Jump to content

Another browser redirect case


Recommended Posts

Hi. I'm another one who is has been hit with browser redirect malware. I've tried full scans with several scanners, including Malwarebytes Anti-Malware, with no results. The redirect issue affects links on the Yahoo! and Google search engines on both Firefox and Internet Explorer. Help very much needed.

Here are my DDS.txt and Attach.txt logs:

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_31

Run by Administrator at 20:33:14 on 2012-07-15

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1424 [GMT -5:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

AV: Lavasoft Ad-Aware *Disabled/Updated* {964FCE60-0B18-4D30-ADD6-EB178909041C}

FW: Lavasoft Ad-Aware *Disabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\rundll32.exe

svchost.exe

C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe

C:\Program Files\Mozilla Firefox\firefox.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.yahoo.com/

uInternet Settings,ProxyOverride = *.local

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll

BHO: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll

TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File

uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [Apple Computer] rundll32.exe "c:\documents and settings\administrator\local settings\application data\applicationhistory\apple computer\wsnznsv.dll",CreateInstance

mRun: [igfxtray] c:\windows\system32\igfxtray.exe

mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe

mRun: [igfxpers] c:\windows\system32\igfxpers.exe

mRun: [iTunesHelper] c:\program files\itunes\iTunesHelper.exe

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [Ad-Aware Antivirus] "c:\program files\ad-aware antivirus\AdAwareLauncher" --windows-run

mRun: [Ad-Aware Browsing Protection] "c:\documents and settings\all users\application data\ad-aware browsing protection\adawarebp.exe"

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

dRun: [Apple Computer] rundll32.exe "c:\documents and settings\administrator\local settings\application data\applicationhistory\apple computer\wsnznsv.dll",CreateInstance

dRunOnce: [adaware] reg.exe delete "HKCU\Software\AppDataLow\Software\adaware" /f

dRunOnce: [adaware_XP] reg.exe delete "HKCU\Software\adaware" /f

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe

IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll

Trusted Zone: line6.net

DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - hxxp://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab

DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab

DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1259229678795

DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} - hxxp://www.ca.com/us/securityadvisor/virusinfo/webscan.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} - hxxp://xserv.dell.com/DellDriverScanner/DellSystem.CAB

DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/3,0,0,6111/mcfscan.cab

DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} - hxxp://www.pcpitstop.com/antivirus/PitPav.cab

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{5AF3A720-2F60-4275-B4EA-3E7F9F56D8E4} : DhcpNameServer = 192.168.1.254

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\bdeiozaq.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/

FF - plugin: c:\documents and settings\administrator\application data\move networks\plugins\npqmp071705000014.dll

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_265.dll

.

============= SERVICES / DRIVERS ===============

.

R0 a320raid;a320raid;c:\windows\system32\drivers\a320raid.sys [2006-11-2 218112]

R0 aac;PERC 320/DC SCSI RAID Miniport Driver;c:\windows\system32\drivers\aac.sys [2006-11-2 48140]

R0 aarich;aarich;c:\windows\system32\drivers\aarich.sys [2006-11-2 204800]

R0 megasas;DELL PERC RAID Driver;c:\windows\system32\drivers\megasas.sys [2006-11-2 17664]

R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 171064]

R0 pavboot;Panda Boot Driver;c:\windows\system32\drivers\pavboot.sys [2011-8-6 28552]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]

R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [2012-7-12 21240]

R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]

R2 Ad-Aware Service;Ad-Aware Service;c:\program files\ad-aware antivirus\AdAwareService.exe [2012-5-3 1226096]

R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2012-7-12 77816]

S1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2011-10-26 101112]

S2 SBAMSvc;Ad-Aware;c:\program files\ad-aware antivirus\SBAMSvc.exe [2011-12-19 3289032]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-3 250056]

S3 L6DP;L6DP;c:\windows\system32\drivers\l6dp.sys --> c:\windows\system32\drivers\l6dp.sys [?]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-24 113120]

S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6 34064]

S4 vmscsi;vmscsi;c:\windows\system32\drivers\vmscsi.sys [2006-11-2 11029]

.

=============== Created Last 30 ================

.

2012-07-15 23:08:41 6762896 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ac691e15-208b-4f11-8f4c-990c3c161488}\mpengine.dll

2012-07-15 01:11:50 -------- d-----w- c:\program files\ESET

2012-07-14 22:59:40 6762896 ------w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll

2012-07-12 23:30:57 77816 ----a-w- c:\windows\system32\drivers\sbapifs.sys

2012-07-12 23:30:16 21240 ----a-w- c:\windows\system32\drivers\sbaphd.sys

2012-07-12 23:06:27 -------- d-----w- c:\documents and settings\administrator\local settings\application data\adaware

2012-07-12 23:06:07 94584 ----a-w- c:\windows\system32\drivers\SbFwIm.sys

2012-07-12 23:05:58 -------- d-----w- c:\windows\system32\drivers\VDD

2012-07-12 23:05:52 -------- d-----w- c:\program files\Ad-Aware Antivirus

2012-07-12 22:59:13 -------- d-----w- c:\documents and settings\administrator\application data\Ad-Aware Antivirus

2012-07-03 15:36:48 1409 ----a-w- c:\windows\QTFont.for

2012-06-23 04:08:02 9822920 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe

2012-06-18 05:28:35 770384 ----a-w- c:\program files\mozilla firefox\msvcr100.dll

2012-06-18 05:28:35 421200 ----a-w- c:\program files\mozilla firefox\msvcp100.dll

.

==================== Find3M ====================

.

2012-07-11 21:08:13 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-07-11 21:08:13 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-07-03 18:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-13 14:53:48 4710 ----a-w- c:\windows\system32\PerfStringBackup.TMP

2012-06-13 13:19:59 1866112 ----a-w- c:\windows\system32\win32k.sys

2012-06-05 15:50:25 1372672 ----a-w- c:\windows\system32\msxml6.dll

2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll

2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 20:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui

2012-06-02 20:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl

2012-06-02 20:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui

2012-06-02 20:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui

2012-06-02 20:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui

2012-06-02 20:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll

2012-06-02 20:18:58 214256 ----a-w- c:\windows\system32\muweb.dll

2012-06-02 20:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui

2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll

2012-05-16 07:58:35 667136 ----a-w- c:\windows\system32\wininet.dll

2012-05-04 13:12:30 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-05-04 12:32:19 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-04-20 19:29:52 81920 ----a-w- c:\windows\system32\ieencode.dll

2012-04-20 19:29:52 61952 ----a-w- c:\windows\system32\tdc.ocx

2012-04-19 12:44:57 369664 ----a-w- c:\windows\system32\html.iec

2006-05-03 09:06:54 163328 --sh--r- c:\windows\system32\flvDX.dll

2007-02-21 10:47:16 31232 --sh--r- c:\windows\system32\msfDX.dll

2008-03-16 12:30:52 216064 --sh--r- c:\windows\system32\nbDX.dll

.

============= FINISH: 20:34:11.40 ===============

----------------------------------------------------------------------------------------------------------------

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 5/26/2007 5:14:41 AM

System Uptime: 7/14/2012 5:42:42 PM (27 hours ago)

.

Motherboard: Dell Computer Corp. | | 0U2575

Processor: Intel® Pentium® 4 CPU 2.80GHz | Microprocessor | 2793/533mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (NTFS) - 74 GiB total, 24.825 GiB free.

D: is CDROM ()

E: is CDROM ()

F: is Removable

G: is Removable

H: is Removable

I: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID:

Description:

Device ID: ACPI\PNP0100\4&5CA43BD&0

Manufacturer:

Name:

PNP Device ID: ACPI\PNP0100\4&5CA43BD&0

Service:

.

==== System Restore Points ===================

.

RP1: 4/29/2012 8:10:29 AM - System Checkpoint

RP2: 4/29/2012 10:50:22 PM - Software Distribution Service 3.0

RP3: 5/1/2012 4:13:21 AM - Software Distribution Service 3.0

RP4: 5/2/2012 4:08:41 AM - Software Distribution Service 3.0

RP5: 5/3/2012 4:08:51 AM - Software Distribution Service 3.0

RP6: 5/4/2012 4:08:31 AM - Software Distribution Service 3.0

RP7: 5/5/2012 4:08:56 AM - Software Distribution Service 3.0

RP8: 5/6/2012 4:09:05 AM - Software Distribution Service 3.0

RP9: 5/7/2012 4:09:05 AM - Software Distribution Service 3.0

RP10: 5/8/2012 4:09:32 AM - Software Distribution Service 3.0

RP11: 5/9/2012 5:06:21 AM - System Checkpoint

RP12: 5/9/2012 3:09:41 PM - Software Distribution Service 3.0

RP13: 5/10/2012 2:45:36 PM - Software Distribution Service 3.0

RP14: 5/10/2012 3:54:36 PM - Software Distribution Service 3.0

RP15: 5/11/2012 3:55:29 PM - Software Distribution Service 3.0

RP16: 5/12/2012 3:54:32 PM - Software Distribution Service 3.0

RP17: 5/13/2012 3:54:29 PM - Software Distribution Service 3.0

RP18: 5/14/2012 3:59:28 PM - Software Distribution Service 3.0

RP19: 5/15/2012 3:55:45 PM - Software Distribution Service 3.0

RP20: 5/16/2012 3:56:34 PM - Software Distribution Service 3.0

RP21: 5/17/2012 10:34:33 PM - Software Distribution Service 3.0

RP22: 5/18/2012 10:34:16 PM - Software Distribution Service 3.0

RP23: 5/19/2012 10:34:46 PM - Software Distribution Service 3.0

RP24: 5/20/2012 10:35:16 PM - Software Distribution Service 3.0

RP25: 5/21/2012 10:35:45 PM - Software Distribution Service 3.0

RP26: 5/22/2012 12:57:40 AM - Software Distribution Service 3.0

RP27: 5/22/2012 3:01:05 AM - Software Distribution Service 3.0

RP28: 5/22/2012 8:18:39 AM - Software Distribution Service 3.0

RP29: 5/22/2012 8:34:53 AM - Software Distribution Service 3.0

RP30: 5/23/2012 7:42:20 AM - Software Distribution Service 3.0

RP31: 5/24/2012 8:31:50 AM - System Checkpoint

RP32: 5/24/2012 2:39:53 PM - Software Distribution Service 3.0

RP33: 5/25/2012 2:43:30 PM - Software Distribution Service 3.0

RP34: 5/26/2012 2:40:01 PM - Software Distribution Service 3.0

RP35: 5/27/2012 2:40:22 PM - Software Distribution Service 3.0

RP36: 5/28/2012 2:40:33 PM - Software Distribution Service 3.0

RP37: 5/29/2012 2:40:01 PM - Software Distribution Service 3.0

RP38: 5/30/2012 3:27:08 PM - System Checkpoint

RP39: 5/30/2012 5:35:09 PM - Software Distribution Service 3.0

RP40: 5/31/2012 6:30:04 PM - Software Distribution Service 3.0

RP41: 6/1/2012 6:29:06 PM - Software Distribution Service 3.0

RP42: 6/2/2012 6:29:20 PM - Software Distribution Service 3.0

RP43: 6/3/2012 7:18:12 PM - System Checkpoint

RP44: 6/4/2012 12:46:59 PM - Software Distribution Service 3.0

RP45: 6/4/2012 1:36:04 PM - Software Distribution Service 3.0

RP46: 6/5/2012 1:36:32 PM - Software Distribution Service 3.0

RP47: 6/6/2012 1:36:37 PM - Software Distribution Service 3.0

RP48: 6/7/2012 1:37:07 PM - Software Distribution Service 3.0

RP49: 6/8/2012 1:37:20 PM - Software Distribution Service 3.0

RP50: 6/9/2012 1:37:06 PM - Software Distribution Service 3.0

RP51: 6/10/2012 1:37:37 PM - Software Distribution Service 3.0

RP52: 6/11/2012 1:37:33 PM - Software Distribution Service 3.0

RP53: 6/12/2012 1:37:17 PM - Software Distribution Service 3.0

RP54: 6/13/2012 9:38:14 AM - Software Distribution Service 3.0

RP55: 6/14/2012 11:49:22 AM - Software Distribution Service 3.0

RP56: 6/15/2012 11:48:57 AM - Software Distribution Service 3.0

RP57: 6/16/2012 11:48:49 AM - Software Distribution Service 3.0

RP58: 6/17/2012 11:48:53 AM - Software Distribution Service 3.0

RP59: 6/18/2012 7:09:56 PM - Software Distribution Service 3.0

RP60: 6/19/2012 8:18:59 PM - System Checkpoint

RP61: 6/19/2012 9:41:22 PM - Software Distribution Service 3.0

RP62: 6/20/2012 9:54:34 PM - System Checkpoint

RP63: 6/21/2012 10:02:12 AM - Software Distribution Service 3.0

RP64: 6/22/2012 10:02:17 AM - Software Distribution Service 3.0

RP65: 6/23/2012 10:02:15 AM - Software Distribution Service 3.0

RP66: 6/24/2012 10:02:37 AM - Software Distribution Service 3.0

RP67: 6/25/2012 5:06:21 PM - Software Distribution Service 3.0

RP68: 6/26/2012 5:06:00 PM - Software Distribution Service 3.0

RP69: 6/27/2012 5:06:04 PM - Software Distribution Service 3.0

RP70: 6/28/2012 5:06:11 PM - Software Distribution Service 3.0

RP71: 6/29/2012 5:08:30 PM - Software Distribution Service 3.0

RP72: 6/30/2012 5:06:39 PM - Software Distribution Service 3.0

RP73: 7/1/2012 5:06:40 PM - Software Distribution Service 3.0

RP74: 7/2/2012 5:06:46 PM - Software Distribution Service 3.0

RP75: 7/3/2012 5:40:23 PM - System Checkpoint

RP76: 7/4/2012 12:48:17 AM - Software Distribution Service 3.0

RP77: 7/5/2012 12:48:15 AM - Software Distribution Service 3.0

RP78: 7/6/2012 12:48:26 AM - Software Distribution Service 3.0

RP79: 7/7/2012 12:48:40 AM - Software Distribution Service 3.0

RP80: 7/8/2012 11:36:15 AM - Software Distribution Service 3.0

RP81: 7/9/2012 11:36:41 AM - Software Distribution Service 3.0

RP82: 7/10/2012 12:46:13 PM - System Checkpoint

RP83: 7/11/2012 9:25:46 AM - Software Distribution Service 3.0

RP84: 7/12/2012 3:00:25 AM - Software Distribution Service 3.0

RP85: 7/12/2012 5:57:57 PM - Software Distribution Service 3.0

RP86: 7/12/2012 6:00:36 PM - Removed Ad-Aware

RP87: 7/13/2012 12:36:11 PM - Installed Panda ActiveScan Cleaner

RP88: 7/13/2012 12:47:18 PM - Software Distribution Service 3.0

RP89: 7/14/2012 5:59:21 PM - Software Distribution Service 3.0

RP90: 7/15/2012 6:04:20 PM - Software Distribution Service 3.0

.

==== Installed Programs ======================

.

ABBYY FineReader 6.0 Sprint

Acrobat.com

Ad-Aware Antivirus

Ad-Aware Browsing Protection

Ad-Aware Security Toolbar

Adobe AIR

Adobe Download Manager

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.3)

Amazon MP3 Downloader 1.0.12

AnyDVD

Apple Application Support

Apple Software Update

Audacity 1.2.6

AutoUpdate

Bonjour

BreezeBrowser Pro

Canon Camera Access Library

Canon Camera Support Core Library

Canon Camera WIA Driver

Canon Camera Window DC_DV 5 for ZoomBrowser EX

Canon Camera Window DC_DV 6 for ZoomBrowser EX

Canon Camera Window MC 6 for ZoomBrowser EX

Canon EOS-1Ds Mark II WIA Driver

Canon EOS 5D WIA Driver

Canon Utilities Digital Photo Professional 3.0

CDex extraction audio

Celtx (2.9.1)

CombiMovie Version 1.31

Critical Update for Windows Media Player 11 (KB959772)

CuteHTML

DivX Codec

DivX Converter

DivX Player

DivX Web Player

DVD Decrypter (Remove Only)

DVD Flick 1.3.0.7

DVD Shrink 3.2

DVDFab HD Decrypter 3.1.2.6

EPSON Perfection V500 Photo Scanner Driver Update

EPSON Perfection V500P User's Guide

EPSON Scan

ESET Online Scanner v3

FileZilla Client 3.0.4.1

FLV Player 2.0 (build 25)

foobar2000 v0.9.5.2

Full Tilt Poker

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB981793)

HouseCall 6.6

ImgBurn (Remove Only)

Intel® Extreme Graphics 2 Driver

Intel® PRO Network Connections Drivers

iPod Updater 2004-11-15

iTunes

IZArc 3.81

Java Auto Updater

Java™ 6 Update 31

Kaspersky Online Scanner

Malwarebytes Anti-Malware version 1.62.0.1300

Microsoft .NET Framework (English)

Microsoft .NET Framework (English) v1.0.3705

Microsoft .NET Framework 1.0 Hotfix (KB928367)

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2656353)

Microsoft .NET Framework 1.1 Security Update (KB2656370)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Application Error Reporting

Microsoft Base Smart Card Cryptographic Service Provider Package

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Security Client

Microsoft Security Essentials

Microsoft Software Update for Web Folders (English) 12

Microsoft Text-to-Speech Engine 4.0 (English)

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Windows XP Video Decoder Checkup Utility

mkw Audio Compression Toolkit

Move Media Player

Mozilla Firefox 13.0.1 (x86 en-US)

Mozilla Maintenance Service

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 6.0 Parser (KB933579)

Neat Image v5.8 Pro+

Nero 7 Essentials

Paint Shop Pro 7 ESD

Panda ActiveScan 2.0

Panda Cloud Cleaner

PCPitstop Panda AntiVirus Scan (remove only)

PDF Merger

Poker Academy Pro 2

PokerStars

PokerStars.net

Primo

PrimoPDF -- brought to you by Nitro PDF Software

QuickTime

RapidShare Manager

RescuePRO 3.2

Runtime

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition

Security Update for Microsoft Windows (KB2564958)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows Media Player 9 (KB917734)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2183461)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360131)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2416400)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2482017)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2497640)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2510581)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2530548)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544521)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2559049)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567053)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2586448)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618444)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2619339)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2621440)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2639417)

Security Update for Windows XP (KB2641653)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB2647516)

Security Update for Windows XP (KB2647518)

Security Update for Windows XP (KB2653956)

Security Update for Windows XP (KB2655992)

Security Update for Windows XP (KB2659262)

Security Update for Windows XP (KB2660465)

Security Update for Windows XP (KB2661637)

Security Update for Windows XP (KB2675157)

Security Update for Windows XP (KB2676562)

Security Update for Windows XP (KB2685939)

Security Update for Windows XP (KB2686509)

Security Update for Windows XP (KB2691442)

Security Update for Windows XP (KB2695962)

Security Update for Windows XP (KB2698365)

Security Update for Windows XP (KB2699988)

Security Update for Windows XP (KB2707511)

Security Update for Windows XP (KB2709162)

Security Update for Windows XP (KB2718523)

Security Update for Windows XP (KB2719985)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB923789)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951376)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953838)

Security Update for Windows XP (KB953839)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956390)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958215)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960714)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB963027)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969897)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981349)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

Spelling Dictionaries Support For Adobe Reader 8

Spybot - Search & Destroy

SUPER © Version 2009.bld.36 (June 10, 2009)

SUPERAntiSpyware

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687310) 32-Bit Edition

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2492386)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2607712)

Update for Windows XP (KB2616676)

Update for Windows XP (KB2641690)

Update for Windows XP (KB2718704)

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

VLC media player 0.9.9

WebFldrs XP

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Imaging Component

Windows Live OneCare safety scanner

Windows Media Format 11 runtime

Windows Media Player 11

Windows Presentation Foundation

Windows XP Service Pack 3

WinPcap 4.0.2

WinRAR archiver

WM Recorder

XML Paper Specification Shared Components Pack 1.0

YTD YouTube Downloader & Converter 3.6

.

==== Event Viewer Messages From Past Week ========

.

7/15/2012 4:59:32 PM, error: Service Control Manager [7034] - The Ad-Aware Service service terminated unexpectedly. It has done this 2 time(s).

7/15/2012 12:09:48 PM, error: Service Control Manager [7000] - The Adobe Flash Player Update Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

7/15/2012 12:09:14 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the AdobeFlashPlayerUpdateSvc service.

7/13/2012 1:24:29 AM, error: Service Control Manager [7034] - The Ad-Aware Service service terminated unexpectedly. It has done this 1 time(s).

7/13/2012 1:23:46 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD ASPI32 ElbyCDIO Fips intelppm IPSec MpFilter MRxSmb NetBIOS NetBT pavboot RasAcd Rdbss SASDIFSV SASKUTIL sbaphd Tcpip

7/13/2012 1:23:46 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

7/13/2012 1:23:34 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.

7/13/2012 1:23:34 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.

7/13/2012 1:23:34 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

7/13/2012 1:23:34 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.

7/13/2012 1:23:34 AM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

7/12/2012 5:43:14 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: a320raid aac aarich adpu160m adpu320 aic78u2 aic78xx cercsr6 fasttx2k iaStor IntelIde megasas Symmpi

7/10/2012 9:13:59 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service iPodService with arguments "-Service" in order to run the server: {7A7FB085-6068-4898-8CCA-480A9187277C}

.

==== End Of File ===========================

Link to post
Share on other sites

Hello FrostDDT and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Step 1

Anti-Virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash. If you choose to install more than one Anti-Virus program on your computer, then only one of them should be active in memory at a time. My suggestion is to uninstall Ad-Aware Antivirus (Ad-Aware Browsing Protection and Ad-Aware Security Toolbar too) and to keep Microsoft Security Essentials. Finally, reboot your system.

Step 2

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 3

Download aswMBR.exe to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

aswMBR2-1.gif

On completion of the scan click save log, save it to your desktop and post in your next reply

aswMBR2.png

In your next reply, post the following log files:

  • Malwarebytes' Anti-Malware log
  • aswMBR log
  • a new fresh DDS log file

Link to post
Share on other sites

Thanks, Maniac. Here are the new logs.

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.07.16.11

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 6.0.2900.5512

Administrator :: WXP-GNWVS51 [administrator]

7/16/2012 3:58:36 PM

mbam-log-2012-07-16 (15-58-36).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 227782

Time elapsed: 22 minute(s), 22 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

----------------------------------------------------------------------

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-07-16 16:31:45

-----------------------------

16:31:45.935 OS Version: Windows 5.1.2600 Service Pack 3

16:31:45.935 Number of processors: 1 586 0x304

16:31:45.955 ComputerName: WXP-GNWVS51 UserName:

16:31:51.805 Initialize success

16:53:04.638 AVAST engine defs: 12071601

16:58:58.314 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3

16:58:58.314 Disk 0 Vendor: WDC_WD800BB-75FJA1 14.03G14 Size: 76293MB BusType: 3

16:58:58.364 Disk 0 MBR read successfully

16:58:58.364 Disk 0 MBR scan

16:58:58.654 Disk 0 unknown MBR code

16:58:58.664 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76285 MB offset 63

16:58:58.664 Disk 0 scanning sectors +156232125

16:58:58.755 Disk 0 scanning C:\WINDOWS\system32\drivers

16:59:23.143 Service scanning

16:59:38.297 Service MpKsl9758841e c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AC691E15-208B-4F11-8F4C-990C3C161488}\MpKsl9758841e.sys **LOCKED** 32

16:59:56.134 Modules scanning

17:00:07.903 Disk 0 trace - called modules:

17:00:07.913 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS

17:00:08.263 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a5c4ab8]

17:00:08.263 3 CLASSPNP.SYS[f7667fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a56dd98]

17:00:08.644 AVAST engine scan C:\WINDOWS

17:00:31.089 AVAST engine scan C:\WINDOWS\system32

17:05:45.853 AVAST engine scan C:\WINDOWS\system32\drivers

17:06:16.060 AVAST engine scan C:\Documents and Settings\Administrator

17:31:09.784 AVAST engine scan C:\Documents and Settings\All Users

17:32:40.995 Scan finished successfully

17:45:33.390 Disk 0 MBR has been saved successfully to "C:\Itemp\Malb\MBR.dat"

17:45:33.490 The log file has been saved successfully to "C:\Itemp\Malb\aswMBR.txt"

---------------------------------------------------------------------------------------

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_31

Run by Administrator at 17:48:37 on 2012-07-16

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1434 [GMT -5:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

svchost.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.yahoo.com/

uInternet Settings,ProxyOverride = *.local

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File

uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [Apple Computer] rundll32.exe "c:\documents and settings\administrator\local settings\application data\applicationhistory\apple computer\wsnznsv.dll",CreateInstance

mRun: [igfxtray] c:\windows\system32\igfxtray.exe

mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe

mRun: [igfxpers] c:\windows\system32\igfxpers.exe

mRun: [iTunesHelper] c:\program files\itunes\iTunesHelper.exe

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

dRun: [Apple Computer] rundll32.exe "c:\documents and settings\administrator\local settings\application data\applicationhistory\apple computer\wsnznsv.dll",CreateInstance

dRunOnce: [adaware] reg.exe delete "HKCU\Software\AppDataLow\Software\adaware" /f

dRunOnce: [adaware_XP] reg.exe delete "HKCU\Software\adaware" /f

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe

IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll

Trusted Zone: line6.net

DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - hxxp://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab

DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab

DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1259229678795

DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} - hxxp://www.ca.com/us/securityadvisor/virusinfo/webscan.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} - hxxp://xserv.dell.com/DellDriverScanner/DellSystem.CAB

DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/3,0,0,6111/mcfscan.cab

DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} - hxxp://www.pcpitstop.com/antivirus/PitPav.cab

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{5AF3A720-2F60-4275-B4EA-3E7F9F56D8E4} : DhcpNameServer = 192.168.1.254

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\bdeiozaq.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/

FF - plugin: c:\documents and settings\administrator\application data\move networks\plugins\npqmp071705000014.dll

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_265.dll

.

============= SERVICES / DRIVERS ===============

.

R0 a320raid;a320raid;c:\windows\system32\drivers\a320raid.sys [2006-11-2 218112]

R0 aac;PERC 320/DC SCSI RAID Miniport Driver;c:\windows\system32\drivers\aac.sys [2006-11-2 48140]

R0 aarich;aarich;c:\windows\system32\drivers\aarich.sys [2006-11-2 204800]

R0 megasas;DELL PERC RAID Driver;c:\windows\system32\drivers\megasas.sys [2006-11-2 17664]

R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 171064]

R0 pavboot;Panda Boot Driver;c:\windows\system32\drivers\pavboot.sys [2011-8-6 28552]

R1 MpKsl9758841e;MpKsl9758841e;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ac691e15-208b-4f11-8f4c-990c3c161488}\MpKsl9758841e.sys [2012-7-16 29904]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]

R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]

S1 SBRE;SBRE;\??\c:\windows\system32\drivers\sbredrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-3 250056]

S3 L6DP;L6DP;c:\windows\system32\drivers\l6dp.sys --> c:\windows\system32\drivers\l6dp.sys [?]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-24 113120]

S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6 34064]

S4 vmscsi;vmscsi;c:\windows\system32\drivers\vmscsi.sys [2006-11-2 11029]

.

=============== Created Last 30 ================

.

2012-07-16 21:31:50 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ac691e15-208b-4f11-8f4c-990c3c161488}\MpKsl9758841e.sys

2012-07-16 20:42:52 -------- d-----w- c:\documents and settings\all users\application data\GFI Software

2012-07-16 02:05:29 -------- d-----w- c:\documents and settings\all users\application data\boost_interprocess

2012-07-15 23:08:41 6762896 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ac691e15-208b-4f11-8f4c-990c3c161488}\mpengine.dll

2012-07-15 01:11:50 -------- d-----w- c:\program files\ESET

2012-07-14 22:59:40 6762896 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll

2012-07-12 23:06:07 94584 ----a-w- c:\windows\system32\drivers\SbFwIm.sys

2012-07-03 15:36:48 1409 ----a-w- c:\windows\QTFont.for

2012-06-23 04:08:02 9822920 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe

2012-06-18 05:28:35 770384 ----a-w- c:\program files\mozilla firefox\msvcr100.dll

2012-06-18 05:28:35 421200 ----a-w- c:\program files\mozilla firefox\msvcp100.dll

.

==================== Find3M ====================

.

2012-07-11 21:08:13 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-07-11 21:08:13 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-07-03 18:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-13 14:53:48 4710 ----a-w- c:\windows\system32\PerfStringBackup.TMP

2012-06-13 13:19:59 1866112 ----a-w- c:\windows\system32\win32k.sys

2012-06-05 15:50:25 1372672 ----a-w- c:\windows\system32\msxml6.dll

2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll

2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 20:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui

2012-06-02 20:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl

2012-06-02 20:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui

2012-06-02 20:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui

2012-06-02 20:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui

2012-06-02 20:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll

2012-06-02 20:18:58 214256 ----a-w- c:\windows\system32\muweb.dll

2012-06-02 20:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui

2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll

2012-05-16 07:58:35 667136 ----a-w- c:\windows\system32\wininet.dll

2012-05-04 13:12:30 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-05-04 12:32:19 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-04-20 19:29:52 81920 ----a-w- c:\windows\system32\ieencode.dll

2012-04-20 19:29:52 61952 ----a-w- c:\windows\system32\tdc.ocx

2012-04-19 12:44:57 369664 ----a-w- c:\windows\system32\html.iec

2006-05-03 09:06:54 163328 --sh--r- c:\windows\system32\flvDX.dll

2007-02-21 10:47:16 31232 --sh--r- c:\windows\system32\msfDX.dll

2008-03-16 12:30:52 216064 --sh--r- c:\windows\system32\nbDX.dll

.

============= FINISH: 17:48:52.52 ===============

Link to post
Share on other sites

Please download MBRCheck.exe to your Desktop. Run the application.

If no infection is found, it will produce a report on the desktop. Post that report in your next reply.

If an infection is found, you will be presented with the following dialog:

Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Type N and press Enter. A report will be produced on the desktop. Post that report in your next reply.

Link to post
Share on other sites

Thanks again. it didn't find anything. Here's the log.

MBRCheck, version 1.2.3

© 2010, AD

Command-line:

Windows Version: Windows XP Professional

Windows Information: Service Pack 3 (build 2600)

Logical Drives Mask: 0x000001fd

Kernel Drivers (total 136):

0x804D7000 \WINDOWS\system32\ntoskrnl.exe

0x806EF000 \WINDOWS\system32\hal.dll

0xF7987000 \WINDOWS\system32\KDCOM.DLL

0xF7897000 \WINDOWS\system32\BOOTVID.dll

0xF75A8000 ACPI.sys

0xF7989000 \WINDOWS\system32\DRIVERS\WMILIB.SYS

0xF7597000 pci.sys

0xF75F7000 isapnp.sys

0xF7A4F000 pciide.sys

0xF7707000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS

0xF798B000 intelide.sys

0xF7607000 MountMgr.sys

0xF74D8000 ftdisk.sys

0xF798D000 dmload.sys

0xF74B2000 dmio.sys

0xF770F000 PartMgr.sys

0xF7717000 pavboot.sys

0xF7617000 VolSnap.sys

0xF7B1F000 iaStor.sys

0xF749A000 atapi.sys

0xF7627000 aic78xx.sys

0xF7482000 \WINDOWS\System32\DRIVERS\SCSIPORT.SYS

0xF7637000 aic78u2.sys

0xF7469000 adpu160m.sys

0xF742F000 a320raid.sys

0xF7647000 aac.sys

0xF7860000 aarich.sys

0xF740B000 adpu320.sys

0xF771F000 cercsr6.sys

0xF783D000 fasttx2k.sys

0xF7727000 megasas.sys

0xF7970000 symmpi.sys

0xF7657000 disk.sys

0xF7667000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS

0xBA7E0000 fltmgr.sys

0xBA7CE000 sr.sys

0xBA7A6000 MpFilter.sys

0xF7677000 PxHelp20.sys

0xBA6EF000 KSecDD.sys

0xBA662000 Ntfs.sys

0xBA635000 NDIS.sys

0xBA61B000 Mup.sys

0xB9EEE000 \SystemRoot\system32\DRIVERS\intelppm.sys

0xB9C1C000 \SystemRoot\system32\DRIVERS\ialmnt5.sys

0xB9C08000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS

0xF7807000 \SystemRoot\system32\DRIVERS\usbuhci.sys

0xB9BE4000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

0xF780F000 \SystemRoot\system32\DRIVERS\usbehci.sys

0xB9BBC000 \SystemRoot\system32\DRIVERS\e100b325.sys

0xF7817000 \SystemRoot\system32\DRIVERS\fdc.sys

0xB9EDE000 \SystemRoot\system32\DRIVERS\i8042prt.sys

0xF781F000 \SystemRoot\system32\DRIVERS\mouclass.sys

0xB9ECE000 \SystemRoot\system32\DRIVERS\serial.sys

0xBA5B6000 \SystemRoot\system32\DRIVERS\serenum.sys

0xB9BA8000 \SystemRoot\system32\DRIVERS\parport.sys

0xB9EBE000 \SystemRoot\system32\DRIVERS\imapi.sys

0xB9B92000 \SystemRoot\System32\Drivers\AnyDVD.sys

0xB9EAE000 \SystemRoot\system32\DRIVERS\cdrom.sys

0xF76A7000 \SystemRoot\system32\DRIVERS\redbook.sys

0xB9B6F000 \SystemRoot\system32\DRIVERS\ks.sys

0xF773F000 \SystemRoot\SYSTEM32\DRIVERS\GEARAspiWDM.sys

0xB9AE1000 \SystemRoot\system32\drivers\smwdm.sys

0xB9ABD000 \SystemRoot\system32\drivers\portcls.sys

0xF76B7000 \SystemRoot\system32\drivers\drmk.sys

0xF79C9000 \SystemRoot\system32\drivers\aeaudio.sys

0xF7A68000 \SystemRoot\system32\DRIVERS\audstub.sys

0xF76C7000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

0xBA5AA000 \SystemRoot\system32\DRIVERS\ndistapi.sys

0xB9AA6000 \SystemRoot\system32\DRIVERS\ndiswan.sys

0xF76D7000 \SystemRoot\system32\DRIVERS\raspppoe.sys

0xF76E7000 \SystemRoot\system32\DRIVERS\raspptp.sys

0xF7747000 \SystemRoot\system32\DRIVERS\TDI.SYS

0xB9A95000 \SystemRoot\system32\DRIVERS\psched.sys

0xF76F7000 \SystemRoot\system32\DRIVERS\msgpc.sys

0xF7757000 \SystemRoot\system32\DRIVERS\ptilink.sys

0xF775F000 \SystemRoot\system32\DRIVERS\raspti.sys

0xB9A65000 \SystemRoot\system32\DRIVERS\rdpdr.sys

0xF7587000 \SystemRoot\system32\DRIVERS\termdd.sys

0xF7767000 \SystemRoot\system32\DRIVERS\kbdclass.sys

0xF79CF000 \SystemRoot\system32\DRIVERS\swenum.sys

0xB9A07000 \SystemRoot\system32\DRIVERS\update.sys

0xBA005000 \SystemRoot\system32\DRIVERS\mssmbios.sys

0xF7577000 \SystemRoot\System32\Drivers\NDProxy.SYS

0xF7557000 \SystemRoot\system32\DRIVERS\usbhub.sys

0xF79D3000 \SystemRoot\system32\DRIVERS\USBD.SYS

0xF776F000 \SystemRoot\system32\DRIVERS\flpydisk.sys

0xF79D5000 \SystemRoot\System32\Drivers\Fs_Rec.SYS

0xB987B000 \SystemRoot\System32\Drivers\Null.SYS

0xF777F000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

0xF7787000 \SystemRoot\System32\drivers\vga.sys

0xF79D7000 \SystemRoot\System32\Drivers\mnmdd.SYS

0xF79D9000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0xF778F000 \SystemRoot\System32\Drivers\Msfs.SYS

0xF7797000 \SystemRoot\System32\Drivers\Npfs.SYS

0xF7933000 \SystemRoot\system32\DRIVERS\rasacd.sys

0xB0A81000 \SystemRoot\system32\DRIVERS\ipsec.sys

0xB0A28000 \SystemRoot\system32\DRIVERS\tcpip.sys

0xB0A00000 \SystemRoot\system32\DRIVERS\netbt.sys

0xB09DE000 \SystemRoot\System32\drivers\afd.sys

0xF7537000 \SystemRoot\system32\DRIVERS\netbios.sys

0xB09BC000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

0xF779F000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS

0xB0991000 \SystemRoot\system32\DRIVERS\rdbss.sys

0xB08F9000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

0xF7527000 \SystemRoot\System32\Drivers\Fips.SYS

0xB0833000 \SystemRoot\system32\DRIVERS\ipnat.sys

0xF7517000 \SystemRoot\system32\DRIVERS\wanarp.sys

0xBA5EF000 \SystemRoot\system32\DRIVERS\hidusb.sys

0xF7507000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS

0xF77AF000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS

0xBA5E7000 \SystemRoot\system32\DRIVERS\kbdhid.sys

0xF77B7000 \SystemRoot\System32\Drivers\ElbyCDIO.sys

0xF77BF000 \SystemRoot\System32\Drivers\ASPI32.SYS

0xBA776000 \SystemRoot\System32\Drivers\Cdfs.SYS

0xB07FD000 \SystemRoot\System32\Drivers\dump_atapi.sys

0xF79F5000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS

0xBF800000 \SystemRoot\System32\win32k.sys

0xB8B94000 \SystemRoot\System32\drivers\Dxapi.sys

0xF77E7000 \SystemRoot\System32\watchdog.sys

0xBF000000 \SystemRoot\System32\drivers\dxg.sys

0xF7A6D000 \SystemRoot\System32\drivers\dxgthk.sys

0xBF020000 \SystemRoot\System32\ialmdnt5.dll

0xBF012000 \SystemRoot\System32\ialmrnt5.dll

0xBF042000 \SystemRoot\System32\ialmdev5.DLL

0xBF077000 \SystemRoot\System32\ialmdd5.DLL

0xBF159000 \SystemRoot\System32\ATMFD.DLL

0xB0681000 \SystemRoot\system32\DRIVERS\ndisuio.sys

0xB0400000 \SystemRoot\system32\drivers\wdmaud.sys

0xB08E9000 \SystemRoot\system32\drivers\sysaudio.sys

0xB00FD000 \SystemRoot\system32\DRIVERS\mrxdav.sys

0xAFD85000 \SystemRoot\system32\DRIVERS\srv.sys

0xAFC04000 \SystemRoot\System32\Drivers\HTTP.sys

0xAFC7D000 \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\aswMBR.sys

0xB0AEC000 \??\c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AC691E15-208B-4F11-8F4C-990C3C161488}\MpKsl9758841e.sys

0xF77DF000 \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mbr.sys

0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 31):

0 System Idle Process

4 System

624 C:\WINDOWS\system32\smss.exe

696 csrss.exe

720 C:\WINDOWS\system32\winlogon.exe

764 C:\WINDOWS\system32\services.exe

776 C:\WINDOWS\system32\lsass.exe

932 C:\WINDOWS\system32\svchost.exe

1012 svchost.exe

1108 C:\Program Files\Microsoft Security Client\MsMpEng.exe

1144 C:\WINDOWS\system32\svchost.exe

1212 svchost.exe

1408 svchost.exe

1548 C:\WINDOWS\system32\spoolsv.exe

1832 C:\WINDOWS\explorer.exe

1948 C:\WINDOWS\system32\hkcmd.exe

1964 C:\WINDOWS\system32\igfxpers.exe

2020 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

132 svchost.exe

280 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

296 C:\WINDOWS\system32\ctfmon.exe

316 C:\WINDOWS\system32\rundll32.exe

604 C:\Program Files\SUPERAntiSpyware\SASCore.exe

644 C:\Program Files\Bonjour\mDNSResponder.exe

680 C:\Program Files\Java\jre6\bin\jqs.exe

1080 C:\WINDOWS\system32\svchost.exe

2388 alg.exe

3544 C:\Program Files\Microsoft Security Client\msseces.exe

2572 C:\WINDOWS\system32\wuauclt.exe

3428 wmiprvse.exe

3752 C:\Documents and Settings\Administrator\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: WDCWD800BB-75FJA1, Rev: 14.03G14

Size Device Name MBR Status

--------------------------------------------

74 GB \\.\PhysicalDrive0 Windows 98 MBR code detected

SHA1: 48F01D7E76A0F3C038D08611E3FDC0EE4EF9FD3E

Done!

Link to post
Share on other sites

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Link to post
Share on other sites

Here is the Combofix log. Unfortunately, my problem remains.

ComboFix 12-07-16.01 - Administrator 07/17/2012 18:56:10.1.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1652 [GMT -5:00]

Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Administrator\Application Data\inst.exe

c:\documents and settings\Administrator\Application Data\vso_ts_preview.xml

c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\Apple Computer\wsnznsv.dll

c:\documents and settings\Administrator\Local Settings\Application Data\assembly\tmp

c:\documents and settings\Administrator\WINDOWS

c:\documents and settings\All Users\Application Data\TEMP

c:\windows\Install.txt

c:\windows\system32\SET4E.tmp

c:\windows\system32\SET53.tmp

c:\windows\system32\SET5A.tmp

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_6to4

-------\Legacy_dhcpsrv

-------\Legacy_isadisk

-------\Legacy_podmena

-------\Legacy_podmenadrv

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}

.

.

((((((((((((((((((((((((( Files Created from 2012-06-18 to 2012-07-18 )))))))))))))))))))))))))))))))

.

.

2012-07-16 20:42 . 2012-07-16 20:42 -------- d-----w- c:\documents and settings\All Users\Application Data\GFI Software

2012-07-16 02:05 . 2012-07-16 02:05 -------- d-----w- c:\documents and settings\All Users\Application Data\boost_interprocess

2012-07-15 01:11 . 2012-07-15 01:11 -------- d-----w- c:\program files\ESET

2012-07-13 06:22 . 2012-07-13 06:22 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Ad-Aware Antivirus

2012-07-12 23:28 . 2012-07-12 23:28 -------- d-----w- c:\documents and settings\LocalService\Application Data\Ad-Aware Antivirus

2012-07-12 23:06 . 2011-09-29 17:16 94584 ----a-w- c:\windows\system32\drivers\SbFwIm.sys

2012-07-03 15:36 . 2012-07-03 15:36 1409 ----a-w- c:\windows\QTFont.for

2012-06-23 04:08 . 2012-07-11 21:08 9822920 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe

2012-06-18 05:28 . 2012-06-18 05:28 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll

2012-06-18 05:28 . 2012-06-18 05:28 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-11 21:08 . 2012-04-03 18:11 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-07-11 21:08 . 2011-05-17 13:06 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-07-03 18:46 . 2010-09-13 11:32 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-13 14:53 . 2010-03-15 00:41 4710 ----a-w- c:\windows\system32\PerfStringBackup.TMP

2012-06-13 13:19 . 2004-08-12 13:33 1866112 ----a-w- c:\windows\system32\win32k.sys

2012-06-05 15:50 . 2007-05-15 21:43 1372672 ----a-w- c:\windows\system32\msxml6.dll

2012-06-05 15:50 . 2004-08-12 13:23 1172480 ----a-w- c:\windows\system32\msxml3.dll

2012-06-04 04:32 . 2004-08-12 13:27 152576 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 20:19 . 2007-05-31 22:23 22040 ----a-w- c:\windows\system32\wucltui.dll.mui

2012-06-02 20:19 . 2007-05-31 22:23 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui

2012-06-02 20:19 . 2006-07-28 17:11 329240 ----a-w- c:\windows\system32\wucltui.dll

2012-06-02 20:19 . 2006-07-28 17:11 219160 ----a-w- c:\windows\system32\wuaucpl.cpl

2012-06-02 20:19 . 2006-07-28 17:11 210968 ----a-w- c:\windows\system32\wuweb.dll

2012-06-02 20:19 . 2010-09-13 15:08 15384 ----a-w- c:\windows\system32\wuapi.dll.mui

2012-06-02 20:19 . 2006-07-28 17:11 53784 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 20:19 . 2006-07-28 17:11 35864 ----a-w- c:\windows\system32\wups.dll

2012-06-02 20:19 . 2005-05-26 09:16 45080 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 20:19 . 2004-08-12 13:17 97304 ----a-w- c:\windows\system32\cdm.dll

2012-06-02 20:19 . 2007-05-31 22:23 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui

2012-06-02 20:19 . 2006-07-28 17:11 577048 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 20:19 . 2006-07-28 17:11 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 20:18 . 2011-10-24 02:30 275696 ----a-w- c:\windows\system32\mucltui.dll

2012-06-02 20:18 . 2011-10-24 02:30 214256 ----a-w- c:\windows\system32\muweb.dll

2012-06-02 20:18 . 2011-10-24 02:30 17136 ----a-w- c:\windows\system32\mucltui.dll.mui

2012-05-31 13:22 . 2004-08-12 13:18 599040 ----a-w- c:\windows\system32\crypt32.dll

2012-05-16 07:58 . 2004-08-12 13:33 667136 ----a-w- c:\windows\system32\wininet.dll

2012-05-04 13:12 . 2004-08-12 13:25 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-05-04 12:32 . 2004-08-03 22:59 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-05-02 13:46 . 2006-07-28 17:09 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-04-20 19:29 . 2004-08-12 13:30 61952 ----a-w- c:\windows\system32\tdc.ocx

2012-04-20 19:29 . 2004-08-12 13:19 81920 ----a-w- c:\windows\system32\ieencode.dll

2012-04-19 12:44 . 2004-08-12 13:19 369664 ----a-w- c:\windows\system32\html.iec

2012-06-18 05:28 . 2012-04-25 01:06 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[7] 2004-08-12 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys

.

c:\windows\System32\drivers\beep.sys ... is missing !!

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 94208]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2004-10-13 278528]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-03-20 98304]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"adaware"="reg.exe delete HKCU\Software\AppDataLow\Software\adaware" [X]

"adaware_XP"="reg.exe delete HKCU\Software\adaware" [X]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]

path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk

backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2012-01-03 13:10 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

2009-02-27 00:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2004-10-13 21:04 278528 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2006-01-12 21:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2012-03-20 05:42 98304 ----a-w- c:\program files\QuickTime\qttask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

2009-03-05 21:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"iPodService"=3 (0x3)

"CCALib8"=2 (0x2)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\epson\\Scanner Driver Update\\PFV500\\E_DUPA10.EXE"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

.

R0 a320raid;a320raid;c:\windows\system32\drivers\a320raid.sys [11/2/2006 1:57 PM 218112]

R0 aac;PERC 320/DC SCSI RAID Miniport Driver;c:\windows\system32\drivers\aac.sys [11/2/2006 1:57 PM 48140]

R0 aarich;aarich;c:\windows\system32\drivers\aarich.sys [11/2/2006 1:57 PM 204800]

R0 megasas;DELL PERC RAID Driver;c:\windows\system32\drivers\megasas.sys [11/2/2006 1:57 PM 17664]

R0 pavboot;Panda Boot Driver;c:\windows\system32\drivers\pavboot.sys [8/6/2011 8:05 PM 28552]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 11:27 AM 12880]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55 PM 67664]

R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 6:38 PM 116608]

S1 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/3/2012 1:11 PM 250056]

S3 L6DP;L6DP;c:\windows\system32\Drivers\l6dp.sys --> c:\windows\system32\Drivers\l6dp.sys [?]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [4/24/2012 8:06 PM 113120]

S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [11/6/2007 3:22 PM 34064]

S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [3/24/2008 3:41 PM 47360]

S4 vmscsi;vmscsi;c:\windows\system32\drivers\vmscsi.sys [11/2/2006 1:57 PM 11029]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

getPlusHelper REG_MULTI_SZ getPlusHelper

.

Contents of the 'Scheduled Tasks' folder

.

2012-07-18 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 21:08]

.

2012-07-13 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 23:57]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yahoo.com/

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

Trusted Zone: line6.net

TCP: DhcpNameServer = 192.168.1.254

FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bdeiozaq.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/

.

- - - - ORPHANS REMOVED - - - -

.

HKCU-Run-Apple Computer - c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\Apple Computer\wsnznsv.dll

HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe

HKU-Default-Run-Apple Computer - c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\Apple Computer\wsnznsv.dll

MSConfigStartUp-Ad-Aware Browsing Protection - c:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe

MSConfigStartUp-Adobe Photo Downloader - c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe

MSConfigStartUp-Messenger (Yahoo!) - c:\program files\Yahoo!\Messenger\YahooMessenger.exe

MSConfigStartUp-MSC - c:\program files\Microsoft Security Client\msseces.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-07-17 19:03

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(716)

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

- - - - - - - > 'explorer.exe'(1092)

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Completion time: 2012-07-17 19:10:45 - machine was rebooted

ComboFix-quarantined-files.txt 2012-07-18 00:10

.

Pre-Run: 32,201,023,488 bytes free

Post-Run: 37,397,590,016 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

.

- - End Of File - - 7D4F78F94769D155965F56E8740E83B6

Link to post
Share on other sites

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KillAll::

FCopy::
c:\windows\system32\dllcache\beep.sys | c:\windows\System32\drivers\beep.sys

Folder::
c:\documents and settings\All Users\Application Data\boost_interprocess
c:\documents and settings\NetworkService\Application Data\Ad-Aware Antivirus
c:\documents and settings\LocalService\Application Data\Ad-Aware Antivirus

Registry::
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"adaware"=-
"adaware_XP"=-

JavaClearCache::

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Link to post
Share on other sites

I hope I did it right. ComboFix went through an update as I performed the operation. Here's the latest log.

ComboFix 12-07-18.01 - Administrator 07/18/2012 6:51.2.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1696 [GMT -5:00]

Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\boost_interprocess

c:\documents and settings\LocalService\Application Data\Ad-Aware Antivirus

c:\documents and settings\LocalService\Application Data\Ad-Aware Antivirus\Logs\20120712T232814.873740PID912\Service.log

c:\documents and settings\LocalService\Application Data\Ad-Aware Antivirus\Logs\20120713T121551.925187PID236\Service.log

c:\documents and settings\LocalService\Application Data\Ad-Aware Antivirus\Logs\20120714T224316.829363PID480\Service.log

c:\documents and settings\LocalService\Application Data\Ad-Aware Antivirus\Logs\20120714T234050.876038PID3332\Service.log

c:\documents and settings\LocalService\Application Data\Ad-Aware Antivirus\Logs\20120716T204217.374977PID1996\Service.log

c:\documents and settings\NetworkService\Application Data\Ad-Aware Antivirus

.

.

--------------- FCopy ---------------

.

c:\windows\system32\dllcache\beep.sys --> c:\windows\System32\drivers\beep.sys

.

((((((((((((((((((((((((( Files Created from 2012-06-18 to 2012-07-18 )))))))))))))))))))))))))))))))

.

.

2012-07-18 11:51 . 2004-08-12 13:17 4224 -c--a-w- c:\windows\system32\dllcache\beep.sys

2012-07-18 11:51 . 2004-08-12 13:17 4224 ----a-w- c:\windows\system32\drivers\beep.sys

2012-07-16 20:42 . 2012-07-16 20:42 -------- d-----w- c:\documents and settings\All Users\Application Data\GFI Software

2012-07-15 01:11 . 2012-07-15 01:11 -------- d-----w- c:\program files\ESET

2012-07-12 23:06 . 2011-09-29 17:16 94584 ----a-w- c:\windows\system32\drivers\SbFwIm.sys

2012-07-03 15:36 . 2012-07-03 15:36 1409 ----a-w- c:\windows\QTFont.for

2012-06-23 04:08 . 2012-07-11 21:08 9822920 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-11 21:08 . 2012-04-03 18:11 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-07-11 21:08 . 2011-05-17 13:06 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-07-03 18:46 . 2010-09-13 11:32 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-13 14:53 . 2010-03-15 00:41 4710 ----a-w- c:\windows\system32\PerfStringBackup.TMP

2012-06-13 13:19 . 2004-08-12 13:33 1866112 ----a-w- c:\windows\system32\win32k.sys

2012-06-05 15:50 . 2007-05-15 21:43 1372672 ----a-w- c:\windows\system32\msxml6.dll

2012-06-05 15:50 . 2004-08-12 13:23 1172480 ----a-w- c:\windows\system32\msxml3.dll

2012-06-04 04:32 . 2004-08-12 13:27 152576 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 20:19 . 2007-05-31 22:23 22040 ----a-w- c:\windows\system32\wucltui.dll.mui

2012-06-02 20:19 . 2007-05-31 22:23 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui

2012-06-02 20:19 . 2006-07-28 17:11 329240 ----a-w- c:\windows\system32\wucltui.dll

2012-06-02 20:19 . 2006-07-28 17:11 219160 ----a-w- c:\windows\system32\wuaucpl.cpl

2012-06-02 20:19 . 2006-07-28 17:11 210968 ----a-w- c:\windows\system32\wuweb.dll

2012-06-02 20:19 . 2010-09-13 15:08 15384 ----a-w- c:\windows\system32\wuapi.dll.mui

2012-06-02 20:19 . 2006-07-28 17:11 53784 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 20:19 . 2006-07-28 17:11 35864 ----a-w- c:\windows\system32\wups.dll

2012-06-02 20:19 . 2005-05-26 09:16 45080 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 20:19 . 2004-08-12 13:17 97304 ----a-w- c:\windows\system32\cdm.dll

2012-06-02 20:19 . 2007-05-31 22:23 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui

2012-06-02 20:19 . 2006-07-28 17:11 577048 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 20:19 . 2006-07-28 17:11 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 20:18 . 2011-10-24 02:30 275696 ----a-w- c:\windows\system32\mucltui.dll

2012-06-02 20:18 . 2011-10-24 02:30 214256 ----a-w- c:\windows\system32\muweb.dll

2012-06-02 20:18 . 2011-10-24 02:30 17136 ----a-w- c:\windows\system32\mucltui.dll.mui

2012-05-31 13:22 . 2004-08-12 13:18 599040 ----a-w- c:\windows\system32\crypt32.dll

2012-05-16 07:58 . 2004-08-12 13:33 667136 ----a-w- c:\windows\system32\wininet.dll

2012-05-04 13:12 . 2004-08-12 13:25 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-05-04 12:32 . 2004-08-03 22:59 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-05-02 13:46 . 2006-07-28 17:09 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-04-20 19:29 . 2004-08-12 13:30 61952 ----a-w- c:\windows\system32\tdc.ocx

2012-04-20 19:29 . 2004-08-12 13:19 81920 ----a-w- c:\windows\system32\ieencode.dll

2012-04-19 12:44 . 2004-08-12 13:19 369664 ----a-w- c:\windows\system32\html.iec

2012-06-18 05:28 . 2012-04-25 01:06 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2012-07-18_00.03.27 )))))))))))))))))))))))))))))))))))))))))

.

+ 2012-07-18 12:00 . 2012-07-18 12:00 16384 c:\windows\temp\Perflib_Perfdata_e0.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 94208]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2004-10-13 278528]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-03-20 98304]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]

.

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]

path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk

backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2012-01-03 13:10 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

2009-02-27 00:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2004-10-13 21:04 278528 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2006-01-12 21:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2012-03-20 05:42 98304 ----a-w- c:\program files\QuickTime\qttask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"iPodService"=3 (0x3)

"CCALib8"=2 (0x2)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\epson\\Scanner Driver Update\\PFV500\\E_DUPA10.EXE"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

.

R0 a320raid;a320raid;c:\windows\system32\drivers\a320raid.sys [11/2/2006 1:57 PM 218112]

R0 aac;PERC 320/DC SCSI RAID Miniport Driver;c:\windows\system32\drivers\aac.sys [11/2/2006 1:57 PM 48140]

R0 aarich;aarich;c:\windows\system32\drivers\aarich.sys [11/2/2006 1:57 PM 204800]

R0 megasas;DELL PERC RAID Driver;c:\windows\system32\drivers\megasas.sys [11/2/2006 1:57 PM 17664]

S1 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/3/2012 1:11 PM 250056]

S3 L6DP;L6DP;c:\windows\system32\Drivers\l6dp.sys --> c:\windows\system32\Drivers\l6dp.sys [?]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [4/24/2012 8:06 PM 113120]

S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [11/6/2007 3:22 PM 34064]

S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [3/24/2008 3:41 PM 47360]

S4 vmscsi;vmscsi;c:\windows\system32\drivers\vmscsi.sys [11/2/2006 1:57 PM 11029]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - BEEP

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

getPlusHelper REG_MULTI_SZ getPlusHelper

.

Contents of the 'Scheduled Tasks' folder

.

2012-07-18 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 21:08]

.

2012-07-13 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 23:57]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yahoo.com/

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

Trusted Zone: line6.net

TCP: DhcpNameServer = 192.168.1.254

FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bdeiozaq.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/

.

- - - - ORPHANS REMOVED - - - -

.

MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-07-18 07:00

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(952)

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Completion time: 2012-07-18 07:08:03 - machine was rebooted

ComboFix-quarantined-files.txt 2012-07-18 12:08

ComboFix2.txt 2012-07-18 00:10

.

Pre-Run: 38,036,754,432 bytes free

Post-Run: 38,022,578,176 bytes free

.

- - End Of File - - 64271D768FD3B01568E48A7AA35C7728

Link to post
Share on other sites

That's cool! :)

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Link to post
Share on other sites

Got it.

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=6.00.2900.5512 (xpsp.080413-2105)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=4d77e4fdc7d6dc4d8862493f52e6f25e

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-07-15 03:06:04

# local_time=2012-07-14 10:06:04 (-0600, Central Daylight Time)

# country="United States"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=5891 16776533 42 92 0 9429394 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=93212

# found=0

# cleaned=0

# scan_time=6503

# version=7

# iexplore.exe=6.00.2900.5512 (xpsp.080413-2105)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=4d77e4fdc7d6dc4d8862493f52e6f25e

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-07-19 12:08:11

# local_time=2012-07-18 07:08:11 (-0600, Central Daylight Time)

# country="United States"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=86850

# found=0

# cleaned=0

# scan_time=3527

Link to post
Share on other sites

The problem is still with Internet Explorer and Mozilla FireFox?

Please, using WinRAR archiver compress the following folder: C:\Qoobox\Quarantine folder and upload it somewhere, for example in www.rapidshare.com . Finally, send me a download link via PM.

Thanks!

Link to post
Share on other sites

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named)

Click the cog in the upper right

AVPfront.gif

Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan

avpsettings.gif

Allow AVP to delete all infections found

Once it has finished select report tab (last tab)

Select Detected threads report from the left and press Save button

Save it to your desktop and post it in your next reply.

Link to post
Share on other sites

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Link to post
Share on other sites

Got the latest updated scan.

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.07.24.01

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 6.0.2900.5512

Administrator :: WXP-GNWVS51 [administrator]

7/23/2012 9:03:17 PM

mbam-log-2012-07-23 (21-03-17).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 201919

Time elapsed: 6 minute(s), 52 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.