Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
Police malware - removal from another machine
Message
<blockquote data-quote="echium" data-source="post: 123309" data-attributes="member: 8694"><p>Hi Fiery - many thanks for your welcome. I really do appreciate your attempt to help.</p><p></p><p>I appreciate the dangers involved and have backed up all my data. </p><p></p><p>Since my first post I have purchased a flash drive. I tried Hitmanpro in it, but none of the three options offered worked. I left the first option (ie bypass) for an hour in case Hitman was scanning the whole disk. </p><p></p><p>However I have just tried your suggestion above. And am delighted to say that I managed to get a log - attached below.</p><p></p><p>If necessary I am quite willing to remove the offending bits by hand - including those in the registry (I have done this before) but I have no idea how to access the registry or some other areas, which don't show up in Windows 8 explorer.</p><p></p><p>The log:- </p><p>Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-06-2013 03</p><p>Ran by SYSTEM on 02-06-2013 22:19:31</p><p>Running from D:\</p><p>Microsoft Windows XP (X86) OS Language: English(US)</p><p>Internet Explorer Version 8</p><p>Boot Mode: Recovery</p><p></p><p>The current controlset is ControlSet001</p><p><strong>ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and Addition.txt log.</strong></p><p></p><p>==================== Registry (Whitelisted) ==================</p><p></p><p>HKLM\...\Run: [VTTimer] VTTimer.exe [x]</p><p>HKLM\...\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe [376912 2003-01-27] (BroadJump, Inc.)</p><p>HKLM\...\Run: [Broadbandadvisor.exe] "C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" /AUTORUN [2061552 2007-08-07] (Virgin Broadband)</p><p>HKLM\...\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY [3147384 2012-12-10] (AVG Technologies CZ, s.r.o.)</p><p>HKU\Peter\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] C:\Documents and Settings\Peter\My Documents\139d2e78.exe [ 2013-05-31] (Adobe Systems Incorporated)</p><p>HKU\Peter\...\Winlogon: [Shell] cmd.exe [ 2008-04-13] (Microsoft Corporation) <==== ATTENTION </p><p>Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Exif Launcher 2.lnk</p><p>ShortcutTarget: Exif Launcher 2.lnk -> C:\Program Files\FinePixViewer\QuickDCF2.exe (FUJI PHOTO FILM CO., LTD.)</p><p>Startup: C:\Documents and Settings\Peter\Start Menu\Programs\Startup\Launch Internet Explorer Browser.lnk</p><p>ShortcutTarget: Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)</p><p>Startup: C:\Documents and Settings\Peter\Start Menu\Programs\Startup\Outlook Express.lnk</p><p>ShortcutTarget: Outlook Express.lnk -> C:\Program Files\Outlook Express\msimn.exe (Microsoft Corporation)</p><p>BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2013\avgrsx.exe /sync /restart</p><p></p><p>========================== Services (Whitelisted) =================</p><p></p><p>S2 AVGIDSAgent; C:\Program Files\AVG\AVG2013\avgidsagent.exe [5814904 2012-11-15] (AVG Technologies CZ, s.r.o.)</p><p>S2 avgwd; C:\Program Files\AVG\AVG2013\avgwdsvc.exe [196664 2012-10-22] (AVG Technologies CZ, s.r.o.)</p><p>S2 bgsvcgen; C:\WINDOWS\system32\bgsvcgen.exe [86016 2005-04-30] (B.H.A Corporation)</p><p>S2 gupdate1c9aa80b3607a30; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-03-21] (Google Inc.)</p><p>S2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)</p><p>S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe [3004416 2007-11-07] (Microsoft Corporation)</p><p>S3 AppMgmt; %SystemRoot%\System32\appmgmts.dll [x]</p><p>S4 HidServ; %SystemRoot%\System32\hidserv.dll [x]</p><p></p><p>==================== Drivers (Whitelisted) ====================</p><p></p><p>S1 AmdK8; C:\Windows\System32\DRIVERS\AmdK8.sys [36864 2006-06-18] (Advanced Micro Devices)</p><p>S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [179936 2012-10-22] (AVG Technologies CZ, s.r.o. )</p><p>S0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [55776 2012-10-14] (AVG Technologies CZ, s.r.o. )</p><p>S1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [19936 2012-09-20] (AVG Technologies CZ, s.r.o. )</p><p>S1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [159712 2012-10-01] (AVG Technologies CZ, s.r.o.)</p><p>S0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [177376 2012-09-20] (AVG Technologies CZ, s.r.o.)</p><p>S0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [94048 2012-11-15] (AVG Technologies CZ, s.r.o.)</p><p>S0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [35552 2012-09-13] (AVG Technologies CZ, s.r.o.)</p><p>S1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [164832 2012-09-20] (AVG Technologies CZ, s.r.o.)</p><p>S1 Cdr4_xp; C:\Windows\System32\Drivers\Cdr4_xp.sys [64208 2003-01-13] (Roxio)</p><p>S1 Cdralw2k; C:\Windows\System32\Drivers\Cdralw2k.sys [24839 2003-01-13] (Roxio)</p><p>S1 cdudf_xp; C:\Windows\System32\Drivers\cdudf_xp.sys [249344 2003-01-13] (Roxio)</p><p>S3 dvd_2K; C:\Windows\System32\Drivers\dvd_2K.sys [21654 2003-01-13] (Roxio)</p><p>S3 FETND5BV; C:\Windows\System32\DRIVERS\fetnd5bv.sys [42496 2004-12-16] (VIA Technologies, Inc. )</p><p>S3 FETNDIS; C:\Windows\System32\DRIVERS\fetnd5.sys [27165 2001-08-17] (VIA Technologies, Inc. )</p><p>S3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [144384 2008-04-13] (Windows (R) Server 2003 DDK provider)</p><p>S3 mmc_2K; C:\Windows\System32\Drivers\mmc_2K.sys [22758 2003-01-13] (Roxio)</p><p>S3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-14] ()</p><p>S1 pwd_2k; C:\Windows\System32\Drivers\pwd_2k.sys [118422 2003-01-13] (Roxio)</p><p>S3 S3GIGP; C:\Windows\System32\DRIVERS\S3gIGPm.sys [659456 2006-09-11] (S3 Graphics Co., Ltd.)</p><p>S1 UdfReadr_xp; C:\Windows\System32\Drivers\UdfReadr_xp.sys [206464 2003-01-13] (Roxio)</p><p>S0 videX32; C:\Windows\System32\DRIVERS\videX32.sys [9216 2006-10-22] (VIA Technologies, Inc.)</p><p>S4 Abiosdsk; No ImagePath</p><p>S4 abp480n5; No ImagePath</p><p>S4 adpu160m; No ImagePath</p><p>S4 Aha154x; No ImagePath</p><p>S4 aic78u2; No ImagePath</p><p>S4 aic78xx; No ImagePath</p><p>S4 AliIde; No ImagePath</p><p>S4 amsint; No ImagePath</p><p>S4 asc; No ImagePath</p><p>S4 asc3350p; No ImagePath</p><p>S4 asc3550; No ImagePath</p><p>S4 Atdisk; No ImagePath</p><p>S4 cd20xrnt; No ImagePath</p><p>S1 Changer; No ImagePath</p><p>S4 CmdIde; No ImagePath</p><p>S4 Cpqarray; No ImagePath</p><p>S4 dac2w2k; No ImagePath</p><p>S4 dac960nt; No ImagePath</p><p>S4 dpti2o; No ImagePath</p><p>S4 hpn; No ImagePath</p><p>S1 i2omgmt; No ImagePath</p><p>S4 i2omp; No ImagePath</p><p>S4 ini910u; No ImagePath</p><p>S4 IntelIde; No ImagePath</p><p>S1 lbrtfdc; No ImagePath</p><p>S4 mraid35x; No ImagePath</p><p>S1 PCIDump; No ImagePath</p><p>S3 PDCOMP; No ImagePath</p><p>S3 PDFRAME; No ImagePath</p><p>S3 PDRELI; No ImagePath</p><p>S3 PDRFRAME; No ImagePath</p><p>S4 perc2; No ImagePath</p><p>S4 perc2hib; No ImagePath</p><p>S4 ql1080; No ImagePath</p><p>S4 Ql10wnt; No ImagePath</p><p>S4 ql12160; No ImagePath</p><p>S4 ql1240; No ImagePath</p><p>S4 ql1280; No ImagePath</p><p>S2 RPSKT; system32\DRIVERS\rp_skt32.sys [x]</p><p>S4 Simbad; No ImagePath</p><p>S4 Sparrow; No ImagePath</p><p>S4 symc810; No ImagePath</p><p>S4 symc8xx; No ImagePath</p><p>S4 sym_hi; No ImagePath</p><p>S4 sym_u3; No ImagePath</p><p>S4 TosIde; No ImagePath</p><p>S4 ultra; No ImagePath</p><p>S3 WDICA; No ImagePath</p><p>S1 WS2IFSL; </p><p></p><p>==================== NetSvcs (Whitelisted) ===================</p><p></p><p></p><p>==================== One Month Created Files and Folders ========</p><p></p><p>2013-06-02 22:19 - 2013-06-02 22:19 - 00000000 ____D C:\FRST</p><p>2013-06-02 10:19 - 2013-06-02 10:19 - 00004850 ____A C:\Windows\setupapi.log</p><p>2013-05-31 07:13 - 2013-05-31 07:13 - 00116787 ____A C:\Documents and Settings\Peter\Application Data\2433f433</p><p>2013-05-31 07:13 - 2013-05-31 07:13 - 00116760 ____A C:\Documents and Settings\Peter\Local Settings\Application Data\2433f433</p><p>2013-05-31 07:13 - 2013-05-31 07:13 - 00116752 ____A C:\Documents and Settings\All Users\Application Data\2433f433</p><p>2013-05-31 07:13 - 2013-05-31 07:13 - 00043520 ____A (Adobe Systems Incorporated) C:\Documents and Settings\Peter\My Documents\139d2e78.exe</p><p>2013-05-31 07:13 - 2013-05-31 07:13 - 00043520 ____A (Adobe Systems Incorporated) C:\Documents and Settings\Peter\My Documents\139d2e78.dll</p><p></p><p>==================== One Month Modified Files and Folders ========</p><p></p><p>2013-06-02 22:19 - 2013-06-02 22:19 - 00000000 ____D C:\FRST</p><p>2013-06-02 12:25 - 2008-01-30 05:24 - 00000278 __ASH C:\Documents and Settings\Peter\ntuser.ini</p><p>2013-06-02 12:25 - 2008-01-30 05:21 - 00032590 ____A C:\Windows\SchedLgU.Txt</p><p>2013-06-02 12:25 - 2008-01-30 05:21 - 00000006 ___AH C:\Windows\Tasks\SA.DAT</p><p>2013-06-02 12:25 - 2008-01-30 05:16 - 01416166 ____A C:\Windows\WindowsUpdate.log</p><p>2013-06-02 11:53 - 2009-07-01 04:27 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job</p><p>2013-06-02 11:30 - 2009-07-01 04:27 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job</p><p>2013-06-02 11:30 - 2008-01-30 05:41 - 00000412 ____A C:\Windows\Tasks\Symantec NetDetect.job</p><p>2013-06-02 11:29 - 2008-01-30 05:24 - 00000062 __ASH C:\Documents and Settings\Peter\Local Settings\desktop.ini</p><p>2013-06-02 11:29 - 2008-01-30 05:21 - 00000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini</p><p>2013-06-02 11:29 - 2008-01-30 05:19 - 00000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini</p><p>2013-06-02 10:19 - 2013-06-02 10:19 - 00004850 ____A C:\Windows\setupapi.log</p><p>2013-06-02 05:19 - 2006-02-28 08:00 - 00013646 ____A C:\Windows\System32\wpa.dbl</p><p>2013-06-01 15:37 - 2008-11-23 16:55 - 00000000 ____D C:\Utilities</p><p>2013-05-31 07:19 - 2008-01-30 05:04 - 00000216 ____A C:\Windows\wiadebug.log</p><p>2013-05-31 07:19 - 2008-01-30 05:04 - 00000049 ____A C:\Windows\wiaservc.log</p><p>2013-05-31 07:13 - 2013-05-31 07:13 - 00116787 ____A C:\Documents and Settings\Peter\Application Data\2433f433</p><p>2013-05-31 07:13 - 2013-05-31 07:13 - 00116760 ____A C:\Documents and Settings\Peter\Local Settings\Application Data\2433f433</p><p>2013-05-31 07:13 - 2013-05-31 07:13 - 00116752 ____A C:\Documents and Settings\All Users\Application Data\2433f433</p><p>2013-05-31 07:13 - 2013-05-31 07:13 - 00043520 ____A (Adobe Systems Incorporated) C:\Documents and Settings\Peter\My Documents\139d2e78.exe</p><p>2013-05-31 07:13 - 2013-05-31 07:13 - 00043520 ____A (Adobe Systems Incorporated) C:\Documents and Settings\Peter\My Documents\139d2e78.dll</p><p>2013-05-31 07:05 - 2008-03-03 13:37 - 00008312 ____A C:\Windows\I_VIEW32.INI</p><p>2013-05-31 06:09 - 2008-02-02 11:55 - 00007436 ____A C:\Windows\123R4.INI</p><p>2013-05-31 04:52 - 2010-11-11 06:17 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MFAData</p><p>2013-05-30 17:17 - 2008-02-03 10:12 - 00000090 ____A C:\Windows\CIV.INI</p><p>2013-05-30 14:42 - 2013-04-01 18:13 - 00000000 ____D C:\Winda</p><p>2013-05-16 15:06 - 2008-11-23 16:56 - 00000000 ____D C:\Program Files\DOSBox-0.72</p><p>2013-05-06 15:04 - 2008-02-02 09:02 - 00000000 ____D C:\1</p><p>2013-05-05 17:37 - 2008-03-02 15:30 - 00000000 ____D C:\Documents and Settings\Peter\My Documents\Elliot Financial</p><p></p><p>==================== Known DLLs (Whitelisted) ============</p><p></p><p></p><p>==================== Bamital & volsnap Check =================</p><p></p><p>C:\Windows\explorer.exe => MD5 is legit</p><p>C:\Windows\System32\winlogon.exe => MD5 is legit</p><p>C:\Windows\System32\svchost.exe => MD5 is legit</p><p>C:\Windows\System32\services.exe => MD5 is legit</p><p>C:\Windows\System32\User32.dll => MD5 is legit</p><p>C:\Windows\System32\userinit.exe => MD5 is legit</p><p>C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit</p><p></p><p>==================== EXE ASSOCIATION =====================</p><p></p><p>HKLM\...\.exe: exefile => OK</p><p>HKLM\...\exefile\DefaultIcon: %1 => OK</p><p>HKLM\...\exefile\open\command: "%1" %* => OK</p><p></p><p>==================== Restore Points (XP) =====================</p><p></p><p>RP: -> 2013-06-02 12:13 - 024576 _restore{3D0D144D-5C6C-4EF5-A3FD-E6CEB2D37281}\RP469 </p><p></p><p>RP: -> 2013-05-28 15:01 - 024576 _restore{3D0D144D-5C6C-4EF5-A3FD-E6CEB2D37281}\RP468 </p><p></p><p>RP: -> 2013-05-15 15:07 - 024576 _restore{3D0D144D-5C6C-4EF5-A3FD-E6CEB2D37281}\RP467 </p><p></p><p>RP: -> 2013-04-28 06:21 - 024576 _restore{3D0D144D-5C6C-4EF5-A3FD-E6CEB2D37281}\RP466 </p><p></p><p>RP: -> 2013-04-26 13:00 - 024576 _restore{3D0D144D-5C6C-4EF5-A3FD-E6CEB2D37281}\RP465 </p><p></p><p>RP: -> 2013-04-22 05:39 - 024576 _restore{3D0D144D-5C6C-4EF5-A3FD-E6CEB2D37281}\RP464 </p><p></p><p>RP: -> 2013-04-20 08:25 - 024576 _restore{3D0D144D-5C6C-4EF5-A3FD-E6CEB2D37281}\RP463 </p><p></p><p>RP: -> 2013-04-19 06:21 - 024576 _restore{3D0D144D-5C6C-4EF5-A3FD-E6CEB2D37281}\RP462 </p><p></p><p>RP: -> 2013-04-18 06:13 - 024576 _restore{3D0D144D-5C6C-4EF5-A3FD-E6CEB2D37281}\RP461 </p><p></p><p>RP: -> 2013-04-17 06:04 - 024576 _restore{3D0D144D-5C6C-4EF5-A3FD-E6CEB2D37281}\RP460 </p><p></p><p>RP: -> 2013-04-16 05:57 - 024576 _restore{3D0D144D-5C6C-4EF5-A3FD-E6CEB2D37281}\RP459 </p><p></p><p>RP: -> 2013-04-14 11:16 - 024576 _restore{3D0D144D-5C6C-4EF5-A3FD-E6CEB2D37281}\RP458 </p><p></p><p>RP: -> 2013-04-11 17:29 - 024576 _restore{3D0D144D-5C6C-4EF5-A3FD-E6CEB2D37281}\RP457 </p><p></p><p>RP: -> 2013-04-10 15:10 - 024576 _restore{3D0D144D-5C6C-4EF5-A3FD-E6CEB2D37281}\RP456 </p><p></p><p>RP: -> 2013-04-08 06:20 - 024576 _restore{3D0D144D-5C6C-4EF5-A3FD-E6CEB2D37281}\RP455 </p><p></p><p>RP: -> 2013-04-02 06:29 - 024576 _restore{3D0D144D-5C6C-4EF5-A3FD-E6CEB2D37281}\RP454 </p><p></p><p>RP: -> 2013-03-30 11:30 - 024576 _restore{3D0D144D-5C6C-4EF5-A3FD-E6CEB2D37281}\RP453 </p><p></p><p>RP: -> 2013-03-28 09:13 - 024576 _restore{3D0D144D-5C6C-4EF5-A3FD-E6CEB2D37281}\RP452 </p><p></p><p>RP: -> 2013-03-24 12:32 - 024576 _restore{3D0D144D-5C6C-4EF5-A3FD-E6CEB2D37281}\RP451 </p><p></p><p>RP: -> 2013-03-23 12:20 - 024576 _restore{3D0D144D-5C6C-4EF5-A3FD-E6CEB2D37281}\RP450 </p><p></p><p>RP: -> 2013-03-21 11:33 - 024576 _restore{3D0D144D-5C6C-4EF5-A3FD-E6CEB2D37281}\RP449 </p><p></p><p>RP: -> 2013-03-18 07:27 - 024576 _restore{3D0D144D-5C6C-4EF5-A3FD-E6CEB2D37281}\RP448 </p><p></p><p>RP: -> 2013-03-15 07:24 - 024576 _restore{3D0D144D-5C6C-4EF5-A3FD-E6CEB2D37281}\RP447 </p><p></p><p>RP: -> 2013-03-13 12:25 - 024576 _restore{3D0D144D-5C6C-4EF5-A3FD-E6CEB2D37281}\RP446 </p><p></p><p>RP: -> 2013-03-12 07:53 - 024576 _restore{3D0D144D-5C6C-4EF5-A3FD-E6CEB2D37281}\RP445 </p><p></p><p>RP: -> 2013-03-11 07:31 - 024576 _restore{3D0D144D-5C6C-4EF5-A3FD-E6CEB2D37281}\RP444 </p><p></p><p>RP: -> 2013-03-09 09:25 - 024576 _restore{3D0D144D-5C6C-4EF5-A3FD-E6CEB2D37281}\RP443 </p><p></p><p>RP: -> 2013-03-08 09:16 - 024576 _restore{3D0D144D-5C6C-4EF5-A3FD-E6CEB2D37281}\RP442 </p><p></p><p>RP: -> 2013-03-07 09:04 - 024576 _restore{3D0D144D-5C6C-4EF5-A3FD-E6CEB2D37281}\RP441 </p><p></p><p>RP: -> 2013-03-06 08:14 - 024576 _restore{3D0D144D-5C6C-4EF5-A3FD-E6CEB2D37281}\RP440 </p><p></p><p>RP: -> 2013-03-02 08:34 - 024576 _restore{3D0D144D-5C6C-4EF5-A3FD-E6CEB2D37281}\RP439 </p><p></p><p>RP: -> 2013-02-28 13:24 - 024576 _restore{3D0D144D-5C6C-4EF5-A3FD-E6CEB2D37281}\RP438 </p><p></p><p>RP: -> 2013-02-26 08:48 - 024576 _restore{3D0D144D-5C6C-4EF5-A3FD-E6CEB2D37281}\RP437 </p><p></p><p>RP: -> 2013-02-24 15:54 - 024576 _restore{3D0D144D-5C6C-4EF5-A3FD-E6CEB2D37281}\RP436 </p><p></p><p></p><p>==================== Memory info =========================== </p><p></p><p>Percentage of memory in use: 14%</p><p>Total physical RAM: 1919.22 MB</p><p>Available physical RAM: 1649.11 MB</p><p>Total Pagefile: 1750.61 MB</p><p>Available Pagefile: 1688.59 MB</p><p>Total Virtual: 2047.88 MB</p><p>Available Virtual: 1986.02 MB</p><p></p><p>==================== Drives ================================</p><p></p><p>Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS</p><p>Drive c: () (Fixed) (Total:149.04 GB) (Free:106.5 GB) NTFS ==>[Drive with boot components (Windows XP)]</p><p>Drive d: (HITMANPRO) (Removable) (Total:7.44 GB) (Free:7.42 GB) FAT32</p><p>Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS</p><p></p><p>==================== MBR & Partition Table ==================</p><p></p><p>========================================================</p><p>Disk: 0 (MBR Code: Windows XP) (Size: 149 GB) (Disk ID: F433F433)</p><p>Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)</p><p></p><p>========================================================</p><p>Disk: 1 (Size: 7 GB) (Disk ID: FAD5A12A)</p><p>Partition 1: (Active) - (Size=7 GB) - (Type=0B)</p><p></p><p>==================== End Of Log ============================</p><p></p><p>Again - many thanks <img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite109" alt=":)" title="Smile :)" loading="lazy" data-shortname=":)" /></p></blockquote><p></p>
[QUOTE="echium, post: 123309, member: 8694"] Hi Fiery - many thanks for your welcome. I really do appreciate your attempt to help. I appreciate the dangers involved and have backed up all my data. Since my first post I have purchased a flash drive. I tried Hitmanpro in it, but none of the three options offered worked. I left the first option (ie bypass) for an hour in case Hitman was scanning the whole disk. However I have just tried your suggestion above. And am delighted to say that I managed to get a log - attached below. If necessary I am quite willing to remove the offending bits by hand - including those in the registry (I have done this before) but I have no idea how to access the registry or some other areas, which don't show up in Windows 8 explorer. The log:- Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-06-2013 03 Ran by SYSTEM on 02-06-2013 22:19:31 Running from D:\ Microsoft Windows XP (X86) OS Language: English(US) Internet Explorer Version 8 Boot Mode: Recovery The current controlset is ControlSet001 [b]ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and Addition.txt log.[/b] ==================== Registry (Whitelisted) ================== HKLM\...\Run: [VTTimer] VTTimer.exe [x] HKLM\...\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe [376912 2003-01-27] (BroadJump, Inc.) HKLM\...\Run: [Broadbandadvisor.exe] "C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" /AUTORUN [2061552 2007-08-07] (Virgin Broadband) HKLM\...\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY [3147384 2012-12-10] (AVG Technologies CZ, s.r.o.) HKU\Peter\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] C:\Documents and Settings\Peter\My Documents\139d2e78.exe [ 2013-05-31] (Adobe Systems Incorporated) HKU\Peter\...\Winlogon: [Shell] cmd.exe [ 2008-04-13] (Microsoft Corporation) <==== ATTENTION Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Exif Launcher 2.lnk ShortcutTarget: Exif Launcher 2.lnk -> C:\Program Files\FinePixViewer\QuickDCF2.exe (FUJI PHOTO FILM CO., LTD.) Startup: C:\Documents and Settings\Peter\Start Menu\Programs\Startup\Launch Internet Explorer Browser.lnk ShortcutTarget: Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) Startup: C:\Documents and Settings\Peter\Start Menu\Programs\Startup\Outlook Express.lnk ShortcutTarget: Outlook Express.lnk -> C:\Program Files\Outlook Express\msimn.exe (Microsoft Corporation) BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2013\avgrsx.exe /sync /restart ========================== Services (Whitelisted) ================= S2 AVGIDSAgent; C:\Program Files\AVG\AVG2013\avgidsagent.exe [5814904 2012-11-15] (AVG Technologies CZ, s.r.o.) S2 avgwd; C:\Program Files\AVG\AVG2013\avgwdsvc.exe [196664 2012-10-22] (AVG Technologies CZ, s.r.o.) S2 bgsvcgen; C:\WINDOWS\system32\bgsvcgen.exe [86016 2005-04-30] (B.H.A Corporation) S2 gupdate1c9aa80b3607a30; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-03-21] (Google Inc.) S2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation) S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe [3004416 2007-11-07] (Microsoft Corporation) S3 AppMgmt; %SystemRoot%\System32\appmgmts.dll [x] S4 HidServ; %SystemRoot%\System32\hidserv.dll [x] ==================== Drivers (Whitelisted) ==================== S1 AmdK8; C:\Windows\System32\DRIVERS\AmdK8.sys [36864 2006-06-18] (Advanced Micro Devices) S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [179936 2012-10-22] (AVG Technologies CZ, s.r.o. ) S0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [55776 2012-10-14] (AVG Technologies CZ, s.r.o. ) S1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [19936 2012-09-20] (AVG Technologies CZ, s.r.o. ) S1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [159712 2012-10-01] (AVG Technologies CZ, s.r.o.) S0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [177376 2012-09-20] (AVG Technologies CZ, s.r.o.) S0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [94048 2012-11-15] (AVG Technologies CZ, s.r.o.) S0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [35552 2012-09-13] (AVG Technologies CZ, s.r.o.) S1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [164832 2012-09-20] (AVG Technologies CZ, s.r.o.) S1 Cdr4_xp; C:\Windows\System32\Drivers\Cdr4_xp.sys [64208 2003-01-13] (Roxio) S1 Cdralw2k; C:\Windows\System32\Drivers\Cdralw2k.sys [24839 2003-01-13] (Roxio) S1 cdudf_xp; C:\Windows\System32\Drivers\cdudf_xp.sys [249344 2003-01-13] (Roxio) S3 dvd_2K; C:\Windows\System32\Drivers\dvd_2K.sys [21654 2003-01-13] (Roxio) S3 FETND5BV; C:\Windows\System32\DRIVERS\fetnd5bv.sys [42496 2004-12-16] (VIA Technologies, Inc. ) S3 FETNDIS; C:\Windows\System32\DRIVERS\fetnd5.sys [27165 2001-08-17] (VIA Technologies, Inc. ) S3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [144384 2008-04-13] (Windows (R) Server 2003 DDK provider) S3 mmc_2K; C:\Windows\System32\Drivers\mmc_2K.sys [22758 2003-01-13] (Roxio) S3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-14] () S1 pwd_2k; C:\Windows\System32\Drivers\pwd_2k.sys [118422 2003-01-13] (Roxio) S3 S3GIGP; C:\Windows\System32\DRIVERS\S3gIGPm.sys [659456 2006-09-11] (S3 Graphics Co., Ltd.) S1 UdfReadr_xp; C:\Windows\System32\Drivers\UdfReadr_xp.sys [206464 2003-01-13] (Roxio) S0 videX32; C:\Windows\System32\DRIVERS\videX32.sys [9216 2006-10-22] (VIA Technologies, Inc.) S4 Abiosdsk; No ImagePath S4 abp480n5; No ImagePath S4 adpu160m; No ImagePath S4 Aha154x; No ImagePath S4 aic78u2; No ImagePath S4 aic78xx; No ImagePath S4 AliIde; No ImagePath S4 amsint; No ImagePath S4 asc; No ImagePath S4 asc3350p; No ImagePath S4 asc3550; No ImagePath S4 Atdisk; No ImagePath S4 cd20xrnt; No ImagePath S1 Changer; No ImagePath S4 CmdIde; No ImagePath S4 Cpqarray; No ImagePath S4 dac2w2k; No ImagePath S4 dac960nt; No ImagePath S4 dpti2o; No ImagePath S4 hpn; No ImagePath S1 i2omgmt; No ImagePath S4 i2omp; No ImagePath S4 ini910u; No ImagePath S4 IntelIde; No ImagePath S1 lbrtfdc; No ImagePath S4 mraid35x; No ImagePath S1 PCIDump; No ImagePath S3 PDCOMP; No ImagePath S3 PDFRAME; No ImagePath S3 PDRELI; No ImagePath S3 PDRFRAME; No ImagePath S4 perc2; No ImagePath S4 perc2hib; No ImagePath S4 ql1080; No ImagePath S4 Ql10wnt; No ImagePath S4 ql12160; No ImagePath S4 ql1240; No ImagePath S4 ql1280; No ImagePath S2 RPSKT; system32\DRIVERS\rp_skt32.sys [x] S4 Simbad; No ImagePath S4 Sparrow; No ImagePath S4 symc810; No ImagePath S4 symc8xx; No ImagePath S4 sym_hi; No ImagePath S4 sym_u3; No ImagePath S4 TosIde; No ImagePath S4 ultra; No ImagePath S3 WDICA; No ImagePath S1 WS2IFSL; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-06-02 22:19 - 2013-06-02 22:19 - 00000000 ____D C:\FRST 2013-06-02 10:19 - 2013-06-02 10:19 - 00004850 ____A C:\Windows\setupapi.log 2013-05-31 07:13 - 2013-05-31 07:13 - 00116787 ____A C:\Documents and Settings\Peter\Application Data\2433f433 2013-05-31 07:13 - 2013-05-31 07:13 - 00116760 ____A C:\Documents and Settings\Peter\Local Settings\Application Data\2433f433 2013-05-31 07:13 - 2013-05-31 07:13 - 00116752 ____A C:\Documents and Settings\All Users\Application Data\2433f433 2013-05-31 07:13 - 2013-05-31 07:13 - 00043520 ____A (Adobe Systems Incorporated) C:\Documents and Settings\Peter\My Documents\139d2e78.exe 2013-05-31 07:13 - 2013-05-31 07:13 - 00043520 ____A (Adobe Systems Incorporated) C:\Documents and Settings\Peter\My Documents\139d2e78.dll ==================== One Month Modified Files and Folders ======== 2013-06-02 22:19 - 2013-06-02 22:19 - 00000000 ____D C:\FRST 2013-06-02 12:25 - 2008-01-30 05:24 - 00000278 __ASH C:\Documents and Settings\Peter\ntuser.ini 2013-06-02 12:25 - 2008-01-30 05:21 - 00032590 ____A C:\Windows\SchedLgU.Txt 2013-06-02 12:25 - 2008-01-30 05:21 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-06-02 12:25 - 2008-01-30 05:16 - 01416166 ____A C:\Windows\WindowsUpdate.log 2013-06-02 11:53 - 2009-07-01 04:27 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-06-02 11:30 - 2009-07-01 04:27 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-06-02 11:30 - 2008-01-30 05:41 - 00000412 ____A C:\Windows\Tasks\Symantec NetDetect.job 2013-06-02 11:29 - 2008-01-30 05:24 - 00000062 __ASH C:\Documents and Settings\Peter\Local Settings\desktop.ini 2013-06-02 11:29 - 2008-01-30 05:21 - 00000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini 2013-06-02 11:29 - 2008-01-30 05:19 - 00000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini 2013-06-02 10:19 - 2013-06-02 10:19 - 00004850 ____A C:\Windows\setupapi.log 2013-06-02 05:19 - 2006-02-28 08:00 - 00013646 ____A C:\Windows\System32\wpa.dbl 2013-06-01 15:37 - 2008-11-23 16:55 - 00000000 ____D C:\Utilities 2013-05-31 07:19 - 2008-01-30 05:04 - 00000216 ____A C:\Windows\wiadebug.log 2013-05-31 07:19 - 2008-01-30 05:04 - 00000049 ____A C:\Windows\wiaservc.log 2013-05-31 07:13 - 2013-05-31 07:13 - 00116787 ____A C:\Documents and Settings\Peter\Application Data\2433f433 2013-05-31 07:13 - 2013-05-31 07:13 - 00116760 ____A C:\Documents and Settings\Peter\Local Settings\Application Data\2433f433 2013-05-31 07:13 - 2013-05-31 07:13 - 00116752 ____A C:\Documents and Settings\All Users\Application Data\2433f433 2013-05-31 07:13 - 2013-05-31 07:13 - 00043520 ____A (Adobe Systems Incorporated) C:\Documents and Settings\Peter\My Documents\139d2e78.exe 2013-05-31 07:13 - 2013-05-31 07:13 - 00043520 ____A (Adobe Systems Incorporated) C:\Documents and Settings\Peter\My Documents\139d2e78.dll 2013-05-31 07:05 - 2008-03-03 13:37 - 00008312 ____A C:\Windows\I_VIEW32.INI 2013-05-31 06:09 - 2008-02-02 11:55 - 00007436 ____A C:\Windows\123R4.INI 2013-05-31 04:52 - 2010-11-11 06:17 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MFAData 2013-05-30 17:17 - 2008-02-03 10:12 - 00000090 ____A C:\Windows\CIV.INI 2013-05-30 14:42 - 2013-04-01 18:13 - 00000000 ____D C:\Winda 2013-05-16 15:06 - 2008-11-23 16:56 - 00000000 ____D C:\Program Files\DOSBox-0.72 2013-05-06 15:04 - 2008-02-02 09:02 - 00000000 ____D C:\1 2013-05-05 17:37 - 2008-03-02 15:30 - 00000000 ____D C:\Documents and Settings\Peter\My Documents\Elliot Financial ==================== Known DLLs (Whitelisted) ============ ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points (XP) ===================== RP: -> 2013-06-02 12:13 - 024576 _restore{3D0D144D-5C6C-4EF5-A3FD-E6CEB2D37281}\RP469 RP: -> 2013-05-28 15:01 - 024576 _restore{3D0D144D-5C6C-4EF5-A3FD-E6CEB2D37281}\RP468 RP: -> 2013-05-15 15:07 - 024576 _restore{3D0D144D-5C6C-4EF5-A3FD-E6CEB2D37281}\RP467 RP: -> 2013-04-28 06:21 - 024576 _restore{3D0D144D-5C6C-4EF5-A3FD-E6CEB2D37281}\RP466 RP: -> 2013-04-26 13:00 - 024576 _restore{3D0D144D-5C6C-4EF5-A3FD-E6CEB2D37281}\RP465 RP: -> 2013-04-22 05:39 - 024576 _restore{3D0D144D-5C6C-4EF5-A3FD-E6CEB2D37281}\RP464 RP: -> 2013-04-20 08:25 - 024576 _restore{3D0D144D-5C6C-4EF5-A3FD-E6CEB2D37281}\RP463 RP: -> 2013-04-19 06:21 - 024576 _restore{3D0D144D-5C6C-4EF5-A3FD-E6CEB2D37281}\RP462 RP: -> 2013-04-18 06:13 - 024576 _restore{3D0D144D-5C6C-4EF5-A3FD-E6CEB2D37281}\RP461 RP: -> 2013-04-17 06:04 - 024576 _restore{3D0D144D-5C6C-4EF5-A3FD-E6CEB2D37281}\RP460 RP: -> 2013-04-16 05:57 - 024576 _restore{3D0D144D-5C6C-4EF5-A3FD-E6CEB2D37281}\RP459 RP: -> 2013-04-14 11:16 - 024576 _restore{3D0D144D-5C6C-4EF5-A3FD-E6CEB2D37281}\RP458 RP: -> 2013-04-11 17:29 - 024576 _restore{3D0D144D-5C6C-4EF5-A3FD-E6CEB2D37281}\RP457 RP: -> 2013-04-10 15:10 - 024576 _restore{3D0D144D-5C6C-4EF5-A3FD-E6CEB2D37281}\RP456 RP: -> 2013-04-08 06:20 - 024576 _restore{3D0D144D-5C6C-4EF5-A3FD-E6CEB2D37281}\RP455 RP: -> 2013-04-02 06:29 - 024576 _restore{3D0D144D-5C6C-4EF5-A3FD-E6CEB2D37281}\RP454 RP: -> 2013-03-30 11:30 - 024576 _restore{3D0D144D-5C6C-4EF5-A3FD-E6CEB2D37281}\RP453 RP: -> 2013-03-28 09:13 - 024576 _restore{3D0D144D-5C6C-4EF5-A3FD-E6CEB2D37281}\RP452 RP: -> 2013-03-24 12:32 - 024576 _restore{3D0D144D-5C6C-4EF5-A3FD-E6CEB2D37281}\RP451 RP: -> 2013-03-23 12:20 - 024576 _restore{3D0D144D-5C6C-4EF5-A3FD-E6CEB2D37281}\RP450 RP: -> 2013-03-21 11:33 - 024576 _restore{3D0D144D-5C6C-4EF5-A3FD-E6CEB2D37281}\RP449 RP: -> 2013-03-18 07:27 - 024576 _restore{3D0D144D-5C6C-4EF5-A3FD-E6CEB2D37281}\RP448 RP: -> 2013-03-15 07:24 - 024576 _restore{3D0D144D-5C6C-4EF5-A3FD-E6CEB2D37281}\RP447 RP: -> 2013-03-13 12:25 - 024576 _restore{3D0D144D-5C6C-4EF5-A3FD-E6CEB2D37281}\RP446 RP: -> 2013-03-12 07:53 - 024576 _restore{3D0D144D-5C6C-4EF5-A3FD-E6CEB2D37281}\RP445 RP: -> 2013-03-11 07:31 - 024576 _restore{3D0D144D-5C6C-4EF5-A3FD-E6CEB2D37281}\RP444 RP: -> 2013-03-09 09:25 - 024576 _restore{3D0D144D-5C6C-4EF5-A3FD-E6CEB2D37281}\RP443 RP: -> 2013-03-08 09:16 - 024576 _restore{3D0D144D-5C6C-4EF5-A3FD-E6CEB2D37281}\RP442 RP: -> 2013-03-07 09:04 - 024576 _restore{3D0D144D-5C6C-4EF5-A3FD-E6CEB2D37281}\RP441 RP: -> 2013-03-06 08:14 - 024576 _restore{3D0D144D-5C6C-4EF5-A3FD-E6CEB2D37281}\RP440 RP: -> 2013-03-02 08:34 - 024576 _restore{3D0D144D-5C6C-4EF5-A3FD-E6CEB2D37281}\RP439 RP: -> 2013-02-28 13:24 - 024576 _restore{3D0D144D-5C6C-4EF5-A3FD-E6CEB2D37281}\RP438 RP: -> 2013-02-26 08:48 - 024576 _restore{3D0D144D-5C6C-4EF5-A3FD-E6CEB2D37281}\RP437 RP: -> 2013-02-24 15:54 - 024576 _restore{3D0D144D-5C6C-4EF5-A3FD-E6CEB2D37281}\RP436 ==================== Memory info =========================== Percentage of memory in use: 14% Total physical RAM: 1919.22 MB Available physical RAM: 1649.11 MB Total Pagefile: 1750.61 MB Available Pagefile: 1688.59 MB Total Virtual: 2047.88 MB Available Virtual: 1986.02 MB ==================== Drives ================================ Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS Drive c: () (Fixed) (Total:149.04 GB) (Free:106.5 GB) NTFS ==>[Drive with boot components (Windows XP)] Drive d: (HITMANPRO) (Removable) (Total:7.44 GB) (Free:7.42 GB) FAT32 Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows XP) (Size: 149 GB) (Disk ID: F433F433) Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 7 GB) (Disk ID: FAD5A12A) Partition 1: (Active) - (Size=7 GB) - (Type=0B) ==================== End Of Log ============================ Again - many thanks :) [/QUOTE]
Insert quotes…
Verification
Post reply
Top
