Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93081 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

PC boots up but can't open software [Solved]


  • This topic is locked This topic is locked
123 replies to this topic

#61 cousinkevin

cousinkevin

    Authentic Member

  • Authentic Member
  • PipPip
  • 66 posts

Posted 15 November 2013 - 12:33 PM

Unfortunately my PC is 2 gigs max RAM which I'd already added 1GB to. So not much I can do then?

 

Report auto saved to desktop.

 

 

 

RogueKiller V8.7.8 [Nov 14 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.co...es/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Paul_2 [Admin rights]
Mode : Scan -- Date : 11/15/2013 18:26:19
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 4 ¤¤¤
[V1][SUSP PATH] AVG_REG_0913b.job : C:\Documents and Settings\All Users\Application Data\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe - /TASK_REGISTER --CMPID 0913b [7] -> FOUND
[V1][SUSP PATH] AVG_SYS_TASK_DELETE.job : C:\Documents and Settings\All Users\Application Data\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe - /DELETE_FROM_SYSTEM=1 [7] -> FOUND
[V1][SUSP PATH] ROC_REG_JAN.job : C:\Documents and Settings\All Users\Application Data\AVG January 2013 Campaign\ROC.exe - /TASK_REGISTER [7] -> FOUND
[V1][SUSP PATH] ROC_REG_JAN_DELETE.job : C:\Documents and Settings\All Users\Application Data\AVG January 2013 Campaign\ROC.exe - /DELETE_FROM_SYSTEM=1 [7] -> FOUND

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][File] @ : C:\Documents and Settings\Paul_2\Local Settings\Application Data\{723ef22e-f32d-2ba4-3345-6802360e9c88}\@ [-] --> FOUND
[ZeroAccess][Folder] U : C:\Documents and Settings\Paul_2\Local Settings\Application Data\{723ef22e-f32d-2ba4-3345-6802360e9c88}\U [-] --> FOUND
[ZeroAccess][Folder] L : C:\Documents and Settings\Paul_2\Local Settings\Application Data\{723ef22e-f32d-2ba4-3345-6802360e9c88}\L [-] --> FOUND

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1       localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST3160811AS +++++
--- User ---
[MBR] 8489858d9a919c36506a373b45e1635d
[BSP] 4d0a3d45d00ae346bda7e585d545d7ad : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 152617 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_11152013_182619.txt >>



 


    Advertisements

Register to Remove


#62 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 15 November 2013 - 10:41 PM

Hi cousinkevin,

bullseye_zpse9eaf36e.gif Re-run RogueKiller

Right click and select "Run as Administrator"
  • Quit all programs
  • Wait until Prescan has finished ...
  • Click on Scan.
  • After the scan has completed click on the Registry tab
  • Wait until the Status box shows "Scan Finished"
  • Click the Delete button
  • Wait until the Status box shows "Deleting Finished"
  • Click the Report button, save the report to your desktop
=========================

In your next post please provide the following:
  • RKiller report

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#63 cousinkevin

cousinkevin

    Authentic Member

  • Authentic Member
  • PipPip
  • 66 posts

Posted 16 November 2013 - 04:22 PM

All programs slow. Can't shutdown normally when used for a while.

 

RK very slow to open.

 

Stuck on "searching for run" and repeated scan, same result. Let it run for 15 minutes.



#64 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 16 November 2013 - 10:43 PM

Hi cousinkevin,

Please try to run RogueKiller again, but follow these instructions.

bullseye_zpse9eaf36e.gif Re-run RogueKiller

Right click and select "Run as Administrator"

  • Quit all programs
  • Wait until Prescan has finished ...
  • Click on Scan.
  • After the scan has completed click on each of the follow tabs and make sure only these items are selected for removal.
  • Wait until the Status box shows "Scan Finished"
    • Registry
      [HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
      [V1][SUSP PATH] AVG_REG_0913b.job : C:\Documents and Settings\All Users\Application Data\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe - /TASK_REGISTER --CMPID 0913b [7] -> FOUND
      [V1][SUSP PATH] AVG_SYS_TASK_DELETE.job : C:\Documents and Settings\All Users\Application Data\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe - /DELETE_FROM_SYSTEM=1 [7] -> FOUND
      [V1][SUSP PATH] ROC_REG_JAN.job : C:\Documents and Settings\All Users\Application Data\AVG January 2013 Campaign\ROC.exe - /TASK_REGISTER [7] -> FOUND
      [V1][SUSP PATH] ROC_REG_JAN_DELETE.job : C:\Documents and Settings\All Users\Application Data\AVG January 2013 Campaign\ROC.exe - /DELETE_FROM_SYSTEM=1 [7] -> FOUND
    • Files
      [ZeroAccess][File] @ : C:\Documents and Settings\Paul_2\Local Settings\Application Data\{723ef22e-f32d-2ba4-3345-6802360e9c88}\@ [-] --> FOUND
      [ZeroAccess][Folder] U : C:\Documents and Settings\Paul_2\Local Settings\Application Data\{723ef22e-f32d-2ba4-3345-6802360e9c88}\U [-] --> FOUND
      [ZeroAccess][Folder] L : C:\Documents and Settings\Paul_2\Local Settings\Application Data\{723ef22e-f32d-2ba4-3345-6802360e9c88}\L [-] --> FOUND
  • Click the Delete button
  • Wait until the Status box shows "Deleting Finished"
  • Click the Report button, save the report to your desktop

=========================

In your next post please provide the following:


  • RKiller log

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#65 cousinkevin

cousinkevin

    Authentic Member

  • Authentic Member
  • PipPip
  • 66 posts

Posted 17 November 2013 - 12:09 PM

Two logs auto created?

 

 

RogueKiller V8.7.8 [Nov 14 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.co...es/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Paul_2 [Admin rights]
Mode : Scan -- Date : 11/17/2013 17:53:28
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 4 ¤¤¤
[V1][SUSP PATH] AVG_REG_0913b.job : C:\Documents and Settings\All Users\Application Data\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe - /TASK_REGISTER --CMPID 0913b [7] -> FOUND
[V1][SUSP PATH] AVG_SYS_TASK_DELETE.job : C:\Documents and Settings\All Users\Application Data\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe - /DELETE_FROM_SYSTEM=1 [7] -> FOUND
[V1][SUSP PATH] ROC_REG_JAN.job : C:\Documents and Settings\All Users\Application Data\AVG January 2013 Campaign\ROC.exe - /TASK_REGISTER [7] -> FOUND
[V1][SUSP PATH] ROC_REG_JAN_DELETE.job : C:\Documents and Settings\All Users\Application Data\AVG January 2013 Campaign\ROC.exe - /DELETE_FROM_SYSTEM=1 [7] -> FOUND

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][File] @ : C:\Documents and Settings\Paul_2\Local Settings\Application Data\{723ef22e-f32d-2ba4-3345-6802360e9c88}\@ [-] --> FOUND
[ZeroAccess][Folder] U : C:\Documents and Settings\Paul_2\Local Settings\Application Data\{723ef22e-f32d-2ba4-3345-6802360e9c88}\U [-] --> FOUND
[ZeroAccess][Folder] L : C:\Documents and Settings\Paul_2\Local Settings\Application Data\{723ef22e-f32d-2ba4-3345-6802360e9c88}\L [-] --> FOUND

¤¤¤ Driver : [LOADED] ¤¤¤
[Inline] EAT @explorer.exe (@Classes@TFiler@) : rtl150.bpl -> HOOKED (Unknown @ 0x3059296C)
[Inline] EAT @explorer.exe (@Classes@TReader@) : rtl150.bpl -> HOOKED (Unknown @ 0xB45933BC)
[Inline] EAT @explorer.exe (@Classes@TStreamWriter@) : rtl150.bpl -> HOOKED (Unknown @ 0x54599FB5)
[Inline] EAT @explorer.exe (@Comobj@TAutoObjectEvent@) : rtl150.bpl -> HOOKED (Unknown @ 0xDC5BB8A4)
[Inline] EAT @explorer.exe (@Ioutils@TPath@FInvalidFileNameChars) : rtl150.bpl -> HOOKED (Unknown @ 0x101DABB3)
[Inline] EAT @explorer.exe (@Msxml@IID_ISAXEntityResolver) : rtl150.bpl -> HOOKED (Unknown @ 0x1FB8BAB5)
[Inline] EAT @explorer.exe (@Oledb@DBOBJECT_DOMAIN) : rtl150.bpl -> HOOKED (Unknown @ 0x43E12FD7)
[Inline] EAT @explorer.exe (@Oledb@DBOBJECT_SCHEMA) : rtl150.bpl -> HOOKED (Unknown @ 0x43E12FC7)
[Inline] EAT @explorer.exe (@System@ExceptionClass) : rtl150.bpl -> HOOKED (Unknown @ 0xDD6A1039)
[Inline] EAT @explorer.exe (@Wincodec@CATID_WICFormatConverters) : rtl150.bpl -> HOOKED (Unknown @ 0x6490FC7F)
[Inline] EAT @explorer.exe (@Controls@TCustomTouchManager@) : vcl150.bpl -> HOOKED (Unknown @ 0x34772A44)
[Inline] EAT @explorer.exe (@Controls@TDockTree@) : vcl150.bpl -> HOOKED (Unknown @ 0xC0779121)
[Inline] EAT @explorer.exe (@Controls@TTouchManager@) : vcl150.bpl -> HOOKED (Unknown @ 0x34772FF8)
[Inline] EAT @explorer.exe (@Jclmath@Catalan) : Jcl150.bpl -> HOOKED (Unknown @ 0x00BF2040)
[Inline] EAT @explorer.exe (@Jclmath@Cbrt3) : Jcl150.bpl -> HOOKED (Unknown @ 0x90B1D717)
[Inline] EAT @explorer.exe (@Jclmath@LnPi) : Jcl150.bpl -> HOOKED (Unknown @ 0xCA671DA3)
[Inline] EAT @explorer.exe (@Jclmath@Log3) : Jcl150.bpl -> HOOKED (Unknown @ 0x84D25F65)
[Inline] EAT @explorer.exe (@Jclsimplexml@TJclSimpleXMLProps@) : Jcl150.bpl -> HOOKED (Unknown @ 0x4858BACA)
[Inline] EAT @explorer.exe (@Jclstructstorage@UnitVersioning) : Jcl150.bpl -> HOOKED (Unknown @ 0xF469DFA7)
[Inline] EAT @explorer.exe (@Jclwin32@RtdlNetGroupAdd) : Jcl150.bpl -> HOOKED (Unknown @ 0x3467D32D)
[Inline] EAT @explorer.exe (@Mscorlib_tlb@CLASS_AsymmetricSignatureDeformatter) : Jcl150.bpl -> HOOKED (Unknown @ 0x269C6902)
[Inline] EAT @explorer.exe (@Mscorlib_tlb@CLASS_Buffer) : Jcl150.bpl -> HOOKED (Unknown @ 0x8313E316)
[Inline] EAT @explorer.exe (@Mscorlib_tlb@CLASS_CaseInsensitiveComparer) : Jcl150.bpl -> HOOKED (Unknown @ 0x6C9E7D34)
[Inline] EAT @explorer.exe (@Mscorlib_tlb@CLASS_FileNotFoundException) : Jcl150.bpl -> HOOKED (Unknown @ 0xEB14FC04)
[Inline] EAT @explorer.exe (@Mscorlib_tlb@CLASS_JulianCalendar) : Jcl150.bpl -> HOOKED (Unknown @ 0x607DE6A9)
[Inline] EAT @explorer.exe (@Mscorlib_tlb@CLASS_PKCS1MaskGenerationMethod) : Jcl150.bpl -> HOOKED (Unknown @ 0x5E0E5459)
[Inline] EAT @explorer.exe (@Mscorlib_tlb@CLASS_ProgIdAttribute) : Jcl150.bpl -> HOOKED (Unknown @ 0x64693527)
[Inline] EAT @explorer.exe (@Mscorlib_tlb@CLASS_SHA384) : Jcl150.bpl -> HOOKED (Unknown @ 0x062DADDF)
[Inline] EAT @explorer.exe (@Mscorlib_tlb@CLASS_SoapDateTime) : Jcl150.bpl -> HOOKED (Unknown @ 0x886A688F)
[Inline] EAT @explorer.exe (@Mscorlib_tlb@IID_IChannel) : Jcl150.bpl -> HOOKED (Unknown @ 0xB577C87E)
[Inline] EAT @explorer.exe (@Mscorlib_tlb@IID__BitConverter) : Jcl150.bpl -> HOOKED (Unknown @ 0xD97E4C5E)
[Inline] EAT @explorer.exe (@Mscorlib_tlb@IID__CryptographicException) : Jcl150.bpl -> HOOKED (Unknown @ 0xFA6AC5AF)
[Inline] EAT @explorer.exe (@Mscorlib_tlb@IID__CustomAttributeBuilder) : Jcl150.bpl -> HOOKED (Unknown @ 0x47E035A9)
[Inline] EAT @explorer.exe (@Mscorlib_tlb@IID__ExternalException) : Jcl150.bpl -> HOOKED (Unknown @ 0x70C9C911)
[Inline] EAT @explorer.exe (@Mscorlib_tlb@IID__IsolatedStorageFilePermission) : Jcl150.bpl -> HOOKED (Unknown @ 0x292E9B90)
[Inline] EAT @explorer.exe (@Mscorlib_tlb@IID__Pointer) : Jcl150.bpl -> HOOKED (Unknown @ 0x03125CDC)
[Inline] EAT @explorer.exe (@Mscorlib_tlb@IID__RegionInfo) : Jcl150.bpl -> HOOKED (Unknown @ 0xD76F9F58)
[Inline] EAT @explorer.exe (@Mscorlib_tlb@IID__SiteIdentityPermission) : Jcl150.bpl -> HOOKED (Unknown @ 0x4E9A9BCB)
[Inline] EAT @explorer.exe (@Mscorlib_tlb@IID__ThaiBuddhistCalendar) : Jcl150.bpl -> HOOKED (Unknown @ 0xA3E88D47)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1       localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST3160811AS +++++
--- User ---
[MBR] 8489858d9a919c36506a373b45e1635d
[BSP] 4d0a3d45d00ae346bda7e585d545d7ad : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 152617 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_11172013_175328.txt >>
RKreport[0]_S_11152013_182619.txt


 

 

 

RogueKiller V8.7.8 [Nov 14 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.co...es/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Paul_2 [Admin rights]
Mode : Remove -- Date : 11/17/2013 17:58:55
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> REPLACED (1)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 4 ¤¤¤
[V1][SUSP PATH] AVG_REG_0913b.job : C:\Documents and Settings\All Users\Application Data\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe - /TASK_REGISTER --CMPID 0913b [7] -> DELETED
[V1][SUSP PATH] AVG_SYS_TASK_DELETE.job : C:\Documents and Settings\All Users\Application Data\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe - /DELETE_FROM_SYSTEM=1 [7] -> DELETED
[V1][SUSP PATH] ROC_REG_JAN.job : C:\Documents and Settings\All Users\Application Data\AVG January 2013 Campaign\ROC.exe - /TASK_REGISTER [7] -> DELETED
[V1][SUSP PATH] ROC_REG_JAN_DELETE.job : C:\Documents and Settings\All Users\Application Data\AVG January 2013 Campaign\ROC.exe - /DELETE_FROM_SYSTEM=1 [7] -> DELETED

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][File] @ : C:\Documents and Settings\Paul_2\Local Settings\Application Data\{723ef22e-f32d-2ba4-3345-6802360e9c88}\@ [-] --> DELETED
[ZeroAccess][Folder] U : C:\Documents and Settings\Paul_2\Local Settings\Application Data\{723ef22e-f32d-2ba4-3345-6802360e9c88}\U [-] --> DELETED
[ZeroAccess][Folder] L : C:\Documents and Settings\Paul_2\Local Settings\Application Data\{723ef22e-f32d-2ba4-3345-6802360e9c88}\L [-] --> DELETED
[ZeroAccess][File] 00000004.@ : C:\Documents and Settings\Paul_2\Local Settings\Application Data\{723ef22e-f32d-2ba4-3345-6802360e9c88}\L\00000004.@ [-] --> DELETED
[ZeroAccess][File] 1afb2d56 : C:\Documents and Settings\Paul_2\Local Settings\Application Data\{723ef22e-f32d-2ba4-3345-6802360e9c88}\L\1afb2d56 [-] --> DELETED

¤¤¤ Driver : [LOADED] ¤¤¤
[Inline] EAT @explorer.exe (@Classes@TFiler@) : rtl150.bpl -> HOOKED (Unknown @ 0x3059296C)
[Inline] EAT @explorer.exe (@Classes@TReader@) : rtl150.bpl -> HOOKED (Unknown @ 0xB45933BC)
[Inline] EAT @explorer.exe (@Classes@TStreamWriter@) : rtl150.bpl -> HOOKED (Unknown @ 0x54599FB5)
[Inline] EAT @explorer.exe (@Comobj@TAutoObjectEvent@) : rtl150.bpl -> HOOKED (Unknown @ 0xDC5BB8A4)
[Inline] EAT @explorer.exe (@Ioutils@TPath@FInvalidFileNameChars) : rtl150.bpl -> HOOKED (Unknown @ 0x101DABB3)
[Inline] EAT @explorer.exe (@Msxml@IID_ISAXEntityResolver) : rtl150.bpl -> HOOKED (Unknown @ 0x1FB8BAB5)
[Inline] EAT @explorer.exe (@Oledb@DBOBJECT_DOMAIN) : rtl150.bpl -> HOOKED (Unknown @ 0x43E12FD7)
[Inline] EAT @explorer.exe (@Oledb@DBOBJECT_SCHEMA) : rtl150.bpl -> HOOKED (Unknown @ 0x43E12FC7)
[Inline] EAT @explorer.exe (@System@ExceptionClass) : rtl150.bpl -> HOOKED (Unknown @ 0xDD6A1039)
[Inline] EAT @explorer.exe (@Wincodec@CATID_WICFormatConverters) : rtl150.bpl -> HOOKED (Unknown @ 0x6490FC7F)
[Inline] EAT @explorer.exe (@Controls@TCustomTouchManager@) : vcl150.bpl -> HOOKED (Unknown @ 0x34772A44)
[Inline] EAT @explorer.exe (@Controls@TDockTree@) : vcl150.bpl -> HOOKED (Unknown @ 0xC0779121)
[Inline] EAT @explorer.exe (@Controls@TTouchManager@) : vcl150.bpl -> HOOKED (Unknown @ 0x34772FF8)
[Inline] EAT @explorer.exe (@Jclmath@Catalan) : Jcl150.bpl -> HOOKED (Unknown @ 0x00BF2040)
[Inline] EAT @explorer.exe (@Jclmath@Cbrt3) : Jcl150.bpl -> HOOKED (Unknown @ 0x90B1D717)
[Inline] EAT @explorer.exe (@Jclmath@LnPi) : Jcl150.bpl -> HOOKED (Unknown @ 0xCA671DA3)
[Inline] EAT @explorer.exe (@Jclmath@Log3) : Jcl150.bpl -> HOOKED (Unknown @ 0x84D25F65)
[Inline] EAT @explorer.exe (@Jclsimplexml@TJclSimpleXMLProps@) : Jcl150.bpl -> HOOKED (Unknown @ 0x4858BACA)
[Inline] EAT @explorer.exe (@Jclstructstorage@UnitVersioning) : Jcl150.bpl -> HOOKED (Unknown @ 0xF469DFA7)
[Inline] EAT @explorer.exe (@Jclwin32@RtdlNetGroupAdd) : Jcl150.bpl -> HOOKED (Unknown @ 0x3467D32D)
[Inline] EAT @explorer.exe (@Mscorlib_tlb@CLASS_AsymmetricSignatureDeformatter) : Jcl150.bpl -> HOOKED (Unknown @ 0x269C6902)
[Inline] EAT @explorer.exe (@Mscorlib_tlb@CLASS_Buffer) : Jcl150.bpl -> HOOKED (Unknown @ 0x8313E316)
[Inline] EAT @explorer.exe (@Mscorlib_tlb@CLASS_CaseInsensitiveComparer) : Jcl150.bpl -> HOOKED (Unknown @ 0x6C9E7D34)
[Inline] EAT @explorer.exe (@Mscorlib_tlb@CLASS_FileNotFoundException) : Jcl150.bpl -> HOOKED (Unknown @ 0xEB14FC04)
[Inline] EAT @explorer.exe (@Mscorlib_tlb@CLASS_JulianCalendar) : Jcl150.bpl -> HOOKED (Unknown @ 0x607DE6A9)
[Inline] EAT @explorer.exe (@Mscorlib_tlb@CLASS_PKCS1MaskGenerationMethod) : Jcl150.bpl -> HOOKED (Unknown @ 0x5E0E5459)
[Inline] EAT @explorer.exe (@Mscorlib_tlb@CLASS_ProgIdAttribute) : Jcl150.bpl -> HOOKED (Unknown @ 0x64693527)
[Inline] EAT @explorer.exe (@Mscorlib_tlb@CLASS_SHA384) : Jcl150.bpl -> HOOKED (Unknown @ 0x062DADDF)
[Inline] EAT @explorer.exe (@Mscorlib_tlb@CLASS_SoapDateTime) : Jcl150.bpl -> HOOKED (Unknown @ 0x886A688F)
[Inline] EAT @explorer.exe (@Mscorlib_tlb@IID_IChannel) : Jcl150.bpl -> HOOKED (Unknown @ 0xB577C87E)
[Inline] EAT @explorer.exe (@Mscorlib_tlb@IID__BitConverter) : Jcl150.bpl -> HOOKED (Unknown @ 0xD97E4C5E)
[Inline] EAT @explorer.exe (@Mscorlib_tlb@IID__CryptographicException) : Jcl150.bpl -> HOOKED (Unknown @ 0xFA6AC5AF)
[Inline] EAT @explorer.exe (@Mscorlib_tlb@IID__CustomAttributeBuilder) : Jcl150.bpl -> HOOKED (Unknown @ 0x47E035A9)
[Inline] EAT @explorer.exe (@Mscorlib_tlb@IID__ExternalException) : Jcl150.bpl -> HOOKED (Unknown @ 0x70C9C911)
[Inline] EAT @explorer.exe (@Mscorlib_tlb@IID__IsolatedStorageFilePermission) : Jcl150.bpl -> HOOKED (Unknown @ 0x292E9B90)
[Inline] EAT @explorer.exe (@Mscorlib_tlb@IID__Pointer) : Jcl150.bpl -> HOOKED (Unknown @ 0x03125CDC)
[Inline] EAT @explorer.exe (@Mscorlib_tlb@IID__RegionInfo) : Jcl150.bpl -> HOOKED (Unknown @ 0xD76F9F58)
[Inline] EAT @explorer.exe (@Mscorlib_tlb@IID__SiteIdentityPermission) : Jcl150.bpl -> HOOKED (Unknown @ 0x4E9A9BCB)
[Inline] EAT @explorer.exe (@Mscorlib_tlb@IID__ThaiBuddhistCalendar) : Jcl150.bpl -> HOOKED (Unknown @ 0xA3E88D47)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1       localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST3160811AS +++++
--- User ---
[MBR] 8489858d9a919c36506a373b45e1635d
[BSP] 4d0a3d45d00ae346bda7e585d545d7ad : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 152617 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_11172013_175855.txt >>
RKreport[0]_S_11152013_182619.txt;RKreport[0]_S_11172013_175328.txt


 



#66 cousinkevin

cousinkevin

    Authentic Member

  • Authentic Member
  • PipPip
  • 66 posts

Posted 17 November 2013 - 12:38 PM

I ran a scan on CCleaner I've had installed for a while, but I didn't fix anything. Are you interested int the results?

 

 

 

Missing Shared DLL    C:\Documents and Settings\All Users\Application Data\AVG2013\avi\incavi.avm    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls
Missing Shared DLL    C:\Documents and Settings\All Users\Application Data\AVG2013\avi\iavichjw.avm    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls
Missing Shared DLL    C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Windows.Forms.tlb    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls
Missing Shared DLL    C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Microsoft.JScript.tlb    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls
Missing Shared DLL    C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.tlb    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls
Missing Shared DLL    C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.EnterpriseServices.tlb    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls
Missing Shared DLL    C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Microsoft.Vsa.tlb    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls
Missing Shared DLL    C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscoree.tlb    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls
Missing Shared DLL    C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorlib.tlb    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls
Missing Shared DLL    C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Drawing.tlb    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls
Missing Shared DLL    C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Microsoft.Vsa.Vb.CodeDOMProcessor.tlb    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls
Unused registry key    .cab\OpenWithList    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cab\OpenWithList
Unused File Extension    .dat    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dat
Unused File Extension    .PlayList    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.PlayList
Open with Application Issue    "C:\Program Files\SPEEDbit Video Downloader\Converter.exe" -convert=%1    HKCR\*\shell\SPEEDbitVideoConverter
ActiveX/COM Issue    LocalServer32\C:\Documents and Settings\Lynda\Local Settings\Application Data\LogMeIn Rescue Applet\LMIR0001.tmp\LMI_Rescue.exe    HKCR\CLSID\{12BC4FF0-603E-4f21-9F53-F63FF34F6ED4}
Missing TypeLib Reference    IIEHlprObj - {3BCF582D-CA87-4C6F-AF3D-B3548A976AB3}    HKCR\Interface\{384FE458-A963-450D-9187-EEFF81913FD0}
Unused registry key    OUTLOOK.EXE    HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\OUTLOOK.EXE
Installer Reference Issue    C:\Program Files\AVG\AVG2013    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders
Installer Reference Issue    C:\Documents and Settings\All Users\Application Data\AVG2013\avi    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders
Installer Reference Issue    c:\Program Files\Microsoft Silverlight\5.1.20513.0    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders
Installer Reference Issue    c:\Program Files\Microsoft Silverlight\5.1.20513.0\de    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders
Installer Reference Issue    c:\Program Files\Microsoft Silverlight\5.1.20513.0\es    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders
Installer Reference Issue    c:\Program Files\Microsoft Silverlight\5.1.20513.0\fr    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders
Installer Reference Issue    c:\Program Files\Microsoft Silverlight\5.1.20513.0\it    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders
Installer Reference Issue    c:\Program Files\Microsoft Silverlight\5.1.20513.0\ja    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders
Installer Reference Issue    c:\Program Files\Microsoft Silverlight\5.1.20513.0\ko    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders
Installer Reference Issue    c:\Program Files\Microsoft Silverlight\5.1.20513.0\ru    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders
Installer Reference Issue    c:\Program Files\Microsoft Silverlight\5.1.20513.0\zh-Hans    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders
Installer Reference Issue    c:\Program Files\Microsoft Silverlight\5.1.20513.0\zh-Hant    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders
Installer Reference Issue    c:\Program Files\Microsoft Silverlight\5.1.20513.0\ar    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders
Installer Reference Issue    c:\Program Files\Microsoft Silverlight\5.1.20513.0\bg    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders
Installer Reference Issue    c:\Program Files\Microsoft Silverlight\5.1.20513.0\ca    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders
Installer Reference Issue    c:\Program Files\Microsoft Silverlight\5.1.20513.0\cs    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders
Installer Reference Issue    c:\Program Files\Microsoft Silverlight\5.1.20513.0\da    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders
Installer Reference Issue    c:\Program Files\Microsoft Silverlight\5.1.20513.0\el    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders
Installer Reference Issue    c:\Program Files\Microsoft Silverlight\5.1.20513.0\et    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders
Installer Reference Issue    c:\Program Files\Microsoft Silverlight\5.1.20513.0\eu    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders
Installer Reference Issue    c:\Program Files\Microsoft Silverlight\5.1.20513.0\fi    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders
Installer Reference Issue    c:\Program Files\Microsoft Silverlight\5.1.20513.0\he    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders
Installer Reference Issue    c:\Program Files\Microsoft Silverlight\5.1.20513.0\hr    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders
Installer Reference Issue    c:\Program Files\Microsoft Silverlight\5.1.20513.0\hu    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders
Installer Reference Issue    c:\Program Files\Microsoft Silverlight\5.1.20513.0\id    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders
Installer Reference Issue    c:\Program Files\Microsoft Silverlight\5.1.20513.0\lt    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders
Installer Reference Issue    c:\Program Files\Microsoft Silverlight\5.1.20513.0\lv    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders
Installer Reference Issue    c:\Program Files\Microsoft Silverlight\5.1.20513.0\ms    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders
Installer Reference Issue    c:\Program Files\Microsoft Silverlight\5.1.20513.0\nl    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders
Installer Reference Issue    c:\Program Files\Microsoft Silverlight\5.1.20513.0\no    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders
Installer Reference Issue    c:\Program Files\Microsoft Silverlight\5.1.20513.0\pl    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders
Installer Reference Issue    c:\Program Files\Microsoft Silverlight\5.1.20513.0\pt-BR    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders
Installer Reference Issue    c:\Program Files\Microsoft Silverlight\5.1.20513.0\pt    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders
Installer Reference Issue    c:\Program Files\Microsoft Silverlight\5.1.20513.0\ro    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders
Installer Reference Issue    c:\Program Files\Microsoft Silverlight\5.1.20513.0\sk    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders
Installer Reference Issue    c:\Program Files\Microsoft Silverlight\5.1.20513.0\sl    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders
Installer Reference Issue    c:\Program Files\Microsoft Silverlight\5.1.20513.0\sr-Cyrl-CS    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders
Installer Reference Issue    c:\Program Files\Microsoft Silverlight\5.1.20513.0\sr-Latn-CS    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders
Installer Reference Issue    c:\Program Files\Microsoft Silverlight\5.1.20513.0\sv    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders
Installer Reference Issue    c:\Program Files\Microsoft Silverlight\5.1.20513.0\th    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders
Installer Reference Issue    c:\Program Files\Microsoft Silverlight\5.1.20513.0\tr    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders
Installer Reference Issue    c:\Program Files\Microsoft Silverlight\5.1.20513.0\uk    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders
Installer Reference Issue    c:\Program Files\Microsoft Silverlight\5.1.20513.0\vi    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders
Obsolete software key    Wget    HKCU\Software\Wget
Missing MUI Reference    C:\PROGRA~1\SPEEDB~2\VIDEOA~1.EXE    HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache
Missing MUI Reference    C:\PROGRA~1\SPEEDB~2\VIDEOA~2.EXE    HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache
Missing MUI Reference    C:\PROGRA~1\SPEEDB~2\Instlsp.exe    HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache
Missing MUI Reference    C:\DOCUME~1\Paul_2\LOCALS~1\temp\VIDEOA~1.EXE    HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache
Missing MUI Reference    C:\DOCUME~1\Paul_2\LOCALS~1\Temp\VideoAcceleratorService.exe    HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache
Missing MUI Reference    C:\PROGRA~1\SPEEDB~2\UNWISE.EXE    HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache
Missing MUI Reference    C:\Documents and Settings\All Users\Application Data\Adobe\Reader\9.5\ARM\28492\AdobeARMHelper.exe    HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache
 



#67 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 17 November 2013 - 10:28 PM

Hi cousinkevin,
 

I ran a scan on CCleaner I've had installed for a while, but I didn't fix anything. Are you interested int the results?

I am not very familiar with CCleaner. Please hold off running any scans or taking any action during the malware removal process. Making changes to the system might make the malware removal process more difficult.

bullseye_zpse9eaf36e.gif Re-run RogueKiller

Right click and select "Run as Administrator"
  • Quit all programs
  • Wait until Prescan has finished ...
  • Click on Scan, Do Not Fix Anything at this point.
  • Click the Report button, save the report to your desktop
=========================

bullseye_zpse9eaf36e.gif Re-run OTL (it should be located on your desktop).
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Uncheck the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open one notepad window. OTL.Txt. (No Extras.txt will be produced)
    Note:The log can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
  • Please copy (Edit->Select All, Edit->Copy) the contents of the file, and post it with your next reply.
=========================

In your next post please provide the following:
  • RKreport
  • New OTL.txt
  • How is the computer running?

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#68 cousinkevin

cousinkevin

    Authentic Member

  • Authentic Member
  • PipPip
  • 66 posts

Posted 18 November 2013 - 04:32 PM

PC slow all programs. Unstable.

 

Several attempts to run RK. Each time ages to open and freezing at this point.

 

 

RK Stuck.JPG

 

 

 

OTL logfile created on: 18/11/2013 21:48:43 - Run 6
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Paul_2\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
2.00 Gb Total Physical Memory | 1.36 Gb Available Physical Memory | 67.79% Memory free
3.35 Gb Paging File | 2.82 Gb Available in Paging File | 84.21% Paging File free
Paging file location(s): c:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 34.17 Gb Free Space | 22.93% Space Free | Partition Type: NTFS
Drive F: | 232.83 Gb Total Space | 5.23 Gb Free Space | 2.25% Space Free | Partition Type: FAT32
Drive G: | 931.50 Gb Total Space | 909.55 Gb Free Space | 97.64% Space Free | Partition Type: NTFS
 
Computer Name: USER-E862545A71 | User Name: Paul_2 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Documents and Settings\Paul_2\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
PRC - C:\Program Files\Trusteer\Rapport\bin\RapportService.exe (Trusteer Ltd.)
PRC - C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - C:\Program Files\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2014\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2014\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2014\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2014\avgemcx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2014\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe ()
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll ()
MOD - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll ()
MOD - C:\Program Files\Trusteer\Rapport\bin\js32.dll ()
MOD - C:\Program Files\winrar\RarExt.dll ()
MOD - C:\WINDOWS\system32\mkunicode.dll ()
MOD - C:\WINDOWS\system32\mmfinfo.dll ()
MOD - C:\Program Files\File Shredder\fsshell.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (SDUpdateService) -- C:\Program Files\Spybot File not found
SRV - (SDScannerService) -- C:\Program Files\Spybot File not found
SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (RapportMgmtService) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
SRV - (Skype C2C Service) -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files\AVG\AVG2014\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (RealNetworks Downloader Resolver Service) -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe ()
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (WDICA) --  File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (lbrtfdc) --  File not found
DRV - (i2omgmt) --  File not found
DRV - (Changer) --  File not found
DRV - (catchme) -- C:\DOCUME~1\Paul_2\LOCALS~1\Temp\catchme.sys File not found
DRV - (RapportCerberus_59849) -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_59849.sys ()
DRV - (RapportEI) -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys (Trusteer Ltd.)
DRV - (RapportPG) -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (Trusteer Ltd.)
DRV - (RapportKELL) -- C:\WINDOWS\system32\drivers\RapportKELL.sys (Trusteer Ltd.)
DRV - (Avgdiskx) -- C:\WINDOWS\system32\drivers\avgdiskx.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\WINDOWS\system32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSHX) -- C:\WINDOWS\system32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avglogx) -- C:\WINDOWS\system32\drivers\avglogx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia)
DRV - (SISNIC) -- C:\WINDOWS\system32\drivers\sisnic.sys (SiS Corporation)
DRV - (ALCXWDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 14 C4 D8 9E 58 A1 CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.2.32: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.2: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.2: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.2: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.2.32: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\daplinkchecker@speedbit.com: C:\Program Files\DAP\daplinkchecker [2012/10/17 00:23:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/10/25 00:11:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FCE04E1F-9378-4f39-96F6-5689A9159E45}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/07/14 15:34:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/07/14 15:34:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/10/25 00:11:58 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}: C:\Program Files\DAP\DAPFireFox [2012/10/17 00:23:33 | 000,000,000 | ---D | M]
 
[2013/07/13 21:46:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Paul_2\Application Data\Mozilla\Extensions
[2013/11/17 18:15:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/11/17 18:15:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/11/17 18:15:13 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2013/11/03 01:16:52 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (SpeedBit Link Verification Helper) - {D5974A72-C81C-4DC3-BE77-A8A7BBC8864E} - C:\Program Files\DAP\LinkVerifier.dll (Speedbit Ltd.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm ()
O8 - Extra context menu item: &Verify with DAP - C:\Program Files\DAP\dapverify.htm ()
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1349191978390 (WUWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BCCFDC7E-C44D-4C7C-8F3A-86869B58B6B8}: DhcpNameServer = 194.168.4.100 194.168.8.100
O18 - Protocol\Handler\linkscanner - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/09/24 16:44:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/12/12 17:24:36 | 000,000,000 | ---D | M] - F:\autorun -- [ FAT32 ]
O32 - AutoRun File - [2011/03/05 15:57:06 | 000,000,120 | ---- | M] () - G:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/11/17 18:15:12 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/11/16 22:23:31 | 000,000,000 | ---D | C] -- C:\RK_Quarantine
[2013/11/15 18:22:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul_2\Desktop\RK_Quarantine
[2013/11/14 22:49:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2013/11/13 22:17:54 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/11/13 22:15:13 | 002,347,384 | ---- | C] (ESET) -- C:\Documents and Settings\Paul_2\Desktop\esetsmartinstaller_enu.exe
[2013/11/13 21:20:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul_2\Application Data\Malwarebytes
[2013/11/13 21:17:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/11/13 21:17:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2013/11/13 21:14:53 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/11/13 21:14:33 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/11/13 21:08:50 | 010,285,040 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Documents and Settings\Paul_2\Desktop\mbam-setup-1.75.0.1300.exe
[2013/11/10 23:49:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul_2\My Documents\Breast milk for men preview
[2013/11/05 00:03:31 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/11/04 23:50:28 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/11/03 22:23:12 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/11/03 01:18:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2013/11/03 01:05:26 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013/11/03 01:01:05 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013/11/03 01:01:05 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013/11/03 01:01:05 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013/11/03 01:01:05 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013/11/03 00:24:13 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/11/03 00:23:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013/11/02 22:25:34 | 005,143,186 | R--- | C] (Swearware) -- C:\Documents and Settings\Paul_2\Desktop\ComboFix.exe
[2013/11/02 22:10:34 | 004,121,952 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Paul_2\Desktop\TDSSKiller.exe
[2013/11/02 19:07:57 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Paul_2\Desktop\OTL.exe
[2013/11/02 18:15:15 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Paul_2\Desktop\aswMBR.exe
[2013/10/23 00:02:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul_2\Desktop\Old Firefox Data
[2013/10/21 00:51:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul_2\My Documents\1366568217
[2012/10/01 14:48:38 | 048,745,576 | ---- | C] (Safer-Networking Ltd.                                       ) -- C:\Program Files\spybotsd-2.0.10-rc2.exe
[1 C:\Documents and Settings\Paul_2\*.tmp files -> C:\Documents and Settings\Paul_2\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/11/18 22:08:00 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{B4DD41ED-D92A-4751-8FBA-5EC5BF6021DA}.job
[2013/11/18 21:47:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/11/18 20:50:09 | 000,000,620 | ---- | M] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job
[2013/11/18 20:50:09 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1993962763-362288127-1177238915-1007.job
[2013/11/18 20:50:09 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1993962763-362288127-1177238915-1005.job
[2013/11/18 20:50:08 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1993962763-362288127-1177238915-1009.job
[2013/11/18 20:50:08 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1993962763-362288127-1177238915-1007.job
[2013/11/18 20:50:08 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1993962763-362288127-1177238915-1005.job
[2013/11/18 20:50:08 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1993962763-362288127-1177238915-1006.job
[2013/11/18 20:48:11 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/11/18 00:55:47 | 000,174,592 | ---- | M] () -- C:\Documents and Settings\Paul_2\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/11/18 00:21:06 | 000,001,108 | ---- | M] () -- C:\Documents and Settings\Paul_2\Desktop\My DAP Downloads.lnk
[2013/11/16 21:23:09 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/11/15 19:25:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1993962763-362288127-1177238915-1006.job
[2013/11/15 18:53:31 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1993962763-362288127-1177238915-1007.job
[2013/11/15 18:22:28 | 003,679,744 | ---- | M] () -- C:\Documents and Settings\Paul_2\Desktop\RogueKiller.exe
[2013/11/15 17:22:00 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1993962763-362288127-1177238915-1005.job
[2013/11/15 00:54:31 | 021,566,942 | ---- | M] () -- C:\Documents and Settings\Paul_2\My Documents\PLVR-USGbini 72.wmv
[2013/11/13 22:15:53 | 002,347,384 | ---- | M] (ESET) -- C:\Documents and Settings\Paul_2\Desktop\esetsmartinstaller_enu.exe
[2013/11/13 21:17:56 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/11/13 21:09:12 | 010,285,040 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Documents and Settings\Paul_2\Desktop\mbam-setup-1.75.0.1300.exe
[2013/11/13 20:10:50 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/11/12 23:31:02 | 000,277,099 | ---- | M] () -- C:\Documents and Settings\Paul_2\My Documents\Anna+Molinari+Spring+2004+Yykjq9jzXF2x.jpg
[2013/11/12 23:30:44 | 000,322,065 | ---- | M] () -- C:\Documents and Settings\Paul_2\My Documents\Anna+Molinari+Spring+2004+-z-Ik_r18KKx.jpg
[2013/11/12 23:30:17 | 000,243,259 | ---- | M] () -- C:\Documents and Settings\Paul_2\My Documents\Anna+Molinari+Spring+2004+-d2jj5FYLnXx.jpg
[2013/11/12 17:43:52 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/11/12 17:43:51 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/11/08 23:08:25 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/11/06 00:30:00 | 000,000,616 | ---- | M] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2013/11/05 22:25:00 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1993962763-362288127-1177238915-1009.job
[2013/11/03 22:20:35 | 001,060,070 | ---- | M] () -- C:\Documents and Settings\Paul_2\Desktop\AdwCleaner.exe
[2013/11/03 01:16:52 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/11/03 01:05:30 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2013/11/02 22:25:38 | 005,143,186 | R--- | M] (Swearware) -- C:\Documents and Settings\Paul_2\Desktop\ComboFix.exe
[2013/11/02 19:07:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Paul_2\Desktop\OTL.exe
[2013/11/02 18:52:12 | 000,000,499 | ---- | M] () -- C:\Documents and Settings\Paul_2\Desktop\MBR.zip
[2013/11/02 18:40:23 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Paul_2\Desktop\MBR.dat
[2013/11/02 18:15:15 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Paul_2\Desktop\aswMBR.exe
[2013/11/01 15:54:18 | 004,121,952 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Paul_2\Desktop\TDSSKiller.exe
[2013/10/30 23:10:37 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/10/30 23:07:37 | 000,071,900 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/10/21 13:52:22 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1993962763-362288127-1177238915-1005.job
[1 C:\Documents and Settings\Paul_2\*.tmp files -> C:\Documents and Settings\Paul_2\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/11/15 18:22:27 | 003,679,744 | ---- | C] () -- C:\Documents and Settings\Paul_2\Desktop\RogueKiller.exe
[2013/11/15 00:54:22 | 021,566,942 | ---- | C] () -- C:\Documents and Settings\Paul_2\My Documents\PLVR-USGbini 72.wmv
[2013/11/13 21:17:56 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/11/12 23:31:01 | 000,277,099 | ---- | C] () -- C:\Documents and Settings\Paul_2\My Documents\Anna+Molinari+Spring+2004+Yykjq9jzXF2x.jpg
[2013/11/12 23:30:43 | 000,322,065 | ---- | C] () -- C:\Documents and Settings\Paul_2\My Documents\Anna+Molinari+Spring+2004+-z-Ik_r18KKx.jpg
[2013/11/12 23:30:15 | 000,243,259 | ---- | C] () -- C:\Documents and Settings\Paul_2\My Documents\Anna+Molinari+Spring+2004+-d2jj5FYLnXx.jpg
[2013/11/03 22:20:30 | 001,060,070 | ---- | C] () -- C:\Documents and Settings\Paul_2\Desktop\AdwCleaner.exe
[2013/11/03 01:05:30 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2013/11/03 01:05:28 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2013/11/03 01:01:05 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/11/03 01:01:05 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/11/03 01:01:05 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/11/03 01:01:05 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/11/03 01:01:05 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/11/02 18:42:39 | 000,000,499 | ---- | C] () -- C:\Documents and Settings\Paul_2\Desktop\MBR.zip
[2013/11/02 18:40:22 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Paul_2\Desktop\MBR.dat
[2013/10/21 13:44:27 | 000,000,278 | ---- | C] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1993962763-362288127-1177238915-1005.job
[2013/10/21 13:44:26 | 000,000,286 | ---- | C] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1993962763-362288127-1177238915-1005.job
[2013/01/23 22:33:35 | 000,026,900 | ---- | C] () -- C:\Documents and Settings\Paul_2\Local Settings\Application Data\dt.dat
[2013/01/22 21:13:34 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/10/25 00:03:39 | 000,172,507 | ---- | C] () -- C:\WINDOWS\hpoins38.dat
[2012/10/25 00:03:39 | 000,000,548 | ---- | C] () -- C:\WINDOWS\hpomdl38.dat
[2012/10/04 12:33:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2012/10/04 12:28:36 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2012/10/01 15:35:23 | 000,000,961 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2012/10/01 01:12:03 | 000,069,780 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\sjpsusgqpvupxbp
[2012/08/16 21:57:30 | 000,000,051 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\jejtrhljsoaszej
[2012/06/03 20:20:13 | 000,161,744 | ---- | C] () -- C:\Program Files\0cres.dll
[2012/02/16 22:10:34 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/12/02 01:06:22 | 000,109,216 | ---- | C] () -- C:\WINDOWS\System32\EasyHook64.dll
[2011/12/02 01:06:21 | 000,084,480 | ---- | C] () -- C:\WINDOWS\System32\EasyHook32.dll
[2011/06/10 21:46:52 | 000,174,592 | ---- | C] () -- C:\Documents and Settings\Paul_2\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/20 19:00:52 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Paul_2\Local Settings\Application Data\FASTWiz.html
 
========== ZeroAccess Check ==========
 
[2011/09/29 20:42:32 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 12:00:00 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 12:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 12:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:56E2E879

< End of report >
 



#69 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 18 November 2013 - 07:42 PM

Hi cousinkevin,

Sorry to hear you are having difficulty running the tool, please do the following BEFORE attempting to re-run RogueKiller.

  • Disconnect any external hard drives or USB / flash drives.
  • Disable SpyBot's Tea Timer
  • Temporarily disable your Anti-Virus software

=========================

I don't know which version of Spybot you have so use whichever set of instructions work for the version you have.

bullseye_zpse9eaf36e.gif Spybot - Search & Destroy's Tea Timer. Please follow the instruction below.

  • Locate your copy of Spybot - Search & Destroy's and open it.
  • In the menu bar at the top select "Mode", then select "Advanced".
  • In the left hand menu expand the "Tools" menu.
  • Select "Resident", then remove the check mark for "Resident Tea Timer"
  • Then exit the program by clicking "File" then select "Exit"

=========================

OR

=========================

bullseye_zpse9eaf36e.gif SpyBot's TeaTimer

  • Go to your desktop and double click on the "Spybot-S&D Start Center".
  • Now activate the "Experienced User Mode" at top by ticking the checkbox.
  • In the area "Settings & More Tools" please click on "Services".
  • Now start the "On-Access Monitor" by ticking the "Start" button.
  • Close the "Spybot - Search & Destroy Services" window.

=========================

Then continue with the following steps.

=========================

bullseye_zpse9eaf36e.gif rkill

Print out these instructions as we may need to close every window that is open later in the fix.

It is possible that the infection you are trying to remove will not allow you to download files on the infected computer. If this is the case, then you will need to download the files requested in this guide on another computer and then transfer them to the infected computer. You can transfer the files via a CD/DVD, external drive, or USB flash drive.

Do not reboot your computer after running rkill as the malware programs will start again.

Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 5 different versions. If one of them won't run then download and try to run the other one.
Right click and select "Run as Administrator"
You only need to get one of them to run, not all of them.

Do not reboot your computer after running rkill as the malware programs will start again.

=========================

bullseye_zpse9eaf36e.gif Re-run RogueKiller

Right click and select "Run as Administrator"

  • Quit all programs
  • Wait until Prescan has finished ...
  • Click on Scan, Do Not Fix Anything at this point.
  • Click the Report button, save the report to your desktop

=========================

In your next post please provide the following:

  • RKreport
  • Explain what you mean by unstable

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#70 cousinkevin

cousinkevin

    Authentic Member

  • Authentic Member
  • PipPip
  • 66 posts

Posted 19 November 2013 - 10:19 AM

If I can run RK after following the first set of instructions then there is no need to dowload the files onto another PC correct?


    Advertisements

Register to Remove


#71 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 19 November 2013 - 10:39 AM

Hi cousinkevin,

Please disable Spybot's Tea Timer, then run rKill followed by RogueKiller


OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#72 cousinkevin

cousinkevin

    Authentic Member

  • Authentic Member
  • PipPip
  • 66 posts

Posted 19 November 2013 - 03:44 PM

Spybot's tea timer was already unchecked.

 

No "run as" when right clicked rkill only "open" option.

 

RK opened quickly and ran without a hitch.

 

By "unstable" I mean some lighter programs might run a bit better but even they slow down after a while, and after a couple of hours use I can't shut down normally.

 

 

 

RogueKiller V8.7.8 [Nov 14 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.co...es/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Paul_2 [Admin rights]
Mode : Scan -- Date : 11/19/2013 21:31:23
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
[Inline] EAT @explorer.exe (@Classes@TFiler@) : rtl150.bpl -> HOOKED (Unknown @ 0x3059296C)
[Inline] EAT @explorer.exe (@Classes@TReader@) : rtl150.bpl -> HOOKED (Unknown @ 0xB45933BC)
[Inline] EAT @explorer.exe (@Classes@TStreamWriter@) : rtl150.bpl -> HOOKED (Unknown @ 0x54599FB5)
[Inline] EAT @explorer.exe (@Comobj@TAutoObjectEvent@) : rtl150.bpl -> HOOKED (Unknown @ 0xDC5BB8A4)
[Inline] EAT @explorer.exe (@Ioutils@TPath@FInvalidFileNameChars) : rtl150.bpl -> HOOKED (Unknown @ 0x101DABB3)
[Inline] EAT @explorer.exe (@Msxml@IID_ISAXEntityResolver) : rtl150.bpl -> HOOKED (Unknown @ 0x1FB8BAB5)
[Inline] EAT @explorer.exe (@Oledb@DBOBJECT_DOMAIN) : rtl150.bpl -> HOOKED (Unknown @ 0x43E12FD7)
[Inline] EAT @explorer.exe (@Oledb@DBOBJECT_SCHEMA) : rtl150.bpl -> HOOKED (Unknown @ 0x43E12FC7)
[Inline] EAT @explorer.exe (@System@ExceptionClass) : rtl150.bpl -> HOOKED (Unknown @ 0xDD6A1039)
[Inline] EAT @explorer.exe (@Wincodec@CATID_WICFormatConverters) : rtl150.bpl -> HOOKED (Unknown @ 0x6490FC7F)
[Inline] EAT @explorer.exe (@Controls@TCustomTouchManager@) : vcl150.bpl -> HOOKED (Unknown @ 0x34772A44)
[Inline] EAT @explorer.exe (@Controls@TDockTree@) : vcl150.bpl -> HOOKED (Unknown @ 0xC0779121)
[Inline] EAT @explorer.exe (@Controls@TTouchManager@) : vcl150.bpl -> HOOKED (Unknown @ 0x34772FF8)
[Inline] EAT @explorer.exe (@Jclmath@Catalan) : Jcl150.bpl -> HOOKED (Unknown @ 0x00BF2040)
[Inline] EAT @explorer.exe (@Jclmath@Cbrt3) : Jcl150.bpl -> HOOKED (Unknown @ 0x90B1D717)
[Inline] EAT @explorer.exe (@Jclmath@LnPi) : Jcl150.bpl -> HOOKED (Unknown @ 0xCA671DA3)
[Inline] EAT @explorer.exe (@Jclmath@Log3) : Jcl150.bpl -> HOOKED (Unknown @ 0x84D25F65)
[Inline] EAT @explorer.exe (@Jclsimplexml@TJclSimpleXMLProps@) : Jcl150.bpl -> HOOKED (Unknown @ 0x4858BACA)
[Inline] EAT @explorer.exe (@Jclstructstorage@UnitVersioning) : Jcl150.bpl -> HOOKED (Unknown @ 0xF469DFA7)
[Inline] EAT @explorer.exe (@Jclwin32@RtdlNetGroupAdd) : Jcl150.bpl -> HOOKED (Unknown @ 0x3467D32D)
[Inline] EAT @explorer.exe (@Mscorlib_tlb@CLASS_AsymmetricSignatureDeformatter) : Jcl150.bpl -> HOOKED (Unknown @ 0x269C6902)
[Inline] EAT @explorer.exe (@Mscorlib_tlb@CLASS_Buffer) : Jcl150.bpl -> HOOKED (Unknown @ 0x8313E316)
[Inline] EAT @explorer.exe (@Mscorlib_tlb@CLASS_CaseInsensitiveComparer) : Jcl150.bpl -> HOOKED (Unknown @ 0x6C9E7D34)
[Inline] EAT @explorer.exe (@Mscorlib_tlb@CLASS_FileNotFoundException) : Jcl150.bpl -> HOOKED (Unknown @ 0xEB14FC04)
[Inline] EAT @explorer.exe (@Mscorlib_tlb@CLASS_JulianCalendar) : Jcl150.bpl -> HOOKED (Unknown @ 0x607DE6A9)
[Inline] EAT @explorer.exe (@Mscorlib_tlb@CLASS_PKCS1MaskGenerationMethod) : Jcl150.bpl -> HOOKED (Unknown @ 0x5E0E5459)
[Inline] EAT @explorer.exe (@Mscorlib_tlb@CLASS_ProgIdAttribute) : Jcl150.bpl -> HOOKED (Unknown @ 0x64693527)
[Inline] EAT @explorer.exe (@Mscorlib_tlb@CLASS_SHA384) : Jcl150.bpl -> HOOKED (Unknown @ 0x062DADDF)
[Inline] EAT @explorer.exe (@Mscorlib_tlb@CLASS_SoapDateTime) : Jcl150.bpl -> HOOKED (Unknown @ 0x886A688F)
[Inline] EAT @explorer.exe (@Mscorlib_tlb@IID_IChannel) : Jcl150.bpl -> HOOKED (Unknown @ 0xB577C87E)
[Inline] EAT @explorer.exe (@Mscorlib_tlb@IID__BitConverter) : Jcl150.bpl -> HOOKED (Unknown @ 0xD97E4C5E)
[Inline] EAT @explorer.exe (@Mscorlib_tlb@IID__CryptographicException) : Jcl150.bpl -> HOOKED (Unknown @ 0xFA6AC5AF)
[Inline] EAT @explorer.exe (@Mscorlib_tlb@IID__CustomAttributeBuilder) : Jcl150.bpl -> HOOKED (Unknown @ 0x47E035A9)
[Inline] EAT @explorer.exe (@Mscorlib_tlb@IID__ExternalException) : Jcl150.bpl -> HOOKED (Unknown @ 0x70C9C911)
[Inline] EAT @explorer.exe (@Mscorlib_tlb@IID__IsolatedStorageFilePermission) : Jcl150.bpl -> HOOKED (Unknown @ 0x292E9B90)
[Inline] EAT @explorer.exe (@Mscorlib_tlb@IID__Pointer) : Jcl150.bpl -> HOOKED (Unknown @ 0x03125CDC)
[Inline] EAT @explorer.exe (@Mscorlib_tlb@IID__RegionInfo) : Jcl150.bpl -> HOOKED (Unknown @ 0xD76F9F58)
[Inline] EAT @explorer.exe (@Mscorlib_tlb@IID__SiteIdentityPermission) : Jcl150.bpl -> HOOKED (Unknown @ 0x4E9A9BCB)
[Inline] EAT @explorer.exe (@Mscorlib_tlb@IID__ThaiBuddhistCalendar) : Jcl150.bpl -> HOOKED (Unknown @ 0xA3E88D47)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1       localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST3160811AS +++++
--- User ---
[MBR] 8489858d9a919c36506a373b45e1635d
[BSP] 4d0a3d45d00ae346bda7e585d545d7ad : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 152617 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) USB DISK 2.0 USB Device +++++
--- User ---
[MBR] 6cdeb9b2eb2e69df7333f2da266e2984
[BSP] 33a07a59d299ab4ea9f4ab0156f9d86f : Windows XP MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 8064 | Size: 14782 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[0]_S_11192013_213123.txt >>
RKreport[0]_S_11152013_182619.txt;RKreport[0]_S_11172013_175328.txt


 



#73 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 20 November 2013 - 12:31 AM

Hi cousinkevin,
 

By "unstable" I mean some lighter programs might run a bit better but even they slow down after a while,

This is the limitations of the computer effecting performance. (RAM maxed out & minimal free Hard Drive space)
 

and after a couple of hours use I can't shut down normally.

Please explain what happens when you try to shut down normally.


OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#74 cousinkevin

cousinkevin

    Authentic Member

  • Authentic Member
  • PipPip
  • 66 posts

Posted 20 November 2013 - 08:49 AM

So do I need to free up some more hard drive space?

 

I thought it was the infections I still have that was slowing the OS down?

 

I tried to uninstall Download Accelerator Plus last night but it wouldn't let me.

 

I mean nothing happens when i try to shut down normally, it just stays on the desktop after I click shutdown.



#75 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 20 November 2013 - 09:47 AM

Hi cousinkevin,

So do I need to free up some more hard drive space?

As I have stated before, the 20% free space is just the minimum to be able to successfully run the system defrag.

I thought it was the infections I still have that was slowing the OS down?

We have run numerous tools and we have removed all the malware showing in the logs

I tried to uninstall Download Accelerator Plus last night but it wouldn't let me.

We'll try Revo Uninstaller

I mean nothing happens when i try to shut down normally, it just stays on the desktop after I click shutdown.

I understand that the only way to shut down the computer is with the power button, but each time you have to do this it is hard on the system, may damage system files. Have you tried shutting down via the Task Manager?

 

Let's run chkdsk again.

=========================

bullseye_zpse9eaf36e.gif Revo Uninstaller Pro

Please download Revo Uninstaller Pro and save it to your desktop.
(This version is a fully functional, 30 day free trial)

  •  
  • Windows XP : Double click on the icon to run it.
  • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  •  
  • From the list of programs click on
    Download Accelerator Plus
  • Chose "Uninstall". When prompted click Yes.
  • Make sure the advanced option is checked... then click Next.
  • The program will run, when prompted... click Yes... then Next.
  • Once the program has searched for leftovers click Next.
  • Check ONLY the bolded items on the list then... click Next... then Yes.
  • When done click Finish.
  • =========================

    bullseye_zpse9eaf36e.gif chkdsk scan
     
  • Click Start and My Computer.
  • Right-click the hard drive you want to check, and click Properties.
  • Select the Tools tab in the Error Checking section click Check Now. Check both boxes. Click Start.
  • You'll get a message that the computer must be rebooted to run a complete check.
  • Click Yes and reboot. Chkdsk will take a while, so run it when you don't need to use the computer for something else.
  • To view results log:
     
  • Go to Start - Run and type in eventvwr.msc, and hit enter.
  • When Event Viewer opens, click on "Application", then scroll down to "Winlogon" and double-click on it to open it up.
  • This is the log created after running chkdsk. Click on the icon that looks like two pieces of paper to copy it and then paste it here please.
    =========================

    bullseye_zpse9eaf36e.gif Reboot

    Run new scans with Security Check, aswMBR & OTL for review.

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users