Jump to content

Avenger.txt reloads and grows in size after each startup recommended by MAM so as to rid of captured malware


KVT

Recommended Posts

Operating system is XP / Available hard drive memory of 12.6 GBs

 

I found this member exchange here which is relative:  https://forums.malwarebytes.org/index.php?/topic/131885-avenger-file/

to my issue which is very similar:

 

Each time that I am instructed to close MAM to remove the quarantined captured malware files after a scan - these are Trojan.0Acess like and Pur.Optional.CrossRider files, some were found in registry files (HKLM) - I detect the Avenger.txt file and some unusual new files added to my C: drive; which fast grows in size, increases the CPU running and freezes the laptop. Before that happens, I force a restart and then go and delete the Avenger. txt file. That is when the CPU slows down and I can work almost normally, including using Chrome and posting this topic.
 

On the early infection, I observed html files called 'encrypted...something'' that were installed in C drive, inside various folders. I had checked all the folders and i copied my document folders and moved some infected (not knowing then exactly) files to an external drive, as a back up. This external drive may be now also infected. I have someone running a scan via an uninfected machine.     

 

It appears that as long as I will be running MAM it will be capturing new malware and I will be needing to empty them by restarting, which invites Avenger to reinstall itself and its large text file. 

 

So, how do i avoid this happening and how do i detect and rid of the infected files in both the hard drive and the external drive? . What about registry files?

 

 

  

Link to post
Share on other sites
  • Replies 168
  • Created
  • Last Reply

Hello,
    
 
They call me TwinHeadedEagle around here, and I'll be working with you.
 
    
 
    
Before we start please read and note the following:
    
icon_arrow.gif Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
icon_arrow.gif Please be patient. I know it is frustrating when your PC isn't working properly, but malware removal takes time.
icon_arrow.gif Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
icon_arrow.gif Do not paste the logs in your posts, attachments make my work easier. There is a Attach Files option below which you can use to attach your reports. Always attach reports from all tools.
icon_arrow.gif Stay with me to the end, the absence of symptoms doesn't mean that your machine is fully operational.
icon_arrow.gif Note that we may live in totally different time zones, what may cause some delays between answers.
icon_arrow.gif Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.
icon_arrow.gif If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
    
icon_idea.gif I can't foresee everything, so if anything unexpected happens, please stop and inform me!
icon_idea.gif There are no silly questions. Never be afraid to ask if in doubt!
 
 
 
 
P2P/Piracy Warning:

  • If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.
  • Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

 

 

Do not use external hard drive until I tell you.
 
 
 
 

Please download Farbar Recovery Scan Tool and save it to your desktop.
 
Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Link to post
Share on other sites

Thank you for for your prompt reply and willingness to help. I am so worried and i do not know who to trust or not any more. It seems an endless game of hackers disguising themselves and viruses. Should I trust you and download Farbar? it wont do more damage, adding more viruses? Pls help me to trust this log..? thank you.    

Link to post
Share on other sites

Thank you; I do not find an ''attach a file' option on this communication tool, so I am copying and pasting the content of these text files below.

 

1. FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:5-08-2014

Ran by Konstantine Trivizas (administrator) on KONSTANT-8F5437 on 06-08-2014 13:52:11

Running from C:\Documents and Settings\Konstantine Trivizas\My Documents\Downloads

Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)

Internet Explorer Version 8

Boot Mode: Normal

 

The only official download link for FRST:

Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/

Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe

() C:\WINDOWS\system32\WLTRYSVC.EXE

(Dell Inc.) C:\WINDOWS\system32\BCMWLTRY.EXE

(Broadcom Corp.) C:\WINDOWS\system32\BAsfIpM.exe

(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe

() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareService.exe

(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe

() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe

(TeamViewer GmbH) C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe

(Dell Inc.) C:\WINDOWS\system32\WLTRAY.EXE

(HP) C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe

(Lavasoft) C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe

() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareTray.exe

(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe

(Microsoft Corporation) C:\WINDOWS\system32\taskmgr.exe

(Google Inc.) C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

(G

 

2. ADDITION.txt

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:5-08-2014

Ran by Konstantine Trivizas at 2014-08-06 13:53:57

Running from C:\Documents and Settings\Konstantine Trivizas\My Documents\Downloads

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Ad-Aware Antivirus (Disabled - Up to date) {22CB8761-914A-11CF-B705-00AA0062CBB7}

AV: Microsoft Security Essentials (Disabled - Up to date) {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

FW: Ad-Aware Firewall (Disabled) {9211320F-6C40-4035-BBDE-3C96ED504F33}

 

==================== Installed Programs ======================

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

Ad-Aware Antivirus (HKLM\...\{CB799B5A-84B8-46A2-BEB5-4FD7D5230361}_AdAwareUpdater) (Version: 11.2.5952.0 - Lavasoft)

Ad-Aware Security Toolbar (HKLM\...\adawaretb) (Version: 3.9.0.26 - Lavasoft)

AdAwareInstaller (Version: 11.2.5952.0 - Lavasoft) Hidden

AdAwareUpdater (Version: 11.2.5952.0 - Lavasoft) Hidden

Adobe Reader XI (11.0.07) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)

ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version:  - )

AntimalwareEngine (Version: 3.0.0.56 - Lavasoft) Hidden

ASF (Version: 3.11.1 - Broadcom) Hidden

Broadcom ASF Management Applications (HKLM\...\InstallShield_{25D24E84-64A9-40D2-85CF-540B1C4A6D52}) (Version: 3.11.1 - Broadcom)

Broadcom Gigabit Integrated Controller (HKLM\...\{B7F54262-AB66-44B3-88BF-9FC69941B643}) (Version: 8.13.01 - Broadcom Corporation)

CCleaner (HKLM\...\CCleaner) (Version: 3.21 - Piriform)

Citrix Online Launcher (HKLM\...\{E1B40232-F73B-4BF9-A819-E352CCC1EDEF}) (Version: 1.0.122 - Citrix)

Conexant D480 MDC V.92 Modem (HKLM\...\CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1) (Version:  - )

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{D7453B4F-9A57-4B46-9878-48F90223F8F7}) (Version:  - Microsoft)

Dell Wireless WLAN Card (HKLM\...\Broadcom 802.11b Network Adapter) (Version: 4.10.47.3 - Dell Inc.)

Google Chrome (HKCU\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)

Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden

GoToMeeting 5.9.0.1207 (HKCU\...\GoToMeeting) (Version: 5.9.0.1207 - CitrixOnline)

hp deskjet 5550 series (Remove only) (HKLM\...\hp deskjet 5550 series) (Version:  - )

hp print screen utility (HKLM\...\hp print screen utility) (Version:  - )

Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.550 - Oracle)

Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden

Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)

Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )

Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden

Microsoft .NET Framework 1.1 Security Update (KB2656353) (HKLM\...\M2656353) (Version:  - )

Microsoft .NET Framework 1.1 Security Update (KB2656370) (HKLM\...\M2656370) (Version:  - )

Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)

Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)

Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)

Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden

Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden

Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version:  - Microsoft Corporation)

Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)

Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 (Version:  - Microsoft Corporation) Hidden

Microsoft Office 2010 Service Pack 1 (SP1) (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version:  - Microsoft)

Microsoft Office 2010 Service Pack 1 (SP1) (Version:  - Microsoft) Hidden

Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden

Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden

Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden

Microsoft Office Groove MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden

Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden

Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden

Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden

Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden

Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.6029.1000 - Microsoft Corporation)

Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden

Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden

Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden

Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden

Microsoft Security Client (Version: 4.0.1526.0 - Microsoft Corporation) Hidden

Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.0.1526.0 - Microsoft Corporation)

Microsoft Software Update for Web Folders  (English) 14 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden

Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)

Microsoft WinUsb 1.0 (HKLM\...\winusb0100) (Version:  - Microsoft Corporation)

MyFreeCodec (HKCU\...\MyFreeCodec) (Version:  - )

NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )

RealDownloader (Version: 1.3.0 - RealNetworks, Inc.) Hidden

RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden

RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden

RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.0 - RealNetworks)

RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden

Skype Web Plugin (HKLM\...\{B51DD93B-3CB5-4D9D-BFF2-FD19DBBBFD9A}) (Version: 2.9.13008.18866 - Skype Technologies S.A.)

Skype™ 6.6 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.6.106 - Skype Technologies S.A.)

TeamViewer 7 (HKLM\...\TeamViewer 7) (Version: 7.0.13989 - TeamViewer)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)

Update for Microsoft Office 2010 (KB2553065) (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{A8686D24-1E89-43A1-973E-05A258D2B3F8}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2553092) (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{7AC49FC8-F8D2-4DD8-9086-09E52385A21F}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{48E1B6C2-7299-4F3F-AA63-42F0ACE55AA4}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{18B3CF2A-73F7-4716-B1AE-86D68726D408}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (HKLM\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{17E7B9AB-2DD2-457D-8D8E-CD14ACA973FE}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (HKLM\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{15058154-469F-4794-ACD5-94F8420F9B80}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (HKLM\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{995A7832-B512-46D5-87C9-2D71FB541435}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (HKLM\...\{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{73E67A3A-8D61-44EF-90C2-1697C3DBE668}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{C8694FF0-8203-483B-A07A-2BC40433167D}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2566458) (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{EFB525A0-E1C0-4E32-9968-FE401BC87363}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{ED31DE9A-3E13-4E2C-9106-E0D8AFFB9FA6}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{4D98EEEA-A31B-42FA-991A-F989594F4DA5}) (Version:  - Microsoft)

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (HKLM\...\{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{9865DC3A-2898-48D9-B96A-46397571C934}) (Version:  - Microsoft)

Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{3613AECC-1454-4DDD-AC36-C42DC16D6DEE}) (Version:  - Microsoft)

Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition (HKLM\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{5EBDE1DE-3B28-4134-AB00-85CFF2B4F94D}) (Version:  - Microsoft)

Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{38990592-F6A1-4A26-96C7-0600E36AE794}) (Version:  - Microsoft)

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (HKLM\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{1EEFF749-6F29-4F0B-AB08-4C6EA52AA110}) (Version:  - Microsoft)

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{BC6DFBFD-16DD-47E1-A7EF-2C062930FA4F}) (Version:  - Microsoft)

Update for Windows Internet Explorer 8 (KB2598845) (HKLM\...\KB2598845-IE8) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB2467659) (HKLM\...\KB2467659) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB2718704) (HKLM\...\KB2718704) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB898461) (HKLM\...\KB898461) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB951978) (Version: 1 - Microsoft Corporation) Hidden

Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)

WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden

Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)

Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)

Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)

Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)

Windows Management Framework Core (HKLM\...\KB968930) (Version:  - Microsoft Corporation)

Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )

Windows Media Format 11 runtime (Version:  - Microsoft Corporation) Hidden

Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )

Windows Media Player 11 (Version:  - Microsoft Corporation) Hidden

Windows Search 4.0 (HKLM\...\KB940157) (Version: 04.00.6001.503 - Microsoft Corporation)

Your Uninstaller! 2008 Version 6.2 (HKLM\...\Your Uninstaller! 2008_is1) (Version: 6.2 - URSoft, Inc.)

 

==================== Custom CLSID (selected items): ==========================

 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

 

CustomCLSID: HKU\S-1-5-21-1004336348-1563985344-1343024091-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Documents and Settings\Konstantine Trivizas\Application Data\Dropbox\bin\Dropbox.exe /autoplay No (the data entry has 5 more characters).

CustomCLSID: HKU\S-1-5-21-1004336348-1563985344-1343024091-1001_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)

CustomCLSID: HKU\S-1-5-21-1004336348-1563985344-1343024091-1001_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Update\1.3.21. (the data entry has 22 more characters).

CustomCLSID: HKU\S-1-5-21-1004336348-1563985344-1343024091-1001_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)

CustomCLSID: HKU\S-1-5-21-1004336348-1563985344-1343024091-1001_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)

CustomCLSID: HKU\S-1-5-21-1004336348-1563985344-1343024091-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Update\1.3.23. (the data entry has 20 more characters).

CustomCLSID: HKU\S-1-5-21-1004336348-1563985344-1343024091-1001_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)

CustomCLSID: HKU\S-1-5-21-1004336348-1563985344-1343024091-1001_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Chrome\Application\36.0.1985.125\delegate_execute.exe (Google Inc.)

CustomCLSID: HKU\S-1-5-21-1004336348-1563985344-1343024091-1001_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Update\1.3.21. (the data entry has 22 more characters).

CustomCLSID: HKU\S-1-5-21-1004336348-1563985344-1343024091-1001_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Update\1.3.21. (the data entry has 22 more characters).

CustomCLSID: HKU\S-1-5-21-1004336348-1563985344-1343024091-1001_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Update\1.3.21. (the data entry has 22 more characters).

CustomCLSID: HKU\S-1-5-21-1004336348-1563985344-1343024091-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files\Citrix\GoToMeeting\1207\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.)

CustomCLSID: HKU\S-1-5-21-1004336348-1563985344-1343024091-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Update\1.3.24.15\psuser.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-1004336348-1563985344-1343024091-1001_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Update\1.3.21. (the data entry has 22 more characters).

CustomCLSID: HKU\S-1-5-21-1004336348-1563985344-1343024091-1001_Classes\CLSID\{97090E2F-3062-4459-855B-014F0D3CDBB1}\InprocServer32 -> C:\Program Files\Windows Desktop Search\deskbar.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1004336348-1563985344-1343024091-1001_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Update\1.3.22. (the data entry has 20 more characters).

CustomCLSID: HKU\S-1-5-21-1004336348-1563985344-1343024091-1001_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Update\1.3.21. (the data entry has 22 more characters).

CustomCLSID: HKU\S-1-5-21-1004336348-1563985344-1343024091-1001_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-1004336348-1563985344-1343024091-1001_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-1004336348-1563985344-1343024091-1001_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Update\1.3.21. (the data entry has 22 more characters).

CustomCLSID: HKU\S-1-5-21-1004336348-1563985344-1343024091-1001_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)

CustomCLSID: HKU\S-1-5-21-1004336348-1563985344-1343024091-1001_Classes\CLSID\{E69341A3-E6D2-4175-B60C-C9D3D6FA40F6}\localserver32 -> C:\Documents and Settings\Konstantine Trivizas\Application Data\Dropbox\bin\Dropbox.exe /wiacallback (the data entry has 8 more characters).

CustomCLSID: HKU\S-1-5-21-1004336348-1563985344-1343024091-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Update\1.3.24.15\psuser.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-1004336348-1563985344-1343024091-1001_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Update\1.3.22. (the data entry has 20 more characters).

CustomCLSID: HKU\S-1-5-21-1004336348-1563985344-1343024091-1001_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Update\1.3.21. (the data entry has 22 more characters).

CustomCLSID: HKU\S-1-5-21-1004336348-1563985344-1343024091-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Update\1.3.24. (the data entry has 20 more characters).

 

==================== Restore Points  =========================

 

29-06-2014 14:41:07 System Checkpoint

30-06-2014 09:34:47 Software Distribution Service 3.0

02-07-2014 08:29:38 Software Distribution Service 3.0

04-07-2014 07:58:40 Software Distribution Service 3.0

07-07-2014 09:37:31 Software Distribution Service 3.0

08-07-2014 11:10:09 Software Distribution Service 3.0

10-07-2014 10:40:18 Software Distribution Service 3.0

12-07-2014 09:33:04 Software Distribution Service 3.0

13-07-2014 14:31:24 Software Distribution Service 3.0

14-07-2014 14:56:49 Software Distribution Service 3.0

16-07-2014 08:07:16 Software Distribution Service 3.0

17-07-2014 09:08:22 Software Distribution Service 3.0

18-07-2014 13:54:47 Software Distribution Service 3.0

20-07-2014 11:14:01 Software Distribution Service 3.0

21-07-2014 18:15:48 Software Distribution Service 3.0

22-07-2014 21:23:53 Software Distribution Service 3.0

24-07-2014 08:35:56 Software Distribution Service 3.0

24-07-2014 19:49:06 Before uninstall Facebook Video Calling 2.0.0.447

24-07-2014 19:49:20 Removed Facebook Video Calling 2.0.0.447

24-07-2014 19:53:08 Before uninstall Yontoo 1.10.02

24-07-2014 22:06:04 Before uninstall Google Chrome

24-07-2014 22:09:25 Before uninstall Google Drive

24-07-2014 22:10:05 Removed Google Drive

25-07-2014 09:10:06 Software Distribution Service 3.0

28-07-2014 09:45:58 Software Distribution Service 3.0

29-07-2014 15:26:47 Software Distribution Service 3.0

31-07-2014 15:30:11 Software Distribution Service 3.0

01-08-2014 08:41:21 Installed %1 %2.

 

==================== Hosts content: ==========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2008-04-14 13:00 - 2014-07-23 09:33 - 00001391 _RASH C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost

107.181.174.70 www.google-analytics.com.

107.181.174.70 google-analytics.com.

107.181.174.70 connect.facebook.net.

146.0.75.222 www.google-analytics.com.

146.0.75.222 google-analytics.com.

146.0.75.222 connect.facebook.net.

 

 

==================== Scheduled Tasks (whitelisted) =============

 

 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

 

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-1563985344-1343024091-1001Core.job => C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-1563985344-1343024091-1001UA.job => C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job => c:\Program Files\Microsoft Security Client\MpCmdRun.exe

Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1004336348-1563985344-1343024091-1001.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe

Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1004336348-1563985344-1343024091-1001.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe

Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-1004336348-1563985344-1343024091-1001.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe

Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-1004336348-1563985344-1343024091-1001.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe

 

==================== Loaded Modules (whitelisted) =============

 

2012-08-22 12:31 - 2005-12-19 17:08 - 00018944 _____ () C:\WINDOWS\System32\WLTRYSVC.EXE

2012-08-22 12:31 - 2005-12-19 17:08 - 00757760 _____ () C:\WINDOWS\System32\bcm1xsup.dll

2011-03-17 00:11 - 2011-03-17 00:11 - 04297568 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF

2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll

2014-06-03 16:12 - 2014-06-03 16:12 - 00655352 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareService.exe

2014-06-03 16:22 - 2014-06-03 16:22 - 00087928 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\boost_thread-vc100-mt-1_55.dll

2014-06-03 16:22 - 2014-06-03 16:22 - 00022392 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\boost_system-vc100-mt-1_55.dll

2014-06-03 16:22 - 2014-06-03 16:22 - 00030072 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\boost_chrono-vc100-mt-1_55.dll

2014-06-03 16:22 - 2014-06-03 16:22 - 00048512 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\boost_date_time-vc100-mt-1_55.dll

2014-06-03 16:22 - 2014-06-03 16:22 - 00107904 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\boost_filesystem-vc100-mt-1_55.dll

2014-06-03 16:22 - 2014-06-03 16:22 - 08386920 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareServiceKernel.dll

2014-06-03 16:22 - 2014-06-03 16:22 - 00541008 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\SQLite.dll

2014-06-03 16:22 - 2014-06-03 16:22 - 02421064 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\RCF.dll

2014-06-03 16:22 - 2014-06-03 16:22 - 00638328 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\boost_regex-vc100-mt-1_55.dll

2014-06-03 16:21 - 2014-06-03 16:21 - 00478056 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareActivation.dll

2014-06-03 16:23 - 2014-06-03 16:23 - 00131920 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\pugixml.dll

2014-06-03 16:21 - 2014-06-03 16:21 - 00300920 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareApplicationUpdater.dll

2014-06-03 16:23 - 2014-06-03 16:23 - 00122704 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\libssh2.dll

2014-06-03 16:23 - 2014-06-03 16:23 - 00148808 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\zlib.dll

2014-06-03 16:22 - 2014-06-03 16:22 - 00119656 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareGamingMode.dll

2014-06-03 16:22 - 2014-06-03 16:22 - 00087384 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareReset.dll

2014-06-03 16:22 - 2014-06-03 16:22 - 00105304 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareTime.dll

2014-06-03 16:22 - 2014-06-03 16:22 - 00248184 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareDefinitionsUpdater.dll

2014-06-03 16:22 - 2014-06-03 16:22 - 00170376 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareDefinitionsUpdaterScheduler.dll

2014-06-03 16:22 - 2014-06-03 16:22 - 00342376 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareIgnoreList.dll

2014-06-03 16:22 - 2014-06-03 16:22 - 00205160 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareQuarantine.dll

2014-06-03 16:21 - 2014-06-03 16:21 - 00277872 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareAntiMalwareEngine.dll

2014-06-03 16:21 - 2014-06-03 16:21 - 00174960 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareAntiRootkitEngine.dll

2014-06-03 16:22 - 2014-06-03 16:22 - 00367472 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareScannerHistory.dll

2014-06-03 16:22 - 2014-06-03 16:22 - 00503648 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareScanner.dll

2014-06-03 16:22 - 2014-06-03 16:22 - 00030584 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\boost_timer-vc100-mt-1_55.dll

2014-06-03 16:22 - 2014-06-03 16:22 - 00270192 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareScannerScheduler.dll

2014-06-03 16:22 - 2014-06-03 16:22 - 00372600 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareRealTimeProtection.dll

2014-06-03 16:22 - 2014-06-03 16:22 - 00190824 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareIncompatibles.dll

2014-06-03 16:21 - 2014-06-03 16:21 - 00179552 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareAntiSpam.dll

2014-06-03 16:21 - 2014-06-03 16:21 - 00143720 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareAntiPhishing.dll

2014-06-03 16:22 - 2014-06-03 16:22 - 00633712 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareParentalControl.dll

2014-06-03 16:22 - 2014-06-03 16:22 - 01873768 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareWebProtection.dll

2014-06-03 16:22 - 2014-06-03 16:22 - 00344944 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareEmailProtection.dll

2014-06-03 16:22 - 2014-06-03 16:22 - 00513392 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareNetworkProtection.dll

2014-06-03 16:22 - 2014-06-03 16:22 - 00298840 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwarePromo.dll

2014-06-03 16:22 - 2014-06-03 16:22 - 00248160 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareFeedback.dll

2014-06-03 16:22 - 2014-06-03 16:22 - 00313720 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareThreatWorkAlliance.dll

2014-06-03 16:22 - 2014-06-03 16:22 - 00123744 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\SecurityCenter.dll

2012-11-29 21:31 - 2012-11-29 21:31 - 00038608 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe

2014-06-03 16:22 - 2014-06-03 16:22 - 06699864 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareTray.exe

2014-06-03 16:22 - 2014-06-03 16:22 - 00405880 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\boost_locale-vc100-mt-1_55.dll

2014-06-03 16:22 - 2014-06-03 16:22 - 00310624 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\HtmlFramework.dll

2014-06-03 16:22 - 2014-06-03 16:22 - 00056664 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\DllStorage.dll

2014-06-03 16:22 - 2014-06-03 16:22 - 00804208 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareTrayDefaultSkin.dll

2014-06-03 16:22 - 2014-06-03 16:22 - 00118104 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\Localization.dll

2008-04-14 13:00 - 2008-04-14 13:00 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll

2008-04-14 13:00 - 2008-04-14 13:00 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll

2014-07-19 00:06 - 2014-07-15 10:24 - 08537928 _____ () C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Chrome\Application\36.0.1985.125\pdf.dll

2014-07-19 00:06 - 2014-07-15 10:24 - 00353096 _____ () C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll

2014-07-19 00:06 - 2014-07-15 10:24 - 01732936 _____ () C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll

2014-04-14 18:31 - 2014-02-10 13:44 - 04592128 _____ () C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll

2014-04-14 18:31 - 2014-02-10 13:44 - 00112128 _____ () C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

 

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:B3D74A13

 

==================== Safe Mode (whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

 

==================== EXE Association (whitelisted) =============

 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

 

 

==================== MSCONFIG/TASK MANAGER disabled items =========

 

(Currently there is no automatic fix for this section.)

 

MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk => C:\WINDOWS\pss\Windows Search.lnkCommon Startup

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

MSCONFIG\startupreg: Apoint => C:\Program Files\Apoint\Apoint.exe

MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

MSCONFIG\startupreg: nwiz => nwiz.exe /installquiet

MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

MSCONFIG\startupreg: TkBellExe => "C:\program files\real\realplayer\update\realsched.exe"  -osboot

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (08/05/2014 04:53:40 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application mbam.exe, version 1.0.0.532, faulting module msvcr100.dll, version 10.0.40219.325, fault address 0x0008d6fd.

Processing media-specific event for [mbam.exe!ws!]

 

Error: (08/05/2014 00:04:26 PM) (Source: Windows Search Service) (EventID: 3013) (User: )

Description: The entry <C:\DOCUMENTS AND SETTINGS\KONSTANTINE TRIVIZAS\RECENT\DESKTOP.INI> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog

 

Details:
      A device attached to the system is not functioning.   (0x8007001f)

 

Error: (08/05/2014 00:04:25 PM) (Source: Windows Search Service) (EventID: 3013) (User: )

Description: The entry <C:\DOCUMENTS AND SETTINGS\KONSTANTINE TRIVIZAS\RECENT\DESKTOP.INI> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog

 

Details:
      A device attached to the system is not functioning.   (0x8007001f)

 

Error: (08/05/2014 00:04:25 PM) (Source: Windows Search Service) (EventID: 3013) (User: )

Description: The entry <C:\DOCUMENTS AND SETTINGS\KONSTANTINE TRIVIZAS\RECENT\CAMERA.LNK> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog

 

Details:
      A device attached to the system is not functioning.   (0x8007001f)

 

Error: (08/05/2014 00:04:25 PM) (Source: Windows Search Service) (EventID: 3013) (User: )

Description: The entry <C:\DOCUMENTS AND SETTINGS\KONSTANTINE TRIVIZAS\RECENT\CAMERA.LNK> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog

 

Details:
      A device attached to the system is not functioning.   (0x8007001f)

 

Error: (08/05/2014 00:04:24 PM) (Source: Windows Search Service) (EventID: 3013) (User: )

Description: The entry <C:\DOCUMENTS AND SETTINGS\KONSTANTINE TRIVIZAS\RECENT\20130130_214633.JPG.LNK> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog

 

Details:
      A device attached to the system is not functioning.   (0x8007001f)

 

Error: (08/05/2014 00:04:24 PM) (Source: Windows Search Service) (EventID: 3013) (User: )

Description: The entry <C:\DOCUMENTS AND SETTINGS\KONSTANTINE TRIVIZAS\RECENT\20130130_214633.JPG.LNK> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog

 

Details:
      A device attached to the system is not functioning.   (0x8007001f)

 

Error: (08/05/2014 10:45:02 AM) (Source: Windows Search Service) (EventID: 3031) (User: )

Description: A document ID cannot be allocated.

Context:  Application, SystemIndex Catalog

 

Details:
      The content index server cannot update or access information because of a database error.  Stop and restart the search service.  If the problem persists, reset and recrawl the content index.  In some cases it may be necessary to delete and recreate the content index.   (0x8004117f)

 

Error: (08/05/2014 10:43:09 AM) (Source: Windows Search Service) (EventID: 3031) (User: )

Description: A document ID cannot be allocated.

Context:  Application, SystemIndex Catalog

 

Details:
      The content index server cannot update or access information because of a database error.  Stop and restart the search service.  If the problem persists, reset and recrawl the content index.  In some cases it may be necessary to delete and recreate the content index.   (0x8004117f)

 

Error: (08/05/2014 10:43:09 AM) (Source: Windows Search Service) (EventID: 3031) (User: )

Description: A document ID cannot be allocated.

Context:  Application, SystemIndex Catalog

 

Details:
      The content index server cannot update or access information because of a database error.  Stop and restart the search service.  If the problem persists, reset and recrawl the content index.  In some cases it may be necessary to delete and recreate the content index.   (0x8004117f)

 

 

System errors:

=============

Error: (08/06/2014 09:19:26 AM) (Source: Dhcp) (EventID: 1002) (User: )

Description: The IP address lease 192.168.1.8 for the Network Card with network address 00904B145117 has been

denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

 

Error: (08/05/2014 05:21:58 PM) (Source: Service Control Manager) (EventID: 7026) (User: )

Description: The following boot-start or system-start driver(s) failed to load:

PCIIde

 

Error: (08/05/2014 05:21:58 PM) (Source: Service Control Manager) (EventID: 7022) (User: )

Description: The Windows Image Acquisition (WIA) service hung on starting.

 

Error: (08/05/2014 05:20:09 PM) (Source: Service Control Manager) (EventID: 7011) (User: )

Description: Timeout (30000 milliseconds) waiting for a transaction response from the AudioSrv service.

 

Error: (08/05/2014 05:19:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Windows Search service failed to start due to the following error:

%%1053

 

Error: (08/05/2014 05:19:35 PM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: Timeout (30000 milliseconds) waiting for the Windows Search service to connect.

 

Error: (08/05/2014 02:11:22 PM) (Source: 0) (EventID: 1) (User: )

Description: 0xC000007F_000115_.tmp.dllHarddiskVolume1

 

Error: (08/05/2014 00:45:46 PM) (Source: Service Control Manager) (EventID: 7026) (User: )

Description: The following boot-start or system-start driver(s) failed to load:

PCIIde

 

Error: (08/05/2014 00:44:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Windows Search service failed to start due to the following error:

%%1053

 

Error: (08/05/2014 00:44:39 PM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: Timeout (30000 milliseconds) waiting for the Windows Search service to connect.

 

 

Microsoft Office Sessions:

=========================

Error: (08/05/2014 04:53:40 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: mbam.exe1.0.0.532msvcr100.dll10.0.40219.3250008d6fd

 

Error: (08/05/2014 00:04:26 PM) (Source: Windows Search Service) (EventID: 3013) (User: )

Description: Context:  Application, SystemIndex Catalog

 

Details:
      A device attached to the system is not functioning.   (0x8007001f)
C:\DOCUMENTS AND SETTINGS\KONSTANTINE TRIVIZAS\RECENT\DESKTOP.INI

 

Error: (08/05/2014 00:04:25 PM) (Source: Windows Search Service) (EventID: 3013) (User: )

Description: Context:  Application, SystemIndex Catalog

 

Details:
      A device attached to the system is not functioning.   (0x8007001f)
C:\DOCUMENTS AND SETTINGS\KONSTANTINE TRIVIZAS\RECENT\DESKTOP.INI

 

Error: (08/05/2014 00:04:25 PM) (Source: Windows Search Service) (EventID: 3013) (User: )

Description: Context:  Application, SystemIndex Catalog

 

Details:
      A device attached to the system is not functioning.   (0x8007001f)
C:\DOCUMENTS AND SETTINGS\KONSTANTINE TRIVIZAS\RECENT\CAMERA.LNK

 

Error: (08/05/2014 00:04:25 PM) (Source: Windows Search Service) (EventID: 3013) (User: )

Description: Context:  Application, SystemIndex Catalog

 

Details:
      A device attached to the system is not functioning.   (0x8007001f)
C:\DOCUMENTS AND SETTINGS\KONSTANTINE TRIVIZAS\RECENT\CAMERA.LNK

 

Error: (08/05/2014 00:04:24 PM) (Source: Windows Search Service) (EventID: 3013) (User: )

Description: Context:  Application, SystemIndex Catalog

 

Details:
      A device attached to the system is not functioning.   (0x8007001f)
C:\DOCUMENTS AND SETTINGS\KONSTANTINE TRIVIZAS\RECENT\20130130_214633.JPG.LNK

 

Error: (08/05/2014 00:04:24 PM) (Source: Windows Search Service) (EventID: 3013) (User: )

Description: Context:  Application, SystemIndex Catalog

 

Details:
      A device attached to the system is not functioning.   (0x8007001f)
C:\DOCUMENTS AND SETTINGS\KONSTANTINE TRIVIZAS\RECENT\20130130_214633.JPG.LNK

 

Error: (08/05/2014 10:45:02 AM) (Source: Windows Search Service) (EventID: 3031) (User: )

Description: Context:  Application, SystemIndex Catalog

 

Details:
      The content index server cannot update or access information because of a database error.  Stop and restart the search service.  If the problem persists, reset and recrawl the content index.  In some cases it may be necessary to delete and recreate the content index.   (0x8004117f)

 

Error: (08/05/2014 10:43:09 AM) (Source: Windows Search Service) (EventID: 3031) (User: )

Description: Context:  Application, SystemIndex Catalog

 

Details:
      The content index server cannot update or access information because of a database error.  Stop and restart the search service.  If the problem persists, reset and recrawl the content index.  In some cases it may be necessary to delete and recreate the content index.   (0x8004117f)

 

Error: (08/05/2014 10:43:09 AM) (Source: Windows Search Service) (EventID: 3031) (User: )

Description: Context:  Application, SystemIndex Catalog

 

Details:
      The content index server cannot update or access information because of a database error.  Stop and restart the search service.  If the problem persists, reset and recrawl the content index.  In some cases it may be necessary to delete and recreate the content index.   (0x8004117f)

 

 

==================== Memory info ===========================

 

Percentage of memory in use: 71%

Total physical RAM: 2047.23 MB

Available physical RAM: 583.93 MB

Total Pagefile: 3943.59 MB

Available Pagefile: 2496.08 MB

Total Virtual: 2047.88 MB

Available Virtual: 1927.48 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:37.26 GB) (Free:21.4 GB) NTFS ==>[Drive with boot components (Windows XP)]

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows XP) (Size: 37 GB) (Disk ID: CDE9CDE9)

Partition 1: (Active) - (Size=37 GB) - (Type=07 NTFS)

 

 

==================== End Of Log ============================

Link to post
Share on other sites

I am doing this now and I will cut and paste again. May it be that the presence of Adblock tool (I doubt it) and /or of  'Ad-aware Antivirus' from Lavasoft.com prevent the full scannning?

 

Btw, the scan of the external drive from a 3d source using MS security Essentials and also Malwarebytes did not detect any malware.  

Regards. 

Link to post
Share on other sites

Here is the first text: the addition was not generated. Since I am scanning, the CPU has risen enormously! 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:5-08-2014

Ran by Konstantine Trivizas (administrator) on KONSTANT-8F5437 on 06-08-2014 14:39:37

Running from C:\Documents and Settings\Konstantine Trivizas\My Documents\Downloads

Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)

Internet Explorer Version 8

Boot Mode: Normal

 

The only official download link for FRST:

Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/

Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe

() C:\WINDOWS\system32\WLTRYSVC.EXE

(Dell Inc.) C:\WINDOWS\system32\BCMWLTRY.EXE

(Broadcom Corp.) C:\WINDOWS\system32\BAsfIpM.exe

(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe

() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareService.exe

(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe

() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe

(TeamViewer GmbH) C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe

(Dell Inc.) C:\WINDOWS\system32\WLTRAY.EXE

(HP) C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe

(Lavasoft) C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe

() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareTray.exe

(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe

(Microsoft Corporation) C:\WINDOWS\system32\taskmgr.exe

(Google Inc.) C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe

(Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe

(Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe

(Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe

(Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe

(Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe

(Farbar) C:\Documents and Settings\Konstantine Trivizas\My Documents\Downloads\FRST (3).exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2014-05-12] (Malwarebytes Corporation)

HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION

HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION

HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware <====== ATTENTION

HKLM\...99B7938DA9E4}\LocalServer32: [Default-wmiprvse] rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 220 more characters). <==== ATTENTION!

InvalidSubkeyName: [HKLM\Software\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32\******<*>] <===== ATTENTION

HKU\.DEFAULT\...\Run: [DWQueuedReporting] => C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [519584 2010-12-21] (Microsoft Corporation)

HKU\S-1-5-21-1004336348-1563985344-1343024091-1001\...\Run: [izxesVevyo] => regsvr32.exe "C:\Documents and Settings\All Users\Application Data\IzxesVevyo\IzxesVevyo.dat"

HKU\S-1-5-21-1004336348-1563985344-1343024091-1001\...\MountPoints2: {e358b7e0-bf0d-11e3-a558-00904b145117} - E:\VersionControl.exe

ShellIconOverlayIdentifiers: GDriveSharedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  No File

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_9&idate=2014-08-05&gen=cnet&ent=hp&u=6665E4FA1F7F6247E6257153E0EB1A9F

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.

URLSearchHook: HKCU - Ad-Aware Security Toolbar - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll ()

SearchScopes: HKCU - DefaultScope {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_9&idate=2014-08-05&gen=cnet&hsimp=yhs-lavasoft&ent=ch&q={searchTerms}

SearchScopes: HKCU - {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_9&idate=2014-08-05&gen=cnet&hsimp=yhs-lavasoft&ent=ch&q={searchTerms}

BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)

BHO: Ad-Aware Security Toolbar -> {6c97a91e-4524-4019-86af-2aa2d567bf5c} -> C:\Program Files\Lavasoft\AdAware SecureSearch Toolba

Link to post
Share on other sites

FRST.gif Fix with Farbar Recovery Scan Tool
 


icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

 
Download attached fixlist.txt file and save it to the Desktop:
 
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.
 
 
 
 
Run FRST again, check Addition.txt press Scan and attach both reports.

fixlist.txt

Link to post
Share on other sites

1. All these downloaded files are under the ''Download'' folder management location in C drive. Each time I run the farbar tool, i name and save the first.txt with a number i.e. FRST(3).txt to avoid confusion -duplication with the earlier versions, from previous scanning attempts. Could that be the reason that the addition.txt does not run? Should I erase earlier versions of these text files and start again?

 

2. As for the instructions with the fixlist file you sent me earlier: This file is also saved under the ''download' folder, so all of them are in the same location. I try to open from there (folder manager) the FRST(3).exe file, by right clicking and selecting ''Run as''; then I am presented with a security warning (this user cannot be verified) which I ignore and I run regardless; it then presents me with the option to run as a 'current user'  indicating my name and with a  tick box underneath stating ''protect my computer from unauthorised activity'' which is ticked and then with the option to run as ''administrator''. I select the later, but then i am asked for a password (which I do not have as I never use this PC as an administrator...I am the only user, despite its set up with an administrator at the start). So what to do next?

Thank you.      

Link to post
Share on other sites

Ok, after Opening it (not running it) and after it crushed once, here is the fixlog.txt

what next? thank you. 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:5-08-2014
Ran by Konstantine Trivizas at 2014-08-06 15:54:39 Run:2
Running from C:\Documents and Settings\Konstantine Trivizas\My Documents\Downloads
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware <====== ATTENTION
HKLM\...99B7938DA9E4}\LocalServer32: [Default-wmiprvse] rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 220 more characters). <==== ATTENTION!
InvalidSubkeyName: [HKLM\Software\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32\******<*>] <===== ATTENTION
HKU\S-1-5-21-1004336348-1563985344-1343024091-1001\...\Run: [izxesVevyo] => regsvr32.exe "C:\Documents and Settings\All Users\Application Data\IzxesVevyo\IzxesVevyo.dat"
HKU\S-1-5-21-1004336348-1563985344-1343024091-1001\...\MountPoints2: {e358b7e0-bf0d-11e3-a558-00904b145117} - E:\VersionControl.exe
ShellIconOverlayIdentifiers: GDriveSharedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  No File
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securedsearch...6257153E0EB1A9F
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKCU - DefaultScope {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://securedsearch...q={searchTerms}
SearchScopes: HKCU - {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://securedsearch...q={searchTerms}
C:\Documents and Settings\All Users\Application Data\IzxesVevyo
 
*****************
 
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM\Software\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32\\Default => Value was restored successfully.
48004B004C004D005C0053006F006600740077006100720065005C0043006C00610073007300650073005C0043004C005300490044005C007B00370033004500370030003900450041002D0035004400390033002D0034004200320045002D0042004200420030002D003900390042003700390033003800440041003900450034007D005C004C006F00630061006C0053006500720076006500720033003200 => Failed to open main key.
[HKLM\Software\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32\******<*>] => No subkey with invalid name found.
HKU\S-1-5-21-1004336348-1563985344-1343024091-1001\Software\Microsoft\Windows\CurrentVersion\Run\\IzxesVevyo => Value not found.
"HKU\S-1-5-21-1004336348-1563985344-1343024091-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e358b7e0-bf0d-11e3-a558-00904b145117}" => Key not found.
"HKCR\CLSID\{e358b7e0-bf0d-11e3-a558-00904b145117}" => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\GDriveSharedOverlay" => Key deleted successfully.
"HKCR\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
Default URLSearchHook was restored successfully .
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}" => Key deleted successfully.
"HKCR\CLSID\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}" => Key not found.
C:\Documents and Settings\All Users\Application Data\IzxesVevyo => Moved successfully.
 
==== End of Fixlog ====
Link to post
Share on other sites

 Since I have no reply, i did what you asked earlier. So results of scan and additional are below:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:5-08-2014

Ran by Konstantine Trivizas (administrator) on KONSTANT-8F5437 on 06-08-2014 16:29:07

Running from C:\Documents and Settings\Konstantine Trivizas\Desktop

Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)

Internet Explorer Version 8

Boot Mode: Normal

 

The only official download link for FRST:

Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/

Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe

() C:\WINDOWS\system32\WLTRYSVC.EXE

(Dell Inc.) C:\WINDOWS\system32\BCMWLTRY.EXE

(Broadcom Corp.) C:\WINDOWS\system32\BAsfIpM.exe

(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe

() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareService.exe

(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe

() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe

(TeamViewer GmbH) C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe

(Dell Inc.) C:\WINDOWS\system32\WLTRAY.EXE

(HP) C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe

(Lavasoft) C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe

() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareTray.exe

(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe

(Google Inc.) C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Documents and Settings

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:5-08-2014

Ran by Konstantine Trivizas at 2014-08-06 16:31:25

Running from C:\Documents and Settings\Konstantine Trivizas\Desktop

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Ad-Aware Antivirus (Disabled - Up to date) {22CB8761-914A-11CF-B705-00AA0062CBB7}

AV: Microsoft Security Essentials (Disabled - Up to date) {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

FW: Ad-Aware Firewall (Disabled) {9211320F-6C40-4035-BBDE-3C96ED504F33}

 

==================== Installed Programs ======================

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

Ad-Aware Antivirus (HKLM\...\{CB799B5A-84B8-46A2-BEB5-4FD7D5230361}_AdAwareUpdater) (Version: 11.2.5952.0 - Lavasoft)

Ad-Aware Security Toolbar (HKLM\...\adawaretb) (Version: 3.9.0.26 - Lavasoft)

AdAwareInstaller (Version: 11.2.5952.0 - Lavasoft) Hidden

AdAwareUpdater (Version: 11.2.5952.0 - Lavasoft) Hidden

Adobe Reader XI (11.0.07) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)

ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version:  - )

AntimalwareEngine (Version: 3.0.0.56 - Lavasoft) Hidden

ASF (Version: 3.11.1 - Broadcom) Hidden

Broadcom ASF Management Applications (HKLM\...\InstallShield_{25D24E84-64A9-40D2-85CF-540B1C4A6D52}) (Version: 3.11.1 - Broadcom)

Broadcom Gigabit Integrated Controller (HKLM\...\{B7F54262-AB66-44B3-88BF-9FC69941B643}) (Version: 8.13.01 - Broadcom Corporation)

CCleaner (HKLM\...\CCleaner) (Version: 3.21 - Piriform)

Citrix Online Launcher (HKLM\...\{E1B40232-F73B-4BF9-A819-E352CCC1EDEF}) (Version: 1.0.122 - Citrix)

Conexant D480 MDC V.92 Modem (HKLM\...\CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1) (Version:  - )

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{D7453B4F-9A57-4B46-9878-48F90223F8F7}) (Version:  - Microsoft)

Dell Wireless WLAN Card (HKLM\...\Broadcom 802.11b Network Adapter) (Version: 4.10.47.3 - Dell Inc.)

Google Chrome (HKCU\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)

Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden

GoToMeeting 5.9.0.1207 (HKCU\...\GoToMeeting) (Version: 5.9.0.1207 - CitrixOnline)

hp deskjet 5550 series (Remove only) (HKLM\...\hp deskjet 5550 series) (Version:  - )

hp print screen utility (HKLM\...\hp print screen utility) (Version:  - )

Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.550 - Oracle)

Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden

Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)

Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )

Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden

Microsoft .NET Framework 1.1 Security Update (KB2656353) (HKLM\...\M2656353) (Version:  - )

Microsoft .NET Framework 1.1 Security Update (KB2656370) (HKLM\...\M2656370) (Version:  - )

Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)

Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)

Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)

Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden

Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden

Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version:  - Microsoft Corporation)

Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)

Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 (Version:  - Microsoft Corporation) Hidden

Microsoft Office 2010 Service Pack 1 (SP1) (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version:  - Microsoft)

Microsoft Office 2010 Service Pack 1 (SP1) (Version:  - Microsoft) Hidden

Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden

Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden

Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden

Microsoft Office Groove MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden

Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden

Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden

Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden

Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden

Microsoft Office Professional Plus 2010 (H

Link to post
Share on other sites

51a5bf3d99e8a-ComboFixlogo16.png Scan with ComboFix
 
This is a very powerful tool that should be used only if advised by Malware Analyst.
Do not run ComboFix on your own!

 
Referring to this instruction, please download ComboFix by sUBs and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on 51a5bf3d99e8a-ComboFixlogo16.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Accept the disclaimer and agree if prompted to install Recovery Console.
  • Do not take any actions while ComboFix goes through your System - it may cause it to stall!
  • This scan may take some time!
  • When finished - it will display a logfile (located also on your main drive, usually C:\ComboFix.txt).

Include that log in your next reply.
icon_idea.gif If you'll encounter any issues with internet connection after running ComboFix, please visit this link.
icon_idea.gif If an error about operation on the key marked for deletion will appear after running the tool, please reboot your machine.

Link to post
Share on other sites

I am so confused! Our replies are overlapping in time, all the time. did you see the last results of scanning or not? please write to me as a human, not with pre saved answers. Do i use your new (combofix) scanning tool now or stay with the farbar? sorry this is so stressing! 

Link to post
Share on other sites

Ok, now I understand the logic; I would have done the combofix already if you had explained that farbar does not work.

 

Please do explain to me, what and why you attempt to do as then I will in better position to follow your commands and do what you expect me to. Any idea as to why Farbar does not do the job? 

 

In the meantime, I feel that with time passing the computer is getting more infected; all these .dll files (viruses?) I suspect will kneel the computer and I wont be able to communicate w you anymore. Should I go delete the .dll files?

 

So, to be on the safe  side, pls send me instructions how to do things from a safe Mode, in case the pc dies. Thank you. I will process your combo fix late in the evening-night.  

Link to post
Share on other sites

Good morning TWE! I wrote you a note yesterday - among others I was asking what was preventing Farbar working- but it has been removed I guess. Ok, I am downloading  Combofix and reporting back to you very soon. 

Link to post
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.


Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.