BloodCaramel

They're all clean but still waiting for the "OK" to rescan with JRT and/or AdwareCleaner

Turned out clean so far. Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.org Database version: v2013.09.15.02 Windows 7 Service Pack 1 x64 NTFSInternet Explorer 9.0.8112.16421Dell :: RAVEN-LAPPY [administrator] 15/9/2013 8:37:01 PMmbam-log-2013-09-15 (20-37-01).txt Scan type: Full scan (C:\|D:\|E:\|)Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 473486Time elapsed: 1 hour(s), 56 minute(s), 9 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 0(No malicious items detected) (end)

Can I rescan with JRT/Adware Removal Tool (or both) after the full scan is done? Just to re-check if those adware leftovers are still there.

Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.09.15.02 Windows 7 Service Pack 1 x64 NTFSInternet Explorer 9.0.8112.16421Dell :: RAVEN-LAPPY [administrator] 15/9/2013 8:29:06 PMmbam-log-2013-09-15 (20-29-06).txt Scan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 246544Time elapsed: 7 minute(s), 23 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 0(No malicious items detected) (end)

AdwCleaner log(After the MBAM quick scan I'll do a full scan) # AdwCleaner v3.004 - Report created 15/09/2013 at 20:17:52# Updated 15/09/2013 by Xplode# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)# Username : Dell - RAVEN-LAPPY# Running from : C:\Users\Dell\Desktop\AdwCleaner.exe# Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** File Deleted : C:\Users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\7ahexzvh.default\bProtector_extensions.rdfFile Deleted : C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} ***** [ Browsers ] ***** -\\ Internet Explorer v9.0.8112.16506 -\\ Mozilla Firefox v14.0.1 (en-US) [ File : C:\Users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\7ahexzvh.default\prefs.js ] -\\ Google Chrome v [ File : C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [3196 octets] - [15/09/2013 20:16:42]AdwCleaner[s0].txt - [3153 octets] - [15/09/2013 20:17:52] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [3213 octets] ##########

JTR Log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 6.0.1 (09.15.2013:1)OS: Windows 7 Home Premium x64Ran by Dell on 15/09/2013 Sun at 20:03:10.85~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\delta.deltadskbndSuccessfully deleted: [Registry Key] HKEY_CLASSES_ROOT\delta.deltadskbnd.1Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{39CB8175-E224-4446-8746-00566302DF8D}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbarSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3209133794-2085109567-632560068-1001\Software\SweetIMSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\delta.deltaappcoreSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\delta.deltaappcore.1Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\delta.deltahlprSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\delta.deltahlpr.1Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\esrv.deltaesrvcSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\esrv.deltaesrvc.1Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancsSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askpartnercobrandingtool_rasapi32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askpartnercobrandingtool_rasmancsSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1ae46c09-2ab8-4ee5-88fb-08cd0ff7f2df}Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskSLib_RASAPI32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskSLib_RASMANCSSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskSLib_RASAPI32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskSLib_RASMANCS ~~~ Files Successfully deleted: [File] "C:\Users\Dell\appdata\local\google\chrome\user data\default\bprotectorpreferences" ~~~ Folders Successfully deleted: [Empty Folder] C:\Users\Dell\appdata\local\{0DC8479F-C61D-4B69-8379-3643E3A96CB2} ~~~ FireFox Successfully deleted the following from C:\Users\Dell\AppData\Roaming\mozilla\firefox\profiles\7ahexzvh.default\prefs.js ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on 15/09/2013 Sun at 20:11:46.58End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Hello???

What do I do with the current detection in Malwarebytes though? Do I "remove selected" before I do everything else?

Detected this a while ago (unsure how I've gotten it when I'm using an ad blocker that blocks all scripts even non ad-scripts unless I allow it) and a little bit worried about the private information regarding monetary stuff (like bank info card info etc) typed onto this computer a few hours ago (I even checked when the file was made but it said 2nd of february of 2013 which is unlikely since I scan with malwarebytes every weekend and that never turned up until now). Here's the log (DDS.txt and Attach.txt at the bottom) Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.org Database version: v2013.09.14.05 Windows 7 Service Pack 1 x64 NTFSInternet Explorer 9.0.8112.16421Dell :: RAVEN-LAPPY [administrator] 14/9/2013 10:33:04 PMMBAM-log-2013-09-15 (00-42-38).txt Scan type: Full scan (C:\|D:\|E:\|)Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 473647Time elapsed: 2 hour(s), 3 minute(s), 20 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 1C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences (PUP.Optional.BProtector.A) -> No action taken. (end) attach.txt dds.txt

Did an extra scan just in case and it turned out clean. Thank you very much for your help!

What of the quarantined files in the quarantine tab(in MBAM)?

Results of screen317's Security Check version 0.99.72 Windows XP Service Pack 3 x86 Internet Explorer 6 Out of date! ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Kaspersky Anti-Virus Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 Java 6 Update 3 Java version out of Date! Adobe Flash Player 9 Flash Player out of Date! Adobe Flash Player 11.7.700.224 Adobe Reader 9 Adobe Reader out of Date! Mozilla Firefox (Firefox.) Mozilla Thunderbird (2.0.0 Thunderbird out of Date! ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Trend Micro OfficeScan Client pccntmon.exe IObit IObit Malware Fighter IMFsrv.exe IObit IObit Malware Fighter IMF.exe Malwarebytes' Anti-Malware mbamscheduler.exe Trend Micro OfficeScan Client ntrtscan.exe Trend Micro OfficeScan Client tmlisten.exe Trend Micro OfficeScan Client OfcPfwSvc.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C:: 7% ````````````````````End of Log``````````````````````

# AdwCleaner v3.000 - Report created 21/08/2013 at 08:21:21 # Updated 20/08/2013 by Xplode # Operating System : Microsoft Windows XP Service Pack 3 (32 bits) # Username : user - HANGT # Running from : C:\Documents and Settings\user\Desktop\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\Program Files\utilitychest_49 Folder Deleted : C:\Documents and Settings\user\Application Data\utilitychest_49 Folder Deleted : C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\k0z8w3e2.default\Extensions\m3ffxtbr@mywebsearch.com ***** [ Shortcuts ] ***** ***** [ Registry ] ***** ***** [ Browsers ] ***** -\\ Internet Explorer v6.0.2900.5512 -\\ Mozilla Firefox v22.0 (en-US) [ File : C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\k0z8w3e2.default\prefs.js ] Line Deleted : user_pref("dom.ipc.plugins.enabled.npmywebs.dll", false); Line Deleted : user_pref("extensions.enabledAddons", "m3ffxtbr%40mywebsearch.com:1.2,%7Bb9bfaf1c-a63f-47cd-8b9a-29526ced9060%7D:1.6.5,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0"); Line Deleted : user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{20a82645-c095-46ed-80e3-08825760534b}\":{\"descriptor\":\"C:\\\\WINDOWS\\\\Microsoft.NET\\\\Framework\\\\v3.5\\\\W[...] ************************* AdwCleaner[R0].txt - [1687 octets] - [21/08/2013 04:45:29] AdwCleaner[R1].txt - [1747 octets] - [21/08/2013 05:10:53] AdwCleaner[R2].txt - [1807 octets] - [21/08/2013 08:20:21] AdwCleaner[s0].txt - [1746 octets] - [21/08/2013 08:21:21] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1806 octets] ##########

You said "Copy and paste the contents of that logfile in your next reply." so, # AdwCleaner v3.000 - Report created 21/08/2013 at 05:10:53 # Updated 20/08/2013 by Xplode # Operating System : Microsoft Windows XP Service Pack 3 (32 bits) # Username : user - HANGT # Running from : C:\Documents and Settings\user\Desktop\AdwCleaner.exe # Option : Scan ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Found : C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\k0z8w3e2.default\Extensions\m3ffxtbr@mywebsearch.com Folder Found C:\Documents and Settings\user\Application Data\utilitychest_49 Folder Found C:\Program Files\utilitychest_49 ***** [ Shortcuts ] ***** ***** [ Registry ] ***** ***** [ Browsers ] ***** -\\ Internet Explorer v6.0.2900.5512 -\\ Mozilla Firefox v22.0 (en-US) [ File : C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\k0z8w3e2.default\prefs.js ] Line Found : user_pref("dom.ipc.plugins.enabled.npmywebs.dll", false); Line Found : user_pref("extensions.enabledAddons", "m3ffxtbr%40mywebsearch.com:1.2,%7Bb9bfaf1c-a63f-47cd-8b9a-29526ced9060%7D:1.6.5,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0"); Line Found : user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{20a82645-c095-46ed-80e3-08825760534b}\":{\"descriptor\":\"C:\\\\WINDOWS\\\\Microsoft.NET\\\\Framework\\\\v3.5\\\\W[...] ************************* AdwCleaner[R0].txt - [1687 octets] - [21/08/2013 04:45:29] AdwCleaner[R1].txt - [1607 octets] - [21/08/2013 05:10:53] ########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [1667 octets] ##########

The log came out clean. mbam-log-2013-08-20 (17-17-04).txt

Found nothing. What about full scan? mbam-log-2013-08-20 (14-57-34).txt

Here's the log ComboFix.txt

Can't fully access the link to the combofix instructions. Everytime I try, even after restarting, IE freezes it after some time loading it, it's the only page that freezes while other pages(like this forum) still function.

The automatic updates still doesn't allow me to do any selection. I did go to the windows update site however(a lot of things to download that my father neglected to). Do I continue on with the combofix first or the windows updates?

Automatic update wont allow me to do any selections, not even through the security center. Do I risk using the fix damage tool? system-log.txt mbar-log-2013-08-20 (04-39-46).txt mbar-log-2013-08-20 (06-10-57).txt

Roguekiller not working. A window popped up saying "not valid Win32 application".

Nevermind about the problem. Apparently the computer's antivirus caused the blue screen even though I thought I disabled some active guards that would've blocked the program when running(there's no disable option so I had to disable all the guards manually). attach.txt dds.txt

There's a problem using the ddr/dds file working on the computer. I downloaded the dds.com one and everytime I run it the computer kept giving me a blue screen.

My father's computer is currently infected by backdoor bot viruses, especially suspicious about the winlogon.exe(which could be a virus itself instead of the system file judging by my memory of going through google searches about it some months ago), possibly the same that infected this computer last year. Another problem I faced in this computer is the window box saying "16 bit MS-DOA Subsystem NTVDM CPU illegal instruction". I couldnt screenshot/physically photograph it nor rewrite what I saw as the start menu wouldn't function when the window appeared as well as other things not functioning(like being unable to use opened programs and unable to even open folders and files) and right now as I'm typing this, it has yet to occurr so I don't know what triggered it. The OS for this computer is an XP Professional Ver 2002 Service Pack 3. I'm currently using internet explorer as the computer doesnt have chrome and the firefox browser will not run. MBAM-log-2013-08-19 (13-12-35).txt

Um I'll repost again. Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Database version: v2012.10.17.12 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Dell :: RAVEN-LAPPY [administrator] 18/10/2012 6:35:34 AM mbam-log-2012-10-18 (06-35-34).txt Scan type: Full scan (C:\|D:\|E:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 436398 Time elapsed: 1 hour(s), 31 minute(s), 56 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)