Jump to content

celery

Honorary Members
 View Profile  See their activity

  • Posts

    22

  • Joined

  • Last visited

 Content Type 

Everything posted by celery

  1. celery
    Excellent. Just hearing that you think I'm malware free is a relief. I'll head over to look into it with the support team. Thank you so so much for all of your help
  2. celery
    Did it with the same results: Once mbam is installed my computer freezes--this time while mbam was updating the database (but it's different each time, once it fully installed, updated, and even appeared to run for a little while before my computer froze.) After this happens--with mbam on the computer-- if I power off and let the machine start in normal mode it freezes at the page where I select a windows user profile somewhere in the process of logging on as admin--I can't get in without it freezing. Restarted it in safe mode, removed mbam using add/remove, restarted in normal mode and here I am chugging along, apparently fine...
  3. celery
    (I am running Avast Free)
  4. celery
    I wish I was a little more chipper after HOURS of computer work...But... TWO freaking Windows re-installs (and lots of tears) later...I'm a)up and running (in normal mode even right now...) but b)unable to run malwarebytes without totally blitzing my computer. I guess I didn't fully reformat the first time which is why I did the OS reinstall again, but as far as I can tell I totally and completely and totally wiped it the last time. (I can give more of a play-by-play if necessary but there's the moral of the story--I deleted the partition the reinstalled fresh.) I decided purchasing mbam pro was probably a good idea at this point, but my computer doesn't seem to run with it installed (I had already installed it when it started crashing after reinstall #1, THEN installed again after OS reinstall #2 THEN recently uninstalled it in safe mode which is how I'm up and running right now as far as I can tell...) It's the only "common denominator" I can come up with...computer runs without, crashes (freezes) with... It doesn't inspire confidence in my computer and any assumptions about its health that it won't run with mbam on it... Any advice?
  5. celery
    Alright. I was afraid of that. I'll get right to it on Thur when I will have a chunk of time to devote to it. I'll let you know when I'm all clear. Thank you so much for all of your help.
  6. celery
    I do... (I back up most of my stuff on an external hard drive that is not connected--hasn't been for a long time-- so it can't be infected...I have some stuff on my computer that I don't want to lose that I haven't backed up yet. Can I move it to a thumb drive without fearing that the malware will then glom onto the thumb drive and then back onto my clean computer once I'm done and want to move it back?)
  7. celery
    Thanks! Farbar Service Scanner Version: 16-06-2013 Ran by Administrator (administrator) on 20-06-2013 at 18:59:51 Running from "C:\Documents and Settings\Administrator\My Documents\Downloads" Microsoft Windows XP Service Pack 2 (X64) Boot Mode: Network **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ System Restore Disabled Policy: ======================== Security Center: ============ wscsvc Service is not running. Checking service configuration: The start type of wscsvc service is OK. The ImagePath of wscsvc service is OK. The ServiceDll of wscsvc service is OK. File Check: ======== C:\WINDOWS\SysWOW64\dhcpcsvc.dll [2007-03-14 17:37] - [2007-02-18 08:00] - 0117248 ____A (Microsoft Corporation) 1201DF9A11FBB0F69EBD22E503D3BC87 ATTENTION!=====> C:\Windows\System32\drivers\afd.sys FILE IS MISSING AND SHOULD BE RESTORED. ATTENTION!=====> C:\WINDOWS\SysWOW64\Drivers\netbt.sys FILE IS MISSING AND SHOULD BE RESTORED. ATTENTION!=====> C:\Windows\System32\Drivers\tcpip.sys FILE IS MISSING AND SHOULD BE RESTORED. ATTENTION!=====> C:\WINDOWS\SysWOW64\Drivers\ipsec.sys FILE IS MISSING AND SHOULD BE RESTORED. ATTENTION!=====> C:\Windows\System32\dnsrslvr.dll FILE IS MISSING AND SHOULD BE RESTORED. C:\WINDOWS\SysWOW64\ipnathlp.dll [2007-03-14 17:37] - [2007-02-18 08:00] - 0343552 ____A (Microsoft Corporation) 27C6B8C2AFED21C10429A56DB95735F6 C:\WINDOWS\SysWOW64\netman.dll [2007-03-14 17:37] - [2007-02-18 08:00] - 0263680 ____A (Microsoft Corporation) 12BCFB57162AD17CEA545E362CD886A8 ATTENTION!=====> C:\WINDOWS\SysWOW64\wbem\WMIsvc.dll FILE IS MISSING AND SHOULD BE RESTORED. ATTENTION!=====> C:\WINDOWS\SysWOW64\srsvc.dll FILE IS MISSING AND SHOULD BE RESTORED. ATTENTION!=====> C:\WINDOWS\SysWOW64\Drivers\sr.sys FILE IS MISSING AND SHOULD BE RESTORED. ATTENTION!=====> C:\Windows\System32\wscsvc.dll FILE IS MISSING AND SHOULD BE RESTORED. ATTENTION!=====> C:\Windows\System32\wbem\WMIsvc.dll FILE IS MISSING AND SHOULD BE RESTORED. ATTENTION!=====> C:\Windows\System32\svchost.exe FILE IS MISSING AND SHOULD BE RESTORED. ATTENTION!=====> C:\Windows\System32\rpcss.dll FILE IS MISSING AND SHOULD BE RESTORED. ATTENTION!=====> C:\WINDOWS\SysWOW64\services.exe FILE IS MISSING AND SHOULD BE RESTORED. Extra List: ======= aswTdi(9) Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3) 0x09000000040000000100000002000000030000000900000008000000050000000600000007000000 IpSec Tag value is correct. **** End of log ****
  8. celery
    adwcleaner won't run. I'm not sure if you want me to run farbar without first running adwcleaner, so I'll wait before trying it. I downloaded adw sucessfully, clicked on it, chose "run" and it just doesn't open the program. My computer also did something it did when it was acting crazy when this all started where it sounds like the hard drive is spinning up really fast (or something to that effect but it starts making WAY more whirring noise than it ever does--no CD in the CD drive but it is almost as loud as it spinning up a CD) Not hardly anything running in task manager. (And actually whatever that is is happening again right now which makes me want to shut down cause it doesn't sound good for the computer...) I tried to restart when it was ramping up before and it did a funny abbreviated restart where it never really shut down at all. I'm getting really discouraged! I'm really grateful for your patience and help though!
  9. celery
    My computer froze up part way through the first scan (in safe mode) and I had to power off (I even left it for hours in hopes that it would stop being so incorrigible, but no luck there.) I started back up in safe mode and had to re-update the program and then ran a scan which came up clean. Ugh. Do you think throwing the computer might help? Here are the logs: Malwarebytes Anti-Rootkit BETA 1.06.0.1003 www.malwarebytes.org Database version: v2013.06.19.09 Windows XP Service Pack 2 x64 NTFS (Safe Mode/Networking) Internet Explorer 7.0.5730.13 Administrator :: DHGXTRH1 [administrator] 6/19/2013 3:47:22 PM mbar-log-2013-06-19 (15-47-22).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P Scan options disabled: Deep Anti-Rootkit Scan | PUP Objects scanned: 240439 Time elapsed: 4 minute(s), 13 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) Physical Sectors Detected: 0 (No malicious items detected) (end) And the other log that is in there from the same time... Malwarebytes Anti-Rootkit BETA 1.06.0.1003 © Malwarebytes Corporation 2011-2012 OS version: 5.2.3790 Windows XP Service Pack 2 x64 System is currently in a safe mode Account is Administrative Internet Explorer version: 7.0.5730.13 Java version: 1.6.0_33 File system is: NTFS Disk drives: C:\ DRIVE_FIXED CPU speed: 2.660000 GHz Memory total: 4225052672, free: 3503001600 Could not load protection driver Downloaded database version: v2013.06.19.04 Downloaded database version: v2013.05.22.01 Initializing... ------------ Kernel report ------------ 06/19/2013 10:15:29 ------------ Loaded modules ----------- \WINDOWS\system32\ntoskrnl.exe \WINDOWS\system32\hal.dll \WINDOWS\system32\KDCOM.DLL \WINDOWS\system32\BOOTVID.dll ACPI.sys \WINDOWS\system32\DRIVERS\WMILIB.SYS pci.sys isapnp.sys MountMgr.sys ftdisk.sys dmload.sys dmio.sys volsnap.sys PartMgr.sys iaStor.sys disk.sys \WINDOWS\system32\DRIVERS\CLASSPNP.SYS fltMgr.sys sr.sys KSecDD.sys Ntfs.sys NDIS.sys Mup.sys crcdisk.sys \SystemRoot\system32\DRIVERS\usbuhci.sys \SystemRoot\system32\DRIVERS\USBPORT.SYS \SystemRoot\system32\DRIVERS\usbehci.sys \SystemRoot\system32\DRIVERS\HDAudBus.sys \SystemRoot\system32\DRIVERS\b57amd64.sys \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\DRIVERS\psched.sys \SystemRoot\system32\DRIVERS\msgpc.sys \SystemRoot\system32\DRIVERS\ptilink.sys \SystemRoot\system32\DRIVERS\raspti.sys \SystemRoot\system32\DRIVERS\rdpdr.sys \SystemRoot\system32\DRIVERS\termdd.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\DRIVERS\swenum.sys \SystemRoot\system32\DRIVERS\ks.sys \SystemRoot\system32\DRIVERS\update.sys \SystemRoot\system32\DRIVERS\mssmbios.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\System32\Drivers\Fs_Rec.SYS \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\rasacd.sys \SystemRoot\system32\DRIVERS\ipsec.sys \SystemRoot\system32\DRIVERS\tcpip.sys \SystemRoot\system32\DRIVERS\ipnat.sys \SystemRoot\system32\DRIVERS\netbt.sys \SystemRoot\System32\Drivers\aswRdr.SYS \SystemRoot\System32\drivers\afd.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\System32\Drivers\Cdfs.SYS \SystemRoot\system32\DRIVERS\hidusb.sys \SystemRoot\system32\DRIVERS\HIDCLASS.SYS \SystemRoot\system32\DRIVERS\HIDPARSE.SYS \SystemRoot\system32\DRIVERS\kbdhid.sys \SystemRoot\system32\DRIVERS\mouhid.sys \SystemRoot\System32\Drivers\dump_iaStor.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\System32\drivers\dxg.sys \SystemRoot\System32\framebuf.dll \SystemRoot\System32\ATMFD.DLL \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\srv.sys \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys \WINDOWS\system32\ntdll.dll ----------- End ----------- Done! <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xfffffadf9e066100 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IAAStorageDevice-1\ Lower Device Object: 0xfffffadf9e067050 Lower Device Driver Name: \Driver\iaStor\ <<<2>>> Device number: 0, partition: 2 Physical Sector Size: 512 Drive: 0, DevicePointer: 0xfffffadf9e066100, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffadf9e065040, DeviceName: Unknown, DriverName: \Driver\PartMgr\ DevicePointer: 0xfffffadf9e066100, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffadf9e067050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> Device number: 0, partition: 2 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\WINDOWS\system32\drivers... <<<2>>> Device number: 0, partition: 2 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes The directory C:\WINDOWS\system32\drivers seems inaccessible or encrypted. Drivers scan is aborted. Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: ECAB17E Partition information: Partition 0 type is Other (0xde) Partition is NOT ACTIVE. Partition starts at LBA: 63 Numsec = 128457 Partition 1 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 128520 Numsec = 312367860 Partition file system is NTFS Partition is bootable Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 160000000000 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-62-312480000-312500000)... Done! --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.06.0.1003 © Malwarebytes Corporation 2011-2012 OS version: 5.2.3790 Windows XP Service Pack 2 x64 System is currently in a safe mode Account is Administrative Internet Explorer version: 7.0.5730.13 Java version: 1.6.0_33 File system is: NTFS Disk drives: C:\ DRIVE_FIXED CPU speed: 2.660000 GHz Memory total: 4225052672, free: 3606900736 Could not load protection driver Downloaded database version: v2013.06.19.09 Downloaded database version: v2013.05.22.01 Initializing... ------------ Kernel report ------------ 06/19/2013 15:47:17 ------------ Loaded modules ----------- \WINDOWS\system32\ntoskrnl.exe \WINDOWS\system32\hal.dll \WINDOWS\system32\KDCOM.DLL \WINDOWS\system32\BOOTVID.dll ACPI.sys \WINDOWS\system32\DRIVERS\WMILIB.SYS pci.sys isapnp.sys MountMgr.sys ftdisk.sys dmload.sys dmio.sys volsnap.sys PartMgr.sys iaStor.sys disk.sys \WINDOWS\system32\DRIVERS\CLASSPNP.SYS fltMgr.sys sr.sys KSecDD.sys Ntfs.sys NDIS.sys Mup.sys crcdisk.sys \SystemRoot\system32\DRIVERS\usbuhci.sys \SystemRoot\system32\DRIVERS\USBPORT.SYS \SystemRoot\system32\DRIVERS\usbehci.sys \SystemRoot\system32\DRIVERS\HDAudBus.sys \SystemRoot\system32\DRIVERS\b57amd64.sys \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\DRIVERS\psched.sys \SystemRoot\system32\DRIVERS\msgpc.sys \SystemRoot\system32\DRIVERS\ptilink.sys \SystemRoot\system32\DRIVERS\raspti.sys \SystemRoot\system32\DRIVERS\rdpdr.sys \SystemRoot\system32\DRIVERS\termdd.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\DRIVERS\swenum.sys \SystemRoot\system32\DRIVERS\ks.sys \SystemRoot\system32\DRIVERS\update.sys \SystemRoot\system32\DRIVERS\mssmbios.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\System32\Drivers\Fs_Rec.SYS \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\rasacd.sys \SystemRoot\system32\DRIVERS\ipsec.sys \SystemRoot\system32\DRIVERS\tcpip.sys \SystemRoot\system32\DRIVERS\ipnat.sys \SystemRoot\system32\DRIVERS\netbt.sys \SystemRoot\System32\Drivers\aswRdr.SYS \SystemRoot\System32\drivers\afd.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\System32\Drivers\Cdfs.SYS \SystemRoot\system32\DRIVERS\hidusb.sys \SystemRoot\system32\DRIVERS\HIDCLASS.SYS \SystemRoot\system32\DRIVERS\HIDPARSE.SYS \SystemRoot\system32\DRIVERS\kbdhid.sys \SystemRoot\system32\DRIVERS\mouhid.sys \SystemRoot\System32\Drivers\dump_iaStor.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\System32\drivers\dxg.sys \SystemRoot\System32\framebuf.dll \SystemRoot\System32\ATMFD.DLL \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\srv.sys \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys \WINDOWS\system32\ntdll.dll ----------- End ----------- Done! <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xfffffadf9de5e060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IAAStorageDevice-1\ Lower Device Object: 0xfffffadf9e0cc050 Lower Device Driver Name: \Driver\iaStor\ <<<2>>> Device number: 0, partition: 2 Physical Sector Size: 512 Drive: 0, DevicePointer: 0xfffffadf9de5e060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffadf9e1e9510, DeviceName: Unknown, DriverName: \Driver\PartMgr\ DevicePointer: 0xfffffadf9de5e060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffadf9e0cc050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> Device number: 0, partition: 2 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\WINDOWS\system32\drivers... <<<2>>> Device number: 0, partition: 2 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes The directory C:\WINDOWS\system32\drivers seems inaccessible or encrypted. Drivers scan is aborted. Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: ECAB17E Partition information: Partition 0 type is Other (0xde) Partition is NOT ACTIVE. Partition starts at LBA: 63 Numsec = 128457 Partition 1 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 128520 Numsec = 312367860 Partition file system is NTFS Partition is bootable Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 160000000000 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-62-312480000-312500000)... Done! Scan finished ======================================= Removal queue found; removal started Removing c:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\mbr_0_i.mbam... Removing c:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\bootstrap_0_1_128520_i.mbam... Removing c:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\mbr_0_r.mbam... Removal finished
  10. celery
    It doesn't appear to do much of anything when I enter that into the run box...
  11. celery
    Alright, so I ran TFC and it restarted my computer. I tried to let it start in normal mode and the same thing that has been happening happened again: my machine starts to start up but then it just totally stops and hangs indefinitely before I can even log in as admin. So it was part way through reloading my preferences when it just stopped indefinitely. Soooo I powered off and restarted in safe mode, updated and ran malwarebytes and didn't turn up the trojan.agent for once at least! The scan was clean but I'll post the log. Should I run the TFC again and restart in safe mode? Something else? MBAM log: Malwarebytes Anti-Malware (Trial) 1.75.0.1300 www.malwarebytes.org Database version: v2013.06.17.03 Windows XP Service Pack 2 x64 NTFS (Safe Mode/Networking) Internet Explorer 7.0.5730.13 Administrator :: DHGXTRH1 [administrator] Protection: Disabled 6/17/2013 8:55:47 AM mbam-log-2013-06-17 (08-55-47).txt Scan type: Full scan (C:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 295055 Time elapsed: 18 minute(s), 10 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  12. celery
    Thank you! Here's what it found: C:\Documents and Settings\Administrator\Application Data\AVG\Rescue\PC Tuneup 2011\101101103406953.rsc multiple threats deleted - quarantined C:\Documents and Settings\Administrator\Local Settings\Temp\9dg448Ld.exe.part a variant of Win32/Adware.iBryte.G application cleaned by deleting - quarantined C:\Documents and Settings\Administrator\Local Settings\Temp\ApnStub.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined C:\Documents and Settings\Administrator\Local Settings\Temp\jNR_LgLp.exe.part Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined C:\Documents and Settings\Administrator\Local Settings\Temp\MFFFLC6L.exe.part Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined C:\Documents and Settings\Administrator\Local Settings\Temp\TjgDdkk5.exe.part a variant of Win32/Adware.iBryte.G application cleaned by deleting - quarantined C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SR87YTE9\ApnToolbarInstaller[1].exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined C:\Documents and Settings\Administrator\My Documents\Downloads\ADLSoft_UnCompressor_v2_3.exe a variant of Win32/InstallCore.AG application cleaned by deleting - quarantined C:\Documents and Settings\Administrator\My Documents\Downloads\iLividSetup.exe Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined C:\RECYCLER\S-1-5-21-2395821413-623369263-3516568228-500\Dc281.exe Win32/Adware.RK.AQ application cleaned by deleting - quarantined
  13. celery
    combofix isn't available for Windows XP 64-bit.
  14. celery
    This feels a little like going to the dentist where you're afraid he's going to yell at you for not flossing and tell you you have 10 cavities, but I'm grateful for the help anyway I did get this warning the first time I tried to scan, but it seems like the second time worked fine here's about what the warning said "Autolt Error Line 14084 (blabladirectory the program saved to.exe) Error: Variable used without being declared"
  15. celery
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-06-2013 Ran by Administrator at 2013-06-14 00:07:19 Run: Running from C:\Documents and Settings\Administrator\My Documents\Downloads Boot Mode: Safe Mode (with Networking) ========================================================== ==================== Installed Programs ======================= 7-Zip 9.22beta Adobe AIR (Version: 2.5.0.16600) Adobe Flash Player 10 Plugin 64-bit (Version: 10.2.161.23) Adobe Flash Player 11 ActiveX (Version: 11.7.700.202) Adobe Flash Player 11 Plugin (Version: 11.7.700.202) Amazon MP3 Downloader 1.0.3 Apple Application Support (Version: 1.4.1) Apple Software Update (Version: 2.1.1.116) Ask Toolbar (Version: 1.15.2.0) Ask Toolbar Updater (Version: 1.2.1.23037) avast! Free Antivirus (Version: 8.0.1489.0) AVG PC Tuneup 2011 (Version: 10.0.0.24) Broadcom ASF Management Applications (Version: 10.16.02) Broadcom Management Programs (Version: 10.20.03) CD Wave Editor 1.98 (Version: 1.9.8.1) Creative MediaSource 5 (Version: 5.00) dBpoweramp Aiff Codec (Version: Release 7) dBpoweramp FLAC Codec (Version: Release 13.1 (FLAC 1.2.1)) dBpoweramp Music Converter (Version: Release 13.1) DJ_SF_03_D4300_Software_Min (Version: 110.0.206.000) Dropbox (Version: 1.6.18) Exact Audio Copy 0.99pb3 (Version: 0.99pb3) Facebook Plug-In ffdshow [rev 2527] [2008-12-19] (Version: 1.0) FileZilla Client 3.3.2 (Version: 3.3.2) Google Update Helper (Version: 1.3.21.145) HP Deskjet D4300 Printer Driver 11.0 Rel .3 (Version: 11.0) Intel® Matrix Storage Manager Java 7 Update 21 (Version: 7.0.210) Java Auto Updater (Version: 2.1.9.5) Java 6 Update 33 (Version: 6.0.330) Java 6 Update 7 (Version: 1.6.0.70) LG USB Modem driver (Version: 4.9.7) Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300) Microsoft .NET Framework 1.1 (Version: 1.1.4322) Microsoft .NET Framework 1.1 Security Update (KB2698023) Microsoft .NET Framework 1.1 Security Update (KB2742597) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729) Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729) Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729) Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Silverlight (Version: 5.1.20125.0) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161) mkw Audio Compression Toolkit Mozilla Firefox (3.6.10) (Version: 3.6.10 (en-US)) Mozilla Firefox 22.0 (x86 en-US) (Version: 22.0) Mozilla Maintenance Service (Version: 22.0) MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0) MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0) MSXML 4.0 SP3 Parser (KB973685) (Version: 4.30.2107.0) MSXML 4.0 SP3 Parser (Version: 4.30.2100.0) MSXML 6 Service Pack 2 (KB2758696) (Version: 6.20.2016.0) Music Manager Neonatal Resuscitation DVD-ROM (Version: 1) NVIDIA Drivers OpenOffice.org 3.0 (Version: 3.0.9358) PowerDVD (Version: 8.1) QuickTime (Version: 7.60.92.0) SmartFTP Client Setup Files 4.0 (x64) (remove only) (Version: 4.0) Sound Blaster X-Fi (Version: 1.0) Spotify (Version: 0.5.2) Spotify (Version: 0.8.3.222.g317ab79d) SumatraPDF 2.1.1 (Version: 2.1.1) Toolbox (Version: 110.0.180.000) Trader's Little Helper 2.6.0 (Version: 2.6.0) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1) Update for Windows Internet Explorer 7 (KB976749) (Version: 1) Update for Windows XP (KB2467659) (Version: 1) Update for Windows XP (KB2607712) (Version: 1) Update for Windows XP (KB2616676-v2) (Version: 2) Update for Windows XP (KB2641690-v2) (Version: 2) Update for Windows XP (KB2661254) (Version: 1) Update for Windows XP (KB2718704) (Version: 1) Update for Windows XP (KB2736233) (Version: 1) Update for Windows XP (KB2748349) (Version: 1) Update for Windows XP (KB2749655) (Version: 1) Update for Windows XP (KB971029) (Version: 1) Visual C++ 8.0 Runtime Setup Package (x64) (Version: 8.0.0.35) Visual C++ 8.0 Runtime Setup Package (x64) (Version: 9.0.0.623) Visual Studio 2008 x64 Redistributables (Version: 10.0.0.2) Windows Imaging Component (Version: 3.0.0.0) Windows Internet Explorer 7 (Version: 20070813.191434) Windows Presentation Foundation x64 (Version: 3.0.6920.0) WinRAR archiver WModem Driver Installer (Version: ) XML Paper Specification Shared Components Pack 1.0 ZipX V1.70 ==================== Restore Points ========================= 25-04-2013 20:38:52 System Checkpoint 26-04-2013 00:47:58 Software Distribution Service 3.0 28-04-2013 01:36:34 System Checkpoint 29-04-2013 02:33:02 System Checkpoint 30-04-2013 03:33:02 System Checkpoint 01-05-2013 04:33:01 System Checkpoint 02-05-2013 05:33:09 System Checkpoint 03-05-2013 06:33:02 System Checkpoint 04-05-2013 07:33:01 System Checkpoint 05-05-2013 08:33:01 System Checkpoint 06-05-2013 08:33:05 System Checkpoint 07-05-2013 09:33:06 System Checkpoint 08-05-2013 10:33:07 System Checkpoint 09-05-2013 11:33:07 System Checkpoint 10-05-2013 12:37:08 System Checkpoint 11-05-2013 13:45:34 System Checkpoint 12-05-2013 14:36:25 System Checkpoint 13-05-2013 15:33:11 System Checkpoint 14-05-2013 16:33:13 System Checkpoint 15-05-2013 17:33:12 System Checkpoint 16-05-2013 18:33:13 System Checkpoint 17-05-2013 20:44:24 System Checkpoint 18-05-2013 21:33:13 System Checkpoint 19-05-2013 22:33:12 System Checkpoint 20-05-2013 23:33:10 System Checkpoint 22-05-2013 00:46:48 System Checkpoint 23-05-2013 01:06:40 System Checkpoint 24-05-2013 01:33:10 System Checkpoint 25-05-2013 02:33:10 System Checkpoint 26-05-2013 03:45:17 System Checkpoint 27-05-2013 04:33:14 System Checkpoint 28-05-2013 04:47:08 System Checkpoint 29-05-2013 05:26:00 System Checkpoint 30-05-2013 06:25:59 System Checkpoint 31-05-2013 07:26:00 System Checkpoint 01-06-2013 08:25:59 System Checkpoint 02-06-2013 08:27:05 System Checkpoint 03-06-2013 09:26:01 System Checkpoint 04-06-2013 10:26:01 System Checkpoint 05-06-2013 11:26:01 System Checkpoint 06-06-2013 13:00:03 System Checkpoint 07-06-2013 13:26:01 System Checkpoint 08-06-2013 17:19:31 System Checkpoint 09-06-2013 19:14:34 System Checkpoint 09-06-2013 23:04:35 Installed Java 7 Update 21 10-06-2013 22:06:58 Software Distribution Service 3.0 ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (06/11/2013 00:07:20 PM) (Source: VSS) (User: ) Description: Volume Shadow Copy Service error: Writer with name WMI Writer and ID {a6ad56c2-b509-4e6c-bb19-49d8f43532f0} attempted to subscribe in safe mode. Error: (06/11/2013 11:08:40 AM) (Source: VSS) (User: ) Description: Volume Shadow Copy Service error: Writer with name WMI Writer and ID {a6ad56c2-b509-4e6c-bb19-49d8f43532f0} attempted to subscribe in safe mode. Error: (06/11/2013 10:57:20 AM) (Source: VSS) (User: ) Description: Volume Shadow Copy Service error: Writer with name WMI Writer and ID {a6ad56c2-b509-4e6c-bb19-49d8f43532f0} attempted to subscribe in safe mode. Error: (06/10/2013 06:41:16 PM) (Source: VSS) (User: ) Description: Volume Shadow Copy Service error: Writer with name WMI Writer and ID {a6ad56c2-b509-4e6c-bb19-49d8f43532f0} attempted to subscribe in safe mode. Error: (06/09/2013 08:54:16 AM) (Source: Application Hang) (User: ) Description: Hanging application javaw.exe, version 7.0.170.2, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error: (06/06/2013 07:38:12 AM) (Source: Application Hang) (User: ) Description: Hanging application javaw.exe, version 7.0.170.2, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error: (06/02/2013 04:45:04 PM) (Source: Application Hang) (User: ) Description: Hanging application javaw.exe, version 7.0.170.2, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error: (05/28/2013 07:22:42 PM) (Source: crypt32) (User: ) Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Error: (05/28/2013 07:22:42 PM) (Source: crypt32) (User: ) Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Error: (05/28/2013 04:41:23 PM) (Source: Application Error) (User: ) Description: Fault bucket -680444233. The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected. System errors: ============= Error: (06/11/2013 00:09:07 PM) (Source: Service Control Manager) (User: ) Description: The following boot-start or system-start driver(s) failed to load: aswRvrt aswSP aswTdi aswVmm Fips Error: (06/11/2013 00:08:01 PM) (Source: DCOM) (User: ) Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error: (06/11/2013 11:10:26 AM) (Source: Service Control Manager) (User: ) Description: The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswRvrt aswSP aswTdi aswVmm Fips IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip Error: (06/11/2013 11:10:26 AM) (Source: Service Control Manager) (User: ) Description: The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: %%31 Error: (06/11/2013 11:10:26 AM) (Source: Service Control Manager) (User: ) Description: The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: %%31 Error: (06/11/2013 11:10:26 AM) (Source: Service Control Manager) (User: ) Description: The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: %%31 Error: (06/11/2013 11:10:26 AM) (Source: Service Control Manager) (User: ) Description: The DHCP Client service depends on the AFD service which failed to start because of the following error: %%31 Error: (06/11/2013 11:09:34 AM) (Source: DCOM) (User: ) Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error: (06/11/2013 11:09:18 AM) (Source: DCOM) (User: ) Description: DCOM got error "%%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E} Error: (06/11/2013 11:06:40 AM) (Source: DCOM) (User: ) Description: The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register with DCOM within the required timeout. Microsoft Office Sessions: ========================= Error: (06/11/2013 00:07:20 PM) (Source: VSS)(User: ) Description: WMI Writer{a6ad56c2-b509-4e6c-bb19-49d8f43532f0} Error: (06/11/2013 11:08:40 AM) (Source: VSS)(User: ) Description: WMI Writer{a6ad56c2-b509-4e6c-bb19-49d8f43532f0} Error: (06/11/2013 10:57:20 AM) (Source: VSS)(User: ) Description: WMI Writer{a6ad56c2-b509-4e6c-bb19-49d8f43532f0} Error: (06/10/2013 06:41:16 PM) (Source: VSS)(User: ) Description: WMI Writer{a6ad56c2-b509-4e6c-bb19-49d8f43532f0} Error: (06/09/2013 08:54:16 AM) (Source: Application Hang)(User: ) Description: javaw.exe7.0.170.2hungapp0.0.0.000000000 Error: (06/06/2013 07:38:12 AM) (Source: Application Hang)(User: ) Description: javaw.exe7.0.170.2hungapp0.0.0.000000000 Error: (06/02/2013 04:45:04 PM) (Source: Application Hang)(User: ) Description: javaw.exe7.0.170.2hungapp0.0.0.000000000 Error: (05/28/2013 07:22:42 PM) (Source: crypt32)(User: ) Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Error: (05/28/2013 07:22:42 PM) (Source: crypt32)(User: ) Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Error: (05/28/2013 04:41:23 PM) (Source: Application Error)(User: ) Description: -680444233 ==================== Memory info =========================== Percentage of memory in use: 19% Total physical RAM: 4029.32 MB Available physical RAM: 3229.68 MB Total Pagefile: 5831.37 MB Available Pagefile: 5358.99 MB Total Virtual: 8192 MB Available Virtual: 8191.86 MB ==================== Drives ================================
  16. celery
    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-06-2013 Ran by Administrator (administrator) on 14-06-2013 00:08:38 Running from C:\Documents and Settings\Administrator\My Documents\Downloads Microsoft Windows XP Service Pack 2 (X64) OS Language: English(US) Internet Explorer Version 7 Boot Mode: Safe Mode (with Networking) ==================== Processes (Whitelisted) ================= (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 6\firefox.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [10813440 2008-01-13] (NVIDIA Corporation) HKLM\...\Run: [iAAnotif] "C:\Program Files (X86)\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [178712 2007-10-03] (Intel Corporation) HKLM-x32\...\Runonce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVWSzItQUxZTUYtU0xLTFUtQVoyVUItNkdPS0ItSkhGTkg"&"inst=NzctNDgzNzA2MDE1LUlETUFSSytYQSsxLVQxOS1CQSsxLUtWMys3LVhMKzEtRlA5KzYtQkFSOUcrMS1UQjkrMi1GTCs5LUYxME0rNS1RSVgxKzMtWDIwMTArMg"&"prod=90"&"ver=10.0.1170 [x] HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [1127496 2013-04-04] (Malwarebytes Corporation) HKLM\...\Winlogon: [uIHost] C:\Windows\system32\logonui.exe [662016 2007-02-18] ( (Microsoft Corporation)) Winlogon\Notify\crypt32chain: crypt32.dll (Microsoft Corporation) Winlogon\Notify\cryptnet: cryptnet.dll (Microsoft Corporation) Winlogon\Notify\cscdll: cscdll.dll (Microsoft Corporation) Winlogon\Notify\dimsntfy: dimsntfy.dll (Microsoft Corporation) Winlogon\Notify\ScCertProp: wlnotify.dll (Microsoft Corporation) Winlogon\Notify\Schedule: wlnotify.dll (Microsoft Corporation) Winlogon\Notify\sclgntfy: sclgntfy.dll (Microsoft Corporation) Winlogon\Notify\SensLogn: WlNotify.dll (Microsoft Corporation) Winlogon\Notify\termsrv: wlnotify.dll (Microsoft Corporation) Winlogon\Notify\wlballoon: wlnotify.dll (Microsoft Corporation) HKCU\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [20992 2007-02-18] (Microsoft Corporation) HKCU\...\Run: [HLBackupScheduler] C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe [x] HKCU\...\Run: [Google Update] "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c [136176 2011-06-04] (Google Inc.) HKCU\...\Run: [MusicManager] "C:\Documents and Settings\Administrator\Local Settings\Application Data\Programs\Google\MusicManager\MusicManager.exe" [7331840 2013-04-23] (Google Inc.) HKCU\...\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background [1681920 2007-02-18] (Microsoft Corporation) HKCU\...\Run: [spotify Web Helper] "C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe" [1104384 2013-06-10] (Spotify Ltd) HKCU\...\Run: [spotify] "C:\Program Files (x86)\Spotify\Spotify.exe" /uri spotify:autostart [4643328 2013-06-10] (Spotify Ltd) HKCU\...\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_202_Plugin.exe -update plugin [813448 2013-05-15] (Adobe Systems Incorporated) HKLM-x32\...\Runonce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVWSzItQUxZTUYtU0xLTFUtQVoyVUItNkdPS0ItSkhGTkg"&"inst=NzctNDgzNzA2MDE1LUlETUFSSytYQSsxLVQxOS1CQSsxLUtWMys3LVhMKzEtRlA5KzYtQkFSOUcrMS1UQjkrMi1GTCs5LUYxME0rNS1RSVgxKzMtWDIwMTArMg"&"prod=90"&"ver=10.0.1170 [x] HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [1127496 2013-04-04] (Malwarebytes Corporation) MountPoints2: {75840e65-00b7-11e0-93ce-00221916c8cc} - F:\TL-Bootstrap.exe MountPoints2: {e15148a8-f085-11dd-8c42-00221916c8cc} - E:\LaunchU3.exe HKLM-x32\...\Run: [soundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1015808 2007-09-11] (Analog Devices, Inc.) HKLM-x32\...\Run: [VolPanel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r [184320 2007-04-17] (Creative Technology Ltd) HKLM-x32\...\Run: [AsioThk32Reg] REGSVR32.EXE /S CTASIO.DLL [x] HKLM-x32\...\Run: [CTHelper] CTHELPER.EXE [19456 2008-03-30] (Creative Technology Ltd) HKLM-x32\...\Run: [CTxfiHlp] CTXFIHLP.EXE [19968 2008-03-30] (Creative Technology Ltd) HKLM-x32\...\Run: [updReg] C:\WINDOWS\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.) HKLM-x32\...\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [128296 2008-05-23] (CyberLink Corp.) HKLM-x32\...\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui [4858968 2013-05-09] (AVAST Software) HKLM-x32\...\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript [887432 2013-04-04] (Malwarebytes Corporation) HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [413696 2009-01-05] (Apple Inc.) HKLM-x32\...\Run: [VMM Mode Selection] C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe [43520 2011-02-14] () HKLM-x32\...\Run: [] [x] HKLM-x32\...\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" [1561768 2012-05-04] (Ask) HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation) HKU\Default User\...\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe [62464 2007-02-18] (Microsoft Corporation) Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk ShortcutTarget: OpenOffice.org 3.0.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation) SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation) SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation) SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation) SSODL-x32: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\syswow64\SHELL32.dll No File SSODL-x32: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\syswow64\SHELL32.dll No File SSODL-x32: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation) SSODL-x32: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\SysWOW64\stobject.dll (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm URLSearchHook: (No Name) - {00000000-6E41-4FD3-8538-502F5495E5FC} - No File HKLM SearchScopes: DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} HKLM-x32 SearchScopes: DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} HKCU SearchScopes: DefaultScope {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=crm&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=198BE492-7531-4706-B920-2CE2C1B148E1&apn_sauid=C9AC0E09-62D6-4E34-8A75-0B66764A8500 SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=crm&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=198BE492-7531-4706-B920-2CE2C1B148E1&apn_sauid=C9AC0E09-62D6-4E34-8A75-0B66764A8500 BHO: avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software) BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software) BHO-x32: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software) Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) Toolbar: HKLM-x32 - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software) Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\Windows\system32\browseui.dll (Microsoft Corporation) Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\Windows\system32\SHELL32.dll (Microsoft Corporation) DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) Handler: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\Windows\system32\mshtml.dll (Microsoft Corporation) Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation) Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation) Handler-x32: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - %SystemRoot%\SysWOW64\inetcomm.dll No File Handler-x32: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - %SystemRoot%\SysWOW64\mshtml.dll No File Handler-x32: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\SysWOW64\wiascr.dll (Microsoft Corporation) Filter: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) Filter: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\Windows\system32\SHELL32.dll (Microsoft Corporation) Filter-x32: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) Filter-x32: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) Filter-x32: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - %SystemRoot%\syswow64\SHELL32.dll No File ShellExecuteHooks: URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll [10510848 2012-06-08] (Microsoft Corporation) ShellExecuteHooks-x32: URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll [8362496 2012-06-08] (Microsoft Corporation) Winsock: Catalog5 03 %SystemRoot%\System32\mswsock.dll [233472] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll" Winsock: Catalog5-x64 03 %SystemRoot%\System32\mswsock.dll [492544] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll" Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 FireFox: ======== FF ProfilePath: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\f1vf7llw.default FF SelectedSearchEngine: Google FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q= FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll () FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF Extension: No Name - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\f1vf7llw.default\Extensions\nostmp FF Extension: No Name - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\f1vf7llw.default\Extensions\toolbar@ask.com FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\f1vf7llw.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} FF Extension: feedly - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\f1vf7llw.default\Extensions\feedly@devhd.xpi FF Extension: testpilot - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\f1vf7llw.default\Extensions\testpilot@labs.mozilla.com.xpi ==================== Services (Whitelisted) ================= S2 AeLookupSvc; C:\Windows\SysWow64\aelupsvc.dll [26624 2007-02-18] (Microsoft Corporation) S4 Alerter; C:\Windows\system32\alrsvc.dll [29696 2007-02-18] (Microsoft Corporation) S2 ASFIPmon; C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe [74560 2007-06-20] (Broadcom Corporation) S2 AudioSrv; C:\Windows\SysWow64\audiosrv.dll [41472 2007-02-18] (Microsoft Corporation) S2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [46808 2013-05-09] (AVAST Software) S2 Browser; C:\Windows\SysWow64\browser.dll [78336 2012-09-12] (Microsoft Corporation) S3 ClipSrv; C:\Windows\system32\clipsrv.exe [49664 2007-02-18] (Microsoft Corporation) S2 Creative Service for CDROM Access; C:\Windows\SysWow64\CTsvcCDA.exe [44032 2008-03-30] (Creative Technology Ltd) S3 dmadmin; C:\Windows\System32\dmadmin.exe [399872 2007-02-18] (Microsoft Corporation) R2 dmserver; C:\Windows\System32\dmserver.dll [37376 2007-02-18] (Microsoft Corporation) S2 ERSvc; C:\Windows\System32\ersvc.dll [31744 2007-02-18] (Microsoft Corporation) R2 helpsvc; C:\Windows\PCHealth\HelpCtr\Binaries\pchsvc.dll [77312 2007-02-18] (Microsoft Corporation) S3 HTTPFilter; C:\Windows\System32\w3ssl.dll [21504 2007-02-18] (Microsoft Corporation) S3 IASJet; C:\Windows\SysWOW64\iasrecst.dll [162816 2007-02-18] (Microsoft Corporation) S3 ImapiService; C:\WINDOWS\system32\imapi.exe [265728 2007-02-18] (Microsoft Corporation) S2 JavaQuickStarterService; C:\Program Files (x86)\Java\jre7\bin\jqs.exe [181664 2013-04-04] (Oracle Corporation) S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) S4 Messenger; C:\Windows\System32\msgsvc.dll [57344 2007-02-18] (Microsoft Corporation) S3 mnmsrvc; C:\Windows\SysWow64\mnmsrvc.exe [32768 2007-02-18] (Microsoft Corporation) S3 NetDDE; C:\Windows\system32\netdde.exe [160768 2007-02-18] (Microsoft Corporation) S3 NetDDEdsdm; C:\Windows\system32\netdde.exe [160768 2007-02-18] (Microsoft Corporation) R3 Netman; C:\Windows\SysWow64\netman.dll [263680 2007-02-18] (Microsoft Corporation) S3 Nla; C:\Windows\System32\mswsock.dll [492544 2011-03-03] (Microsoft Corporation) S3 Nla; C:\Windows\SysWow64\mswsock.dll [233472 2011-03-03] (Microsoft Corporation) S3 NtLmSsp; C:\Windows\system32\lsass.exe [14336 2007-02-18] (Microsoft Corporation) S3 NtmsSvc; C:\Windows\system32\ntmssvc.dll [794112 2007-02-18] (Microsoft Corporation) S2 NVSvc; C:\Windows\system32\nvsvc64.exe [153600 2008-01-13] (NVIDIA Corporation) R2 PlugPlay; C:\Windows\system32\services.exe [227840 2009-03-19] (Microsoft Corporation) S2 PolicyAgent; C:\Windows\system32\lsass.exe [14336 2007-02-18] (Microsoft Corporation) S3 RasAuto; C:\Windows\SysWow64\rasauto.dll [91648 2007-02-18] (Microsoft Corporation) S3 RasMan; C:\Windows\SysWow64\rasmans.dll [181760 2007-02-18] (Microsoft Corporation) S3 RDSessMgr; C:\WINDOWS\system32\sessmgr.exe [212480 2007-02-18] (Microsoft Corporation) S3 SCardSvr; C:\Windows\System32\SCardSvr.exe [166400 2007-02-18] (Microsoft Corporation) S2 Schedule; C:\Windows\SysWow64\schedsvc.dll [202240 2007-02-18] (Microsoft Corporation) S2 seclogon; C:\Windows\SysWow64\seclogon.dll [18432 2007-02-18] (Microsoft Corporation) R2 srservice; C:\WINDOWS\system32\srsvc.dll [231424 2007-02-18] (Microsoft Corporation) R2 srservice; C:\WINDOWS\system32\srsvc.dll [231424 2007-02-18] (Microsoft Corporation) S2 SysmonLog; C:\Windows\system32\smlogsvc.exe [133120 2007-02-18] (Microsoft Corporation) S4 TlntSvr; C:\WINDOWS\system32\tlntsvr.exe [113152 2007-02-18] (Microsoft Corporation) S2 TrkWks; C:\Windows\SysWow64\trkwks.dll [86528 2007-02-18] (Microsoft Corporation) S2 UMWdf; C:\WINDOWS\system32\wdfmgr.exe [62976 2007-02-18] (Microsoft Corporation) S3 UPS; C:\Windows\System32\ups.exe [34816 2007-02-18] (Microsoft Corporation) S3 WmdmPmSN; C:\WINDOWS\SysWOW64\mspmsnsv.dll [25088 2007-02-18] (Microsoft Corporation) S3 Wmi; C:\Windows\System32\advapi32.dll [1052160 2009-03-19] (Microsoft Corporation) S3 Wmi; C:\Windows\SysWow64\advapi32.dll [619008 2009-03-19] (Microsoft Corporation) S2 wuauserv; C:\WINDOWS\system32\wuauserv.dll [12288 2007-02-18] (Microsoft Corporation) R2 WZCSVC; C:\Windows\System32\wzcsvc.dll [659968 2007-02-18] (Microsoft Corporation) R2 WZCSVC; C:\Windows\SysWow64\wzcsvc.dll [489472 2007-02-18] (Microsoft Corporation) S3 xmlprov; C:\Windows\System32\xmlprov.dll [326144 2007-02-18] (Microsoft Corporation) S3 xmlprov; C:\Windows\SysWow64\xmlprov.dll [131584 2007-02-18] (Microsoft Corporation) R2 Eventlog; [x] S4 HidServ; %SystemRoot%\System32\hidserv.dll [x] S3 WinHttpAutoProxySvc; winhttp.dll [x] ==================== Drivers (Whitelisted) ==================== S4 ACPIEC; C:\Windows\System32\Drivers\ACPIEC.sys [18432 2007-02-18] (Microsoft Corporation) S4 adpu160m; C:\Windows\system32\DRIVERS\adpu160m.sys [160256 2005-03-25] (Microsoft Corporation) S3 aec; C:\Windows\System32\drivers\aec.sys [188928 2005-03-25] (Microsoft Corporation) S4 aic78u2; C:\Windows\system32\DRIVERS\aic78u2.sys [117248 2005-03-25] (Microsoft Corporation) S4 aic78xx; C:\Windows\system32\DRIVERS\aic78xx.sys [120832 2005-03-25] (Microsoft Corporation) S2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software) S2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software) R1 aswRdr; C:\Windows\System32\Drivers\aswRdr.sys [59144 2013-05-09] (AVAST Software) S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] () S1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1025808 2013-05-09] (AVAST Software) S1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378432 2013-05-09] (AVAST Software) S1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software) S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-05-09] () S3 Atmarpc; C:\Windows\System32\DRIVERS\atmarpc.sys [106496 2007-02-18] (Microsoft Corporation) S3 audstub; C:\Windows\System32\DRIVERS\audstub.sys [5632 2005-03-24] (Microsoft Corporation) R3 b57nd; C:\Windows\System32\DRIVERS\b57amd64.sys [262144 2007-09-11] (Broadcom Corporation) S2 BASFND; C:\Program Files\Broadcom\ASFIPMon\BASFND.sys [15200 2007-06-20] (Broadcom Corporation) S2 CdaC15BA; C:\Windows\System32\DRIVERS\CdaC15BA.sys [13312 2007-02-18] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) S2 CdaD10BA; C:\Windows\System32\DRIVERS\CdaD10BA.sys [13312 2007-02-18] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) S3 COMMONFX.DLL; C:\Windows\System32\COMMONFX.DLL [151488 2008-03-30] (Creative Technology Ltd) S3 CT20XUT.DLL; C:\Windows\System32\CT20XUT.DLL [246720 2008-03-30] (Creative Technology Ltd.) S3 CTAUDFX.DLL; C:\Windows\System32\CTAUDFX.DLL [694208 2008-03-30] (Creative Technology Ltd) S3 CTEAPSFX.DLL; C:\Windows\System32\CTEAPSFX.DLL [213440 2008-03-30] (Creative Technology Ltd) S3 CTEDSPFX.DLL; C:\Windows\System32\CTEDSPFX.DLL [315840 2008-03-30] (Creative Technology Ltd) S3 CTEDSPIO.DLL; C:\Windows\System32\CTEDSPIO.DLL [184256 2008-03-30] (Creative Technology Ltd) S3 CTEDSPSY.DLL; C:\Windows\System32\CTEDSPSY.DLL [357312 2008-03-30] (Creative Technology Ltd) S3 CTERFXFX.DLL; C:\Windows\System32\CTERFXFX.DLL [136128 2008-03-30] (Creative Technology Ltd) S3 CTEXFIFX.DLL; C:\Windows\System32\CTEXFIFX.DLL [1564608 2008-03-30] (Creative Technology Ltd.) S3 CTHWIUT.DLL; C:\Windows\System32\CTHWIUT.DLL [117696 2008-03-30] (Creative Technology Ltd.) S3 CTSBLFX.DLL; C:\Windows\System32\CTSBLFX.DLL [675264 2008-03-30] (Creative Technology Ltd) S4 dmboot; C:\Windows\System32\drivers\dmboot.sys [415232 2007-02-18] (Microsoft Corporation) R0 dmio; C:\Windows\System32\drivers\dmio.sys [244224 2007-02-18] (Microsoft Corporation) R0 dmload; C:\Windows\System32\drivers\dmload.sys [9216 2007-02-18] (Microsoft Corporation) S4 dpti2o; C:\Windows\system32\DRIVERS\dpti2o.sys [35328 2005-03-25] (Adaptec, Inc.) S1 Fips; C:\Windows\System32\Drivers\Fips.sys [50176 2007-02-18] (Microsoft Corporation) R0 Ftdisk; C:\Windows\System32\DRIVERS\ftdisk.sys [240128 2007-02-17] (Microsoft Corporation) R3 Gpc; C:\Windows\System32\DRIVERS\msgpc.sys [71168 2007-02-18] (Microsoft Corporation) R3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [239616 2007-02-17] (Windows ® Server 2003 DDK provider) S1 imapi; C:\Windows\System32\DRIVERS\imapi.sys [72704 2007-02-18] (Microsoft Corporation) S3 Ip6Fw; C:\Windows\System32\DRIVERS\Ip6Fw.sys [57856 2007-02-18] (Microsoft Corporation) R1 IPSec; C:\Windows\System32\DRIVERS\ipsec.sys [156672 2007-02-18] (Microsoft Corporation) S3 kmixer; C:\Windows\System32\drivers\kmixer.sys [204288 2005-03-25] (Microsoft Corporation) S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) S3 nv; C:\Windows\System32\DRIVERS\nv4_mini.sys [9535232 2008-01-13] (NVIDIA Corporation) R3 PSched; C:\Windows\System32\DRIVERS\psched.sys [106496 2007-02-18] (Microsoft Corporation) R3 Ptilink; C:\Windows\System32\DRIVERS\ptilink.sys [31232 2007-02-18] (Parallel Technologies, Inc.) R3 Raspti; C:\Windows\System32\DRIVERS\raspti.sys [31232 2007-02-18] (Microsoft Corporation) S1 redbook; C:\Windows\System32\DRIVERS\redbook.sys [64000 2005-03-24] (Microsoft Corporation) S3 SenFiltService; C:\Windows\System32\drivers\Senfilt.sys [1821184 2007-09-11] (Creative Technology Ltd.) S3 splitter; C:\Windows\System32\drivers\splitter.sys [10240 2007-02-17] (Microsoft Corporation) R0 sr; C:\Windows\System32\DRIVERS\sr.sys [123904 2007-02-18] (Microsoft Corporation) S3 swmidi; C:\Windows\System32\drivers\swmidi.sys [86528 2005-03-25] (Microsoft Corporation) S4 symmpi; C:\Windows\system32\DRIVERS\symmpi.sys [84992 2005-03-25] (LSI Logic) S3 sysaudio; C:\Windows\System32\drivers\sysaudio.sys [147456 2007-02-17] (Microsoft Corporation) S4 TosIde; C:\Windows\system32\DRIVERS\toside.sys [8704 2005-03-25] (Microsoft Corporation) S4 ultra; C:\Windows\system32\DRIVERS\ultra.sys [38912 2005-03-25] (Promise Technology, Inc.) R3 Update; C:\Windows\System32\DRIVERS\update.sys [152576 2007-05-30] (Microsoft Corporation) S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [16896 2007-07-23] (LG Electronics Inc.) S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [27136 2007-07-23] (LG Electronics Inc.) S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [29696 2007-07-23] (LG Electronics Inc.) S4 ViaIde; C:\Windows\system32\DRIVERS\viaide.sys [8704 2005-03-25] (Microsoft Corporation) S3 wdmaud; C:\Windows\System32\drivers\wdmaud.sys [187904 2007-02-17] (Microsoft Corporation) S4 Abiosdsk; No ImagePath S4 Atdisk; No ImagePath S1 Changer; No ImagePath S1 i2omgmt; No ImagePath S3 IpInIp; system32\DRIVERS\ipinip.sys [x] U4 ParVdm; S3 PDCOMP; No ImagePath S3 PDFRAME; No ImagePath S3 PDRELI; No ImagePath S3 PDRFRAME; No ImagePath S4 Simbad; No ImagePath S3 WDICA; No ImagePath U1 WS2IFSL; ==================== NetSvcs (Whitelisted) =================== NETSVCx32: Browser -> C:\Windows\SysWOW64\browser.dll (Microsoft Corporation) NETSVCx32: CryptSvc -> C:\Windows\SysWOW64\cryptsvc.dll (Microsoft Corporation) NETSVCx32: DMServer -> C:\Windows\SysWOW64\dmserver.dll ==> No File. NETSVCx32: EventSystem -> C:\WINDOWS\SysWOW64\es.dll (Microsoft Corporation) NETSVCx32: HidServ -> C:\Windows\SysWOW64\hidserv.dll ==> No File. NETSVCx32: Iprip -> No ServiceDLL Path. NETSVCx32: LanmanWorkstation -> C:\Windows\SysWOW64\wkssvc.dll ==> No File. NETSVCx32: Messenger -> C:\Windows\SysWOW64\msgsvc.dll ==> No File. NETSVCx32: Netman -> C:\Windows\SysWOW64\netman.dll (Microsoft Corporation) NETSVCx32: Seclogon -> C:\Windows\SysWOW64\seclogon.dll (Microsoft Corporation) NETSVCx32: TrkWks -> C:\Windows\SysWOW64\trkwks.dll (Microsoft Corporation) NETSVCx32: WZCSVC -> C:\Windows\SysWOW64\wzcsvc.dll (Microsoft Corporation) NETSVCx32: wscsvc -> C:\Windows\SysWOW64\wscsvc.dll ==> No File. NETSVCx32: xmlprov -> C:\Windows\SysWOW64\xmlprov.dll (Microsoft Corporation) ==================== One Month Created Files and Folders ======== 2013-06-14 00:05 - 2013-06-14 00:05 - 00000000 ____D C:\FRST 2013-06-10 18:15 - 2013-06-10 18:15 - 00000828 ____A C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk 2013-06-10 18:08 - 2013-06-10 18:09 - 00070014 ____A C:\Windows\KB2829530-IE7.log 2013-06-10 18:08 - 2013-06-10 18:08 - 00006733 ____A C:\Windows\KB2820197.log 2013-06-10 18:08 - 2013-06-10 18:08 - 00000000 __HDC C:\Windows\$NtUninstallKB2820197$ 2013-06-10 18:07 - 2013-06-10 18:07 - 00000000 __HDC C:\Windows\$NtUninstallKB2829361$ 2013-06-10 18:06 - 2013-06-10 18:07 - 00005152 ____A C:\Windows\KB2829361.log 2013-06-09 19:04 - 2013-06-09 19:04 - 00003886 ____A C:\Windows\SysWOW64\jupdate-1.7.0_21-b11.log 2013-06-09 19:04 - 2013-04-04 05:35 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2013-06-09 18:57 - 2013-06-09 18:57 - 00163840 ____A C:\Windows\Minidump\Mini060913-01.dmp 2013-06-07 15:02 - 2013-06-07 15:06 - 01928217 ____A C:\Documents and Settings\Administrator\Desktop\minecraftforge-universal-1.5.2-7.8.0.684.zip 2013-05-30 20:36 - 2013-06-07 13:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 6 2013-05-28 16:43 - 2013-05-09 04:59 - 00189936 ____A C:\Windows\System32\Drivers\aswVmm.sys 2013-05-28 16:43 - 2013-05-09 04:59 - 00065336 ____A C:\Windows\System32\Drivers\aswRvrt.sys 2013-05-22 18:59 - 2013-05-22 18:59 - 00000000 ____D C:\Program Files (x86)\7-Zip 2013-05-15 08:08 - 2013-05-12 22:45 - 00001598 ____A C:\Documents and Settings\Administrator\Desktop\bhv.class ==================== One Month Modified Files and Folders ======= 2013-06-14 00:05 - 2013-06-14 00:05 - 00000000 ____D C:\FRST 2013-06-11 12:11 - 2007-03-14 10:41 - 00581628 ____A C:\Windows\System32\PerfStringBackup.INI 2013-06-11 12:07 - 2007-03-14 22:53 - 00052714 ____A C:\Windows\PFRO.log 2013-06-11 12:07 - 2007-03-14 22:53 - 00000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini 2013-06-11 12:07 - 2007-03-14 22:53 - 00000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini 2013-06-11 12:07 - 2007-03-14 22:53 - 00000062 __ASH C:\Documents and Settings\Administrator\Local Settings\desktop.ini 2013-06-11 12:07 - 2007-03-14 22:53 - 00000000 ____A C:\Windows\0.log 2013-06-11 12:05 - 2007-03-14 22:53 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini 2013-06-11 12:05 - 2007-03-14 22:46 - 01693152 ____A C:\Windows\WindowsUpdate.log 2013-06-11 11:04 - 2007-03-14 22:53 - 00000159 ____A C:\Documents and Settings\LocalService\wiadebug.log 2013-06-11 11:04 - 2007-03-14 22:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-06-10 21:23 - 2012-07-14 12:33 - 00000262 ____A C:\Windows\Tasks\Scheduled Update for Ask Toolbar.job 2013-06-10 21:23 - 2009-10-13 22:33 - 00000000 ___RD C:\Documents and Settings\Administrator\My Documents\My Dropbox 2013-06-10 21:23 - 2009-10-13 22:30 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Dropbox 2013-06-10 21:22 - 2012-12-26 17:31 - 00000318 ___AH C:\Windows\Tasks\avast! Emergency Update.job 2013-06-10 21:22 - 2012-01-02 00:21 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-06-10 18:18 - 2011-07-29 19:46 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Spotify 2013-06-10 18:15 - 2013-06-10 18:15 - 00000828 ____A C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk 2013-06-10 18:15 - 2010-06-28 10:34 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-06-10 18:13 - 2011-07-29 19:46 - 00000000 ____D C:\Program Files (x86)\Spotify 2013-06-10 18:12 - 2007-03-14 22:53 - 00032420 ____A C:\Windows\Tasks\SchedLgU.Txt 2013-06-10 18:12 - 2007-03-14 10:40 - 00105416 ____A C:\Windows\System32\FNTCACHE.DAT 2013-06-10 18:11 - 2007-03-14 22:56 - 00560516 ____A C:\Windows\SysWOW64\PerfStringBackup.INI 2013-06-10 18:09 - 2013-06-10 18:08 - 00070014 ____A C:\Windows\KB2829530-IE7.log 2013-06-10 18:09 - 2008-12-14 13:50 - 00000000 ____D C:\Windows\ie7updates 2013-06-10 18:09 - 2008-12-02 16:55 - 00235590 ____A C:\Windows\updspapi.log 2013-06-10 18:09 - 2007-03-14 10:41 - 01024260 ____A C:\Windows\FaxSetup.log 2013-06-10 18:09 - 2007-03-14 10:41 - 00646880 ____A C:\Windows\msmqinst.log 2013-06-10 18:09 - 2007-03-14 10:41 - 00469736 ____A C:\Windows\tsoc.log 2013-06-10 18:09 - 2007-03-14 10:41 - 00418621 ____A C:\Windows\comsetup.log 2013-06-10 18:09 - 2007-03-14 10:41 - 00416437 ____A C:\Windows\iis6.log 2013-06-10 18:09 - 2007-03-14 10:41 - 00366792 ____A C:\Windows\ocgen.log 2013-06-10 18:09 - 2007-03-14 10:41 - 00269581 ____A C:\Windows\ntdtcsetup.log 2013-06-10 18:09 - 2007-03-14 10:41 - 00072995 ____A C:\Windows\ocmsn.log 2013-06-10 18:09 - 2007-03-14 10:41 - 00065269 ____A C:\Windows\msgsocm.log 2013-06-10 18:09 - 2007-03-14 10:41 - 00000970 ____A C:\Windows\imsins.log 2013-06-10 18:08 - 2013-06-10 18:08 - 00006733 ____A C:\Windows\KB2820197.log 2013-06-10 18:08 - 2013-06-10 18:08 - 00000000 __HDC C:\Windows\$NtUninstallKB2820197$ 2013-06-10 18:08 - 2008-12-02 16:55 - 00000000 ___HD C:\Windows\$hf_mig$ 2013-06-10 18:08 - 2008-12-02 16:49 - 01021929 ____A C:\Windows\setupapi.log 2013-06-10 18:08 - 2007-03-14 10:41 - 00000970 ____A C:\Windows\imsins.BAK 2013-06-10 18:07 - 2013-06-10 18:07 - 00000000 __HDC C:\Windows\$NtUninstallKB2829361$ 2013-06-10 18:07 - 2013-06-10 18:06 - 00005152 ____A C:\Windows\KB2829361.log 2013-06-10 18:07 - 2012-10-31 15:59 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-06-10 18:07 - 2008-12-07 15:59 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2013-06-10 17:51 - 2012-01-02 00:21 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-06-10 17:34 - 2011-06-04 14:39 - 00001010 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2395821413-623369263-3516568228-500UA.job 2013-06-10 08:03 - 2012-10-04 19:43 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\.minecraft 2013-06-10 00:34 - 2011-06-04 14:39 - 00000958 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2395821413-623369263-3516568228-500Core.job 2013-06-09 19:04 - 2013-06-09 19:04 - 00003886 ____A C:\Windows\SysWOW64\jupdate-1.7.0_21-b11.log 2013-06-09 19:04 - 2008-12-02 16:57 - 00000000 ____D C:\Program Files (x86)\Java 2013-06-09 18:58 - 2011-07-29 19:46 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Spotify 2013-06-09 18:57 - 2013-06-09 18:57 - 00163840 ____A C:\Windows\Minidump\Mini060913-01.dmp 2013-06-09 18:57 - 2011-04-02 10:27 - 00000000 ____D C:\Windows\Minidump 2013-06-07 15:06 - 2013-06-07 15:02 - 01928217 ____A C:\Documents and Settings\Administrator\Desktop\minecraftforge-universal-1.5.2-7.8.0.684.zip 2013-06-07 13:21 - 2013-05-30 20:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 6 2013-06-04 23:31 - 2007-03-14 22:45 - 00103005 ____A C:\Windows\wmsetup.log 2013-06-02 03:49 - 2012-04-02 20:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-05-28 19:20 - 2010-12-05 15:40 - 00000000 ____A C:\Windows\SysWOW64\config.nt 2013-05-22 18:59 - 2013-05-22 18:59 - 00000000 ____D C:\Program Files (x86)\7-Zip 2013-05-15 15:07 - 2012-10-31 16:07 - 17613192 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2013-05-15 15:07 - 2012-10-31 15:59 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-05-15 15:07 - 2011-09-13 00:27 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe [2007-03-14 17:36] - [2007-02-18 08:00] - 0944128 ____A (Microsoft Corporation) 901C7E44D11C00CA9D48BA1A866FDC4B C:\Windows\System32\wininit.exe IS MISSING <==== ATTENTION!. C:\Windows\SysWOW64\wininit.exe IS MISSING <==== ATTENTION!. C:\Windows\explorer.exe [2007-03-14 17:36] - [2007-02-18 08:00] - 1364480 ____A (Microsoft Corporation) AE7A08C05F72A9242734C03230A5CD7F C:\Windows\SysWOW64\explorer.exe [2007-03-14 17:36] - [2007-02-18 08:00] - 1053184 ____A (Microsoft Corporation) A26C39540F8BE3729846E360E2C57344 C:\Windows\System32\svchost.exe [2007-03-14 17:36] - [2007-02-18 08:00] - 0025600 ____A (Microsoft Corporation) 46300880A5062A41C16DF5E3E836A6C9 C:\Windows\SysWOW64\svchost.exe [2007-03-14 17:37] - [2007-02-18 08:00] - 0014848 ____A (Microsoft Corporation) C09CCFE81DEC9B162533D7184D705682 C:\Windows\System32\services.exe [2007-03-14 17:36] - [2009-03-19 19:51] - 0227840 ____A (Microsoft Corporation) 1E07EE3F50DFF2FE9B0A9D196E82698F C:\Windows\System32\User32.dll [2007-03-02 02:54] - [2007-03-02 02:54] - 1086464 ____A (Microsoft Corporation) C34683231AA9162B2106CA149B729D38 C:\Windows\SysWOW64\User32.dll [2007-03-02 02:54] - [2007-03-02 02:54] - 0602624 ____A (Microsoft Corporation) 8BE4E29DA25073BF7894E2A61C9525DE C:\Windows\System32\userinit.exe [2007-03-14 17:36] - [2007-02-18 08:00] - 0039424 ____A (Microsoft Corporation) 438393CC0B5122B5D988BD7BA05FE3C9 C:\Windows\SysWOW64\userinit.exe [2007-03-14 17:37] - [2007-02-18 08:00] - 0026112 ____A (Microsoft Corporation) B5FEB3B971A8B8C81CE9DE65031A87E5 C:\Windows\System32\Drivers\volsnap.sys [2007-03-14 17:36] - [2012-08-23 01:44] - 0288768 ____A (Microsoft Corporation) 941D45C8A14B2B1E8A57D0EEF6A98AEB C:\Windows\system32\codeintegrity\Bootcat.cache IS MISSING <==== ATTENTION!. ==================== End Of Log ============================
  17. celery
    Awesome! Thanks so much for the reply. I'm a (get this...) student midwife so I sometimes disappear at a birth for days at a time and you caught me right in the middle of one of those. I can't wait to get some sleep and getting working on this...I'll try to run the tool tonight and if I'm sucessful I'll post the logs--if not I'll work more on it tomorrow. THANKS SO MUCH!!!!
  18. celery
    Computer started acting weird then stopped acting at all. Got a BSOD this week, recovered ok, was still acting strange, was able to download the new version of malwarebytes before I was unable to get my computer to do much of anything. After a bit of cajoling I have it running in safe mode. Malware bytes finds trojan.agent and removes it while in safe mode but if I try to restart in normal mode my computer freezes up before I can even log in to my windows user profile (and I have to power off). Then when I restart in safe mode and scan with malware bytes it finds trojan.agent again. I'm guessing it's reinstalling itself every time I try to start in normal mode (but if I restart in safe mode after scan and removal it appears gone--or malware bytes no longer finds it...) I can't use DSS cause I run XP 64-bit and it's not compatible. Anyone think they can help?
  19. celery
    Scan was clear this time too soooooo, I think I'm finally gonna try to rest assured that I'm not dealing with some ominous infection and instead dealing with some annoying OS problem (ugh) Thanks again!
  20. celery
    I totally knew that was gonna be a "duh" answer (but knowing that didn't help me ) Got it to work, it's scanning now--THANK YOU!!!!!! :D
  21. celery
    Thanks, I had seen that and considered it then promptly forgot about it. So now I have the updated database on this computer (emailed it to myself from hubby's computer which runs windows 7 while I run 64 bit xp--that doesn't matter does it?) BUT how do I "give it" to MB? You know? How do I get MB to see that I brought that over for it?
  22. celery
    I'm getting "MBAM_ERROR_LOAD_DATABASE (0, 5)" When I try to run Malwarebytes for the first time. I have read the FAQ's, I've added the exceptions to AVG 9 free (my antivirus software of choice) as per the instructions there to make sure it wasn't AVG interfering. I have installed the manual database update as per instructions in the FAQ and I WAS able to run Malwarebytes with the old database (scan turned up nothing) But when I want to run the new version I get the above error again. ( this part of the FAQ is what I'm referring to: "You can also download a manual update from here - NOTE: This manual update will always be way behind in version level compared to updates from within the program") I see the most common first attempt at a fix is uninstall/reinstall which brings me straight to the reason I ended up here in the first place--my add/remove programs will not populate a list. My computer also won't shut down without forcing it with the power button (ouch) Unfortunately these two functions are necessary for any other advice I find! How frustrating, eh?!!!! I have no other reasons to believe I'm infected but obviously those two symptoms (add/remove and inability to shut down) make me suspicious enough to land me here. Thoughts/advice? (I run windows xp 64 bit and firefox, both up to date)
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.