder Deleted : C:\Documents and Settings\All Users\Application Data\IBUpdaterService
Folder Deleted : C:\Documents and Settings\All Users\Application Data\InstallMate
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Premium
Folder Deleted : C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\vfv1tlv3.default\ConduitCommon
Folder Deleted : C:\Documents and Settings\Home\Local Settings\Application Data\Conduit
Folder Deleted : C:\Program Files\Conduit
***** [Registry] *****
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1631550F-191D-4826-B069-D9439253D926}
Key Deleted : HKCU\Software\PriceGong
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\Software\bProtector
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3227982
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011501160}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011501160}
Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [specialsavings@superfish.com]
***** [Internet Browsers] *****
-\\ Internet Explorer v6.0.2900.5512
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT3227982 --> hxxp://www.google.com
Deleted : [HKCU\Software\Microsoft\Internet Explorer\Main - bProtector Start Page]
-\\ Mozilla Firefox v16.0.2 (en-GB)
Profile name : default
File : C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\vfv1tlv3.default\prefs.js
Deleted : user_pref("CT3227982..clientLogIsEnabled", false);
Deleted : user_pref("CT3227982..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT3227982..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT3227982.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT3227982.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT3227982.BrowserCompStateIsOpen_9221552460232570768", true);
Deleted : user_pref("CT3227982.CTID", "CT3227982");
Deleted : user_pref("CT3227982.CurrentServerDate", "13-8-2012");
Deleted : user_pref("CT3227982.DSChangedManually", false);
Deleted : user_pref("CT3227982.DSInstall", true);
Deleted : user_pref("CT3227982.DSProtectChoice", false);
Deleted : user_pref("CT3227982.DSProtectCount", 1);
Deleted : user_pref("CT3227982.DialogsAlignMode", "LTR");
Deleted : user_pref("CT3227982.DialogsGetterLastCheckTime", "Mon Aug 13 2012 20:16:01 GMT+0100 (GMT Daylight T[...]
Deleted : user_pref("CT3227982.DownloadReferralCookieData", "");
Deleted : user_pref("CT3227982.FirstServerDate", "13-8-2012");
Deleted : user_pref("CT3227982.FirstTime", true);
Deleted : user_pref("CT3227982.FirstTimeFF3", true);
Deleted : user_pref("CT3227982.FirstTimeHiddenVer", true);
Deleted : user_pref("CT3227982.FixPageNotFoundErrors", true);
Deleted : user_pref("CT3227982.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT3227982.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT3227982.HPInstall", true);
Deleted : user_pref("CT3227982.HasUserGlobalKeys", true);
Deleted : user_pref("CT3227982.HomePageProtectorEnabled", true);
Deleted : user_pref("CT3227982.HomepageBeforeUnload", "hxxp://search.conduit.com/?ctid=CT3227982&SearchSource=[...]
Deleted : user_pref("CT3227982.Initialize", true);
Deleted : user_pref("CT3227982.InitializeCommonPrefs", true);
Deleted : user_pref("CT3227982.InstallationAndCookieDataSentCount", 1);
Deleted : user_pref("CT3227982.InstallationId", "installbrain");
Deleted : user_pref("CT3227982.InstallationType", "ConduitNSISIntegration");
Deleted : user_pref("CT3227982.InstalledDate", "Mon Aug 13 2012 20:16:01 GMT+0100 (GMT Daylight Time)");
Deleted : user_pref("CT3227982.InvalidateCache", false);
Deleted : user_pref("CT3227982.IsAlertDBUpdated", true);
Deleted : user_pref("CT3227982.IsGrouping", false);
Deleted : user_pref("CT3227982.IsInitSetupIni", true);
Deleted : user_pref("CT3227982.IsMulticommunity", false);
Deleted : user_pref("CT3227982.IsOpenThankYouPage", false);
Deleted : user_pref("CT3227982.IsOpenUninstallPage", true);
Deleted : user_pref("CT3227982.LanguagePackLastCheckTime", "Mon Aug 13 2012 20:16:07 GMT+0100 (GMT Daylight Ti[...]
Deleted : user_pref("CT3227982.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT3227982.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT3227982.LastLogin_3.15.0.0", "Mon Aug 13 2012 21:08:36 GMT+0100 (GMT Daylight Time)");
Deleted : user_pref("CT3227982.LatestVersion", "3.14.1.0");
Deleted : user_pref("CT3227982.Locale", "en");
Deleted : user_pref("CT3227982.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT3227982.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT3227982.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT3227982.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT3227982.OriginalFirstVersion", "3.15.0.0");
Deleted : user_pref("CT3227982.RadioIsPodcast", false);
Deleted : user_pref("CT3227982.RadioLastCheckTime", "Mon Aug 13 2012 21:08:43 GMT+0100 (GMT Daylight Time)");
Deleted : user_pref("CT3227982.RadioLastUpdateIPServer", "3");
Deleted : user_pref("CT3227982.RadioLastUpdateServer", "3");
Deleted : user_pref("CT3227982.RadioMediaID", "9962");
Deleted : user_pref("CT3227982.RadioMediaType", "Media Player");
Deleted : user_pref("CT3227982.RadioMenuSelectedID", "EBRadioMenu_CT32279829962");
Deleted : user_pref("CT3227982.RadioShrinkedFromSetup", false);
Deleted : user_pref("CT3227982.RadioStationName", "California%20Rock");
Deleted : user_pref("CT3227982.RadioStationURL", "hxxp://feedlive.net/california.asx");
Deleted : user_pref("CT3227982.SavedHomepage", "hxxp://search.conduit.com/?ctid=CT3227980&SearchSource=13");
Deleted : user_pref("CT3227982.SearchCaption", "appbario8 Customized Web Search");
Deleted : user_pref("CT3227982.SearchEngineBeforeUnload", "Secure Search");
Deleted : user_pref("CT3227982.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT3227982.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT322[...]
Deleted : user_pref("CT3227982.SearchInNewTabEnabled", true);
Deleted : user_pref("CT3227982.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT3227982.SearchInNewTabLastCheckTime", "Mon Aug 13 2012 21:08:40 GMT+0100 (GMT Daylight [...]
Deleted : user_pref("CT3227982.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT3227982.SearchProtectorEnabled", false);
Deleted : user_pref("CT3227982.SearchProtectorToolbarDisabled", false);
Deleted : user_pref("CT3227982.SendProtectorDataViaLogin", true);
Deleted : user_pref("CT3227982.ServiceMapLastCheckTime", "Mon Aug 13 2012 20:14:28 GMT+0100 (GMT Daylight Time[...]
Deleted : user_pref("CT3227982.SettingsLastCheckTime", "Mon Aug 13 2012 20:16:00 GMT+0100 (GMT Daylight Time)"[...]
Deleted : user_pref("CT3227982.SettingsLastUpdate", "1344850466");
Deleted : user_pref("CT3227982.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT3227982&SearchSource=13");
Deleted : user_pref("CT3227982.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT3227982.ThirdPartyComponentsLastCheck", "Mon Aug 13 2012 20:14:28 GMT+0100 (GMT Dayligh[...]
Deleted : user_pref("CT3227982.ThirdPartyComponentsLastUpdate", "1331805997");
Deleted : user_pref("CT3227982.ToolbarShrinkedFromSetup", false);
Deleted : user_pref("CT3227982.TrusteLinkUrl", "hxxp://trust.conduit.com/CT3227982");
Deleted : user_pref("CT3227982.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT3227982.UserID", "UN49853975388931193");
Deleted : user_pref("CT3227982.ValidationData_Toolbar", 0);
Deleted : user_pref("CT3227982.alertChannelId", "1663751");
Deleted : user_pref("CT3227982.autoDisableScopes", -1);
Deleted : user_pref("CT3227982.backendstorage.bday_installdate", "31332D37");
Deleted : user_pref("CT3227982.backendstorage.bday_installfromtoolbar", "796573");
Deleted : user_pref("CT3227982.backendstorage.ct3227982ads1", "25374225323261647325323225334125354225374225323[...]
Deleted : user_pref("CT3227982.backendstorage.ct3227982current_term", "");
Deleted : user_pref("CT3227982.backendstorage.ct3227982sdate", "2D31");
Deleted : user_pref("CT3227982.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT3227982.globalFirstTimeInfoLastCheckTime", "Mon Aug 13 2012 20:14:29 GMT+0100 (GMT Dayl[...]
Deleted : user_pref("CT3227982.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT3227982.initDone", true);
Deleted : user_pref("CT3227982.isFirstRadioInstallation", false);
Deleted : user_pref("CT3227982.myStuffEnabled", true);
Deleted : user_pref("CT3227982.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT3227982.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT3227982.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT3227982.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT3227982.navigateToUrlOnSearch", false);
Deleted : user_pref("CT3227982.revertSettingsEnabled", true);
Deleted : user_pref("CT3227982.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT3227982.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT3227982.testingCtid", "");
Deleted : user_pref("CT3227982.toolbarAppMetaDataLastCheckTime", "Mon Aug 13 2012 20:16:00 GMT+0100 (GMT Dayli[...]
Deleted : user_pref("CT3227982.toolbarContextMenuLastCheckTime", "Mon Aug 13 2012 20:16:07 GMT+0100 (GMT Dayli[...]
Deleted : user_pref("CT3227982.usagesFlag", 2);
Deleted : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3227982&Search[...]
Deleted : user_pref("CommunityToolbar.ConduitSearchList", "appbario8 Customized Web Search");
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3227982/CT3227982[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3227982", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3227982",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"3ae[...]
Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Documents and Settings\\Home\\Application [...]
Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.15.0.0");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.conduit.com/ResultsExt.asp[...]
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT3227982");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT3227982");
Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT3227982");
Deleted : user_pref("CommunityToolbar.globalUserId", "06517215-b3e9-41fe-8768-760576433d43");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT3227982");
Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Mon Aug 13 2012 20:14:2[...]
Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Mon Aug 13 2012 20:14:28 GMT+0100 (G[...]
Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.notifications.userId", "44423814-4715-44fd-adeb-d6b8323892e9");
Deleted : user_pref("CommunityToolbar.originalHomepage", "hxxp://search.conduit.com/?ctid=CT3227980&SearchSour[...]
Deleted : user_pref("CommunityToolbar.originalSearchEngine", "appbario8 Customized Web Search");
Deleted : user_pref("browser.search.defaultenginename", "appbario8 Customized Web Search");
Deleted : user_pref("browser.search.defaultthis.engineName", "appbario8 Customized Web Search");
Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3227982&Sea[...]
Deleted : user_pref("browser.search.order.1", "appbario8 Customized Web Search");
Deleted : user_pref("extensions.addonfox.addit.remoteInstallItems", "{ \"software\": {\"1\": {\"id\": \"1\",\"[...]
*************************
AdwCleaner[R1].txt - [15399 octets] - [26/10/2012 17:23:04]
AdwCleaner[S1].txt - [15237 octets] - [30/10/2012 22:47:40]
########## EOF - C:\AdwCleaner[S1].txt - [15298 octets] ##########
Edgecrusher
2012-10-31, 00:25
All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0cc09160-108c-4759-bab1-5c12c216e005} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0cc09160-108c-4759-bab1-5c12c216e005}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cb3910b0-97bd-11e1-a032-00012e0b40db}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cb3910b0-97bd-11e1-a032-00012e0b40db}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cb3910b0-97bd-11e1-a032-00012e0b40db}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cb3910b0-97bd-11e1-a032-00012e0b40db}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cb3910b0-97bd-11e1-a032-00012e0b40db}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cb3910b0-97bd-11e1-a032-00012e0b40db}\ not found.
File E:\AutoInst.exe not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Home\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\Home\My Documents\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
File move failed. C:\WINDOWS\System32\drivers\etc\Hosts scheduled to be moved on reboot.
Error: Unble to create default HOSTS file!
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 368993 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Home
->Temp folder emptied: 31981147238 bytes
->Temporary Internet Files folder emptied: 137260411 bytes
->FireFox cache emptied: 496406420 bytes
->Flash cache emptied: 69446 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2162283 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 219014117 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 61992416 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 31,375.00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 10302012_230049
Files\Folders moved on Reboot...
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
upon reboot, the computer still takes like 5mins to load on desktop, but i guess its because this computer is really really old. as for watching youtube and imb videos, its still the same. i guess thats to do with the age of the pc as well, but streaming the videos are no problem at all since i use a wireless USB stick with a speed of 130.0Mbps. guess i will have to watch youtube videos on my spare laptop instead and use this one for other purposes.
TechieRanger
2012-11-01, 17:58
Thanks for the information and logs.:D:
COMBOFIX
---------------
Please download ComboFix from one of the following locations:
Location #1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Location #2 (http://www.infospyware.net/antimalware/combofix/) Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link (http://www.bleepingcomputer.com/forums/topic114351.html) to see a list of programs that should be disabled. The list is not all inclusive.)
Double click on ComboFix.exe and follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see a Congratulations!!! message.
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
WARNING: ComboFix will disconnect your machine from the Internet as soon as it starts.
Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
If there is no internet connection after running ComboFix, then restart your computer to restore back your connection.
In your next reply, please provide the following:
ComboFix log.
Regards,
Richard:greeting:
Edgecrusher
2012-11-01, 20:44
ComboFix 12-10-31.03 - Home 01/11/2012 19:15:33.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.768.355 [GMT 0:00]
Running from: c:\documents and settings\Home\My Documents\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\EventSystem.log
c:\windows\system32\_000007_.tmp.dll
c:\windows\system32\_000015_.tmp.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-10-01 to 2012-11-01 )))))))))))))))))))))))))))))))
.
.
2012-10-30 23:00 . 2012-10-30 23:00 -------- d-----w- C:\_OTL
2012-10-28 16:46 . 2012-10-28 16:46 65848 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-09 18:14 . 2012-04-02 10:40 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-09 18:14 . 2011-07-29 22:32 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-29 19:54 . 2011-08-07 21:08 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-30 20:29 . 2012-01-10 13:19 81920 ----a-w- c:\windows\system32\ieencode.dll
2012-08-30 20:29 . 2004-08-04 12:00 667136 ----a-w- c:\windows\system32\wininet.dll
2012-08-30 20:29 . 2004-08-04 12:00 61952 ----a-w- c:\windows\system32\tdc.ocx
2012-08-30 19:10 . 2012-09-14 12:58 65536 ----a-w- c:\windows\system32\OpenCL.dll
2012-08-28 13:00 . 2004-08-04 12:00 369664 ----a-w- c:\windows\system32\html.iec
2012-08-24 13:53 . 2004-08-04 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-21 13:29 . 2004-08-04 12:00 2192896 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58 . 2004-08-03 22:59 2069632 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-08-21 12:01 . 2011-07-31 23:58 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-21 12:01 . 2011-07-31 23:58 106928 ----a-w- c:\windows\system32\GEARAspi.dll
2012-10-29 12:12 . 2012-10-29 12:11 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="c:\program files\Spotify\Data\SpotifyWebHelper.exe" [2012-10-26 1199576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2006-01-11 577536]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-10 348664]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"D-Link D-Link Wireless N DWA-140"="c:\program files\D-Link\D-Link Wireless N DWA-140\AirNCFG.exe" [2008-04-15 1675264]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 1622016]
"NvMediaCenter"="NvMCTray.dll" [2006-10-22 86016]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-09 421776]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
NETGEAR WNDA3200 Smart Wizard.lnk - c:\program files\NETGEAR\WNDA3200\WNDA3200WPSMgr.exe [2012-5-6 565248]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [28/10/2012 16:46 65848]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [05/10/2011 16:55 36000]
R1 RapportCerberus_43926;RapportCerberus_43926;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus32_43926.sys [23/10/2012 16:30 272216]
R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [28/10/2012 16:46 71480]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [28/10/2012 16:46 166840]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [05/10/2011 16:55 86224]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [29/07/2011 22:01 95232]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [28/10/2012 16:46 976728]
R2 WDCS_WNDA3200;NETGEAR WNDA3200 Device Checking Service;c:\program files\NETGEAR\WNDA3200\WifiDevChkSvc.exe [06/05/2012 20:55 167936]
R3 ctlsb16;Creative SB16/AWE32/AWE64 Driver (WDM);c:\windows\system32\drivers\ctlsb16.sys [14/09/2012 10:41 96256]
R3 ELNK3;3Com EtherLink III;c:\windows\system32\drivers\elnk3.sys [14/09/2012 10:41 25159]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [06/05/2012 20:55 57440]
R3 RapportIaso;RapportIaso;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\39624\RapportIaso.sys [08/06/2012 20:51 21520]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [02/04/2012 10:40 250808]
S3 ALSysIO;ALSysIO;\??\c:\docume~1\Home\LOCALS~1\Temp\ALSysIO.sys --> c:\docume~1\Home\LOCALS~1\Temp\ALSysIO.sys [?]
S3 AR9271;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [06/05/2012 20:55 1759584]
S3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files\NETGEAR\WNDA3200\jswpsapi.exe [06/05/2012 20:55 360529]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [11/06/2012 18:29 115168]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - RAPPORTMGMTSERVICE
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 18:15]
.
2012-07-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://uk.search.yahoo.com/search?fr=mcafee&p=%s%s
TCP: DhcpNameServer = 192.168.1.254 192.168.1.254
TCP: Interfaces\{DBF607C1-DE27-4DCE-9317-192C135086B0}: NameServer = 85.17.255.198,46.19.33.120
FF - ProfilePath - c:\documents and settings\Home\Application Data\Mozilla\Firefox\Profiles\vfv1tlv3.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=mcafee&p=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-01 19:32
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2012-11-01 19:38:20
ComboFix-quarantined-files.txt 2012-11-01 19:38
.
Pre-Run: 49,879,822,336 bytes free
Post-Run: 49,839,575,040 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 7AE6AE64ACC3D26D2854303B0424D157
TechieRanger
2012-11-01, 23:43
Thanks for providing the log.:bigthumb:
How is the PC running now?:)
Please move ComboFix.exe to the Desktop. It is currently in the location below:
c:\documents and settings\Home\My Documents\Downloads\ComboFix.exe
In your next reply, please provide the following:
Update on how your PC is running.
Regards,
Richard:greeting:
Edgecrusher
2012-11-02, 00:10
i hate to say it, but its still the same. i dont think combofix detected anything?
Edgecrusher
2012-11-02, 00:12
but the internet seems to be running at the normal speed, it usually does. so i dont have any trouble opening and loading pages.
TechieRanger
2012-11-02, 19:05
:2thumb:
Please run OTL.exe.
Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:OTL
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DBF607C1-DE27-4DCE-9317-192C135086B0}: NameServer = 85.17.255.198,46.19.33.120
:Commands
[purity]
[Reboot]
Then click the Run Fix button at the top.
Let the program run unhindered, reboot when it is done.
Then post the results of the log it produces.
In your next reply, please provide the following:
OTL log.
Update on how your PC is running.
Regards,
Richard:greeting:
Edgecrusher
2012-11-02, 20:00
tried it, but after rebooting, no logs appeared.
TechieRanger
2012-11-02, 21:45
No problem :)
A copy of the OTL fix log can be found by navigating to C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.:bigthumb:
In your next reply, please provide the following:
OTL log.
Update on how your PC is running.
Regards,
Richard:greeting:
Edgecrusher
2012-11-02, 22:39
here is the log, but still no difference at all. I dont think it could be fixed.
========== OTL ==========
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DBF607C1-DE27-4DCE-9317-192C135086B0}\\NameServer| /E : value set successfully!
========== COMMANDS ==========
OTL by OldTimer - Version 3.2.69.0 log created on 11022012_184906
TechieRanger
2012-11-03, 00:12
Nice work:police:
MALWAREBYTES' ANTI-MALWARE
-------------------------------------------
I see that you have Malwarebytes' Anti-Malware installed.
Open Malwarebytes' Anti-Malware.
Click on the Update tab and check for updates. If an update is found, it will download and install the latest version.
Once that is done, click on the Scanner tab, select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Next
ESET ONLINE SCANNER
----------------------------
I'd like us to scan your machine with ESET OnlineScan
Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://eset.com/onlinescan)
Click the green ESET Online Scanner button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps):
Click on Download to download the ESET Smart Installer. Save it to your desktop.
Double click on the esetsmartinstaller_enu.exe icon on your desktop.
Check YES, I accept the Terms of Use.
Click the Start button.
Accept any security warnings from your browser.
Check Scan archives.
Ensure that the option "Remove found threats" is Unchecked.
Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
Push the Start button.
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, push List of found threats.
Push Export to text file..., and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Note - when ESET doesn't find any threats, no report will be created.
Push the Back button.
Push Finish.
Next
Please post a fresh OTL scan log so I can review it.
In your next reply, please provide the following:
MBAM log.
ESET log.
OTL scan log.
Update on how your PC is running.
Regards,
Richard:greeting:
Edgecrusher
2012-11-03, 01:34
here is the malwarebytes log. will do the rest tomorrow.
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org
Database version: v2012.11.03.01
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
Home :: FAMILYPC-0F08F1 [administrator]
03/11/2012 00:06:27
mbam-log-2012-11-03 (00-06-27).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 209006
Time elapsed: 20 minute(s), 50 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Edgecrusher
2012-11-04, 00:49
D:\WINNT\npptools.dll probably a variant of Win32/Agent.NWDIEZZ trojan
D:\WINNT\WanPacket.dll probably a variant of Win32/Agent.IATKQJC trojan
Edgecrusher
2012-11-04, 12:26
OTL logfile created on: 04/11/2012 10:37:40 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Home\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
767.54 Mb Total Physical Memory | 380.35 Mb Available Physical Memory | 49.55% Memory free
2.12 Gb Paging File | 1.67 Gb Available in Paging File | 78.97% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.55 Gb Total Space | 45.97 Gb Free Space | 61.67% Space Free | Partition Type: NTFS
Drive D: | 9.54 Gb Total Space | 5.85 Gb Free Space | 61.31% Space Free | Partition Type: NTFS
Computer Name: FAMILYPC-0F08F1 | User Name: Home | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Program Files\Trusteer\Rapport\bin\RapportService.exe (Trusteer Ltd.)
PRC - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
PRC - C:\Program Files\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
PRC - C:\Documents and Settings\Home\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - c:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\NETGEAR\WNDA3200\WNDA3200WPSMgr.exe (NETGEAR)
PRC - C:\Program Files\NETGEAR\WNDA3200\WifiDevChkSvc.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
========== Modules (No Company Name) ==========
MOD - C:\Program Files\Trusteer\Rapport\bin\js32.dll ()
MOD - C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll ()
MOD - C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\39624\RapportMS.dll ()
MOD - C:\WINDOWS\system32\quartz.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\NETGEAR\WNDA3200\WPSLib.dll ()
MOD - C:\Program Files\NETGEAR\WNDA3200\WifiDevChkSvc.exe ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()
MOD - C:\WINDOWS\system32\nvshell.dll ()
MOD - C:\WINDOWS\system32\nvapi.dll ()
========== Services (SafeList) ==========
SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (RapportMgmtService) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (McAfee SiteAdvisor Service) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (WDCS_WNDA3200) -- C:\Program Files\NETGEAR\WNDA3200\WifiDevChkSvc.exe ()
SRV - (jswpsapi) -- C:\Program Files\NETGEAR\WNDA3200\jswpsapi.exe (Atheros Communications, Inc.)
========== Driver Services (SafeList) ==========
DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\DOCUME~1\Home\LOCALS~1\Temp\catchme.sys File not found
DRV - (ALSysIO) -- C:\DOCUME~1\Home\LOCALS~1\Temp\ALSysIO.sys File not found
DRV - (RapportEI) -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys (Trusteer Ltd.)
DRV - (RapportPG) -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (Trusteer Ltd.)
DRV - (RapportKELL) -- C:\WINDOWS\system32\drivers\RapportKELL.sys (Trusteer Ltd.)
DRV - (RapportCerberus_43926) -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus32_43926.sys ()
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\WINDOWS\system32\drivers\avkmgr.sys (Avira GmbH)
DRV - (AR9271) -- C:\WINDOWS\system32\drivers\athuw.sys (Atheros Communications, Inc.)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (fssfltr) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation)
DRV - (JSWSCIMD) -- C:\WINDOWS\system32\drivers\jswscimd.sys (Atheros Communications, Inc.)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (rt2870) -- C:\WINDOWS\system32\drivers\rt2870.sys (Ralink Technology, Corp.)
DRV - (ANIO) -- C:\WINDOWS\system32\ANIO.sys (Alpha Networks Inc.)
DRV - (ALCXWDM) -- C:\WINDOWS\system32\drivers\alcxwdm.sys (Realtek Semiconductor Corp.)
DRV - (rtl8139) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (ctlsb16) -- C:\WINDOWS\system32\drivers\ctlsb16.sys (Copyright (C) Creative Technology Ltd. 1994-2001)
DRV - (ELNK3) -- C:\WINDOWS\system32\drivers\elnk3.sys (3Com Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{398B7CF9-BCF9-46EA-8A8D-E0B4C5AAB69E}: "URL" = http://uk.search.yahoo.com/search?fr=mcafee&p={SearchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.selectedEngine: "Secure Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledAddons: {ad48108d-92a6-4eb9-87e4-978aca1dbae4}:1.2.1
FF - prefs.js..extensions.enabledAddons: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20120926
FF - prefs.js..extensions.enabledAddons: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.6
FF - prefs.js..extensions.enabledAddons: {4ED1F68A-5463-4931-9384-8FFF5ED91D92}:3.5.0
FF - prefs.js..keyword.URL: "http://uk.search.yahoo.com/search?fr=mcafee&p="
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2012/09/30 16:28:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/11/13 21:18:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/10/29 12:12:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/10/29 12:11:40 | 000,000,000 | ---D | M]
[2011/07/29 20:40:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Home\Application Data\Mozilla\Extensions
[2012/11/02 18:57:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\vfv1tlv3.default\extensions
[2012/10/03 07:05:59 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\vfv1tlv3.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012/11/02 18:57:37 | 000,530,388 | ---- | M] () (No name found) -- C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\vfv1tlv3.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012/01/12 07:59:35 | 000,292,116 | ---- | M] () (No name found) -- C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\vfv1tlv3.default\extensions\{ad48108d-92a6-4eb9-87e4-978aca1dbae4}.xpi
[2012/10/29 12:11:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/09/30 16:28:27 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
[2012/10/29 12:12:31 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/06/11 18:29:30 | 000,001,525 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/09/30 17:04:46 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/06/11 18:29:30 | 000,000,935 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/06/11 18:29:30 | 000,001,166 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/08/13 20:12:22 | 000,002,027 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2012/10/13 13:31:00 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012/06/11 18:29:30 | 000,001,121 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml
O1 HOSTS File: ([2012/11/01 19:32:01 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [D-Link D-Link Wireless N DWA-140] C:\Program Files\D-Link\D-Link Wireless N DWA-140\AirNCFG.exe (D-Link)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Program Files\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WNDA3200 Smart Wizard.lnk = C:\Program Files\NETGEAR\WNDA3200\WNDA3200WPSMgr.exe (NETGEAR)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{178F3F01-59E9-4B64-A167-017FBD2D3F6C}: DhcpNameServer = 192.168.1.254 192.168.1.254
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/07/29 19:08:20 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [1997/01/01 00:45:54 | 000,000,000 | -H-- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2012/11/03 12:32:35 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/11/01 19:31:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012/11/01 19:11:49 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/11/01 19:09:15 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/11/01 19:09:15 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/11/01 19:09:15 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/11/01 19:09:15 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/11/01 19:08:37 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/11/01 19:08:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2012/10/30 23:00:49 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/10/30 11:18:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home\My Documents\My Received Files
[2012/10/29 12:11:22 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/10/28 16:46:34 | 000,065,848 | ---- | C] (Trusteer Ltd.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys
[2012/10/21 17:49:24 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Home\Start Menu\Programs\Administrative Tools
========== Files - Modified Within 30 Days ==========
[2012/11/04 10:31:28 | 000,088,566 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012/11/04 10:30:44 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/11/04 10:30:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/11/04 00:11:03 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/11/03 12:32:10 | 000,000,727 | ---- | M] () -- C:\Documents and Settings\Home\Desktop\Shortcut to esetsmartinstaller_enu.exe.lnk
[2012/11/01 23:08:45 | 000,000,657 | ---- | M] () -- C:\Documents and Settings\Home\Desktop\Shortcut to ComboFix.lnk
[2012/11/01 19:32:01 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/11/01 19:11:59 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/10/30 22:08:05 | 000,009,873 | ---- | M] () -- C:\Documents and Settings\Home\Desktop\AVSCAN-20121002-191354-06007368.zip
[2012/10/30 18:37:47 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/29 11:52:32 | 000,013,836 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2012/10/29 10:17:17 | 000,433,780 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/10/29 10:17:17 | 000,068,560 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/10/28 16:46:34 | 000,065,848 | ---- | M] (Trusteer Ltd.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys
[2012/10/21 17:55:22 | 000,003,309 | ---- | M] () -- C:\Documents and Settings\Home\Desktop\attach.zip
[2012/10/21 17:54:11 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Home\Desktop\MBR.dat
[2012/10/10 22:25:46 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/10/09 18:14:57 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/10/09 18:14:55 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
========== Files Created - No Company Name ==========
[2012/11/03 12:32:09 | 000,000,727 | ---- | C] () -- C:\Documents and Settings\Home\Desktop\Shortcut to esetsmartinstaller_enu.exe.lnk
[2012/11/01 23:08:44 | 000,000,657 | ---- | C] () -- C:\Documents and Settings\Home\Desktop\Shortcut to ComboFix.lnk
[2012/11/01 19:11:59 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/11/01 19:11:54 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/11/01 19:09:15 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/11/01 19:09:15 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/11/01 19:09:15 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/11/01 19:09:15 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/11/01 19:09:15 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/10/30 22:08:04 | 000,009,873 | ---- | C] () -- C:\Documents and Settings\Home\Desktop\AVSCAN-20121002-191354-06007368.zip
[2012/10/29 11:52:32 | 000,013,836 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2012/10/21 17:55:22 | 000,003,309 | ---- | C] () -- C:\Documents and Settings\Home\Desktop\attach.zip
[2012/10/21 17:54:11 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Home\Desktop\MBR.dat
[2012/04/14 23:46:31 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/02/16 11:06:17 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/08/21 22:20:01 | 000,018,944 | ---- | C] () -- C:\Documents and Settings\Home\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/29 21:51:53 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2011/07/29 21:51:31 | 000,135,168 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2011/07/29 20:40:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/07/29 19:53:17 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/07/29 19:52:09 | 000,098,256 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/29 19:10:25 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/07/29 19:05:45 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
========== ZeroAccess Check ==========
[2011/07/29 22:52:06 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2012/08/30 20:29:36 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 12:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 00:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
< End of report >
TechieRanger
2012-11-05, 20:16
Please go to VirusTotal (http://www.virustotal.com).
Click Choose File and browse to the file listed below in bold and click Scan it!.
D:\WINNT\npptools.dll
There might be a short wait.
Select Reanalyse file and post back with the results of the scan.
Do the same for:
D:\WINNT\WanPacket.dll
Next
Download Security Check by screen317 from here (http://screen317.spywareinfoforum.org/SecurityCheck.exe) or here (http://screen317.changelog.fr/SecurityCheck.exe).
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.
In your next reply, please provide the following:
VirusTotal results.
Security Check log.
Update on how your PC is running.
Regards,
Richard:greeting:
Edgecrusher
2012-11-06, 01:01
ssdeep
768:f2oR2jzVgu1E2ekCIHnbF0p2pxrtjpg7d8W0kxk:OoR2jBgu1E2fCqyp2Lrtjpg7d8Wr2
TrID
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
F-Prot packer identifier
NSPack
Command packer identifier
NSPack
PEiD packer identifier
NsPacK V3.7 -> LiuXingPing
ExifTool
MIMEType.................: application/octet-stream
Subsystem................: Windows GUI
MachineType..............: Intel 386 or later, and compatibles
TimeStamp................: 2004:08:17 01:38:33+02:00
FileType.................: Win32 DLL
PEType...................: PE32
CodeSize.................: 0
LinkerVersion............: 7.1
EntryPoint...............: 0x127da
InitializedDataSize......: 28672
SubsystemVersion.........: 4.0
ImageVersion.............: 1.0
OSVersion................: 5.1
UninitializedDataSize....: 69632
Sigcheck
publisher................: Microsoft Corporation
product..................: Microsoft(R) Windows(R) Operating System
internal name............: NPPTools.DLL
copyright................: (C) Microsoft Corporation. All rights reserved.
original name............: NPPTools.DLL
file version.............: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
description..............: NPP Tools Helper DLL
Portable Executable structural information
Compilation timedatestamp.....: 2004-08-16 23:38:33
Target machine................: 0x14C (Intel 386 or later processors and compatible processors)
Entry point address...........: 0x000127DA
PE Sections...................:
Name Virtual Address Virtual Size Raw Size Entropy MD5
.nsp0 4096 69632 0 0.00 d41d8cd98f00b204e9800998ecf8427e
.nsp1 73728 28672 27477 7.80 aaf05c5d15829dd226e2ba24ac6b513a
.nsp2 102400 6481 0 0.00 d41d8cd98f00b204e9800998ecf8427e
PE Imports....................:
[[KERNEL32.DLL]]
VirtualFree, ExitProcess, VirtualProtect, LoadLibraryA, VirtualAlloc, GetProcAddress
[[MSVCRT.DLL]]
strpbrk
[[OLEAUT32.DLL]]
Ord(2)
[[MFC42U.DLL]]
Ord(823)
[[ADVAPI32.DLL]]
RegQueryValueExA
[[OLE32.DLL]]
CoCreateInstance
[[USER32.DLL]]
GetDlgItem
PE Exports....................:
ClearEventData, CreateBlob, CreateNPPInterface, DestroyBlob, DestroyNPPBlobTable, DuplicateBlob, FilterNPPBlob, FindOneOf, FindUnknownBlobCategories, FindUnknownBlobTags, GetBoolFromBlob, GetClassIDFromBlob, GetDwordFromBlob, GetMacAddressFromBlob, GetNPPAddressFilterFromBlob, GetNPPBlobFromUI, GetNPPBlobTable, GetNPPEtypeSapFilter, GetNPPMacTypeAsNumber, GetNPPPatternFilterFromBlob, GetNPPTriggerFromBlob, GetNetworkInfoFromBlob, GetStringFromBlob, GetStringsFromBlob, IsRemoteNPP, LockBlob, MarshalBlob, MergeBlob, NmAddUsedEntry, NmHeapAllocate, NmHeapFree, NmHeapReallocate, NmHeapSetMaxSize, NmHeapSize, NmRemoveUsedEntry, RaiseNMEvent, ReadBlobFromFile, RegCreateBlobKey, RegOpenBlobKey, ReleaseEventSystem, RemoveFromBlob, SelectNPPBlobFromTable, SendEvent, SetBoolInBlob, SetClassIDInBlob, SetDwordInBlob, SetMacAddressInBlob, SetNPPAddressFilterInBlob, SetNPPEtypeSapFilter, SetNPPPatternFilterInBlob, SetNPPTriggerInBlob, SetNetworkInfoInBlob, SetStringInBlob, SubkeyExists, UnMarshalBlob, UnlockBlob, WriteBlobToFile, WriteCrackedBlobToFile, recursiveDeleteKey, setKeyAndValue
PE Resources..................:
Resource type Number of resources
RT_STRING 3
RT_DIALOG 1
RT_MESSAGETABLE 1
RT_VERSION 1
Resource language Number of resources
CHINESE SIMPLIFIED 6
ClamAV PUA Engine
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: http://www.clamav.net/support/faq/pua.
First seen by VirusTotal
2008-03-23 16:25:25 UTC ( 4 years, 7 months ago )
Last seen by VirusTotal
2012-09-18 03:35:33 UTC ( 1 month, 2 weeks ago )
File names (max. 25)
NPPTools.DLL
npptools.dll
fa95d1ea9290482f28ca739461034842
FA95D1EA9290482F28CA739461034842
D4293C6FACB8201BB3417F944AB349A0330682FE
Edgecrusher
2012-11-06, 01:24
ssdeep
384:VN+2vD6X10xOl1dCrUexOLTgd1lStyBg+Rt99kTIYJLWD5RZbxF6jm17K:VA2gxl5exOLEdqtyBjRtbmdLKLbDmw7K
TrID
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
F-Prot packer identifier
NSPack, PE_Patch
Command packer identifier
NSPack, PE_Patch
PEiD packer identifier
NsPacK V3.7 -> LiuXingPing
ExifTool
MIMEType.................: application/octet-stream
Subsystem................: Windows GUI
MachineType..............: Intel 386 or later, and compatibles
TimeStamp................: 2007:11:06 20:13:46+00:00
FileType.................: Win32 DLL
PEType...................: PE32
CodeSize.................: 0
LinkerVersion............: 6.0
EntryPoint...............: 0x10641
InitializedDataSize......: 24576
SubsystemVersion.........: 4.0
ImageVersion.............: 0.0
OSVersion................: 4.0
UninitializedDataSize....: 61440
Sigcheck
publisher................: CACE Technologies
product..................: WinPcap
internal name............: WanPacket.dll
file version.............: 4.0.0.1040
original name............: WanPacket.dll
copyright................: Copyright (c) 2005-2007 CACE Technologies. Copyright (c) 2003-2005 NetGroup, Politecnico di Torino.
description..............: WinPcap low level NetMon wrapper library
Portable Executable structural information
Compilation timedatestamp.....: 2007-11-06 20:13:46
Target machine................: 0x14C (Intel 386 or later processors and compatible processors)
Entry point address...........: 0x00010641
PE Sections...................:
Name Virtual Address Virtual Size Raw Size Entropy MD5
.nsp0 4096 61440 0 0.00 d41d8cd98f00b204e9800998ecf8427e
.nsp1 65536 24576 23012 7.85 d3b910657e6644ae302dcacd511a22ed
.nsp2 90112 6340 0 0.00 d41d8cd98f00b204e9800998ecf8427e
PE Imports....................:
[[NPPTOOLS.DLL]]
CreateNPPInterface
[[KERNEL32.DLL]]
VirtualFree, ExitProcess, VirtualProtect, LoadLibraryA, VirtualAlloc, GetProcAddress
[[OLE32.DLL]]
CoInitializeEx
PE Exports....................:
WanPacketCloseAdapter, WanPacketGetReadEvent, WanPacketGetStats, WanPacketOpenAdapter, WanPacketReceivePacket, WanPacketSetBpfFilter, WanPacketSetBufferSize, WanPacketSetMinToCopy, WanPacketSetMode, WanPacketSetReadTimeout, WanPacketTestAdapter
PE Resources..................:
Resource type Number of resources
RT_VERSION 1
Resource language Number of resources
NEUTRAL 1
Prevx
http://info.prevx.com/aboutprogramtext.asp?PX5=F820B098F8717D4577E800924EDB0C00A24EDB95
ClamAV PUA Engine
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: http://www.clamav.net/support/faq/pua.
First seen by VirusTotal
2008-03-28 11:34:34 UTC ( 4 years, 7 months ago )
Last seen by VirusTotal
2012-11-06 00:03:03 UTC ( 18 minutes ago )
File names (max. 25)
WanPacket.dll
7BA91D85248C8A404418D58303FFE993
C19F9BA21CB5DC1C0DC6425902FFE7979961A48C
Edgecrusher
2012-11-06, 01:32
Results of screen317's Security Check version 0.99.54
Windows XP Service Pack 3 x86
Internet Explorer 6 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Avira Free Antivirus
ESET Online Scanner v3
Avira successfully updated!
`````````Anti-malware/Other Utilities Check:`````````
McAfee SiteAdvisor
Malwarebytes Anti-Malware version 1.65.1.1000
Adobe Flash Player 11.4.402.287
Adobe Reader X (10.1.4)
Mozilla Firefox (16.0.2)
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 15% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
TechieRanger
2012-11-07, 21:00
The files we checked seem to be OK.:police:
Please run OTL.exe.
Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:OTL
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
:Commands
[purity]
[Reboot]
Then click the Run Fix button at the top.
Let the program run unhindered, reboot when it is done.
Then post the results of the log it produces.
In your next reply, please provide the following:
OTL log.
Update on how your PC is running.
Regards,
Richard:greeting:
Edgecrusher
2012-11-07, 23:15
ESET did find 2 trojans though
Edgecrusher
2012-11-07, 23:58
========== OTL ==========
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
========== COMMANDS ==========
OTL by OldTimer - Version 3.2.69.0 log created on 11072012_223417
Edgecrusher
2012-11-08, 00:43
after updating flash player, the same thing still happens. but then i did a little bit of browsing and came across this site, that someone probably has the same problem as me, with the "video starts playing but audio lags (~less than a second) and starts just after the video, resulting in the audio to be out of sync with the video throughout the entire duration."
"Users mention that disabling pepflashplayer.dll fixes it".
im guessing this could be the problem, but not sure.
TechieRanger
2012-11-09, 00:59
The items found by ESET seem to be Potentially unwanted applications (not necessarily intended to be malicious). They do not need to be removed.:bigthumb:
The audio out of sync problems could be the result of the 15% fragmentation on Drive C, not enough RAM, and unnecessary programs running.:)
Please run a defrag:
Open My Computer.
Right-click the local disk volume that you want to defragment (usually your C:\ drive) > then click Properties.
On the Tools tab > click Defragment Now.
Click Defragment.
Next
Please try Disabling hardware accelerated video playback (http://support.google.com/youtube/bin/answer.py?hl=en&answer=1230977).
Next
You may wish to try StartupLite (http://www.malwarebytes.org/startuplite.php). Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve performance.
Next
Your version of Internet Explorer is out of date. You can download Internet Explorer 8 which works with all versions of Windows XP from here (http://windows.microsoft.com/en-US/internet-explorer/downloads/ie-8).
How is the computer running?:D:
In your next reply, please provide the following:
Update on how your PC is running.
Regards,
Richard:greeting:
Edgecrusher
2012-11-09, 21:39
just to let you know, im away tomorrow 10 november for one week. so will be back 17th november. please keep this topic open if possible.
Edgecrusher
2012-11-10, 00:41
managed to defrag the c drive and the other things you mentioned in your previous post, but after rebooting the computer, it still did take 5 mins to load up and still got the video issues. i wont be back until 17th november.
TechieRanger
2012-11-10, 00:59
No problem:) Thanks for letting me know.:bigthumb:
Regards,
Richard:greeting:
Edgecrusher
2012-11-17, 23:56
i am now back. but i dont think anything else could be more done about this problem. its probably just the video graphics card that is old.
TechieRanger
2012-11-18, 14:23
Do you experience the sync issues on all video quality settings? :)
Since the Flash Player for Firefox, Internet Explorer and Chrome are quite different, you may find that one browser provides you with a better experience than another.:kboard:
If the sync issues continue, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware (http://www.bleepingcomputer.com/forums/index.php?showtopic=87058&view=findpost&p=487112).
If you are not having any other malware problems, it is time to do our final steps:
I'm pleased to let you know that the infections seem to have been taken care of!:2thumb:
Thank you for your patience, and performing all of the procedures requested. I would also like to take this opportunity to apologize for any delay that may have occurred.
Now, we need to do some house cleaning. You have out of date programs that leave you susceptible to future malware infections, so we will be updating those as well.:cleaning:
Step 1
Uninstall ComboFix
Follow these steps to uninstall ComboFix:
Make sure your security programs are totally disabled.
Ensure ComboFix.exe is on your Desktop.
Press the Windows key + R to open a Run box.(Windows key is between the "Ctrl" key and "Alt" key)
Now copy/paste the following into the Run box and click OK:
ComboFix /uninstall
Note the space between the ...X and the /U, it needs to be there.
Step 2
OTL CleanUp and Leftover Tool/Log Removal
Run OTL.exe
Click the green CleanUp! button on the OTL start screen.
Accept any prompts to let the program proceed.
This will remove any tools we used, including itself, and will require a reboot.
Leftover Tool/Log Removal
Please remove the following logs/tools left on your Desktop (Right click and delete them.):
SecurityCheck.exe
checkup.txt
AdwCleaner[R1].txt
AdwCleaner[S1].txt
Avira logs.
AVSCAN-20121002-191354-06007368.zip
ESETScan log.
MBAM log.
MBR.dat
MBR.zip
After deleting these, please empty your Recycle Bin. To do this navigate to your Desktop, right click on the Recycle Bin icon and select Empty Recycle Bin.
Step 3
Uninstall AdwCleaner
Double-click AdwCleaner.exe to run the tool.
Click Uninstall.
Confirm with yes.
Step 4
Update Adobe Reader
Your version of Adobe Reader is out-of-date. There are serious security issues with older versions of Adobe Reader.
I'm not asking you to update the Adobe Acrobat installation, which can be quite costly. I am going to insist that you update your Adobe Reader software.
Then use the Reader for viewing PDF files... you can use the Acrobat software for your other needs.
Please download the current version of Adobe Reader (http://www.adobe.com/products/acrobat/readstep2.html).
Please UNCHECK the box for the: Free McAfee Security Scan.
Click the Download now button. If you don't already have Adobe DLM, you may recieve a prompt.
If prompted to install Adobe DLM, note that this software is not a requirement to obtain the latest Adobe Reader software.
The Adobe (DLM) Download Manager allows you to pick up where you left off, if your download process is interrupted. A good idea if you are using dial-up.
If you choose to install Adobe DLM, it will start the download automatically. Adobe DLM software removal instructions available here (http://kb.adobe.com/selfservice/viewContent.do?externalId=kb400533) if wanted.
If not using Adobe DLM, click on the highlighted click here to download text to begin the Reader download.
Save the file to your desktop.
Uninstall OLD Adobe Reader
Please uninstall Adobe Reader before installing the latest version... Go to Start > Control Panel
Double click on Add/Remove Programs... Locate:
Adobe Reader...version to remove
Click on Change/Remove to uninstall it. Once uninstalled, Close and exit Control Panel.
Click on the Adobe Acrobat Reader (AdbeRdrxx_en_US.exe) icon, on your desktop to install the new (free) version.
The Adobe Reader download file name will be different, depending on the language or OS chosen. xx in the name = version numbers.
The Adobe installer will check your system and begin the installation process. Use the default installation parameters.
When the installation is complete... Close and re-open your Internet browser.
Step 5
Update your AntiVirus Software
It is imperative that you update your antivirus software at least once a week. The best solution is to enable automatic updates. If you do not update your antivirus software, then it will not be able to catch any of the new variants that may come out.
Please see below for tips on how to better protect your computer from future malware infections.
--------------------------------------------------------------------------------------------------------------
MICROSOFT UPDATES
It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser up to date will help make you less susceptible to attacks by Trojans and viruses. Please go to Microsoft (http://v4.windowsupdate.microsoft.com/en/default.asp) and download all the critical updates to help prevent possible re-infection.
Passwords
It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
Strong passwords: How to create and use them (http://www.microsoft.com/protect/yourself/password/create.mspx) and consider a password keeper (http://keepass.info/), to keep all your passwords safe.
SPYWARE PREVENTION
This is a good time to set up protection against further attacks. In light of your recent problem, I'm sure you'd like to avoid any future infections. Please read these well written articles:
How Did I Get Infected In The First Place? (http://forums.whatthetech.com/So_how_did_I_get_infected_first_place_t57817.html) by TonyKlein
How to Prevent Malware (http://users.telenet.be/bluepatchy/miekiemoes/prevention.html)by miekiemoes
PC Safety and Security--What Do I Need? (http://www.techsupportforum.com/forums/f112/pc-safety-and-security-what-do-i-need-525915.html)
Malwarebyte's Anti-Malware
Malwarebyte's Anti-Malware is an excellent application and I advise you keep this installed. Check for updates and run a scan once a week.
Emergency Recovery Utility NT
You should keep a copy of ERUNT (http://www.larshederer.homepage.t-online.de/erunt/index.htm) installed as a means to create a complete backup of your registry and restore it when needed.
Make your Internet Explorer more secure
Please follow these instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next, press the Apply button and then the OK to exit the Internet Properties page.
Keep a backup of your important files
It's easy to protect your digital files: http://www.geekstogo.com/keep-your-files-s...ckup-made-easy/ (http://www.geekstogo.com/keep-your-files-safe-online-backup-made-easy/). This article presents good information on alternatives for home backup solutions.
To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:
WOT (http://www.mywot.com/), Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
Green to go
Yellow for caution
Red to stop
WOT has an add-on available for both Firefox and IE.
SpywareBlaster (http://www.javacoolsoftware.com/sbdownload.html) prevents the installation of ActiveX-based malware, blocks cookies, and restricts the actions of "bad" sites. See tutorial here (http://www.bleepingcomputer.com/tutorials/tutorial49.html)
Follow this list and keep your antivirus program and antispyware programs updated and scan with them on a regular basis. By doing so, your potential for being infected again will reduce dramatically.
Hopefully this should take care of your problems! Good luck.
Do you have any questions to ask? Please do not hesitate to do so.
Regards,
Richard:greeting:
Edgecrusher
2012-11-18, 16:23
on a youtube video, i set it to 240p and it seems to be a lot better than the usual 360p setting that i usually use. but anything else higher than 360p, still does the same thing. but on imdb, when i change the video settings to standard, still no change.
Edgecrusher
2012-11-18, 23:15
i've also checked how much RAM i have left. 768MB. do you think that could be the problem as well the graphics card?
TechieRanger
2012-11-20, 02:00
I think that not having enough RAM could be part of the issues. I would also make sure that the computer meets or exceeds Flash Player's processor and graphics memory requirements for a better viewing experience.:2thumb:
www.adobe.com/products/flashplayer/tech-specs.html (http://www.adobe.com/products/flashplayer/tech-specs.html)
Regards,
Richard:greeting:
Edgecrusher
2012-11-22, 14:35
i've updated to the latest flash player, but still no use. im gonna just give up on it.
oldman960
2012-12-05, 13:26
Since this issue appears to be resolved ... this Topic has been closed.