Jump to content

Cranfield

Honorary Members
  • Posts

    39
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Thanks for your assistance todate, but I have had second thoughts about proceeding any further. I am reluctant to change settings on my PC, or to fiddle around with unrelated programmes too much, its probable that I may do something wrong and cause further problems. Looking around it seems as though I am not the only one with problems with the new Premium version, so its MBAM Premium at fault, not my PC. I will download an alternative anti malware programme like , Emsisoft and check back with Malwarebytes in the future, to see if they have solved their problems.
  2. IK uninstalled again using the Clean Removal Process and then downloaded ther latest version, inputted my validation/licence details and it became MBAM Premium again. I tried the scan and it froze again during the pre-scan procedure, I left it for 5 minutes, but it did not unfreeze. I will post the logs early in the week as I am quite tied up for the next 48 hours (on duty). Thanks for the help so far.
  3. I uninstalled MBAM using my Add/Remove programme. I then installed the latest free version which turned into the Premium version when it was installed. When I ran the full scan, the progress icon started turning for about 2 seconds then stopped. I waited about 20 seconds and it started turning and the scan was completed without any further problems. I then tried to scan again and it worked fine ( evn the pre scan bit) , but when I tried to stop the scan I had a dialog box appear headed, "are you sure ?", but with no dialog in the box and my PC froze.
  4. I have MBAM Pro and today tried to start a scan and the "pre scan" procedure started, but then the whole PC froze, mouse wouldn't move, etc. Repowered the PC and tried again and the same thing happened. Any help would be appreciated.
  5. The clean up has been completed as per your guidance and I have read the notes. I have had Malwarebytes Pro installed for quite a few years and thats what led me to this Forum when I had the problem. Once again, thanks for all your help, very much appreciated.
  6. The PC is running well, with no signs of any infections that I can tell. Do I reinstall Java, or not ?
  7. JavaRa 1.16 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Fri Dec 27 22:53:33 2013 Found and removed: C:\Documents and Settings\HP_Owner\Application Data\Sun\Java\jre1.6.0_15 Found and removed: C:\Documents and Settings\HP_Owner\Application Data\Sun\Java\jre1.6.0_20 Found and removed: C:\Documents and Settings\HP_Owner\Application Data\Sun\Java\jre1.6.0_21 Found and removed: C:\Documents and Settings\HP_Owner\Application Data\Sun\Java\jre1.7.0_06 Found and removed: C:\Documents and Settings\HP_Owner\Application Data\Sun\Java\jre1.7.0_10 Found and removed: C:\Documents and Settings\HP_Owner\Application Data\Sun\Java\jre1.7.0_17 Found and removed: C:\Documents and Settings\HP_Owner\Application Data\Sun\Java\jre1.7.0_21 Found and removed: Applications\java.exe Found and removed: Applications\javaw.exe Found and removed: JavaPlugin.FamilyVersionSupport Found and removed: CLSID\{CAFEEFAC-0014-0002-FFFF-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0015-0000-FFFF-ABCDEFFEDCBA} Found and removed: CLSID\{CAFEEFAC-0016-0000-FFFF-ABCDEFFEDCBA} Found and removed: Software\Classes\JavaPlugin.160_22 Found and removed: Software\JavaSoft\Java Update Found and removed: Software\JavaSoft\Java Runtime Environment\1.5.0_05 Found and removed: Software\JavaSoft\Java2D\1.5.0_05 Found and removed: SOFTWARE\Classes\JavaPlugin.150_05 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBB} Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC} Found and removed: SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-DEC7-0000-0001-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\MIME\Database\Content Type\application/java-deployment-toolkit Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.7.0.0 Found and removed: SOFTWARE\Microsoft\Internet Explorer\Low Rights Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects Found and removed: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility\ATs Found and removed: SOFTWARE\JavaSoft Found and removed: SOFTWARE\JreMetrics Found and removed: SOFTWARE\MozillaPlugins JavaRa 1.16 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Fri Dec 27 22:54:09 2013 ------------------------------------ Finished reporting.
  8. Security Check log. Results of screen317's Security Check version 0.99.77 Windows XP Service Pack 3 x86 Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! avast! Internet Security ESET Online Scanner v3 `````````Anti-malware/Other Utilities Check:````````` Spybot - Search & Destroy Malwarebytes Anti-Malware version 1.75.0.1300 CCleaner Java 6 Update 22 Java 7 Update 45 Adobe Flash Player 11.9.900.170 Adobe Reader XI Google Chrome 31.0.1650.57 Google Chrome 31.0.1650.63 ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe AVAST Software Avast AvastSvc.exe AVAST Software Avast afwServ.exe AVAST Software Avast AvastUI.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C:: 24% Defragment your hard drive soon! (Do NOT defrag if SSD!)````````````````````End of Log`````````````````````` MBAM Quick Scan Log. Malwarebytes Anti-Malware (PRO) 1.75.0.1300www.malwarebytes.org Database version: v2013.12.24.05 Windows XP Service Pack 3 x86 NTFSInternet Explorer 8.0.6001.18702HP_Owner :: YOUR-C94F920E24 [administrator] Protection: Enabled 27/12/2013 11:09:20mbam-log-2013-12-27 (11-09-20).txt Scan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 234848Time elapsed: 16 minute(s), 2 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 0(No malicious items detected) (end)
  9. I have completed the exercise, TFC ran OK and all appears to be normal. Thank you once again for you skillful and patient assistance, it was very much appreciated by a non techie like myself. Have a Happy New Year.
  10. I will continue with the rest of your suggestion.
  11. "Please click on START - RUN and type in CMD.EXE and click OK Then type the following and press the Enter key. You should get a success message. It is 3 words with a space between each. SC DELETE w7lf_.sys " Following this I got the message, " The specified service does not exist as an installed service".
  12. ComboFix 13-12-21.01 - HP_Owner 22/12/2013 22:53:11.2.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.3006.2281 [GMT 0:00] Running from: c:\documents and settings\HP_Owner\My Documents\Downloads\Programs\ComboFix.exe AV: avast! Internet Security *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} FW: avast! Internet Security *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D} FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\HP_Owner\Application Data\HPSU_48BitScanUpdate.log c:\documents and settings\HP_Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences c:\windows\SwSys1.bmp c:\windows\SwSys2.bmp c:\windows\wininit.ini . . ((((((((((((((((((((((((( Files Created from 2013-11-22 to 2013-12-22 ))))))))))))))))))))))))))))))) . . 2013-12-22 22:41 . 2013-12-22 22:48 -------- d-----w- C:\32788R22FWJFW 2013-12-17 18:28 . 2013-12-17 19:07 -------- d-----w- C:\FRST 2013-12-17 16:37 . 2013-12-17 16:37 -------- d-----w- c:\program files\ESET 2013-12-17 16:01 . 2013-12-19 14:55 -------- d-----w- C:\AdwCleaner 2013-12-17 12:57 . 2013-12-17 12:57 -------- d-----w- c:\windows\ERUNT 2013-12-17 11:58 . 2013-12-17 11:58 -------- d-----w- c:\windows\34949BB008BB4407882F164EB49E335B.TMP 2013-12-17 10:57 . 2013-12-17 11:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable) 2013-12-17 10:56 . 2013-12-17 10:56 51416 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2013-12-12 22:47 . 2013-12-17 12:02 -------- d-----w- c:\program files\Enigma Software Group 2013-12-12 22:16 . 2013-12-12 22:17 -------- d-----w- c:\windows\CD27142034CF47DC80B7C409B6CD0DD8.TMP 2013-11-30 21:17 . 2013-12-19 22:28 -------- d-----w- c:\documents and settings\HP_Owner\Local Settings\Application Data\Spotify 2013-11-30 21:16 . 2013-12-20 23:45 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Spotify . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-12-18 17:39 . 2013-07-13 13:14 410528 ----a-w- c:\windows\system32\drivers\aswsp.sys 2013-12-18 17:39 . 2013-07-13 13:13 57672 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2013-12-18 17:39 . 2013-07-13 13:13 775952 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2013-12-18 17:39 . 2013-07-13 13:13 180248 ----a-w- c:\windows\system32\drivers\aswVmm.sys 2013-12-18 17:39 . 2013-07-13 13:13 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2013-12-18 17:39 . 2013-07-13 13:13 54832 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2013-12-18 17:39 . 2013-07-13 13:13 270240 ----a-w- c:\windows\system32\aswBoot.exe 2013-12-18 17:39 . 2013-07-13 13:11 43152 ----a-w- c:\windows\avastSS.scr 2013-12-18 17:39 . 2013-07-13 13:13 252336 ----a-w- c:\windows\system32\drivers\aswNdis2.sys 2013-12-10 22:21 . 2012-10-11 18:38 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-12-10 22:21 . 2012-10-11 18:38 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-11-28 00:24 . 2010-12-23 19:00 121184 ----a-w- c:\windows\system32\drivers\idmtdi.sys 2013-11-13 02:59 . 2004-08-04 11:00 150528 ----a-w- c:\windows\system32\imagehlp.dll 2013-11-07 05:38 . 2004-08-04 11:00 591360 ----a-w- c:\windows\system32\rpcrt4.dll 2013-11-06 01:03 . 2009-04-15 07:39 7168 ----a-w- c:\windows\system32\xpsp4res.dll 2013-10-30 02:26 . 2004-08-04 11:00 1879040 ----a-w- c:\windows\system32\win32k.sys 2013-10-29 07:57 . 2004-08-04 11:00 920064 ----a-w- c:\windows\system32\wininet.dll 2013-10-29 07:57 . 2004-08-04 11:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2013-10-29 07:57 . 2004-08-04 11:00 18944 ----a-w- c:\windows\system32\corpol.dll 2013-10-29 07:57 . 2004-08-04 11:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2013-10-29 00:45 . 2004-08-04 11:00 385024 ----a-w- c:\windows\system32\html.iec 2013-10-23 23:45 . 2004-08-04 11:00 172032 ----a-w- c:\windows\system32\scrrun.dll 2013-10-21 21:55 . 2013-07-13 13:13 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys 2013-10-21 21:55 . 2013-07-13 13:13 26136 ----a-w- c:\windows\system32\drivers\aswKbd.sys 2013-10-14 17:41 . 2013-07-13 13:13 104752 ----a-w- c:\windows\system32\drivers\aswFW.sys 2013-10-12 15:56 . 2004-08-04 11:00 278528 ----a-w- c:\windows\system32\oakley.dll 2013-10-09 13:12 . 2004-08-04 11:00 287744 ----a-w- c:\windows\system32\gdi32.dll 2013-10-08 06:50 . 2013-10-21 07:51 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-10-08 06:29 . 2012-01-16 14:21 145408 ----a-w- c:\windows\system32\javacpl.cpl 2013-10-07 10:59 . 2004-08-04 11:00 603136 ----a-w- c:\windows\system32\crypt32.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}"= "c:\program files\AVAST Software\Avast\aswWebRepIE.dll" [2013-12-18 1138536] . [HKEY_CLASSES_ROOT\clsid\{cc1a175a-e45b-41ed-a30c-c9b1d7a0c02f}] [HKEY_CLASSES_ROOT\TypeLib\{6B795924-95E7-4D31-8521-407360C3AA0B}] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2013-12-18 17:39 259464 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension] @="{CDC95B92-E27C-4745-A8C5-64A52A78855D}" [HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}] 2012-11-15 23:07 21904 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208] "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 61440] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336] "AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2013-12-18 3764024] . c:\documents and settings\HP_Owner\Start Menu\Programs\Startup\ MailWasherPro.lnk - c:\program files\FireTrust\MailWasher\MailWasherPro.exe -nosplash [2013-10-31 5759816] . c:\documents and settings\Default User\Start Menu\Programs\Startup\ Pin.lnk - c:\hp\bin\CLOAKER.EXE c:\hp\bin\PinToStart.bat [2006-4-29 27136] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 0 (0x0) . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Belkin F5D8053 N Wireless USB Adapter Utility.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Belkin F5D8053 N Wireless USB Adapter Utility.lnk backup=c:\windows\pss\Belkin F5D8053 N Wireless USB Adapter Utility.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MailWasherPro.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\MailWasherPro.lnk backup=c:\windows\pss\MailWasherPro.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^HP_Owner^Start Menu^Programs^Startup^BBC iPlayer Desktop.lnk] path=c:\documents and settings\HP_Owner\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk backup=c:\windows\pss\BBC iPlayer Desktop.lnkStartup . [HKLM\~\startupfolder\C:^Documents and Settings^HP_Owner^Start Menu^Programs^Startup^LimeWire On Startup.lnk] path=c:\documents and settings\HP_Owner\Start Menu\Programs\Startup\LimeWire On Startup.lnk backup=c:\windows\pss\LimeWire On Startup.lnkStartup . [HKLM\~\startupfolder\C:^Documents and Settings^HP_Owner^Start Menu^Programs^Startup^MailWasherPro.lnk] path=c:\documents and settings\HP_Owner\Start Menu\Programs\Startup\MailWasherPro.lnk backup=c:\windows\pss\MailWasherPro.lnkStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] c:\windows\system32\dumprep 0 -k [X] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck] c:\windows\system32\dumprep 0 -u [X] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2013-04-04 21:06 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp] 2005-11-10 00:29 249856 ----a-w- c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD] 2005-02-02 16:44 61440 ----a-w- c:\hp\KBD\kbd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam] 2007-05-17 21:45 279912 -c--a-w- c:\program files\Microsoft LifeCam\LifeExp.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Omnipage] 2002-06-03 11:38 49152 ----a-w- c:\program files\ScanSoft\OmniPageSE\opware32.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE] 2010-04-12 08:40 180224 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2013-01-08 12:59 18705664 ----a-r- c:\program files\Skype\Phone\Skype.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedTouch USB Diagnostics] 2004-01-26 11:38 866816 -c--a-w- c:\program files\Thomson\SpeedTouch USB\dragdiag.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC] 2010-02-10 22:32 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2013-07-02 08:16 254336 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe] 2013-08-27 15:57 248208 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX1000] 2007-04-10 21:46 709992 ----a-w- c:\windows\vVX1000.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"= "c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Veetle\\Player\\VeetleNet.exe"= "c:\\Program Files\\FreeFileViewer\\FFVCheckForUpdates.exe"= "c:\\Program Files\\HP\\Common\\HPDeviceDetection3.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Documents and Settings\\HP_Owner\\Application Data\\Spotify\\spotify.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:Remote Desktop "65533:TCP"= 65533:TCP:Services "52344:TCP"= 52344:TCP:Services . R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [13/07/2013 13:11 12112] R0 aswNdis2;avast! Firewall NDIS Driver;c:\windows\system32\drivers\aswNdis2.sys [13/07/2013 13:13 252336] R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [13/07/2013 13:13 49944] R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [13/07/2013 13:13 180248] R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [02/05/2010 18:38 64288] R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [13/07/2013 13:13 26136] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [13/07/2013 13:13 775952] R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [13/07/2013 13:14 410528] R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [23/12/2010 19:00 121184] R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [28/10/2009 08:31 101720] R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [13/07/2013 13:13 67824] R2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [13/07/2013 13:11 113704] R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [03/10/2012 21:48 418376] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [07/01/2009 09:06 701512] R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [27/08/2013 15:57 93072] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [07/01/2009 09:06 22856] S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [09/10/2013 10:58 3275136] S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [08/01/2013 12:55 161536] S3 Aldebaran;Aldebaran - Storage Filter Drivers;\??\c:\windows\system32\Drivers\Aldebaran.sys --> c:\windows\system32\Drivers\Aldebaran.sys [?] S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?] S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [22/05/2009 15:15 36608] S3 w7lf_.sys;w7lf_.sys;\??\c:\windows\system32\drivers\w7lf_.sys --> c:\windows\system32\drivers\w7lf_.sys [?] S3 YapLoad;Y@pPhone;c:\windows\system32\drivers\YapLoad.Sys [08/07/2008 15:15 19656] . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-12-05 13:57 1210320 ----a-w- c:\program files\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-12-22 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-11 22:21] . 2013-12-22 c:\windows\Tasks\avast! Emergency Update.job - c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2013-07-13 17:39] . 2013-12-22 c:\windows\Tasks\FreeFileViewerUpdateChecker.job - c:\program files\FreeFileViewer\FFVCheckForUpdates.exe [2012-05-13 13:24] . 2013-12-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-17 22:40] . 2013-12-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-17 22:40] . . ------- Supplementary Scan ------- . uInternet Settings,ProxyOverride = *.local IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm Trusted Zone: microsoft.com\*.update Trusted Zone: microsoft.com\www Trusted Zone: microsoft.com\www.update TCP: DhcpNameServer = 192.168.2.1 . - - - - ORPHANS REMOVED - - - - . MSConfigStartUp-APSDaemon - c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe MSConfigStartUp-SpyHunter Security Suite - c:\program files\Enigma Software Group\SpyHunter\SpyHunter4.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-12-22 23:02 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . . C:\avast! sandbox . scan completed successfully hidden files: 1 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}] @Denied: (Full) (Everyone) "scansk"=hex(0):a3,d2,7f,04,5f,e5,cb,c8,1b,3a,b6,6f,be,c7,21,a4,1e,4f,c4,11,51, 88,0c,9a,fd,7b,b4,8b,d6,11,2b,24,c8,79,fc,92,34,d0,c1,52,00,00,00,00,00,00,\ . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{fab9a636-dacc-4cc9-bb60-322c2b2ee7de}] @Denied: (Full) (Everyone) "Model"=dword:000000c7 "Therad"=dword:0000001e "MData"=hex(0):ee,92,e9,d3,ea,9e,d4,13,f2,18,2e,ed,42,10,ff,b7,25,e9,20,8b,c2, 56,b0,93,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\ . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(1132) c:\windows\system32\Ati2evxx.dll . Completion time: 2013-12-22 23:05:34 ComboFix-quarantined-files.txt 2013-12-22 23:05 ComboFix2.txt 2013-12-14 14:06 . Pre-Run: 100,597,182,464 bytes free Post-Run: 100,583,985,152 bytes free . WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect . - - End Of File - - BE390B82CFE937C1143F932D19F730F4 D11C727E03BB7318DCDA069B06E652F0
  13. If there is not too much more of your time needed, I would be pleased to carry on and reach some conclusion.
  14. I am afraid TFC is also hanging on my PC. It was left for 30 minutes at a time and there was no movement of the progress bar and my PC was obviously not doing anything. This prompted a few more manual restarts of the PC. I have really appreciated your help and patience in all of this, but I now feel I am taking up too much of your limited time, there are a lot of other people on this section with bigger problems than mine. I also believe my problems may have already gone away, with the earlier purging steps that have been taken. Also uninstalling Spyhunter was a good move. Their Support section emailed me last night to say that I probably did not have any browser hijackers on my PC, just "inert remnants" of previous infections that they had removed. They also offered to do a remote cleaning up of my system, if I granted them access. I politely declined as I don't feel confident with Spyhunter any more. Once again I thank you most sincerely for your help and hopefully I won't have to return and bother you again.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.