Author Topic: Win32:Sirefef-PL [Rtk];Win32:Malware-gen;Win32:DNSChanger-VJ [Trj];Win32:BitCoin  (Read 15420 times)

0 Members and 1 Guest are viewing this topic.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Aaw - alright then  ;D

Nicolinaaaaa

  • Guest
OTL Extras logfile created on: 21/6/2012 9:42:14 μμ - Run 1
OTL by OldTimer - Version 3.2.50.0     Folder = C:\Users\nicole\Desktop\Hatzidakis
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000408 | Country: Ελλάδα | Language: ELL | Date Format: d/M/yyyy
 
3,00 Gb Total Physical Memory | 2,07 Gb Available Physical Memory | 69,04% Memory free
5,99 Gb Paging File | 4,88 Gb Available in Paging File | 81,37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148,89 Gb Total Space | 62,21 Gb Free Space | 41,79% Space Free | Partition Type: NTFS
Drive E: | 147,73 Gb Total Space | 23,04 Gb Free Space | 15,60% Space Free | Partition Type: NTFS
 
Computer Name: NICOLINA-PC | User Name: nicole | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-3979854208-1817079465-1657501701-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.

Nicolinaaaaa

  • Guest
OTL Extras logfile created on: 21/6/2012 9:42:14 μμ - Run 1
OTL by OldTimer - Version 3.2.50.0     Folder = C:\Users\nicole\Desktop\Hatzidakis
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000408 | Country: Ελλάδα | Language: ELL | Date Format: d/M/yyyy
 
3,00 Gb Total Physical Memory | 2,07 Gb Available Physical Memory | 69,04% Memory free
5,99 Gb Paging File | 4,88 Gb Available in Paging File | 81,37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148,89 Gb Total Space | 62,21 Gb Free Space | 41,79% Space Free | Partition Type: NTFS
Drive E: | 147,73 Gb Total Space | 23,04 Gb Free Space | 15,60% Space Free | Partition Type: NTFS
 
Computer Name: NICOLINA-PC | User Name: nicole | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-3979854208-1817079465-1657501701-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.

Nicolinaaaaa

  • Guest
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0175B16B-7C97-2C14-6B14-A069FF16A282}" = CCC Help Swedish
"{0388DFC2-5A9F-990D-99F1-EC499C48C873}" = CCC Help German
"{06862EDF-94FD-E990-130F-5F1E0CADCA4A}" = CCC Help Chinese Traditional
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}" = TOSHIBA ConfigFree
"{0E33EC53-22CE-426C-A88B-2AAC231BAC85}" = Catalyst Control Center - Branding
"{0FB630AB-7BD8-40AE-B223-60397D57C3C9}" = Realtek WLAN Driver
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{13178B22-DA9A-E2E5-A934-E94A573701DF}" = CCC Help Russian
"{1447DD17-D55A-04EB-D24D-67966305276E}" = CCC Help Dutch
"{146CB617-4FED-E42C-F49E-582E537BF493}" = CCC Help Hungarian
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31

Nicolinaaaaa

  • Guest
{278ABC06-C7AF-F987-FC4A-789582993D2D}" = ATI Catalyst Install Manager
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup
"{31142441-0A37-16A6-8326-4CA5A295EDAC}" = CCC Help Korean
"{31EF4C77-4A10-9422-4F73-DA2F56F72A11}" = CCC Help English
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{3ABC7CFA-A6F5-3870-A59C-B856DA1DA4F4}" = Microsoft .NET Framework 4 Client Profile ELL Language Pack
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CAD25F8-F8AF-66C3-0183-C0D195152268}" = Catalyst Control Center Graphics Previews Common
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{592BF1F6-6838-4DA4-0F13-F09CF64F08EA}" = CCC Help Turkish
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.02
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{60E3D27A-CD4B-D5FC-1987-0B916CB7F063}" = CCC Help Greek
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{6451FE7C-3DCF-6398-A9B1-3D490FB419D9}" = CCC Help Spanish
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68AB816C-EFCC-49D2-9F5B-90A4FD1E9104}" = Windows Live Family Safety
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71CB1BA2-89C6-DD97-0A78-086B10C98CE8}" = CCC Help Norwegian
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{830B19C7-434B-4589-BDF2-A72640F47CE5}" = Microsoft Works
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{85716BF1-E86E-EBD2-268A-2E818126698A}" = ccc-utility
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{885EACE2-F2B6-BC1F-E4DC-D80154650B8D}" = Catalyst Control Center Localization All
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

Nicolinaaaaa

  • Guest
"{8F4D40D4-234B-48F3-9C2F-4906B9D83CC5}" = TOSHIBA - Εγχειρίδια χρήσης
"{90120000-0016-0408-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Greek) 2007
"{90120000-0016-0408-0000-0000000FF1CE}_HOMESTUDENTR_{F86B508B-F1A2-4841-B906-CDDA3A548A2A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0408-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Greek) 2007
"{90120000-0018-0408-0000-0000000FF1CE}_HOMESTUDENTR_{F86B508B-F1A2-4841-B906-CDDA3A548A2A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0408-0000-0000000FF1CE}" = Microsoft Office Word MUI (Greek) 2007
"{90120000-001B-0408-0000-0000000FF1CE}_HOMESTUDENTR_{F86B508B-F1A2-4841-B906-CDDA3A548A2A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0408-0000-0000000FF1CE}" = Microsoft Office Proof (Greek) 2007
"{90120000-001F-0408-0000-0000000FF1CE}_HOMESTUDENTR_{DB0C1C5A-7998-4B95-8BD5-ACACD18B0B53}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0408-0000-0000000FF1CE}" = Πακέτο συμβατότητας για το 2007 Microsoft Office system
"{90120000-002C-0408-0000-0000000FF1CE}" = Microsoft Office Proofing (Greek) 2007
"{90120000-006E-0408-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Greek) 2007
"{90120000-006E-0408-0000-0000000FF1CE}_HOMESTUDENTR_{58D10C7E-20DE-47F0-BAFA-37A870A625F9}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0408-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Greek) 2007
"{90120000-00A1-0408-0000-0000000FF1CE}_HOMESTUDENTR_{F86B508B-F1A2-4841-B906-CDDA3A548A2A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{942E5031-2BD6-4C1B-918C-C8A1CBAE7B8C}" = Microsoft IntelliPoint 8.2
"{95120000-00AF-0408-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (Greek)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95E1F024-B30F-8527-2CB8-5A0F752BD1A5}" = CCC Help Chinese Standard
"{96403552-88D1-429F-9C92-388B814B885E}" = Messenger Companion
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A01A8F72-6E33-FCB2-ADE6-6A4E701AF903}" = CCC Help Finnish
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8D93648-9F7F-407D-915C-62044644C3DA}" = MSI to redistribute MS VS2005 CRT libraries
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9ABC0A6-DC01-4102-BEC9-86974A73B214}" = Windows Live Remote Client Resources
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC58BF82-6E7D-8C31-4FB7-8F7522C33FBC}" = CCC Help Japanese
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2E90616-C50D-4B89-A40D-92377AC669E5}" = Windows Live Messenger
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B6534527-F90F-865D-CDEA-063442532E75}" = CCC Help Italian
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator

Nicolinaaaaa

  • Guest
"{B6D58F80-C8BE-5E7F-8F1C-1AEB4A5EACE6}" = Catalyst Control Center InstallProxy
"{B8CA7FAD-9AD7-B0BB-9AD1-8C8A25E83CAA}" = CCC Help French
"{BCF16F16-AC0E-4ABE-A9EF-412CF484BA51}" = Windows Live Family Safety
"{BDE8A994-32BA-BDD1-27FD-D382F195FCA6}" = CCC Help Danish
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D378BEA1-912E-4827-B9DB-D3B2C3D0BD4A}" = Windows Live Remote Service Resources
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D5CAF1CF-21CD-DAE4-72E2-3EDA756175BD}" = Catalyst Control Center
"{D98C0C51-F9BB-4EE4-B791-22BF6EE31032}" = Nero 7 Essentials
"{DCA90A22-7DB1-4C24-96F3-B18D261F6A44}" = CCC Help Czech
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DF891A96-E83E-EF43-4A99-12FB2B618E26}" = CCC Help Polish
"{E0502D9F-F001-A4F1-DD2F-B9A1548A723C}" = CCC Help Thai
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}" = Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις
"{F81AB80B-5BB7-4E36-8BA5-E07541CE1BFC}" = HDMI Control Manager
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"{FFB89C19-9E67-91DF-F4C2-0231FA6D7EEC}" = CCC Help Portuguese
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"avast!" = avast! Antivirus

Nicolinaaaaa

  • Guest
"FBDBServer_2_5_is1" = Firebird 2.5.0.26074 (Win32)
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Microsoft .NET Framework 3.5 Language Pack SP1 - ell" = Πακέτο γλώσσας του Microsoft .NET Framework 3.5 SP1 - ELL
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile ELL Language Pack" = Πακέτο γλωσσών για τα Ελληνικά του Microsoft .NET Framework 4 Client Profile
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Mozilla Firefox 13.0.1 (x86 el)" = Mozilla Firefox 13.0.1 (x86 el)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Picasa 3" = Picasa 3
"SAM3" = SAM Broadcaster (remove only)
"SMPlayer" = SMPlayer 0.6.9
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"uTorrent" = µTorrent
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
 
========== Last 20 Event Log Errors ==========
 
[ Antivirus Events ]
Error - 3/6/2011 4:20:16 μμ | Computer Name = nicolina-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: ClientRqDispatchThread: OpenEventsAndMapping
 failed - client probably died, 00002E73. 
 
Error - 3/6/2011 4:20:16 μμ | Computer Name = nicolina-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: OpenEventsAndMapping: OpenEvent failed!, 00000002.
 
 
Error - 3/6/2011 4:20:16 μμ | Computer Name = nicolina-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: OpenEventsAndMapping: OpenEvent failed!, 00000002.
 
 
Error - 3/6/2011 4:20:16 μμ | Computer Name = nicolina-PC | Source = avast! | ID = 33554522

Nicolinaaaaa

  • Guest
Description = AAVM - scanning error: ClientRqDispatchThread: OpenEventsAndMapping
 failed - client probably died, 00002E74. 
 
Error - 3/6/2011 4:20:16 μμ | Computer Name = nicolina-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: ClientRqDispatchThread: OpenEventsAndMapping
 failed - client probably died, 00002E75. 
 
Error - 21/6/2012 1:55:08 μμ | Computer Name = nicolina-PC | Source = avast! | ID = 33554522
Description = Error in aswChestC: chestOpenList Error 1753. 
 
Error - 21/6/2012 1:55:08 μμ | Computer Name = nicolina-PC | Source = avast! | ID = 33554522
Description = aswChestInterface - Program error description: CChestListView::LoadFiles()
 chestOpenList() failed: 2147422219. 
 
Error - 21/6/2012 1:55:21 μμ | Computer Name = nicolina-PC | Source = avast! | ID = 33554522
Description = aswChestInterface - Program error description: CChestListView::OnCreate()
 !m_strErrorWnd.IsEmpty(). 
 
Error - 21/6/2012 2:02:17 μμ | Computer Name = nicolina-PC | Source = avast! | ID = 33554522
Description = Internal error has occurred in module aswar scan function failed!,
 function 00000002. 
 
Error - 21/6/2012 2:03:26 μμ | Computer Name = nicolina-PC | Source = avast! | ID = 33554522
Description = Internal error has occurred in module aswar scan function failed!,
 function A0000111. 
 
[ Application Events ]
Error - 30/5/2011 7:45:26 πμ | Computer Name = nicolina-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 31/5/2011 9:09:23 πμ | Computer Name = nicolina-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 1/6/2011 10:53:23 πμ | Computer Name = nicolina-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 2/6/2011 10:31:30 πμ | Computer Name = nicolina-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 3/6/2011 8:01:52 πμ | Computer Name = nicolina-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 3/6/2011 9:57:35 μμ | Computer Name = nicolina-PC | Source = Picasa | ID = 1
Description =
 
Error - 4/6/2011 12:05:25 μμ | Computer Name = nicolina-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 4/6/2011 9:54:34 μμ | Computer Name = nicolina-PC | Source = WinMgmt | ID = 10
Description =

Nicolinaaaaa

  • Guest
Error - 5/6/2011 7:10:48 πμ | Computer Name = nicolina-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 5/6/2011 7:22:37 πμ | Computer Name = nicolina-PC | Source = ATIeRecord | ID = 16386
Description = ATI EEU Client has failed to start
 
[ Media Center Events ]
Error - 24/8/2010 1:59:25 μμ | Computer Name = nicolina-PC | Source = MCUpdate | ID = 0
Description = 8:59:24 μμ - Σφάλμα κατά τη σύνδεση στο Internet.  8:59:24 μμ -     
Δεν είναι δυνατή η επικοινωνία με το διακομιστή.. 
 
Error - 25/8/2010 11:34:32 πμ | Computer Name = nicolina-PC | Source = MCUpdate | ID = 0
Description = 6:34:32 μμ - Σφάλμα κατά τη σύνδεση στο Internet.  6:34:32 μμ -     
Δεν είναι δυνατή η επικοινωνία με το διακομιστή.. 
 
Error - 25/8/2010 11:34:42 πμ | Computer Name = nicolina-PC | Source = MCUpdate | ID = 0
Description = 6:34:38 μμ - Σφάλμα κατά τη σύνδεση στο Internet.  6:34:38 μμ -     
Δεν είναι δυνατή η επικοινωνία με το διακομιστή.. 
 
Error - 27/8/2010 10:49:56 πμ | Computer Name = nicolina-PC | Source = MCUpdate | ID = 0
Description = 5:49:56 μμ - Σφάλμα κατά τη σύνδεση στο Internet.  5:49:56 μμ -     
Δεν είναι δυνατή η επικοινωνία με το διακομιστή.. 
 
Error - 27/8/2010 10:50:04 πμ | Computer Name = nicolina-PC | Source = MCUpdate | ID = 0
Description = 5:50:01 μμ - Σφάλμα κατά τη σύνδεση στο Internet.  5:50:01 μμ -     
Δεν είναι δυνατή η επικοινωνία με το διακομιστή.. 
 
Error - 5/9/2010 9:09:48 πμ | Computer Name = nicolina-PC | Source = MCUpdate | ID = 0
Description = 4:09:48 μμ - Σφάλμα κατά τη σύνδεση στο Internet.  4:09:48 μμ -     
Δεν είναι δυνατή η επικοινωνία με το διακομιστή.. 
 
Error - 5/9/2010 9:09:59 πμ | Computer Name = nicolina-PC | Source = MCUpdate | ID = 0
Description = 4:09:53 μμ - Σφάλμα κατά τη σύνδεση στο Internet.  4:09:53 μμ -     
Δεν είναι δυνατή η επικοινωνία με το διακομιστή.. 
 
Error - 10/9/2010 12:57:36 μμ | Computer Name = nicolina-PC | Source = MCUpdate | ID = 0
Description = 7:57:35 μμ - Σφάλμα κατά τη σύνδεση στο Internet.  7:57:35 μμ -     
Δεν είναι δυνατή η επικοινωνία με το διακομιστή.. 
 
Error - 20/8/2011 6:47:12 πμ | Computer Name = nicolina-PC | Source = MCUpdate | ID = 0
Description = 1:47:12 μμ - Σφάλμα κατά τη σύνδεση στο Internet.  1:47:12 μμ -     
Δεν είναι δυνατή η επικοινωνία με το διακομιστή.. 
 
Error - 20/8/2011 6:47:23 πμ | Computer Name = nicolina-PC | Source = MCUpdate | ID = 0
Description = 1:47:17 μμ - Σφάλμα κατά τη σύνδεση στο Internet.  1:47:17 μμ -     
Δεν είναι δυνατή η επικοινωνία με το διακομιστή.. 
 
[ System Events ]
Error - 21/6/2012 2:21:25 μμ | Computer Name = nicolina-PC | Source = Service Control Manager | ID = 7000
Description = Δεν ήταν δυνατή η εκκίνηση της υπηρεσίας aswFsBlk εξαιτίας του ακόλουθου
 σφάλματος:   %%31
 
Error - 21/6/2012 2:21:28 μμ | Computer Name = nicolina-PC | Source = Service Control Manager | ID = 7001
Description = Η υπηρεσία avast! Antivirus εξαρτάται από την υπηρεσία aswMonFlt της
 οποίας η εκκίνηση απέτυχε εξαιτίας του ακόλουθου σφάλματος:   %%31
 
Error - 21/6/2012 2:21:29 μμ | Computer Name = nicolina-PC | Source = Service Control Manager | ID = 7023
Description = Η υπηρεσία Αναζήτηση υπολογιστών τερματίστηκε με το ακόλουθο σφάλμα:
   %%1060
 
Error - 21/6/2012 2:21:30 μμ | Computer Name = nicolina-PC | Source = Service Control Manager | ID = 7003
Description = Η υπηρεσία Λειτουργικές μονάδες κλειδιών IKE και AuthIP IPsec εξαρτάται
 από την ακόλουθη υπηρεσία: BFE. Αυτή η υπηρεσία ενδέχεται να μην είναι εγκατεστημένη.
 
Error - 21/6/2012 2:21:30 μμ | Computer Name = nicolina-PC | Source = Service Control Manager | ID = 7003
Description = Η υπηρεσία Παράγοντας πολιτικής IPsec εξαρτάται από την ακόλουθη υπηρεσία:
 BFE. Αυτή η υπηρεσία ενδέχεται να μην είναι εγκατεστημένη.
 
Error - 21/6/2012 2:21:30 μμ | Computer Name = nicolina-PC | Source = Service Control Manager | ID = 7023
Description = Η υπηρεσία Δημοσίευση πόρων εντοπισμού λειτουργιών τερματίστηκε με
 το ακόλουθο σφάλμα:   %%-2147024891
 
Error - 21/6/2012 2:21:31 μμ | Computer Name = nicolina-PC | Source = Service Control Manager | ID = 7009
Description = Το χρονικό όριο αναμονής ξεπεράστηκε (30000 χιλιοστά του δευτερολέπτου)
 κατά την αναμονή για τη σύνδεση της υπηρεσίας TOSHIBA Bluetooth Service.
 
Error - 21/6/2012 2:21:31 μμ | Computer Name = nicolina-PC | Source = Service Control Manager | ID = 7000
Description = Δεν ήταν δυνατή η εκκίνηση της υπηρεσίας TOSHIBA Bluetooth Service
 εξαιτίας του ακόλουθου σφάλματος:   %%1053
 
Error - 21/6/2012 2:21:31 μμ | Computer Name = nicolina-PC | Source = Service Control Manager | ID = 7026
Description = Απέτυχε η φόρτωση των ακόλουθων προγραμμάτων οδήγησης της εκκίνησης
 του υπολογιστή ή της εκκίνησης του συστήματος:   aswRdr  aswSP  aswTdi
 
Error - 21/6/2012 2:22:04 μμ | Computer Name = nicolina-PC | Source = DCOM | ID = 10000
Description =
 
 
< End of report >

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Could you attach the logs please

Nicolinaaaaa

  • Guest
im sorry  :-[

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Not a problem, it just makes it easier for you..  OK killing time

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot


Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Quote
    :OTL
    SRV - [2012/06/21 18:47:05 | 000,067,160 | ---- | M] () [Unknown (-1) | Unknown] -- C:\Windows\System32\drivers\f8b1ed125312c34c.sys -- (f8b1ed125312c34c)
    DRV - [2012/06/21 18:47:05 | 000,067,160 | ---- | M] () [Unknown (-1) | Unknown (-1) | Unknown] -- C:\Windows\System32\drivers\f8b1ed125312c34c.sys -- (f8b1ed125312c34c)
    O4 - HKU\S-1-5-21-3979854208-1817079465-1657501701-1000..\Run: [k0kcwz1xjp] C:\Users\nicole\k0kcwz1xjp.exe ()
    O4 - HKU\S-1-5-21-3979854208-1817079465-1657501701-1000..\Run: [NtWqIVLZEWZU] C:\Users\nicole\AppData\Local\Temp\Fnw.exe File not found
    O4 - HKU\S-1-5-21-3979854208-1817079465-1657501701-1000..\Run: [JP595IR86O] C:\Users\nicole\AppData\Local\Temp\Fnr.exe File not found
    [2012/06/21 21:22:07 | 000,000,290 | -H-- | M] () -- C:\Windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
    [2012/06/21 21:22:05 | 000,000,290 | -H-- | M] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
    [2012/06/21 21:22:01 | 000,000,290 | -H-- | M] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
    [2012/06/21 18:47:05 | 000,067,160 | ---- | M] () -- C:\Windows\System32\drivers\f8b1ed125312c34c.sys
    [2012/06/21 17:50:28 | 000,045,568 | ---- | M] () -- C:\Users\nicole\k0kcwz1xjp.exe

    :Files
    ipconfig /flushdns /c
    C:\Windows\Installer\{dcb8718e-7bef-e2c8-e0dd-d207a572efd9}
    C:\Users\nicole\AppData\Local\{dcb8718e-7bef-e2c8-e0dd-d207a572efd9}

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
THEN

Download and Install Combofix
 
Download ComboFix from one of the following locations:
Link 1
Link 2
 
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
 
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks




  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.[/b]
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3.  If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

Nicolinaaaaa

  • Guest
i have problem first aswMBR says Scan error ans 2nd There´s a red circle on avast! a-ball icon in system tray and when I click on it, the error message appears saying "the AAVM subsystem detected a RPC error"

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
OK skip aswMBR I expected it to fail follow the fix steps above