FrostDDT Posted July 16, 2012 ID:571191 Share Posted July 16, 2012 Hi. I'm another one who is has been hit with browser redirect malware. I've tried full scans with several scanners, including Malwarebytes Anti-Malware, with no results. The redirect issue affects links on the Yahoo! and Google search engines on both Firefox and Internet Explorer. Help very much needed.Here are my DDS.txt and Attach.txt logs:.DDS (Ver_2011-08-26.01) - NTFSx86Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_31Run by Administrator at 20:33:14 on 2012-07-15Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1424 [GMT -5:00].AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}AV: Lavasoft Ad-Aware *Disabled/Updated* {964FCE60-0B18-4D30-ADD6-EB178909041C}FW: Lavasoft Ad-Aware *Disabled*.============== Running Processes ===============.C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exec:\Program Files\Microsoft Security Client\MsMpEng.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\Program Files\Microsoft Office\Office12\GrooveMonitor.exeC:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exeC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\system32\rundll32.exesvchost.exeC:\Program Files\SUPERAntiSpyware\SASCORE.EXEC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\system32\svchost.exe -k imgsvcC:\Program Files\Ad-Aware Antivirus\AdAwareService.exeC:\Program Files\Mozilla Firefox\firefox.exe.============== Pseudo HJT Report ===============.uStart Page = hxxp://www.yahoo.com/uInternet Settings,ProxyOverride = *.localBHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No FileBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dllBHO: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dllBHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dllBHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dllBHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dllBHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllTB: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dllTB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No FileuRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exeuRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /backgrounduRun: [Apple Computer] rundll32.exe "c:\documents and settings\administrator\local settings\application data\applicationhistory\apple computer\wsnznsv.dll",CreateInstancemRun: [igfxtray] c:\windows\system32\igfxtray.exemRun: [igfxhkcmd] c:\windows\system32\hkcmd.exemRun: [igfxpers] c:\windows\system32\igfxpers.exemRun: [iTunesHelper] c:\program files\itunes\iTunesHelper.exemRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottimemRun: [Ad-Aware Antivirus] "c:\program files\ad-aware antivirus\AdAwareLauncher" --windows-runmRun: [Ad-Aware Browsing Protection] "c:\documents and settings\all users\application data\ad-aware browsing protection\adawarebp.exe"dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -tdRun: [Apple Computer] rundll32.exe "c:\documents and settings\administrator\local settings\application data\applicationhistory\apple computer\wsnznsv.dll",CreateInstancedRunOnce: [adaware] reg.exe delete "HKCU\Software\AppDataLow\Software\adaware" /fdRunOnce: [adaware_XP] reg.exe delete "HKCU\Software\adaware" /fIE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exeIE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exeIE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeIE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dllIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLLIE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dllTrusted Zone: line6.netDPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - hxxp://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cabDPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cabDPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cabDPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1259229678795DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cabDPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cabDPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} - hxxp://www.ca.com/us/securityadvisor/virusinfo/webscan.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cabDPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} - hxxp://xserv.dell.com/DellDriverScanner/DellSystem.CABDPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CABDPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cabDPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cabDPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/3,0,0,6111/mcfscan.cabDPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} - hxxp://www.pcpitstop.com/antivirus/PitPav.cabTCP: DhcpNameServer = 192.168.1.254TCP: Interfaces\{5AF3A720-2F60-4275-B4EA-3E7F9F56D8E4} : DhcpNameServer = 192.168.1.254Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dllNotify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLLNotify: igfxcui - igfxdev.dllSSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dllSEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dllSEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL.================= FIREFOX ===================.FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\bdeiozaq.default\FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/FF - plugin: c:\documents and settings\administrator\application data\move networks\plugins\npqmp071705000014.dllFF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dllFF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dllFF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dllFF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dllFF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dllFF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_265.dll.============= SERVICES / DRIVERS ===============.R0 a320raid;a320raid;c:\windows\system32\drivers\a320raid.sys [2006-11-2 218112]R0 aac;PERC 320/DC SCSI RAID Miniport Driver;c:\windows\system32\drivers\aac.sys [2006-11-2 48140]R0 aarich;aarich;c:\windows\system32\drivers\aarich.sys [2006-11-2 204800]R0 megasas;DELL PERC RAID Driver;c:\windows\system32\drivers\megasas.sys [2006-11-2 17664]R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 171064]R0 pavboot;Panda Boot Driver;c:\windows\system32\drivers\pavboot.sys [2011-8-6 28552]R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [2012-7-12 21240]R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]R2 Ad-Aware Service;Ad-Aware Service;c:\program files\ad-aware antivirus\AdAwareService.exe [2012-5-3 1226096]R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2012-7-12 77816]S1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2011-10-26 101112]S2 SBAMSvc;Ad-Aware;c:\program files\ad-aware antivirus\SBAMSvc.exe [2011-12-19 3289032]S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-3 250056]S3 L6DP;L6DP;c:\windows\system32\drivers\l6dp.sys --> c:\windows\system32\drivers\l6dp.sys [?]S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-24 113120]S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6 34064]S4 vmscsi;vmscsi;c:\windows\system32\drivers\vmscsi.sys [2006-11-2 11029].=============== Created Last 30 ================.2012-07-15 23:08:41 6762896 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ac691e15-208b-4f11-8f4c-990c3c161488}\mpengine.dll2012-07-15 01:11:50 -------- d-----w- c:\program files\ESET2012-07-14 22:59:40 6762896 ------w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll2012-07-12 23:30:57 77816 ----a-w- c:\windows\system32\drivers\sbapifs.sys2012-07-12 23:30:16 21240 ----a-w- c:\windows\system32\drivers\sbaphd.sys2012-07-12 23:06:27 -------- d-----w- c:\documents and settings\administrator\local settings\application data\adaware2012-07-12 23:06:07 94584 ----a-w- c:\windows\system32\drivers\SbFwIm.sys2012-07-12 23:05:58 -------- d-----w- c:\windows\system32\drivers\VDD2012-07-12 23:05:52 -------- d-----w- c:\program files\Ad-Aware Antivirus2012-07-12 22:59:13 -------- d-----w- c:\documents and settings\administrator\application data\Ad-Aware Antivirus2012-07-03 15:36:48 1409 ----a-w- c:\windows\QTFont.for2012-06-23 04:08:02 9822920 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe2012-06-18 05:28:35 770384 ----a-w- c:\program files\mozilla firefox\msvcr100.dll2012-06-18 05:28:35 421200 ----a-w- c:\program files\mozilla firefox\msvcp100.dll.==================== Find3M ====================.2012-07-11 21:08:13 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2012-07-11 21:08:13 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe2012-07-03 18:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys2012-06-13 14:53:48 4710 ----a-w- c:\windows\system32\PerfStringBackup.TMP2012-06-13 13:19:59 1866112 ----a-w- c:\windows\system32\win32k.sys2012-06-05 15:50:25 1372672 ----a-w- c:\windows\system32\msxml6.dll2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll2012-06-02 20:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui2012-06-02 20:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl2012-06-02 20:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui2012-06-02 20:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui2012-06-02 20:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui2012-06-02 20:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll2012-06-02 20:18:58 214256 ----a-w- c:\windows\system32\muweb.dll2012-06-02 20:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll2012-05-16 07:58:35 667136 ----a-w- c:\windows\system32\wininet.dll2012-05-04 13:12:30 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe2012-05-04 12:32:19 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys2012-04-20 19:29:52 81920 ----a-w- c:\windows\system32\ieencode.dll2012-04-20 19:29:52 61952 ----a-w- c:\windows\system32\tdc.ocx2012-04-19 12:44:57 369664 ----a-w- c:\windows\system32\html.iec2006-05-03 09:06:54 163328 --sh--r- c:\windows\system32\flvDX.dll2007-02-21 10:47:16 31232 --sh--r- c:\windows\system32\msfDX.dll2008-03-16 12:30:52 216064 --sh--r- c:\windows\system32\nbDX.dll.============= FINISH: 20:34:11.40 ===============----------------------------------------------------------------------------------------------------------------.UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2011-08-26.01).Microsoft Windows XP ProfessionalBoot Device: \Device\HarddiskVolume1Install Date: 5/26/2007 5:14:41 AMSystem Uptime: 7/14/2012 5:42:42 PM (27 hours ago).Motherboard: Dell Computer Corp. | | 0U2575Processor: Intel® Pentium® 4 CPU 2.80GHz | Microprocessor | 2793/533mhz.==== Disk Partitions =========================.A: is RemovableC: is FIXED (NTFS) - 74 GiB total, 24.825 GiB free.D: is CDROM ()E: is CDROM ()F: is RemovableG: is RemovableH: is RemovableI: is Removable.==== Disabled Device Manager Items =============.Class GUID:Description:Device ID: ACPI\PNP0100\4&5CA43BD&0Manufacturer:Name:PNP Device ID: ACPI\PNP0100\4&5CA43BD&0Service:.==== System Restore Points ===================.RP1: 4/29/2012 8:10:29 AM - System CheckpointRP2: 4/29/2012 10:50:22 PM - Software Distribution Service 3.0RP3: 5/1/2012 4:13:21 AM - Software Distribution Service 3.0RP4: 5/2/2012 4:08:41 AM - Software Distribution Service 3.0RP5: 5/3/2012 4:08:51 AM - Software Distribution Service 3.0RP6: 5/4/2012 4:08:31 AM - Software Distribution Service 3.0RP7: 5/5/2012 4:08:56 AM - Software Distribution Service 3.0RP8: 5/6/2012 4:09:05 AM - Software Distribution Service 3.0RP9: 5/7/2012 4:09:05 AM - Software Distribution Service 3.0RP10: 5/8/2012 4:09:32 AM - Software Distribution Service 3.0RP11: 5/9/2012 5:06:21 AM - System CheckpointRP12: 5/9/2012 3:09:41 PM - Software Distribution Service 3.0RP13: 5/10/2012 2:45:36 PM - Software Distribution Service 3.0RP14: 5/10/2012 3:54:36 PM - Software Distribution Service 3.0RP15: 5/11/2012 3:55:29 PM - Software Distribution Service 3.0RP16: 5/12/2012 3:54:32 PM - Software Distribution Service 3.0RP17: 5/13/2012 3:54:29 PM - Software Distribution Service 3.0RP18: 5/14/2012 3:59:28 PM - Software Distribution Service 3.0RP19: 5/15/2012 3:55:45 PM - Software Distribution Service 3.0RP20: 5/16/2012 3:56:34 PM - Software Distribution Service 3.0RP21: 5/17/2012 10:34:33 PM - Software Distribution Service 3.0RP22: 5/18/2012 10:34:16 PM - Software Distribution Service 3.0RP23: 5/19/2012 10:34:46 PM - Software Distribution Service 3.0RP24: 5/20/2012 10:35:16 PM - Software Distribution Service 3.0RP25: 5/21/2012 10:35:45 PM - Software Distribution Service 3.0RP26: 5/22/2012 12:57:40 AM - Software Distribution Service 3.0RP27: 5/22/2012 3:01:05 AM - Software Distribution Service 3.0RP28: 5/22/2012 8:18:39 AM - Software Distribution Service 3.0RP29: 5/22/2012 8:34:53 AM - Software Distribution Service 3.0RP30: 5/23/2012 7:42:20 AM - Software Distribution Service 3.0RP31: 5/24/2012 8:31:50 AM - System CheckpointRP32: 5/24/2012 2:39:53 PM - Software Distribution Service 3.0RP33: 5/25/2012 2:43:30 PM - Software Distribution Service 3.0RP34: 5/26/2012 2:40:01 PM - Software Distribution Service 3.0RP35: 5/27/2012 2:40:22 PM - Software Distribution Service 3.0RP36: 5/28/2012 2:40:33 PM - Software Distribution Service 3.0RP37: 5/29/2012 2:40:01 PM - Software Distribution Service 3.0RP38: 5/30/2012 3:27:08 PM - System CheckpointRP39: 5/30/2012 5:35:09 PM - Software Distribution Service 3.0RP40: 5/31/2012 6:30:04 PM - Software Distribution Service 3.0RP41: 6/1/2012 6:29:06 PM - Software Distribution Service 3.0RP42: 6/2/2012 6:29:20 PM - Software Distribution Service 3.0RP43: 6/3/2012 7:18:12 PM - System CheckpointRP44: 6/4/2012 12:46:59 PM - Software Distribution Service 3.0RP45: 6/4/2012 1:36:04 PM - Software Distribution Service 3.0RP46: 6/5/2012 1:36:32 PM - Software Distribution Service 3.0RP47: 6/6/2012 1:36:37 PM - Software Distribution Service 3.0RP48: 6/7/2012 1:37:07 PM - Software Distribution Service 3.0RP49: 6/8/2012 1:37:20 PM - Software Distribution Service 3.0RP50: 6/9/2012 1:37:06 PM - Software Distribution Service 3.0RP51: 6/10/2012 1:37:37 PM - Software Distribution Service 3.0RP52: 6/11/2012 1:37:33 PM - Software Distribution Service 3.0RP53: 6/12/2012 1:37:17 PM - Software Distribution Service 3.0RP54: 6/13/2012 9:38:14 AM - Software Distribution Service 3.0RP55: 6/14/2012 11:49:22 AM - Software Distribution Service 3.0RP56: 6/15/2012 11:48:57 AM - Software Distribution Service 3.0RP57: 6/16/2012 11:48:49 AM - Software Distribution Service 3.0RP58: 6/17/2012 11:48:53 AM - Software Distribution Service 3.0RP59: 6/18/2012 7:09:56 PM - Software Distribution Service 3.0RP60: 6/19/2012 8:18:59 PM - System CheckpointRP61: 6/19/2012 9:41:22 PM - Software Distribution Service 3.0RP62: 6/20/2012 9:54:34 PM - System CheckpointRP63: 6/21/2012 10:02:12 AM - Software Distribution Service 3.0RP64: 6/22/2012 10:02:17 AM - Software Distribution Service 3.0RP65: 6/23/2012 10:02:15 AM - Software Distribution Service 3.0RP66: 6/24/2012 10:02:37 AM - Software Distribution Service 3.0RP67: 6/25/2012 5:06:21 PM - Software Distribution Service 3.0RP68: 6/26/2012 5:06:00 PM - Software Distribution Service 3.0RP69: 6/27/2012 5:06:04 PM - Software Distribution Service 3.0RP70: 6/28/2012 5:06:11 PM - Software Distribution Service 3.0RP71: 6/29/2012 5:08:30 PM - Software Distribution Service 3.0RP72: 6/30/2012 5:06:39 PM - Software Distribution Service 3.0RP73: 7/1/2012 5:06:40 PM - Software Distribution Service 3.0RP74: 7/2/2012 5:06:46 PM - Software Distribution Service 3.0RP75: 7/3/2012 5:40:23 PM - System CheckpointRP76: 7/4/2012 12:48:17 AM - Software Distribution Service 3.0RP77: 7/5/2012 12:48:15 AM - Software Distribution Service 3.0RP78: 7/6/2012 12:48:26 AM - Software Distribution Service 3.0RP79: 7/7/2012 12:48:40 AM - Software Distribution Service 3.0RP80: 7/8/2012 11:36:15 AM - Software Distribution Service 3.0RP81: 7/9/2012 11:36:41 AM - Software Distribution Service 3.0RP82: 7/10/2012 12:46:13 PM - System CheckpointRP83: 7/11/2012 9:25:46 AM - Software Distribution Service 3.0RP84: 7/12/2012 3:00:25 AM - Software Distribution Service 3.0RP85: 7/12/2012 5:57:57 PM - Software Distribution Service 3.0RP86: 7/12/2012 6:00:36 PM - Removed Ad-AwareRP87: 7/13/2012 12:36:11 PM - Installed Panda ActiveScan CleanerRP88: 7/13/2012 12:47:18 PM - Software Distribution Service 3.0RP89: 7/14/2012 5:59:21 PM - Software Distribution Service 3.0RP90: 7/15/2012 6:04:20 PM - Software Distribution Service 3.0.==== Installed Programs ======================.ABBYY FineReader 6.0 SprintAcrobat.comAd-Aware AntivirusAd-Aware Browsing ProtectionAd-Aware Security ToolbarAdobe AIRAdobe Download ManagerAdobe Flash Player 11 ActiveXAdobe Flash Player 11 PluginAdobe Reader X (10.1.3)Amazon MP3 Downloader 1.0.12AnyDVDApple Application SupportApple Software UpdateAudacity 1.2.6AutoUpdateBonjourBreezeBrowser ProCanon Camera Access LibraryCanon Camera Support Core LibraryCanon Camera WIA DriverCanon Camera Window DC_DV 5 for ZoomBrowser EXCanon Camera Window DC_DV 6 for ZoomBrowser EXCanon Camera Window MC 6 for ZoomBrowser EXCanon EOS-1Ds Mark II WIA DriverCanon EOS 5D WIA DriverCanon Utilities Digital Photo Professional 3.0CDex extraction audioCeltx (2.9.1)CombiMovie Version 1.31Critical Update for Windows Media Player 11 (KB959772)CuteHTMLDivX CodecDivX ConverterDivX PlayerDivX Web PlayerDVD Decrypter (Remove Only)DVD Flick 1.3.0.7DVD Shrink 3.2DVDFab HD Decrypter 3.1.2.6EPSON Perfection V500 Photo Scanner Driver UpdateEPSON Perfection V500P User's GuideEPSON ScanESET Online Scanner v3FileZilla Client 3.0.4.1FLV Player 2.0 (build 25)foobar2000 v0.9.5.2Full Tilt PokerHotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)Hotfix for Windows Media Format 11 SDK (KB929399)Hotfix for Windows Media Player 11 (KB939683)Hotfix for Windows XP (KB2158563)Hotfix for Windows XP (KB2443685)Hotfix for Windows XP (KB2570791)Hotfix for Windows XP (KB2633952)Hotfix for Windows XP (KB952287)Hotfix for Windows XP (KB954550-v5)Hotfix for Windows XP (KB961118)Hotfix for Windows XP (KB981793)HouseCall 6.6ImgBurn (Remove Only)Intel® Extreme Graphics 2 DriverIntel® PRO Network Connections DriversiPod Updater 2004-11-15iTunesIZArc 3.81Java Auto UpdaterJava™ 6 Update 31Kaspersky Online ScannerMalwarebytes Anti-Malware version 1.62.0.1300Microsoft .NET Framework (English)Microsoft .NET Framework (English) v1.0.3705Microsoft .NET Framework 1.0 Hotfix (KB928367)Microsoft .NET Framework 1.1Microsoft .NET Framework 1.1 Security Update (KB2656353)Microsoft .NET Framework 1.1 Security Update (KB2656370)Microsoft .NET Framework 1.1 Security Update (KB979906)Microsoft .NET Framework 2.0 Service Pack 2Microsoft .NET Framework 3.0 Service Pack 2Microsoft .NET Framework 3.5 SP1Microsoft Application Error ReportingMicrosoft Base Smart Card Cryptographic Service Provider PackageMicrosoft Compression Client Pack 1.0 for Windows XPMicrosoft Office 2007 Service Pack 3 (SP3)Microsoft Office Access MUI (English) 2007Microsoft Office Access Setup Metadata MUI (English) 2007Microsoft Office Enterprise 2007Microsoft Office Excel MUI (English) 2007Microsoft Office File Validation Add-InMicrosoft Office Groove MUI (English) 2007Microsoft Office Groove Setup Metadata MUI (English) 2007Microsoft Office InfoPath MUI (English) 2007Microsoft Office OneNote MUI (English) 2007Microsoft Office Outlook MUI (English) 2007Microsoft Office PowerPoint MUI (English) 2007Microsoft Office Proof (English) 2007Microsoft Office Proof (French) 2007Microsoft Office Proof (Spanish) 2007Microsoft Office Proofing (English) 2007Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)Microsoft Office Publisher MUI (English) 2007Microsoft Office Shared MUI (English) 2007Microsoft Office Shared Setup Metadata MUI (English) 2007Microsoft Office Word MUI (English) 2007Microsoft Security ClientMicrosoft Security EssentialsMicrosoft Software Update for Web Folders (English) 12Microsoft Text-to-Speech Engine 4.0 (English)Microsoft User-Mode Driver Framework Feature Pack 1.0Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053Microsoft Visual C++ 2005 RedistributableMicrosoft Windows XP Video Decoder Checkup Utilitymkw Audio Compression ToolkitMove Media PlayerMozilla Firefox 13.0.1 (x86 en-US)Mozilla Maintenance ServiceMSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)MSXML 6.0 Parser (KB933579)Neat Image v5.8 Pro+Nero 7 EssentialsPaint Shop Pro 7 ESDPanda ActiveScan 2.0Panda Cloud CleanerPCPitstop Panda AntiVirus Scan (remove only)PDF MergerPoker Academy Pro 2PokerStarsPokerStars.netPrimoPrimoPDF -- brought to you by Nitro PDF SoftwareQuickTimeRapidShare ManagerRescuePRO 3.2RuntimeSecurity Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596672) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596744) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596785) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596792) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596871) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596880) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2597162) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2597969) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2598041) 32-Bit EditionSecurity Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit EditionSecurity Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit EditionSecurity Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit EditionSecurity Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit EditionSecurity Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit EditionSecurity Update for Microsoft Office Word 2007 (KB2596917) 32-Bit EditionSecurity Update for Microsoft Windows (KB2564958)Security Update for Windows Media Player (KB2378111)Security Update for Windows Media Player (KB911564)Security Update for Windows Media Player (KB952069)Security Update for Windows Media Player (KB954155)Security Update for Windows Media Player (KB973540)Security Update for Windows Media Player (KB975558)Security Update for Windows Media Player (KB978695)Security Update for Windows Media Player 11 (KB936782)Security Update for Windows Media Player 11 (KB954154)Security Update for Windows Media Player 6.4 (KB925398)Security Update for Windows Media Player 9 (KB917734)Security Update for Windows XP (KB2079403)Security Update for Windows XP (KB2115168)Security Update for Windows XP (KB2121546)Security Update for Windows XP (KB2160329)Security Update for Windows XP (KB2183461)Security Update for Windows XP (KB2229593)Security Update for Windows XP (KB2259922)Security Update for Windows XP (KB2279986)Security Update for Windows XP (KB2286198)Security Update for Windows XP (KB2296011)Security Update for Windows XP (KB2296199)Security Update for Windows XP (KB2347290)Security Update for Windows XP (KB2360131)Security Update for Windows XP (KB2360937)Security Update for Windows XP (KB2387149)Security Update for Windows XP (KB2393802)Security Update for Windows XP (KB2412687)Security Update for Windows XP (KB2416400)Security Update for Windows XP (KB2419632)Security Update for Windows XP (KB2423089)Security Update for Windows XP (KB2436673)Security Update for Windows XP (KB2440591)Security Update for Windows XP (KB2443105)Security Update for Windows XP (KB2476490)Security Update for Windows XP (KB2476687)Security Update for Windows XP (KB2478960)Security Update for Windows XP (KB2478971)Security Update for Windows XP (KB2479628)Security Update for Windows XP (KB2479943)Security Update for Windows XP (KB2481109)Security Update for Windows XP (KB2482017)Security Update for Windows XP (KB2483185)Security Update for Windows XP (KB2485376)Security Update for Windows XP (KB2485663)Security Update for Windows XP (KB2497640)Security Update for Windows XP (KB2503658)Security Update for Windows XP (KB2503665)Security Update for Windows XP (KB2506212)Security Update for Windows XP (KB2506223)Security Update for Windows XP (KB2507618)Security Update for Windows XP (KB2507938)Security Update for Windows XP (KB2508272)Security Update for Windows XP (KB2508429)Security Update for Windows XP (KB2509553)Security Update for Windows XP (KB2510581)Security Update for Windows XP (KB2511455)Security Update for Windows XP (KB2524375)Security Update for Windows XP (KB2530548)Security Update for Windows XP (KB2535512)Security Update for Windows XP (KB2536276-v2)Security Update for Windows XP (KB2536276)Security Update for Windows XP (KB2544521)Security Update for Windows XP (KB2544893-v2)Security Update for Windows XP (KB2544893)Security Update for Windows XP (KB2555917)Security Update for Windows XP (KB2559049)Security Update for Windows XP (KB2562937)Security Update for Windows XP (KB2566454)Security Update for Windows XP (KB2567053)Security Update for Windows XP (KB2567680)Security Update for Windows XP (KB2570222)Security Update for Windows XP (KB2570947)Security Update for Windows XP (KB2584146)Security Update for Windows XP (KB2585542)Security Update for Windows XP (KB2586448)Security Update for Windows XP (KB2592799)Security Update for Windows XP (KB2598479)Security Update for Windows XP (KB2603381)Security Update for Windows XP (KB2618444)Security Update for Windows XP (KB2618451)Security Update for Windows XP (KB2619339)Security Update for Windows XP (KB2620712)Security Update for Windows XP (KB2621440)Security Update for Windows XP (KB2624667)Security Update for Windows XP (KB2631813)Security Update for Windows XP (KB2633171)Security Update for Windows XP (KB2639417)Security Update for Windows XP (KB2641653)Security Update for Windows XP (KB2646524)Security Update for Windows XP (KB2647516)Security Update for Windows XP (KB2647518)Security Update for Windows XP (KB2653956)Security Update for Windows XP (KB2655992)Security Update for Windows XP (KB2659262)Security Update for Windows XP (KB2660465)Security Update for Windows XP (KB2661637)Security Update for Windows XP (KB2675157)Security Update for Windows XP (KB2676562)Security Update for Windows XP (KB2685939)Security Update for Windows XP (KB2686509)Security Update for Windows XP (KB2691442)Security Update for Windows XP (KB2695962)Security Update for Windows XP (KB2698365)Security Update for Windows XP (KB2699988)Security Update for Windows XP (KB2707511)Security Update for Windows XP (KB2709162)Security Update for Windows XP (KB2718523)Security Update for Windows XP (KB2719985)Security Update for Windows XP (KB923561)Security Update for Windows XP (KB923689)Security Update for Windows XP (KB923789)Security Update for Windows XP (KB938464)Security Update for Windows XP (KB941569)Security Update for Windows XP (KB946648)Security Update for Windows XP (KB950760)Security Update for Windows XP (KB950762)Security Update for Windows XP (KB950974)Security Update for Windows XP (KB951066)Security Update for Windows XP (KB951376-v2)Security Update for Windows XP (KB951376)Security Update for Windows XP (KB951698)Security Update for Windows XP (KB951748)Security Update for Windows XP (KB952004)Security Update for Windows XP (KB952954)Security Update for Windows XP (KB953838)Security Update for Windows XP (KB953839)Security Update for Windows XP (KB954211)Security Update for Windows XP (KB954459)Security Update for Windows XP (KB954600)Security Update for Windows XP (KB955069)Security Update for Windows XP (KB956390)Security Update for Windows XP (KB956391)Security Update for Windows XP (KB956572)Security Update for Windows XP (KB956744)Security Update for Windows XP (KB956802)Security Update for Windows XP (KB956803)Security Update for Windows XP (KB956841)Security Update for Windows XP (KB956844)Security Update for Windows XP (KB957095)Security Update for Windows XP (KB957097)Security Update for Windows XP (KB958215)Security Update for Windows XP (KB958644)Security Update for Windows XP (KB958687)Security Update for Windows XP (KB958690)Security Update for Windows XP (KB958869)Security Update for Windows XP (KB959426)Security Update for Windows XP (KB960225)Security Update for Windows XP (KB960714)Security Update for Windows XP (KB960715)Security Update for Windows XP (KB960803)Security Update for Windows XP (KB960859)Security Update for Windows XP (KB961373)Security Update for Windows XP (KB961501)Security Update for Windows XP (KB963027)Security Update for Windows XP (KB968537)Security Update for Windows XP (KB969059)Security Update for Windows XP (KB969897)Security Update for Windows XP (KB969898)Security Update for Windows XP (KB970238)Security Update for Windows XP (KB970430)Security Update for Windows XP (KB971657)Security Update for Windows XP (KB971961)Security Update for Windows XP (KB972270)Security Update for Windows XP (KB973507)Security Update for Windows XP (KB973869)Security Update for Windows XP (KB973904)Security Update for Windows XP (KB974112)Security Update for Windows XP (KB974318)Security Update for Windows XP (KB974392)Security Update for Windows XP (KB974571)Security Update for Windows XP (KB975025)Security Update for Windows XP (KB975467)Security Update for Windows XP (KB975560)Security Update for Windows XP (KB975562)Security Update for Windows XP (KB975713)Security Update for Windows XP (KB977816)Security Update for Windows XP (KB977914)Security Update for Windows XP (KB978037)Security Update for Windows XP (KB978338)Security Update for Windows XP (KB978542)Security Update for Windows XP (KB978601)Security Update for Windows XP (KB978706)Security Update for Windows XP (KB979309)Security Update for Windows XP (KB979482)Security Update for Windows XP (KB979687)Security Update for Windows XP (KB980195)Security Update for Windows XP (KB980218)Security Update for Windows XP (KB980232)Security Update for Windows XP (KB980436)Security Update for Windows XP (KB981322)Security Update for Windows XP (KB981349)Security Update for Windows XP (KB981852)Security Update for Windows XP (KB981957)Security Update for Windows XP (KB981997)Security Update for Windows XP (KB982132)Security Update for Windows XP (KB982214)Security Update for Windows XP (KB982665)Security Update for Windows XP (KB982802)Spelling Dictionaries Support For Adobe Reader 8Spybot - Search & DestroySUPER © Version 2009.bld.36 (June 10, 2009)SUPERAntiSpywareUpdate for 2007 Microsoft Office System (KB967642)Update for Microsoft .NET Framework 3.5 SP1 (KB963707)Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit EditionUpdate for Microsoft Office Outlook 2007 Junk Email Filter (KB2687310) 32-Bit EditionUpdate for Windows XP (KB2141007)Update for Windows XP (KB2345886)Update for Windows XP (KB2467659)Update for Windows XP (KB2492386)Update for Windows XP (KB2541763)Update for Windows XP (KB2607712)Update for Windows XP (KB2616676)Update for Windows XP (KB2641690)Update for Windows XP (KB2718704)Update for Windows XP (KB951072-v2)Update for Windows XP (KB951978)Update for Windows XP (KB955759)Update for Windows XP (KB955839)Update for Windows XP (KB967715)Update for Windows XP (KB968389)Update for Windows XP (KB971029)Update for Windows XP (KB971737)Update for Windows XP (KB973687)Update for Windows XP (KB973815)VLC media player 0.9.9WebFldrs XPWindows Genuine Advantage Notifications (KB905474)Windows Genuine Advantage Validation Tool (KB892130)Windows Imaging ComponentWindows Live OneCare safety scannerWindows Media Format 11 runtimeWindows Media Player 11Windows Presentation FoundationWindows XP Service Pack 3WinPcap 4.0.2WinRAR archiverWM RecorderXML Paper Specification Shared Components Pack 1.0YTD YouTube Downloader & Converter 3.6.==== Event Viewer Messages From Past Week ========.7/15/2012 4:59:32 PM, error: Service Control Manager [7034] - The Ad-Aware Service service terminated unexpectedly. It has done this 2 time(s).7/15/2012 12:09:48 PM, error: Service Control Manager [7000] - The Adobe Flash Player Update Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.7/15/2012 12:09:14 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the AdobeFlashPlayerUpdateSvc service.7/13/2012 1:24:29 AM, error: Service Control Manager [7034] - The Ad-Aware Service service terminated unexpectedly. It has done this 1 time(s).7/13/2012 1:23:46 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD ASPI32 ElbyCDIO Fips intelppm IPSec MpFilter MRxSmb NetBIOS NetBT pavboot RasAcd Rdbss SASDIFSV SASKUTIL sbaphd Tcpip7/13/2012 1:23:46 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}7/13/2012 1:23:34 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.7/13/2012 1:23:34 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.7/13/2012 1:23:34 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.7/13/2012 1:23:34 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.7/13/2012 1:23:34 AM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.7/12/2012 5:43:14 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: a320raid aac aarich adpu160m adpu320 aic78u2 aic78xx cercsr6 fasttx2k iaStor IntelIde megasas Symmpi7/10/2012 9:13:59 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service iPodService with arguments "-Service" in order to run the server: {7A7FB085-6068-4898-8CCA-480A9187277C}.==== End Of File =========================== Link to post Share on other sites More sharing options...
Maniac Posted July 16, 2012 ID:571496 Share Posted July 16, 2012 Hello FrostDDT and ! My name is Maniac and I will be glad to help you solve your malware problem.Please note:If you are a paying customer, you have the privilege to contact the help desk at Consumer Support or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.Make sure you read all of the instructions and fixes thoroughly before continuing with them.Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.Step 1Anti-Virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash. If you choose to install more than one Anti-Virus program on your computer, then only one of them should be active in memory at a time. My suggestion is to uninstall Ad-Aware Antivirus (Ad-Aware Browsing Protection and Ad-Aware Security Toolbar too) and to keep Microsoft Security Essentials. Finally, reboot your system.Step 2Launch Malwarebytes' Anti-MalwareGo to Update tab and select Check for Updates. If an update is found, it will download and install the latest version. Go to Scanner tab and select Perform Quick Scan, then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.Step 3Download aswMBR.exe to your desktop. Double click the aswMBR.exe to run it Click the "Scan" button to start scan On completion of the scan click save log, save it to your desktop and post in your next reply In your next reply, post the following log files:Malwarebytes' Anti-Malware logaswMBR loga new fresh DDS log file Link to post Share on other sites More sharing options...
FrostDDT Posted July 16, 2012 Author ID:571622 Share Posted July 16, 2012 Thanks, Maniac. Here are the new logs.Malwarebytes Anti-Malware 1.62.0.1300www.malwarebytes.orgDatabase version: v2012.07.16.11Windows XP Service Pack 3 x86 NTFSInternet Explorer 6.0.2900.5512Administrator :: WXP-GNWVS51 [administrator]7/16/2012 3:58:36 PMmbam-log-2012-07-16 (15-58-36).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 227782Time elapsed: 22 minute(s), 22 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 0(No malicious items detected)(end)----------------------------------------------------------------------aswMBR version 0.9.9.1665 Copyright© 2011 AVAST SoftwareRun date: 2012-07-16 16:31:45-----------------------------16:31:45.935 OS Version: Windows 5.1.2600 Service Pack 316:31:45.935 Number of processors: 1 586 0x30416:31:45.955 ComputerName: WXP-GNWVS51 UserName:16:31:51.805 Initialize success16:53:04.638 AVAST engine defs: 1207160116:58:58.314 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-316:58:58.314 Disk 0 Vendor: WDC_WD800BB-75FJA1 14.03G14 Size: 76293MB BusType: 316:58:58.364 Disk 0 MBR read successfully16:58:58.364 Disk 0 MBR scan16:58:58.654 Disk 0 unknown MBR code16:58:58.664 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76285 MB offset 6316:58:58.664 Disk 0 scanning sectors +15623212516:58:58.755 Disk 0 scanning C:\WINDOWS\system32\drivers16:59:23.143 Service scanning16:59:38.297 Service MpKsl9758841e c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AC691E15-208B-4F11-8F4C-990C3C161488}\MpKsl9758841e.sys **LOCKED** 3216:59:56.134 Modules scanning17:00:07.903 Disk 0 trace - called modules:17:00:07.913 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS17:00:08.263 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a5c4ab8]17:00:08.263 3 CLASSPNP.SYS[f7667fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a56dd98]17:00:08.644 AVAST engine scan C:\WINDOWS17:00:31.089 AVAST engine scan C:\WINDOWS\system3217:05:45.853 AVAST engine scan C:\WINDOWS\system32\drivers17:06:16.060 AVAST engine scan C:\Documents and Settings\Administrator17:31:09.784 AVAST engine scan C:\Documents and Settings\All Users17:32:40.995 Scan finished successfully17:45:33.390 Disk 0 MBR has been saved successfully to "C:\Itemp\Malb\MBR.dat"17:45:33.490 The log file has been saved successfully to "C:\Itemp\Malb\aswMBR.txt"---------------------------------------------------------------------------------------.DDS (Ver_2011-08-26.01) - NTFSx86Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_31Run by Administrator at 17:48:37 on 2012-07-16Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1434 [GMT -5:00].AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}.============== Running Processes ===============.C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exec:\Program Files\Microsoft Security Client\MsMpEng.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\Program Files\Microsoft Office\Office12\GrooveMonitor.exesvchost.exeC:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exeC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\system32\rundll32.exeC:\Program Files\SUPERAntiSpyware\SASCORE.EXEC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\system32\svchost.exe -k imgsvc.============== Pseudo HJT Report ===============.uStart Page = hxxp://www.yahoo.com/uInternet Settings,ProxyOverride = *.localBHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No FileBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dllBHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dllBHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dllBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dllBHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllTB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No FileuRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exeuRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /backgrounduRun: [Apple Computer] rundll32.exe "c:\documents and settings\administrator\local settings\application data\applicationhistory\apple computer\wsnznsv.dll",CreateInstancemRun: [igfxtray] c:\windows\system32\igfxtray.exemRun: [igfxhkcmd] c:\windows\system32\hkcmd.exemRun: [igfxpers] c:\windows\system32\igfxpers.exemRun: [iTunesHelper] c:\program files\itunes\iTunesHelper.exemRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottimedRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -tdRun: [Apple Computer] rundll32.exe "c:\documents and settings\administrator\local settings\application data\applicationhistory\apple computer\wsnznsv.dll",CreateInstancedRunOnce: [adaware] reg.exe delete "HKCU\Software\AppDataLow\Software\adaware" /fdRunOnce: [adaware_XP] reg.exe delete "HKCU\Software\adaware" /fIE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exeIE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exeIE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeIE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dllIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLLIE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dllTrusted Zone: line6.netDPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - hxxp://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cabDPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cabDPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cabDPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1259229678795DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cabDPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cabDPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} - hxxp://www.ca.com/us/securityadvisor/virusinfo/webscan.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cabDPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} - hxxp://xserv.dell.com/DellDriverScanner/DellSystem.CABDPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CABDPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cabDPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cabDPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/3,0,0,6111/mcfscan.cabDPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} - hxxp://www.pcpitstop.com/antivirus/PitPav.cabTCP: DhcpNameServer = 192.168.1.254TCP: Interfaces\{5AF3A720-2F60-4275-B4EA-3E7F9F56D8E4} : DhcpNameServer = 192.168.1.254Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dllNotify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLLNotify: igfxcui - igfxdev.dllSSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dllSEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dllSEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL.================= FIREFOX ===================.FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\bdeiozaq.default\FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/FF - plugin: c:\documents and settings\administrator\application data\move networks\plugins\npqmp071705000014.dllFF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dllFF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dllFF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dllFF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dllFF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dllFF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_265.dll.============= SERVICES / DRIVERS ===============.R0 a320raid;a320raid;c:\windows\system32\drivers\a320raid.sys [2006-11-2 218112]R0 aac;PERC 320/DC SCSI RAID Miniport Driver;c:\windows\system32\drivers\aac.sys [2006-11-2 48140]R0 aarich;aarich;c:\windows\system32\drivers\aarich.sys [2006-11-2 204800]R0 megasas;DELL PERC RAID Driver;c:\windows\system32\drivers\megasas.sys [2006-11-2 17664]R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 171064]R0 pavboot;Panda Boot Driver;c:\windows\system32\drivers\pavboot.sys [2011-8-6 28552]R1 MpKsl9758841e;MpKsl9758841e;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ac691e15-208b-4f11-8f4c-990c3c161488}\MpKsl9758841e.sys [2012-7-16 29904]R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]S1 SBRE;SBRE;\??\c:\windows\system32\drivers\sbredrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-3 250056]S3 L6DP;L6DP;c:\windows\system32\drivers\l6dp.sys --> c:\windows\system32\drivers\l6dp.sys [?]S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-24 113120]S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6 34064]S4 vmscsi;vmscsi;c:\windows\system32\drivers\vmscsi.sys [2006-11-2 11029].=============== Created Last 30 ================.2012-07-16 21:31:50 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ac691e15-208b-4f11-8f4c-990c3c161488}\MpKsl9758841e.sys2012-07-16 20:42:52 -------- d-----w- c:\documents and settings\all users\application data\GFI Software2012-07-16 02:05:29 -------- d-----w- c:\documents and settings\all users\application data\boost_interprocess2012-07-15 23:08:41 6762896 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ac691e15-208b-4f11-8f4c-990c3c161488}\mpengine.dll2012-07-15 01:11:50 -------- d-----w- c:\program files\ESET2012-07-14 22:59:40 6762896 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll2012-07-12 23:06:07 94584 ----a-w- c:\windows\system32\drivers\SbFwIm.sys2012-07-03 15:36:48 1409 ----a-w- c:\windows\QTFont.for2012-06-23 04:08:02 9822920 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe2012-06-18 05:28:35 770384 ----a-w- c:\program files\mozilla firefox\msvcr100.dll2012-06-18 05:28:35 421200 ----a-w- c:\program files\mozilla firefox\msvcp100.dll.==================== Find3M ====================.2012-07-11 21:08:13 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2012-07-11 21:08:13 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe2012-07-03 18:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys2012-06-13 14:53:48 4710 ----a-w- c:\windows\system32\PerfStringBackup.TMP2012-06-13 13:19:59 1866112 ----a-w- c:\windows\system32\win32k.sys2012-06-05 15:50:25 1372672 ----a-w- c:\windows\system32\msxml6.dll2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll2012-06-02 20:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui2012-06-02 20:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl2012-06-02 20:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui2012-06-02 20:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui2012-06-02 20:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui2012-06-02 20:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll2012-06-02 20:18:58 214256 ----a-w- c:\windows\system32\muweb.dll2012-06-02 20:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll2012-05-16 07:58:35 667136 ----a-w- c:\windows\system32\wininet.dll2012-05-04 13:12:30 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe2012-05-04 12:32:19 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys2012-04-20 19:29:52 81920 ----a-w- c:\windows\system32\ieencode.dll2012-04-20 19:29:52 61952 ----a-w- c:\windows\system32\tdc.ocx2012-04-19 12:44:57 369664 ----a-w- c:\windows\system32\html.iec2006-05-03 09:06:54 163328 --sh--r- c:\windows\system32\flvDX.dll2007-02-21 10:47:16 31232 --sh--r- c:\windows\system32\msfDX.dll2008-03-16 12:30:52 216064 --sh--r- c:\windows\system32\nbDX.dll.============= FINISH: 17:48:52.52 =============== Link to post Share on other sites More sharing options...
Maniac Posted July 17, 2012 ID:571772 Share Posted July 17, 2012 Please download MBRCheck.exe to your Desktop. Run the application.If no infection is found, it will produce a report on the desktop. Post that report in your next reply.If an infection is found, you will be presented with the following dialog:Enter 'Y' and hit ENTER for more options, or 'N' to exit: Type N and press Enter. A report will be produced on the desktop. Post that report in your next reply. Link to post Share on other sites More sharing options...
FrostDDT Posted July 17, 2012 Author ID:571933 Share Posted July 17, 2012 Thanks again. it didn't find anything. Here's the log.MBRCheck, version 1.2.3© 2010, ADCommand-line: Windows Version: Windows XP ProfessionalWindows Information: Service Pack 3 (build 2600)Logical Drives Mask: 0x000001fdKernel Drivers (total 136): 0x804D7000 \WINDOWS\system32\ntoskrnl.exe 0x806EF000 \WINDOWS\system32\hal.dll 0xF7987000 \WINDOWS\system32\KDCOM.DLL 0xF7897000 \WINDOWS\system32\BOOTVID.dll 0xF75A8000 ACPI.sys 0xF7989000 \WINDOWS\system32\DRIVERS\WMILIB.SYS 0xF7597000 pci.sys 0xF75F7000 isapnp.sys 0xF7A4F000 pciide.sys 0xF7707000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS 0xF798B000 intelide.sys 0xF7607000 MountMgr.sys 0xF74D8000 ftdisk.sys 0xF798D000 dmload.sys 0xF74B2000 dmio.sys 0xF770F000 PartMgr.sys 0xF7717000 pavboot.sys 0xF7617000 VolSnap.sys 0xF7B1F000 iaStor.sys 0xF749A000 atapi.sys 0xF7627000 aic78xx.sys 0xF7482000 \WINDOWS\System32\DRIVERS\SCSIPORT.SYS 0xF7637000 aic78u2.sys 0xF7469000 adpu160m.sys 0xF742F000 a320raid.sys 0xF7647000 aac.sys 0xF7860000 aarich.sys 0xF740B000 adpu320.sys 0xF771F000 cercsr6.sys 0xF783D000 fasttx2k.sys 0xF7727000 megasas.sys 0xF7970000 symmpi.sys 0xF7657000 disk.sys 0xF7667000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS 0xBA7E0000 fltmgr.sys 0xBA7CE000 sr.sys 0xBA7A6000 MpFilter.sys 0xF7677000 PxHelp20.sys 0xBA6EF000 KSecDD.sys 0xBA662000 Ntfs.sys 0xBA635000 NDIS.sys 0xBA61B000 Mup.sys 0xB9EEE000 \SystemRoot\system32\DRIVERS\intelppm.sys 0xB9C1C000 \SystemRoot\system32\DRIVERS\ialmnt5.sys 0xB9C08000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS 0xF7807000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0xB9BE4000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0xF780F000 \SystemRoot\system32\DRIVERS\usbehci.sys 0xB9BBC000 \SystemRoot\system32\DRIVERS\e100b325.sys 0xF7817000 \SystemRoot\system32\DRIVERS\fdc.sys 0xB9EDE000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0xF781F000 \SystemRoot\system32\DRIVERS\mouclass.sys 0xB9ECE000 \SystemRoot\system32\DRIVERS\serial.sys 0xBA5B6000 \SystemRoot\system32\DRIVERS\serenum.sys 0xB9BA8000 \SystemRoot\system32\DRIVERS\parport.sys 0xB9EBE000 \SystemRoot\system32\DRIVERS\imapi.sys 0xB9B92000 \SystemRoot\System32\Drivers\AnyDVD.sys 0xB9EAE000 \SystemRoot\system32\DRIVERS\cdrom.sys 0xF76A7000 \SystemRoot\system32\DRIVERS\redbook.sys 0xB9B6F000 \SystemRoot\system32\DRIVERS\ks.sys 0xF773F000 \SystemRoot\SYSTEM32\DRIVERS\GEARAspiWDM.sys 0xB9AE1000 \SystemRoot\system32\drivers\smwdm.sys 0xB9ABD000 \SystemRoot\system32\drivers\portcls.sys 0xF76B7000 \SystemRoot\system32\drivers\drmk.sys 0xF79C9000 \SystemRoot\system32\drivers\aeaudio.sys 0xF7A68000 \SystemRoot\system32\DRIVERS\audstub.sys 0xF76C7000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0xBA5AA000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0xB9AA6000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0xF76D7000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0xF76E7000 \SystemRoot\system32\DRIVERS\raspptp.sys 0xF7747000 \SystemRoot\system32\DRIVERS\TDI.SYS 0xB9A95000 \SystemRoot\system32\DRIVERS\psched.sys 0xF76F7000 \SystemRoot\system32\DRIVERS\msgpc.sys 0xF7757000 \SystemRoot\system32\DRIVERS\ptilink.sys 0xF775F000 \SystemRoot\system32\DRIVERS\raspti.sys 0xB9A65000 \SystemRoot\system32\DRIVERS\rdpdr.sys 0xF7587000 \SystemRoot\system32\DRIVERS\termdd.sys 0xF7767000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0xF79CF000 \SystemRoot\system32\DRIVERS\swenum.sys 0xB9A07000 \SystemRoot\system32\DRIVERS\update.sys 0xBA005000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0xF7577000 \SystemRoot\System32\Drivers\NDProxy.SYS 0xF7557000 \SystemRoot\system32\DRIVERS\usbhub.sys 0xF79D3000 \SystemRoot\system32\DRIVERS\USBD.SYS 0xF776F000 \SystemRoot\system32\DRIVERS\flpydisk.sys 0xF79D5000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0xB987B000 \SystemRoot\System32\Drivers\Null.SYS 0xF777F000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0xF7787000 \SystemRoot\System32\drivers\vga.sys 0xF79D7000 \SystemRoot\System32\Drivers\mnmdd.SYS 0xF79D9000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0xF778F000 \SystemRoot\System32\Drivers\Msfs.SYS 0xF7797000 \SystemRoot\System32\Drivers\Npfs.SYS 0xF7933000 \SystemRoot\system32\DRIVERS\rasacd.sys 0xB0A81000 \SystemRoot\system32\DRIVERS\ipsec.sys 0xB0A28000 \SystemRoot\system32\DRIVERS\tcpip.sys 0xB0A00000 \SystemRoot\system32\DRIVERS\netbt.sys 0xB09DE000 \SystemRoot\System32\drivers\afd.sys 0xF7537000 \SystemRoot\system32\DRIVERS\netbios.sys 0xB09BC000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 0xF779F000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 0xB0991000 \SystemRoot\system32\DRIVERS\rdbss.sys 0xB08F9000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0xF7527000 \SystemRoot\System32\Drivers\Fips.SYS 0xB0833000 \SystemRoot\system32\DRIVERS\ipnat.sys 0xF7517000 \SystemRoot\system32\DRIVERS\wanarp.sys 0xBA5EF000 \SystemRoot\system32\DRIVERS\hidusb.sys 0xF7507000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0xF77AF000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS 0xBA5E7000 \SystemRoot\system32\DRIVERS\kbdhid.sys 0xF77B7000 \SystemRoot\System32\Drivers\ElbyCDIO.sys 0xF77BF000 \SystemRoot\System32\Drivers\ASPI32.SYS 0xBA776000 \SystemRoot\System32\Drivers\Cdfs.SYS 0xB07FD000 \SystemRoot\System32\Drivers\dump_atapi.sys 0xF79F5000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS 0xBF800000 \SystemRoot\System32\win32k.sys 0xB8B94000 \SystemRoot\System32\drivers\Dxapi.sys 0xF77E7000 \SystemRoot\System32\watchdog.sys 0xBF000000 \SystemRoot\System32\drivers\dxg.sys 0xF7A6D000 \SystemRoot\System32\drivers\dxgthk.sys 0xBF020000 \SystemRoot\System32\ialmdnt5.dll 0xBF012000 \SystemRoot\System32\ialmrnt5.dll 0xBF042000 \SystemRoot\System32\ialmdev5.DLL 0xBF077000 \SystemRoot\System32\ialmdd5.DLL 0xBF159000 \SystemRoot\System32\ATMFD.DLL 0xB0681000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0xB0400000 \SystemRoot\system32\drivers\wdmaud.sys 0xB08E9000 \SystemRoot\system32\drivers\sysaudio.sys 0xB00FD000 \SystemRoot\system32\DRIVERS\mrxdav.sys 0xAFD85000 \SystemRoot\system32\DRIVERS\srv.sys 0xAFC04000 \SystemRoot\System32\Drivers\HTTP.sys 0xAFC7D000 \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\aswMBR.sys 0xB0AEC000 \??\c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AC691E15-208B-4F11-8F4C-990C3C161488}\MpKsl9758841e.sys 0xF77DF000 \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mbr.sys 0x7C900000 \WINDOWS\system32\ntdll.dllProcesses (total 31): 0 System Idle Process 4 System 624 C:\WINDOWS\system32\smss.exe 696 csrss.exe 720 C:\WINDOWS\system32\winlogon.exe 764 C:\WINDOWS\system32\services.exe 776 C:\WINDOWS\system32\lsass.exe 932 C:\WINDOWS\system32\svchost.exe 1012 svchost.exe 1108 C:\Program Files\Microsoft Security Client\MsMpEng.exe 1144 C:\WINDOWS\system32\svchost.exe 1212 svchost.exe 1408 svchost.exe 1548 C:\WINDOWS\system32\spoolsv.exe 1832 C:\WINDOWS\explorer.exe 1948 C:\WINDOWS\system32\hkcmd.exe 1964 C:\WINDOWS\system32\igfxpers.exe 2020 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe 132 svchost.exe 280 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe 296 C:\WINDOWS\system32\ctfmon.exe 316 C:\WINDOWS\system32\rundll32.exe 604 C:\Program Files\SUPERAntiSpyware\SASCore.exe 644 C:\Program Files\Bonjour\mDNSResponder.exe 680 C:\Program Files\Java\jre6\bin\jqs.exe 1080 C:\WINDOWS\system32\svchost.exe 2388 alg.exe 3544 C:\Program Files\Microsoft Security Client\msseces.exe 2572 C:\WINDOWS\system32\wuauclt.exe 3428 wmiprvse.exe 3752 C:\Documents and Settings\Administrator\Desktop\MBRCheck.exe\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)PhysicalDrive0 Model Number: WDCWD800BB-75FJA1, Rev: 14.03G14 Size Device Name MBR Status -------------------------------------------- 74 GB \\.\PhysicalDrive0 Windows 98 MBR code detected SHA1: 48F01D7E76A0F3C038D08611E3FDC0EE4EF9FD3EDone! Link to post Share on other sites More sharing options...
Maniac Posted July 17, 2012 ID:572033 Share Posted July 17, 2012 Please visit this webpage for download links, and instructions for running the tool: http://www.bleepingcomputer.com/combofix/how-to-use-combofix* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Please include the C:\ComboFix.txt in your next reply for further review.Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error. Link to post Share on other sites More sharing options...
FrostDDT Posted July 18, 2012 Author ID:572177 Share Posted July 18, 2012 Here is the Combofix log. Unfortunately, my problem remains.ComboFix 12-07-16.01 - Administrator 07/17/2012 18:56:10.1.1 - x86Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1652 [GMT -5:00]Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\documents and settings\Administrator\Application Data\inst.exec:\documents and settings\Administrator\Application Data\vso_ts_preview.xmlc:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\Apple Computer\wsnznsv.dllc:\documents and settings\Administrator\Local Settings\Application Data\assembly\tmpc:\documents and settings\Administrator\WINDOWSc:\documents and settings\All Users\Application Data\TEMPc:\windows\Install.txtc:\windows\system32\SET4E.tmpc:\windows\system32\SET53.tmpc:\windows\system32\SET5A.tmp..((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))..-------\Legacy_6to4-------\Legacy_dhcpsrv-------\Legacy_isadisk-------\Legacy_podmena-------\Legacy_podmenadrv-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}..((((((((((((((((((((((((( Files Created from 2012-06-18 to 2012-07-18 )))))))))))))))))))))))))))))))..2012-07-16 20:42 . 2012-07-16 20:42 -------- d-----w- c:\documents and settings\All Users\Application Data\GFI Software2012-07-16 02:05 . 2012-07-16 02:05 -------- d-----w- c:\documents and settings\All Users\Application Data\boost_interprocess2012-07-15 01:11 . 2012-07-15 01:11 -------- d-----w- c:\program files\ESET2012-07-13 06:22 . 2012-07-13 06:22 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Ad-Aware Antivirus2012-07-12 23:28 . 2012-07-12 23:28 -------- d-----w- c:\documents and settings\LocalService\Application Data\Ad-Aware Antivirus2012-07-12 23:06 . 2011-09-29 17:16 94584 ----a-w- c:\windows\system32\drivers\SbFwIm.sys2012-07-03 15:36 . 2012-07-03 15:36 1409 ----a-w- c:\windows\QTFont.for2012-06-23 04:08 . 2012-07-11 21:08 9822920 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe2012-06-18 05:28 . 2012-06-18 05:28 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll2012-06-18 05:28 . 2012-06-18 05:28 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2012-07-11 21:08 . 2012-04-03 18:11 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe2012-07-11 21:08 . 2011-05-17 13:06 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2012-07-03 18:46 . 2010-09-13 11:32 22344 ----a-w- c:\windows\system32\drivers\mbam.sys2012-06-13 14:53 . 2010-03-15 00:41 4710 ----a-w- c:\windows\system32\PerfStringBackup.TMP2012-06-13 13:19 . 2004-08-12 13:33 1866112 ----a-w- c:\windows\system32\win32k.sys2012-06-05 15:50 . 2007-05-15 21:43 1372672 ----a-w- c:\windows\system32\msxml6.dll2012-06-05 15:50 . 2004-08-12 13:23 1172480 ----a-w- c:\windows\system32\msxml3.dll2012-06-04 04:32 . 2004-08-12 13:27 152576 ----a-w- c:\windows\system32\schannel.dll2012-06-02 20:19 . 2007-05-31 22:23 22040 ----a-w- c:\windows\system32\wucltui.dll.mui2012-06-02 20:19 . 2007-05-31 22:23 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui2012-06-02 20:19 . 2006-07-28 17:11 329240 ----a-w- c:\windows\system32\wucltui.dll2012-06-02 20:19 . 2006-07-28 17:11 219160 ----a-w- c:\windows\system32\wuaucpl.cpl2012-06-02 20:19 . 2006-07-28 17:11 210968 ----a-w- c:\windows\system32\wuweb.dll2012-06-02 20:19 . 2010-09-13 15:08 15384 ----a-w- c:\windows\system32\wuapi.dll.mui2012-06-02 20:19 . 2006-07-28 17:11 53784 ----a-w- c:\windows\system32\wuauclt.exe2012-06-02 20:19 . 2006-07-28 17:11 35864 ----a-w- c:\windows\system32\wups.dll2012-06-02 20:19 . 2005-05-26 09:16 45080 ----a-w- c:\windows\system32\wups2.dll2012-06-02 20:19 . 2004-08-12 13:17 97304 ----a-w- c:\windows\system32\cdm.dll2012-06-02 20:19 . 2007-05-31 22:23 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui2012-06-02 20:19 . 2006-07-28 17:11 577048 ----a-w- c:\windows\system32\wuapi.dll2012-06-02 20:19 . 2006-07-28 17:11 1933848 ----a-w- c:\windows\system32\wuaueng.dll2012-06-02 20:18 . 2011-10-24 02:30 275696 ----a-w- c:\windows\system32\mucltui.dll2012-06-02 20:18 . 2011-10-24 02:30 214256 ----a-w- c:\windows\system32\muweb.dll2012-06-02 20:18 . 2011-10-24 02:30 17136 ----a-w- c:\windows\system32\mucltui.dll.mui2012-05-31 13:22 . 2004-08-12 13:18 599040 ----a-w- c:\windows\system32\crypt32.dll2012-05-16 07:58 . 2004-08-12 13:33 667136 ----a-w- c:\windows\system32\wininet.dll2012-05-04 13:12 . 2004-08-12 13:25 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe2012-05-04 12:32 . 2004-08-03 22:59 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe2012-05-02 13:46 . 2006-07-28 17:09 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys2012-04-20 19:29 . 2004-08-12 13:30 61952 ----a-w- c:\windows\system32\tdc.ocx2012-04-20 19:29 . 2004-08-12 13:19 81920 ----a-w- c:\windows\system32\ieencode.dll2012-04-19 12:44 . 2004-08-12 13:19 369664 ----a-w- c:\windows\system32\html.iec2012-06-18 05:28 . 2012-04-25 01:06 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll..------- Sigcheck -------Note: Unsigned files aren't necessarily malware..[7] 2004-08-12 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys.c:\windows\System32\drivers\beep.sys ... is missing !!.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 94208].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2004-10-13 278528]"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-03-20 98304].[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080].[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]"adaware"="reg.exe delete HKCU\Software\AppDataLow\Software\adaware" [X]"adaware_XP"="reg.exe delete HKCU\Software\adaware" [X].[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024].[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]@="".[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnkbackup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]2012-01-03 13:10 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]2009-02-27 00:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]2004-10-13 21:04 278528 ----a-w- c:\program files\iTunes\iTunesHelper.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]2006-01-12 21:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]2012-03-20 05:42 98304 ----a-w- c:\program files\QuickTime\qttask.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]2009-03-05 21:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]"iPodService"=3 (0x3)"CCALib8"=2 (0x2).[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\Program Files\\epson\\Scanner Driver Update\\PFV500\\E_DUPA10.EXE"="c:\\Program Files\\Messenger\\msmsgs.exe"="c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="c:\\Program Files\\Java\\jre6\\bin\\java.exe"="c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"="c:\\Program Files\\Bonjour\\mDNSResponder.exe"="c:\\Program Files\\iTunes\\iTunes.exe"=.R0 a320raid;a320raid;c:\windows\system32\drivers\a320raid.sys [11/2/2006 1:57 PM 218112]R0 aac;PERC 320/DC SCSI RAID Miniport Driver;c:\windows\system32\drivers\aac.sys [11/2/2006 1:57 PM 48140]R0 aarich;aarich;c:\windows\system32\drivers\aarich.sys [11/2/2006 1:57 PM 204800]R0 megasas;DELL PERC RAID Driver;c:\windows\system32\drivers\megasas.sys [11/2/2006 1:57 PM 17664]R0 pavboot;Panda Boot Driver;c:\windows\system32\drivers\pavboot.sys [8/6/2011 8:05 PM 28552]R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 11:27 AM 12880]R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55 PM 67664]R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 6:38 PM 116608]S1 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/3/2012 1:11 PM 250056]S3 L6DP;L6DP;c:\windows\system32\Drivers\l6dp.sys --> c:\windows\system32\Drivers\l6dp.sys [?]S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [4/24/2012 8:06 PM 113120]S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [11/6/2007 3:22 PM 34064]S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [3/24/2008 3:41 PM 47360]S4 vmscsi;vmscsi;c:\windows\system32\drivers\vmscsi.sys [11/2/2006 1:57 PM 11029].--- Other Services/Drivers In Memory ---.*NewlyCreated* - WS2IFSL.[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]getPlusHelper REG_MULTI_SZ getPlusHelper.Contents of the 'Scheduled Tasks' folder.2012-07-18 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 21:08].2012-07-13 c:\windows\Tasks\AppleSoftwareUpdate.job- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 23:57]..------- Supplementary Scan -------.uStart Page = hxxp://www.yahoo.com/uInternet Settings,ProxyOverride = *.localIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000Trusted Zone: line6.netTCP: DhcpNameServer = 192.168.1.254FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bdeiozaq.default\FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/.- - - - ORPHANS REMOVED - - - -.HKCU-Run-Apple Computer - c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\Apple Computer\wsnznsv.dllHKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exeHKU-Default-Run-Apple Computer - c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\Apple Computer\wsnznsv.dllMSConfigStartUp-Ad-Aware Browsing Protection - c:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exeMSConfigStartUp-Adobe Photo Downloader - c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exeMSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exeMSConfigStartUp-Messenger (Yahoo!) - c:\program files\Yahoo!\Messenger\YahooMessenger.exeMSConfigStartUp-MSC - c:\program files\Microsoft Security Client\msseces.exe...**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2012-07-17 19:03Windows 5.1.2600 Service Pack 3 NTFS.scanning hidden processes ... .scanning hidden autostart entries ....scanning hidden files ... .scan completed successfullyhidden files: 0.**************************************************************************.--------------------- DLLs Loaded Under Running Processes ---------------------.- - - - - - - > 'winlogon.exe'(716)c:\program files\SUPERAntiSpyware\SASWINLO.DLL.- - - - - - - > 'explorer.exe'(1092)c:\windows\system32\WPDShServiceObj.dllc:\windows\system32\PortableDeviceTypes.dllc:\windows\system32\PortableDeviceApi.dll.------------------------ Other Running Processes ------------------------.c:\program files\Bonjour\mDNSResponder.exec:\program files\Java\jre6\bin\jqs.exec:\windows\system32\wscntfy.exe.**************************************************************************.Completion time: 2012-07-17 19:10:45 - machine was rebootedComboFix-quarantined-files.txt 2012-07-18 00:10.Pre-Run: 32,201,023,488 bytes freePost-Run: 37,397,590,016 bytes free.WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe[boot loader]timeout=2default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS[operating systems]c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdconsUnsupportedDebug="do not select this" /debugmulti(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect.- - End Of File - - 7D4F78F94769D155965F56E8740E83B6 Link to post Share on other sites More sharing options...
Maniac Posted July 18, 2012 ID:572291 Share Posted July 18, 2012 1. Close any open browsers.2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. 3. Open notepad and copy/paste the text in the quotebox below into it:KillAll::FCopy::c:\windows\system32\dllcache\beep.sys | c:\windows\System32\drivers\beep.sysFolder::c:\documents and settings\All Users\Application Data\boost_interprocessc:\documents and settings\NetworkService\Application Data\Ad-Aware Antivirusc:\documents and settings\LocalService\Application Data\Ad-Aware AntivirusRegistry::[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]"adaware"=-"adaware_XP"=-JavaClearCache::Save this as CFScript.txt, in the same location as ComboFix.exeRefering to the picture above, drag CFScript into ComboFix.exeWhen finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply. Link to post Share on other sites More sharing options...
FrostDDT Posted July 18, 2012 Author ID:572330 Share Posted July 18, 2012 I hope I did it right. ComboFix went through an update as I performed the operation. Here's the latest log.ComboFix 12-07-18.01 - Administrator 07/18/2012 6:51.2.1 - x86Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1696 [GMT -5:00]Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exeCommand switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\documents and settings\All Users\Application Data\boost_interprocessc:\documents and settings\LocalService\Application Data\Ad-Aware Antivirusc:\documents and settings\LocalService\Application Data\Ad-Aware Antivirus\Logs\20120712T232814.873740PID912\Service.logc:\documents and settings\LocalService\Application Data\Ad-Aware Antivirus\Logs\20120713T121551.925187PID236\Service.logc:\documents and settings\LocalService\Application Data\Ad-Aware Antivirus\Logs\20120714T224316.829363PID480\Service.logc:\documents and settings\LocalService\Application Data\Ad-Aware Antivirus\Logs\20120714T234050.876038PID3332\Service.logc:\documents and settings\LocalService\Application Data\Ad-Aware Antivirus\Logs\20120716T204217.374977PID1996\Service.logc:\documents and settings\NetworkService\Application Data\Ad-Aware Antivirus..--------------- FCopy ---------------.c:\windows\system32\dllcache\beep.sys --> c:\windows\System32\drivers\beep.sys.((((((((((((((((((((((((( Files Created from 2012-06-18 to 2012-07-18 )))))))))))))))))))))))))))))))..2012-07-18 11:51 . 2004-08-12 13:17 4224 -c--a-w- c:\windows\system32\dllcache\beep.sys2012-07-18 11:51 . 2004-08-12 13:17 4224 ----a-w- c:\windows\system32\drivers\beep.sys2012-07-16 20:42 . 2012-07-16 20:42 -------- d-----w- c:\documents and settings\All Users\Application Data\GFI Software2012-07-15 01:11 . 2012-07-15 01:11 -------- d-----w- c:\program files\ESET2012-07-12 23:06 . 2011-09-29 17:16 94584 ----a-w- c:\windows\system32\drivers\SbFwIm.sys2012-07-03 15:36 . 2012-07-03 15:36 1409 ----a-w- c:\windows\QTFont.for2012-06-23 04:08 . 2012-07-11 21:08 9822920 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2012-07-11 21:08 . 2012-04-03 18:11 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe2012-07-11 21:08 . 2011-05-17 13:06 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2012-07-03 18:46 . 2010-09-13 11:32 22344 ----a-w- c:\windows\system32\drivers\mbam.sys2012-06-13 14:53 . 2010-03-15 00:41 4710 ----a-w- c:\windows\system32\PerfStringBackup.TMP2012-06-13 13:19 . 2004-08-12 13:33 1866112 ----a-w- c:\windows\system32\win32k.sys2012-06-05 15:50 . 2007-05-15 21:43 1372672 ----a-w- c:\windows\system32\msxml6.dll2012-06-05 15:50 . 2004-08-12 13:23 1172480 ----a-w- c:\windows\system32\msxml3.dll2012-06-04 04:32 . 2004-08-12 13:27 152576 ----a-w- c:\windows\system32\schannel.dll2012-06-02 20:19 . 2007-05-31 22:23 22040 ----a-w- c:\windows\system32\wucltui.dll.mui2012-06-02 20:19 . 2007-05-31 22:23 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui2012-06-02 20:19 . 2006-07-28 17:11 329240 ----a-w- c:\windows\system32\wucltui.dll2012-06-02 20:19 . 2006-07-28 17:11 219160 ----a-w- c:\windows\system32\wuaucpl.cpl2012-06-02 20:19 . 2006-07-28 17:11 210968 ----a-w- c:\windows\system32\wuweb.dll2012-06-02 20:19 . 2010-09-13 15:08 15384 ----a-w- c:\windows\system32\wuapi.dll.mui2012-06-02 20:19 . 2006-07-28 17:11 53784 ----a-w- c:\windows\system32\wuauclt.exe2012-06-02 20:19 . 2006-07-28 17:11 35864 ----a-w- c:\windows\system32\wups.dll2012-06-02 20:19 . 2005-05-26 09:16 45080 ----a-w- c:\windows\system32\wups2.dll2012-06-02 20:19 . 2004-08-12 13:17 97304 ----a-w- c:\windows\system32\cdm.dll2012-06-02 20:19 . 2007-05-31 22:23 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui2012-06-02 20:19 . 2006-07-28 17:11 577048 ----a-w- c:\windows\system32\wuapi.dll2012-06-02 20:19 . 2006-07-28 17:11 1933848 ----a-w- c:\windows\system32\wuaueng.dll2012-06-02 20:18 . 2011-10-24 02:30 275696 ----a-w- c:\windows\system32\mucltui.dll2012-06-02 20:18 . 2011-10-24 02:30 214256 ----a-w- c:\windows\system32\muweb.dll2012-06-02 20:18 . 2011-10-24 02:30 17136 ----a-w- c:\windows\system32\mucltui.dll.mui2012-05-31 13:22 . 2004-08-12 13:18 599040 ----a-w- c:\windows\system32\crypt32.dll2012-05-16 07:58 . 2004-08-12 13:33 667136 ----a-w- c:\windows\system32\wininet.dll2012-05-04 13:12 . 2004-08-12 13:25 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe2012-05-04 12:32 . 2004-08-03 22:59 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe2012-05-02 13:46 . 2006-07-28 17:09 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys2012-04-20 19:29 . 2004-08-12 13:30 61952 ----a-w- c:\windows\system32\tdc.ocx2012-04-20 19:29 . 2004-08-12 13:19 81920 ----a-w- c:\windows\system32\ieencode.dll2012-04-19 12:44 . 2004-08-12 13:19 369664 ----a-w- c:\windows\system32\html.iec2012-06-18 05:28 . 2012-04-25 01:06 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll..((((((((((((((((((((((((((((( SnapShot@2012-07-18_00.03.27 ))))))))))))))))))))))))))))))))))))))))).+ 2012-07-18 12:00 . 2012-07-18 12:00 16384 c:\windows\temp\Perflib_Perfdata_e0.dat.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 94208].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2004-10-13 278528]"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-03-20 98304].[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080].[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnkbackup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]2012-01-03 13:10 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]2009-02-27 00:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]2004-10-13 21:04 278528 ----a-w- c:\program files\iTunes\iTunesHelper.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]2006-01-12 21:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]2012-03-20 05:42 98304 ----a-w- c:\program files\QuickTime\qttask.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]"iPodService"=3 (0x3)"CCALib8"=2 (0x2).[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\Program Files\\epson\\Scanner Driver Update\\PFV500\\E_DUPA10.EXE"="c:\\Program Files\\Messenger\\msmsgs.exe"="c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="c:\\Program Files\\Java\\jre6\\bin\\java.exe"="c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"="c:\\Program Files\\Bonjour\\mDNSResponder.exe"="c:\\Program Files\\iTunes\\iTunes.exe"=.R0 a320raid;a320raid;c:\windows\system32\drivers\a320raid.sys [11/2/2006 1:57 PM 218112]R0 aac;PERC 320/DC SCSI RAID Miniport Driver;c:\windows\system32\drivers\aac.sys [11/2/2006 1:57 PM 48140]R0 aarich;aarich;c:\windows\system32\drivers\aarich.sys [11/2/2006 1:57 PM 204800]R0 megasas;DELL PERC RAID Driver;c:\windows\system32\drivers\megasas.sys [11/2/2006 1:57 PM 17664]S1 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/3/2012 1:11 PM 250056]S3 L6DP;L6DP;c:\windows\system32\Drivers\l6dp.sys --> c:\windows\system32\Drivers\l6dp.sys [?]S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [4/24/2012 8:06 PM 113120]S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [11/6/2007 3:22 PM 34064]S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [3/24/2008 3:41 PM 47360]S4 vmscsi;vmscsi;c:\windows\system32\drivers\vmscsi.sys [11/2/2006 1:57 PM 11029].--- Other Services/Drivers In Memory ---.*NewlyCreated* - BEEP.[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]getPlusHelper REG_MULTI_SZ getPlusHelper.Contents of the 'Scheduled Tasks' folder.2012-07-18 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 21:08].2012-07-13 c:\windows\Tasks\AppleSoftwareUpdate.job- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 23:57]..------- Supplementary Scan -------.uStart Page = hxxp://www.yahoo.com/uInternet Settings,ProxyOverride = *.localIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000Trusted Zone: line6.netTCP: DhcpNameServer = 192.168.1.254FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bdeiozaq.default\FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/.- - - - ORPHANS REMOVED - - - -.MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe...**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2012-07-18 07:00Windows 5.1.2600 Service Pack 3 NTFS.scanning hidden processes ... .scanning hidden autostart entries ....scanning hidden files ... .scan completed successfullyhidden files: 0.**************************************************************************.--------------------- DLLs Loaded Under Running Processes ---------------------.- - - - - - - > 'explorer.exe'(952)c:\windows\system32\WPDShServiceObj.dllc:\windows\system32\PortableDeviceTypes.dllc:\windows\system32\PortableDeviceApi.dll.------------------------ Other Running Processes ------------------------.c:\program files\Bonjour\mDNSResponder.exec:\program files\Java\jre6\bin\jqs.exec:\windows\system32\wscntfy.exe.**************************************************************************.Completion time: 2012-07-18 07:08:03 - machine was rebootedComboFix-quarantined-files.txt 2012-07-18 12:08ComboFix2.txt 2012-07-18 00:10.Pre-Run: 38,036,754,432 bytes freePost-Run: 38,022,578,176 bytes free.- - End Of File - - 64271D768FD3B01568E48A7AA35C7728 Link to post Share on other sites More sharing options...
Maniac Posted July 18, 2012 ID:572649 Share Posted July 18, 2012 That's cool! Please run a free online scan with the ESET Online ScannerNote: You will need to use Internet Explorer for this scanTick the box next to YES, I accept the Terms of UseClick StartWhen asked, allow the ActiveX control to installClick StartMake sure that the options Remove found threats and the option Scan unwanted applications is checkedClick Scan (This scan can take several hours, so please be patient)Once the scan is completed, you may close the windowUse Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txtCopy and paste that log as a reply to this topic Link to post Share on other sites More sharing options...
FrostDDT Posted July 19, 2012 Author ID:572762 Share Posted July 19, 2012 Got it.ESETSmartInstaller@High as CAB hook log:OnlineScanner.ocx - registred OK# version=7# iexplore.exe=6.00.2900.5512 (xpsp.080413-2105)# OnlineScanner.ocx=1.0.0.6583# api_version=3.0.2# EOSSerial=4d77e4fdc7d6dc4d8862493f52e6f25e# end=finished# remove_checked=true# archives_checked=false# unwanted_checked=true# unsafe_checked=false# antistealth_checked=true# utc_time=2012-07-15 03:06:04# local_time=2012-07-14 10:06:04 (-0600, Central Daylight Time)# country="United States"# lang=1033# osver=5.1.2600 NT Service Pack 3# compatibility_mode=5891 16776533 42 92 0 9429394 0 0# compatibility_mode=8192 67108863 100 0 0 0 0 0# scanned=93212# found=0# cleaned=0# scan_time=6503# version=7# iexplore.exe=6.00.2900.5512 (xpsp.080413-2105)# OnlineScanner.ocx=1.0.0.6583# api_version=3.0.2# EOSSerial=4d77e4fdc7d6dc4d8862493f52e6f25e# end=finished# remove_checked=true# archives_checked=false# unwanted_checked=true# unsafe_checked=false# antistealth_checked=true# utc_time=2012-07-19 12:08:11# local_time=2012-07-18 07:08:11 (-0600, Central Daylight Time)# country="United States"# lang=1033# osver=5.1.2600 NT Service Pack 3# compatibility_mode=8192 67108863 100 0 0 0 0 0# scanned=86850# found=0# cleaned=0# scan_time=3527 Link to post Share on other sites More sharing options...
Maniac Posted July 19, 2012 ID:572903 Share Posted July 19, 2012 Good! How is your system now? Link to post Share on other sites More sharing options...
FrostDDT Posted July 19, 2012 Author ID:572952 Share Posted July 19, 2012 I'm afraid the browser is still being redirected. Link to post Share on other sites More sharing options...
Maniac Posted July 19, 2012 ID:573219 Share Posted July 19, 2012 The problem is still with Internet Explorer and Mozilla FireFox?Please, using WinRAR archiver compress the following folder: C:\Qoobox\Quarantine folder and upload it somewhere, for example in www.rapidshare.com . Finally, send me a download link via PM.Thanks! Link to post Share on other sites More sharing options...
FrostDDT Posted July 20, 2012 Author ID:573414 Share Posted July 20, 2012 PM sent. Thanks. Link to post Share on other sites More sharing options...
Maniac Posted July 20, 2012 ID:573529 Share Posted July 20, 2012 Please re-install FireFox and let me know how are things:http://support.mozilla.org/en-US/kb/troubleshoot-and-diagnose-firefox-problems#w_7-reinstall-firefox Link to post Share on other sites More sharing options...
FrostDDT Posted July 20, 2012 Author ID:573840 Share Posted July 20, 2012 Thanks, Maniac. Re-installing Firefox did appear to work. But after I rebooted whatever I had regenerated itself. Now it's back redirecting Firefox again. Internet Explorer still appears to be clean. Link to post Share on other sites More sharing options...
Maniac Posted July 20, 2012 ID:573884 Share Posted July 20, 2012 Try to reset your Firefox and let me know:http://kb.mozillazine.org/Resetting_preferences Link to post Share on other sites More sharing options...
FrostDDT Posted July 21, 2012 Author ID:574005 Share Posted July 21, 2012 Unfortunately, resetting the preferences didn't work either. Link to post Share on other sites More sharing options...
Maniac Posted July 22, 2012 ID:574512 Share Posted July 22, 2012 Download AVPTool from Here to your desktop Run the programme you have just downloaded to your desktop (it will be randomly named) Click the cog in the upper right Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan Allow AVP to delete all infections foundOnce it has finished select report tab (last tab)Select Detected threads report from the left and press Save buttonSave it to your desktop and post it in your next reply. Link to post Share on other sites More sharing options...
FrostDDT Posted July 23, 2012 Author ID:574826 Share Posted July 23, 2012 Maniac, I don't have a report to give because Kaspersky didn't find anything. The Save button in Detected threads was not available to me. Link to post Share on other sites More sharing options...
Maniac Posted July 23, 2012 ID:574966 Share Posted July 23, 2012 Good! How is your PC now? Link to post Share on other sites More sharing options...
FrostDDT Posted July 23, 2012 Author ID:575136 Share Posted July 23, 2012 I'm still infected. Whatever this thing is, it's nasty and hates Firefox. Link to post Share on other sites More sharing options...
Maniac Posted July 23, 2012 ID:575288 Share Posted July 23, 2012 Launch Malwarebytes' Anti-MalwareGo to Update tab and select Check for Updates. If an update is found, it will download and install the latest version. Go to Scanner tab and select Perform Quick Scan, then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately. Link to post Share on other sites More sharing options...
FrostDDT Posted July 24, 2012 Author ID:575474 Share Posted July 24, 2012 Got the latest updated scan.Malwarebytes Anti-Malware 1.62.0.1300www.malwarebytes.orgDatabase version: v2012.07.24.01Windows XP Service Pack 3 x86 NTFSInternet Explorer 6.0.2900.5512Administrator :: WXP-GNWVS51 [administrator]7/23/2012 9:03:17 PMmbam-log-2012-07-23 (21-03-17).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 201919Time elapsed: 6 minute(s), 52 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 0(No malicious items detected)(end) Link to post Share on other sites More sharing options...
Recommended Posts