Jump to content

Recommended Posts

My PC has been running slower and slower and hangs periodically for 3-10 minutes while the hard drive grinds away. I have removed several bugs in the past but I suspect my machine is still infected. I would wipe it and rebuild from scratch but the OS and MS Office has limited install rights. Any help you can provide would be appreciated. I'm just not sure where to start. Here is the most recent Malwarebytes log:

Malwarebytes Anti-Malware 1.65.1.1000

www.malwarebytes.org

Database version: v2012.10.27.06

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Admin :: DELL1 [administrator]

10/28/2012 12:53:41 PM

mbam-log-2012-10-28 (12-53-41).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled:

Objects scanned: 231904

Time elapsed: 12 minute(s), 9 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

Hello ipepper and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.

Please follow the instructions here and post the log files in your next reply:

http://forums.malwarebytes.org/index.php?showtopic=9573

Link to post
Share on other sites

Thanks for helping Maniac. Here are the logs.

Malwarebytes Anti-Malware 1.65.1.1000

www.malwarebytes.org

Database version: v2012.12.02.02

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Admin :: DELL1 [administrator]

12/2/2012 8:54:48 AM

mbam-log-2012-12-02 (08-54-48).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled:

Objects scanned: 236930

Time elapsed: 11 minute(s), 34 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

===========================================

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 8.0.6001.18702

Run by Admin at 9:16:23 on 2012-12-02

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.180 [GMT -5:00]

.

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

============== Running Processes ================

.

C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\program files\real\realplayer\update\realsched.exe

C:\HP\KBD\KBD.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\PrintKey2000\Printkey2000.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k imgsvc

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uInternet Connection Wizard,ShellNext = iexplore

uURLSearchHooks: CFBFAE00-17A6-11D0-99CB-00C04FD64497} - <orphaned>

BHO: AutorunsDisabled - <orphaned>

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.7529.1424\swg.dll

TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

mRun: [hpbdfawep] c:\program files\hp\dfawep\bin\hpbdfawep.exe 1

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot

mRun: [KBD] c:\hp\kbd\KBD.EXE

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\printk~1.lnk - c:\program files\printkey2000\Printkey2000.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1

mPolicies-Explorer: NoDriveTypeAutoRun = dword:145

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

.

INFO: HKCU has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

.

INFO: HKLM has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

DPF: {00140000-B1BA-11CE-ABC6-F5B2E79D9E3F} - file:///F:/LTOCX14N.cab

DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll

DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase1140.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1165807308463

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1349019991182

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab

DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: NameServer = 75.75.76.76 75.75.75.75

TCP: Interfaces\{228C18C5-7E2B-4AD9-9498-29C248E27831} : DHCPNameServer = 75.75.76.76 75.75.75.75

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Notify: AutorunsDisabled - <no file>

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

Hosts: 127.0.0.1 www.spywareinfo.com

.

============= SERVICES / DRIVERS ===============

.

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-6-23 9968]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-6-23 72944]

S3 3dfxvs;3dfxvs;c:\windows\system32\drivers\3dfxvsm.sys [2006-12-9 148352]

S3 PsShutdownSvc;PsShutdown;c:\windows\system32\PSSDNSVC.EXE [2009-6-15 61440]

S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-6-23 7408]

S3 SUSTUCAM;Susteen USB Cable Modem Driver;c:\windows\system32\drivers\sustucam.sys [2009-11-25 47360]

S3 SUSTUCAP;Susteen USB Cable Port Driver;c:\windows\system32\drivers\sustucap.sys [2009-11-25 47360]

S3 SUSTUCAU;Susteen USB Cable USB Driver;c:\windows\system32\drivers\sustucau.sys [2009-11-25 28032]

S4 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2006-2-28 14336]

.

=============== File Associations ===============

.

ShellExec: ymp.exe: open="c:\program files\yahoo!\yahoo! music jukebox\YahooMusicEngine.exe" -play "%1"

ShellExec: ymp.exe: play="c:\program files\yahoo!\yahoo! music jukebox\YahooMusicEngine.exe" -play "%1"

.

=============== Created Last 30 ================

.

2012-12-02 13:06:53 6812136 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ccb6beaf-5f89-4da7-b24f-30492c84e107}\mpengine.dll

.

==================== Find3M ====================

.

2012-11-11 11:10:59 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-11-11 11:10:59 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-10-22 08:37:31 1866368 ----a-w- c:\windows\system32\win32k.sys

2012-10-02 18:04:21 58368 ----a-w- c:\windows\system32\synceng.dll

2012-09-29 23:54:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-09-12 19:32:08 88688 ----a-w- c:\windows\system32\cpwmon2k.dll

2006-02-28 12:00:00 94784 --sh--w- c:\windows\twain.dll

2008-04-14 00:12:07 50688 --sh--w- c:\windows\twain_32.dll

2011-02-08 13:33:55 978944 --sha-w- c:\windows\system32\mfc42.dll

2008-04-14 00:12:01 57344 --sh--w- c:\windows\system32\msvcirt.dll

2008-04-14 00:12:01 413696 --sha-w- c:\windows\system32\msvcp60.dll

2008-04-14 00:12:01 343040 --sha-w- c:\windows\system32\msvcrt.dll

2010-12-20 17:32:15 551936 --sh--w- c:\windows\system32\oleaut32.dll

2008-04-14 00:12:02 84992 --sh--w- c:\windows\system32\olepro32.dll

2008-04-14 00:12:32 11776 --sh--w- c:\windows\system32\regsvr32.exe

.

============= FINISH: 9:17:26.14 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 12/9/2006 7:46:24 PM

System Uptime: 12/2/2012 7:55:50 AM (2 hours ago)

.

Motherboard: Dell Computer Corporation | | OptiPlex GX400

Processor: Intel® Pentium® 4 CPU 1.70GHz | Microprocessor | 1694/100mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (NTFS) - 98 GiB total, 18.317 GiB free.

D: is FIXED (NTFS) - 135 GiB total, 14.085 GiB free.

E: is CDROM ()

F: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: Cisco Systems VPN Adapter

Device ID: ROOT\NET\0000

Manufacturer: Cisco Systems

Name: Cisco Systems VPN Adapter

PNP Device ID: ROOT\NET\0000

Service: CVirtA

.

==== System Restore Points ===================

.

RP1060: 9/28/2012 11:46:36 PM - Software Distribution Service 3.0

RP1061: 9/29/2012 12:34:11 AM - Software Distribution Service 3.0

RP1062: 9/30/2012 9:10:44 AM - Software Distribution Service 3.0

RP1063: 9/30/2012 10:35:05 AM - Installed Multimedia / Internet Keyboard Driver VerR8.15

RP1064: 9/30/2012 11:01:25 AM - Removed Multimedia / Internet Keyboard Driver VerR8.15

RP1065: 9/30/2012 9:15:00 PM - Printer Driver CutePDF Writer Installed

RP1066: 10/1/2012 7:45:21 PM - Software Distribution Service 3.0

RP1067: 10/2/2012 7:56:47 PM - System Checkpoint

RP1068: 10/3/2012 5:55:08 PM - Software Distribution Service 3.0

RP1069: 10/4/2012 5:59:01 PM - System Checkpoint

RP1070: 10/6/2012 10:14:18 AM - Software Distribution Service 3.0

RP1071: 10/7/2012 11:29:50 AM - Software Distribution Service 3.0

RP1072: 10/8/2012 8:07:13 PM - Software Distribution Service 3.0

RP1073: 10/9/2012 8:14:33 PM - System Checkpoint

RP1074: 10/9/2012 10:22:10 PM - Software Distribution Service 3.0

RP1075: 10/10/2012 6:12:06 PM - Software Distribution Service 3.0

RP1076: 10/11/2012 6:59:28 PM - Software Distribution Service 3.0

RP1077: 10/12/2012 7:19:52 PM - System Checkpoint

RP1078: 10/13/2012 8:59:41 AM - Software Distribution Service 3.0

RP1079: 10/14/2012 9:31:14 AM - Software Distribution Service 3.0

RP1080: 10/15/2012 6:13:05 PM - Software Distribution Service 3.0

RP1081: 10/17/2012 7:32:17 PM - Software Distribution Service 3.0

RP1082: 10/18/2012 7:43:40 PM - System Checkpoint

RP1083: 10/19/2012 6:05:28 PM - Software Distribution Service 3.0

RP1084: 10/20/2012 6:39:58 PM - System Checkpoint

RP1085: 10/21/2012 9:24:15 AM - Software Distribution Service 3.0

RP1086: 10/22/2012 6:21:48 PM - Software Distribution Service 3.0

RP1087: 10/23/2012 6:51:01 PM - System Checkpoint

RP1088: 10/24/2012 6:02:41 PM - Software Distribution Service 3.0

RP1089: 10/26/2012 6:37:24 AM - Software Distribution Service 3.0

RP1090: 10/27/2012 10:12:42 AM - Software Distribution Service 3.0

RP1091: 10/28/2012 10:52:02 AM - Software Distribution Service 3.0

RP1092: 10/28/2012 1:29:04 PM - Software Distribution Service 3.0

RP1093: 10/29/2012 6:17:52 PM - Software Distribution Service 3.0

RP1094: 10/30/2012 8:26:57 PM - System Checkpoint

RP1095: 10/31/2012 6:07:16 PM - Software Distribution Service 3.0

RP1096: 11/1/2012 6:41:54 PM - System Checkpoint

RP1097: 11/2/2012 8:52:26 PM - Software Distribution Service 3.0

RP1098: 11/3/2012 9:16:15 PM - System Checkpoint

RP1099: 11/4/2012 7:37:41 AM - Software Distribution Service 3.0

RP1100: 11/5/2012 6:26:40 PM - Software Distribution Service 3.0

RP1101: 11/7/2012 6:20:08 PM - Software Distribution Service 3.0

RP1102: 11/8/2012 8:37:11 PM - System Checkpoint

RP1103: 11/9/2012 6:42:24 PM - Software Distribution Service 3.0

RP1104: 11/10/2012 7:27:14 PM - System Checkpoint

RP1105: 11/11/2012 6:01:11 AM - Software Distribution Service 3.0

RP1106: 11/12/2012 6:20:03 PM - Software Distribution Service 3.0

RP1107: 11/13/2012 6:28:57 PM - System Checkpoint

RP1108: 11/13/2012 11:04:46 PM - Software Distribution Service 3.0

RP1109: 11/15/2012 6:42:18 AM - Software Distribution Service 3.0

RP1110: 11/17/2012 9:08:06 AM - Software Distribution Service 3.0

RP1111: 11/18/2012 9:19:22 AM - System Checkpoint

RP1112: 11/20/2012 5:56:44 PM - Software Distribution Service 3.0

RP1113: 11/21/2012 8:35:46 PM - System Checkpoint

RP1114: 11/22/2012 9:15:31 AM - Software Distribution Service 3.0

RP1115: 11/23/2012 9:30:26 AM - System Checkpoint

RP1116: 11/24/2012 9:24:36 AM - Software Distribution Service 3.0

RP1117: 11/25/2012 10:21:23 AM - System Checkpoint

RP1118: 11/25/2012 1:37:14 PM - Software Distribution Service 3.0

RP1119: 11/26/2012 2:12:34 PM - System Checkpoint

RP1120: 11/27/2012 6:49:44 PM - Software Distribution Service 3.0

RP1121: 11/28/2012 7:07:25 PM - System Checkpoint

RP1122: 11/30/2012 5:51:42 PM - Software Distribution Service 3.0

RP1123: 12/1/2012 6:44:13 PM - System Checkpoint

RP1124: 12/2/2012 8:06:48 AM - Software Distribution Service 3.0

.

==== Installed Programs ======================

.

7-Zip 4.57

ACDSee

Adobe AIR

Adobe Download Manager

Adobe Flash Player 11 ActiveX

Adobe Reader X (10.1.4)

Adobe® Photoshop® Album Starter Edition 3.0

Apple Application Support

Apple Software Update

ArcSoft PhotoFantasy

ArcSoft PhotoImpression

AT&T Yahoo! Applications

AT&T Yahoo! Music Jukebox

Avi2Dvd 0.4.5 beta

AviSynth 2.5

BitTorrent

BLM 2.7.7

CCleaner

Cisco Systems VPN Client 5.0.06.0160

Citrix XenApp Web Plugin

Critical Update for Windows Media Player 11 (KB959772)

CutePDF Writer 3.0

Dell Driver Download Manager

DivX Content Uploader

DivX Web Player

DVD Decrypter (Remove Only)

DVD Shrink 3.2

DVDStyler v1.8.1

eFax Messenger Plus

Efficient Address Book Free 1.66

Enhanced Multimedia Keyboard Solution

Google Chrome

Google Toolbar for Internet Explorer

Google Update Helper

Hotfix for Microsoft .NET Framework 3.0 (KB932471)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Internet Explorer 7 (KB947864)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB2756822)

Hotfix for Windows XP (KB915800-v4)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

hp business inkjet 1100

HP LaserJet P1000 series

HP Photo Printing Software

HP Precisionscan Pro 3.1

HP Share-to-Web

HPCarePackCore

HPCarePackProducts

hppMSRedist

hppusgP1000

HPSSupply

ImgBurn

J2SE Runtime Environment 5.0 Update 10

J2SE Runtime Environment 5.0 Update 11

Japanese Fonts Support For Adobe Reader 8

Java 6 Update 2

Java 6 Update 3

Java 6 Update 5

Java SE Runtime Environment 6 Update 1

K-Lite Mega Codec Pack 6.2.0

LightScribe System Software 1.14.17.1

Malwarebytes Anti-Malware version 1.65.1.1000

MarketResearch

MediaMonkey 3.2

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2656370)

Microsoft .NET Framework 1.1 Security Update (KB2698023)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Antimalware

Microsoft Application Error Reporting

Microsoft Base Smart Card Cryptographic Service Provider Package

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft Software Update for Web Folders (English) 12

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 6.0 Parser (KB933579)

Nero 7 Essentials

neroxml

Netflix Movie Viewer

OGA Notifier 2.0.0048.0

PeerGuardian 2.0

PrintKey2000

QuickTime

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealPlayer

RealUpgrade 1.1

RivaTuner v2.11

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition

Security Update for Microsoft Windows (KB2564958)

Security Update for Windows Internet Explorer 7 (KB928090)

Security Update for Windows Internet Explorer 7 (KB929969)

Security Update for Windows Internet Explorer 7 (KB931768)

Security Update for Windows Internet Explorer 7 (KB933566)

Security Update for Windows Internet Explorer 7 (KB937143)

Security Update for Windows Internet Explorer 7 (KB938127)

Security Update for Windows Internet Explorer 7 (KB939653)

Security Update for Windows Internet Explorer 7 (KB942615)

Security Update for Windows Internet Explorer 7 (KB950759)

Security Update for Windows Internet Explorer 7 (KB953838)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB958215)

Security Update for Windows Internet Explorer 7 (KB960714)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Internet Explorer 7 (KB969897)

Security Update for Windows Internet Explorer 7 (KB972260)

Security Update for Windows Internet Explorer 7 (KB974455)

Security Update for Windows Internet Explorer 8 (KB2183461)

Security Update for Windows Internet Explorer 8 (KB2360131)

Security Update for Windows Internet Explorer 8 (KB2416400)

Security Update for Windows Internet Explorer 8 (KB2482017)

Security Update for Windows Internet Explorer 8 (KB2497640)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2530548)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2559049)

Security Update for Windows Internet Explorer 8 (KB2586448)

Security Update for Windows Internet Explorer 8 (KB2618444)

Security Update for Windows Internet Explorer 8 (KB2647516)

Security Update for Windows Internet Explorer 8 (KB2744842)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB974455)

Security Update for Windows Internet Explorer 8 (KB978207)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows Media Player 9 (KB917734)

Security Update for Windows Search 4 - KB963093

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567053)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2619339)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2639417)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB2653956)

Security Update for Windows XP (KB2655992)

Security Update for Windows XP (KB2659262)

Security Update for Windows XP (KB2660465)

Security Update for Windows XP (KB2661637)

Security Update for Windows XP (KB2676562)

Security Update for Windows XP (KB2686509)

Security Update for Windows XP (KB2691442)

Security Update for Windows XP (KB2698365)

Security Update for Windows XP (KB2705219)

Security Update for Windows XP (KB2707511)

Security Update for Windows XP (KB2712808)

Security Update for Windows XP (KB2719985)

Security Update for Windows XP (KB2723135)

Security Update for Windows XP (KB2724197)

Security Update for Windows XP (KB2727528)

Security Update for Windows XP (KB2731847)

Security Update for Windows XP (KB2761226)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB923789)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951376)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953839)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

Signature995

Spybot - Search & Destroy

SUPERAntiSpyware Free Edition

SyncBack

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Infopath 2007 Help (KB963662)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760413) 32-Bit Edition

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Update for Windows Internet Explorer 8 (KB2598845)

Update for Windows Internet Explorer 8 (KB973874)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows Internet Explorer 8 (KB976749)

Update for Windows Internet Explorer 8 (KB978506)

Update for Windows Internet Explorer 8 (KB980182)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2492386)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2607712)

Update for Windows XP (KB2616676)

Update for Windows XP (KB2641690)

Update for Windows XP (KB2661254-v2)

Update for Windows XP (KB2718704)

Update for Windows XP (KB2736233)

Update for Windows XP (KB2749655)

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

VC 9.0 Runtime

VC80CRTRedist - 8.0.50727.4053

Visual C++ 2008 x86 Runtime - (v9.0.30729)

Visual C++ 2008 x86 Runtime - v9.0.30729.01

VLC media player 1.1.8

WebFldrs XP

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Imaging Component

Windows Internet Explorer 7

Windows Internet Explorer 8

Windows Live OneCare safety scanner

Windows Media Format 11 runtime

Windows Media Format SDK Hotfix - KB891122

Windows Media Player 11

Windows Presentation Foundation

Windows XP Service Pack 3

XML Paper Specification Shared Components Pack 1.0

Yahoo! Photos Easy Upload Tool

Yahoo! Photos Print-at-Home Tool

.

==== Event Viewer Messages From Past Week ========

.

12/1/2012 8:40:16 AM, error: Dhcp [1002] - The IP address lease 192.168.1.100 for the Network Card with network address 00065B903DE3 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

11/26/2012 6:03:47 AM, error: Dhcp [1002] - The IP address lease 192.168.1.101 for the Network Card with network address 00065B903DE3 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

.

==== End Of File ===========================

Link to post
Share on other sites

Step 1

Please uninstall this application: BitTorrent

Step 2

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\ESET\Eset Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic

Step 3

Download aswMBR.exe to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

aswMBR2-1.gif

On completion of the scan click save log, save it to your desktop and post in your next reply

aswMBR2.png

In your next reply, post the following log files:

  • ESET Online Scanner log
  • aswMBR log

Link to post
Share on other sites

Here are the logs:

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

esets_scanner_update returned -1 esets_gle=53251

# version=7

# IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=badc5ec42a880742ba171922e0cd9fe6

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-12-04 01:01:21

# local_time=2012-12-03 08:01:21 (-0500, Eastern Standard Time)

# country="United States"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=768 16777215 100 0 82177391 82177391 0 0

# compatibility_mode=5891 16776533 42 87 0 50514151 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=0

# found=0

# cleaned=0

# scan_time=0

# version=7

# IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=badc5ec42a880742ba171922e0cd9fe6

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-12-04 02:50:29

# local_time=2012-12-03 09:50:29 (-0500, Eastern Standard Time)

# country="United States"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=768 16777215 100 0 82177651 82177651 0 0

# compatibility_mode=5891 16776869 42 87 0 50514411 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=93889

# found=3

# cleaned=3

# scan_time=6291

D:\Shared Drive\backup\Programs\Coupon Printers\Coupons Dot Com Printer\CouponPrinter.exe probably a variant of Win32/Adware.Softomate.AD application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

D:\Shared Drive\backup\Programs\DVD_Video\Players\VLCfree\VLC_32.exe a variant of Win32/InstallIQ application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

D:\Shared Drive\backup\Programs\Utilities\PandoraRecovery Undelete\cnet_PandoraRecovery2_1_1Setup_exe.exe a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software

Run date: 2012-12-03 22:06:29

-----------------------------

22:06:29.359 OS Version: Windows 5.1.2600 Service Pack 3

22:06:29.359 Number of processors: 1 586 0x102

22:06:29.359 ComputerName: DELL1 UserName: Admin

22:06:30.481 Initialize success

22:11:00.249 AVAST engine defs: 12120301

22:11:12.737 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3

22:11:12.737 Disk 0 Vendor: WDC_WD2500JB-00REA0 20.00K20 Size: 238475MB BusType: 3

22:11:12.747 Disk 0 MBR read successfully

22:11:12.747 Disk 0 MBR scan

22:11:12.827 Disk 0 Windows XP default MBR code

22:11:12.827 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 99998 MB offset 63

22:11:12.827 Disk 0 Partition - 00 0F Extended LBA 138466 MB offset 204796620

22:11:12.857 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 138466 MB offset 204796683

22:11:12.867 Disk 0 scanning sectors +488376000

22:11:12.997 Disk 0 scanning C:\WINDOWS\system32\drivers

22:11:25.735 Service scanning

22:11:41.278 Modules scanning

22:11:48.838 Disk 0 trace - called modules:

22:11:49.169 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys PCIIDEX.SYS

22:11:49.169 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82382ab8]

22:11:49.169 3 CLASSPNP.SYS[f8576fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x823a26d0]

22:11:49.830 AVAST engine scan C:\WINDOWS

22:12:03.309 AVAST engine scan C:\WINDOWS\system32

22:15:44.818 AVAST engine scan C:\WINDOWS\system32\drivers

22:16:09.193 AVAST engine scan C:\Documents and Settings\Admin

22:23:00.965 AVAST engine scan C:\Documents and Settings\All Users

22:24:05.648 Scan finished successfully

22:36:04.151 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Admin\Desktop\MBR.dat"

22:36:04.161 The log file has been saved successfully to "C:\Documents and Settings\Admin\Desktop\aswMBR.txt"

Link to post
Share on other sites

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named)

Click the cog in the upper right

AVPfront.gif

Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan

avpsettings.gif

Allow AVP to delete all infections found

Once it has finished select report tab (last tab)

Select Detected threads report from the left and press Save button

Save it to your desktop and post it in your next reply.

Link to post
Share on other sites

Here's the Kaspersky log:

Status: Disinfected (events: 2)

12/4/2012 10:16:04 PM Disinfected Trojan program Trojan.Win32.Oficla.eo UM_Exchange\Archive1\Top of Personal Folders\Inbox\[From:McConville, Amanda][subject:FW: Fedex Invoice copy N8894787][Time:2010/08/24 15:34:42]/FEDEXInvoiceEE572504OP.zip High

12/4/2012 10:16:03 PM Disinfected Trojan program Trojan.Win32.Oficla.eo UM_Exchange\Archive1\Top of Personal Folders\Inbox\[From:McConville, Amanda][subject:FW: Fedex Invoice copy N8894787][Time:2010/08/24 15:34:42]/FEDEXInvoiceEE572504OP.zip/FedexInvoice_EE776129.exe High

Status: Deleted (events: 2)

12/5/2012 7:10:46 AM Deleted Trojan program Trojan.Win32.Swisyn.cnpe D:\Shared Drive\backup\Programs\Bleeping\OTL.exe High

12/5/2012 6:15:58 PM Deleted Trojan program Trojan.Win32.Swisyn.cnpe D:\System Volume Information\_restore{BBCB31A8-FC60-4E6F-83E1-FF8611C6E7DD}\RP1126\A0119895.exe High

Link to post
Share on other sites

Not noticing any difference in performance. Everything seems to work, it just takes 5 minutes for a web page to load (for example). It can take about 30 seconds to switch between windows. Not sure if this will help but here are some observations. I was curious and looked at the runnung processes in windows task manager and found multiple instancs of chrome.exe running when I only had 1 window and 1 tab open. I monitored the processes while trying to open the following web page (after googling for an answer). The web page took about 5 minutes to load and I.E. was hogging over 250MB memory. I tried opening the same web page in chrome which took just as long but chrome only used about 80MB. The strange thing is that the CPU usage is usually under 30% while I am waiting for it to complete a simple task.

http://productforums.google.com/forum/#!topic/chrome/og-xdL55RJM

Link to post
Share on other sites

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Link to post
Share on other sites

Here's the junkware log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 3.9.6 (12.07.2012:1)

OS: Microsoft Windows XP x86

Ran by Admin on Fri 12/07/2012 at 20:46:40.40

Blog: http://thisisudax.blogspot.com

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] "hkey_local_machine\software\freeze.com"

Successfully deleted: [Registry Key] hkey_classes_root\clsid\{9afb8248-617f-460d-9366-d71cdeda3179}

Successfully deleted: [Registry Key] "hkey_current_user\software\apn pip"

Successfully deleted: [Registry Key] "hkey_current_user\software\pip"

Successfully deleted: [Registry Key] "hkey_local_machine\software\pip"

~~~ Files

~~~ Folders

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Fri 12/07/2012 at 20:56:45.59

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Link to post
Share on other sites

Download TFC to your desktop

  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

Let me know how are things then.

Link to post
Share on other sites

Here you go...

RogueKiller V8.4.0 [Dec 18 2012] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User : Admin [Admin rights]

Mode : Scan -- Date : 12/18/2012 18:42:40

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 5 ¤¤¤

[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND

[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND

[HJ] HKCU\[...]\Internet Settings : WarnOnHTTPSToHTTPRedirect (0) -> FOUND

[HJ] HKLM\[...]\Internet Settings : WarnOnHTTPSToHTTPRedirect (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost

127.0.0.1 www.007guard.com

127.0.0.1 007guard.com

127.0.0.1 008i.com

127.0.0.1 www.008k.com

127.0.0.1 008k.com

127.0.0.1 www.00hq.com

127.0.0.1 00hq.com

127.0.0.1 010402.com

127.0.0.1 www.032439.com

127.0.0.1 032439.com

127.0.0.1 www.0scan.com

127.0.0.1 0scan.com

127.0.0.1 1000gratisproben.com

127.0.0.1 www.1000gratisproben.com

127.0.0.1 1001namen.com

127.0.0.1 www.1001namen.com

127.0.0.1 100888290cs.com

127.0.0.1 www.100888290cs.com

127.0.0.1 www.100sexlinks.com

[...]

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD2500JB-00REA0 +++++

--- User ---

[MBR] 1c1d3deb69840e93181e332dfa55fdd6

[bSP] c192851ad45fabb46a2564533df54248 : Windows XP MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 99998 Mo

1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 204796620 | Size: 138466 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1]_S_12182012_02d1842.txt >>

RKreport[1]_S_12182012_02d1842.txt

Link to post
Share on other sites

  • Staff

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.