fvs Posted March 20, 2013 ID:659109 Share Posted March 20, 2013 Hello, Recently I've have noticed that Malwarebytes' icon is greyed out and i am unable to click on the "Enable malicious web site blocking" check mark. Not sure if my computer is or is not infected. Please let me know if there is anything else I need to run to resolve this issue. Thank you. Here are the results from the DDS and Attach: DDSDDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 7.0.6000.17117 BrowserJavaVersion: 1.6.0_24Run by Fabrizio at 9:31:09 on 2013-03-20Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1551 [GMT -7:00].AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}.============== Running Processes ================.C:\WINDOWS\system32\spoolsv.exeC:\Program Files\Avira\AntiVir Desktop\sched.exeC:\Program Files\Avira\AntiVir Desktop\avguard.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exeC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\Analog Devices\SoundMAX\SMAgent.exeC:\Program Files\Intel\Intel® Active Monitor\imonnt.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exeC:\Program Files\Analog Devices\SoundMAX\Smax4.exeC:\Program Files\Avira\AntiVir Desktop\avshadow.exeC:\WINDOWS\system32\wscntfy.exeC:\Program Files\Logitech\iTouch\iTouch.exeC:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb01.exeC:\Program Files\Intel\Intel® Active Monitor\imontray.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\Avira\AntiVir Desktop\avgnt.exeC:\Program Files\Logitech\MouseWare\system\em_exec.exeC:\Program Files\iTunes\iTunesHelper.exeC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\system32\imapi.exeC:\WINDOWS\System32\alg.exeC:\Program Files\iPod\bin\iPodService.exeC:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\WINDOWS\system32\wbem\wmiprvse.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\System32\svchost.exe -k NetworkServiceC:\WINDOWS\System32\svchost.exe -k LocalServiceC:\WINDOWS\System32\svchost.exe -k LocalServiceC:\WINDOWS\System32\svchost.exe -k imgsvc.============== Pseudo HJT Report ===============.uStart Page = hxxp://www.google.com/ig?hl=enuSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sb/*http://www.yahoo.com/search/ie.htmluSearch Page = hxxp://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sp/*http://www.yahoo.comuSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7uInternet Connection Wizard,ShellNext = iexploreuProxyOverride = local;*.localdURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - BHO: PodcastBHO Class: {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} - c:\program files\common files\doubletwist\IEPodcastPlugin.dllBHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - BHO: AcroIEToolbarHelper Class: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dllBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dllTB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dllEB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - <orphaned>EB: Adobe PDF: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dllEB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - <orphaned>uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exeuRun: [Google Update] "c:\documents and settings\owner\local settings\application data\google\update\GoogleUpdate.exe" /cmRun: [soundMAXPnP] "c:\program files\analog devices\soundmax\SMax4PNP.exe"mRun: [soundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /traymRun: [PRONoMgr.exe] "c:\program files\intel\ncs\proset\PRONoMgr.exe"mRun: [zBrowser Launcher] "c:\program files\logitech\itouch\iTouch.exe"mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb01.exemRun: [Logitech Utility] Logi_MwX.ExemRun: [iMONTRAY] "c:\program files\intel\intel® active monitor\imontray.exe"mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exemRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartupmRun: [nwiz] nwiz.exe /installmRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInitmRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /minmRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottimemRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\natura~1.lnk - c:\program files\sec\natural color\NaturalColorLoad.exeuPolicies-Explorer: NoDriveTypeAutoRun = dword:145uPolicies-Explorer: SpecifyDefaultButtons = dword:0mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1mPolicies-Explorer: NoDriveTypeAutoRun = dword:145IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe.INFO: HKCU has more than 50 listed domains.If you wish to scan all of them, select the 'Force scan all domains' option...INFO: HKLM has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option..DPF: Video Poker - hxxp://download.games.yahoo.com/games/clients/y/vpt0_x.cabDPF: Yahoo! Blackjack - hxxp://download.games.yahoo.com/games/clients/y/jt0_x.cabDPF: Yahoo! Checkers - hxxp://download.games.yahoo.com/games/clients/y/kt3_x.cabDPF: Yahoo! Literati - hxxp://download.games.yahoo.com/games/clients/y/tt3_x.cabDPF: Yahoo! Poker - hxxp://download.games.yahoo.com/games/clients/y/pt3_x.cabDPF: Yahoo! Pool 2 - hxxp://download.games.yahoo.com/games/clients/y/pote_x.cabDPF: {00000055-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/fhg.CABDPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cabDPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cabDPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cabDPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cabDPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cabDPF: {27527D31-447B-11D5-A46E-0001023B4289} - hxxp://gamingzone.ubisoft.com/dev/packages/GSManager.cabDPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} - hxxp://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cabDPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CABDPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} - hxxp://musicstore.connect.com/XSL/mb_us/html/activexplayer/SMALStreaming.cabDPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1344877726234DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cabDPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cabDPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://139.182.163.172/activex/AxisCamControl.cabDPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} - hxxp://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cabDPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37863.8880439815DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cabDPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cabDPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} - hxxp://download.toontown.com/sv1.0.14.48/ttinst.cabDPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cabDPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabHandler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLLSSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll.================= FIREFOX ===================.FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\7tauvwq9.default\FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=FF - plugin: c:\documents and settings\owner\local settings\application data\google\update\1.3.21.135\npGoogleUpdate3.dllFF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dllFF - plugin: c:\program files\common files\doubletwist\NPPodcast.dllFF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dllFF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_6_602_171.dll.============= SERVICES / DRIVERS ===============.R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-11-2 36552]R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2012-11-2 86752]R2 AntiVirService;Avira Real-Time Protection;c:\program files\avira\antivir desktop\avguard.exe [2012-11-2 110816]R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-11-2 83944]R2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys [2011-3-9 6656]R2 litsgt;litsgt;c:\windows\system32\drivers\litsgt.sys [2007-2-16 137344]R2 tansgt;tansgt;c:\windows\system32\drivers\tansgt.sys [2007-2-16 12032]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-9-12 398184]S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-4-1 682344]S3 aaudstum;aaudstum;\??\c:\docume~1\owner\locals~1\temp\aaudstum.sys --> c:\docume~1\owner\locals~1\temp\aaudstum.sys [?]S3 AE1000;Linksys AE1000 Driver;c:\windows\system32\drivers\AE1000XP.sys [2010-8-24 816672]S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2011-8-22 20032]S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-4-1 21104]S3 NeroCd2k;NeroCd2k;c:\windows\system32\drivers\NeroCD2k.sys [2001-4-16 44227]S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]S4 Ipsvlasnka;Ipsvlasnka; [x].=============== File Associations ===============.FileExt: .reg: regfile=c:\windows\system32\NOTEPAD.EXE %1 [default=edit]FileExt: .js: Applications\Homesite+.exe=c:\program files\macromedia\homesite+\Homesite+.exe %1 [userChoice].=============== Created Last 30 ================.2013-03-14 19:45:40 -------- d-----w- c:\program files\iPod2013-03-14 19:45:35 -------- d-----w- c:\documents and settings\all users\application data\188F1432-103A-4ffb-80F1-36B633C5C9E1.==================== Find3M ====================.2013-03-14 20:09:38 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2013-03-14 20:09:38 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe2013-02-15 16:23:23 22 --sha-w- c:\windows\90C7D912BE2316.sys2013-02-15 16:23:23 22 --sha-w- c:\documents and settings\owner\application data\Windows1569_SettingsRepository.bin2013-01-26 03:55:44 552448 ------w- c:\windows\system32\oleaut32.dll2013-01-07 01:19:45 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe2013-01-07 00:37:01 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe2013-01-04 01:20:00 1867264 ----a-w- c:\windows\system32\win32k.sys2013-01-02 06:49:10 148992 ----a-w- c:\windows\system32\mpg2splt.ax2013-01-02 06:49:10 1292288 ----a-w- c:\windows\system32\quartz.dll2012-12-27 04:24:26 83944 ----a-w- c:\windows\system32\drivers\avgntflt.sys2012-12-26 20:43:21 832512 ----a-w- c:\windows\system32\wininet.dll2012-12-26 20:43:21 1830912 ----a-w- c:\windows\system32\inetcpl.cpl2012-12-26 20:43:20 78336 ----a-w- c:\windows\system32\ieencode.dll2012-12-26 20:43:20 17408 ----a-w- c:\windows\system32\corpol.dll2008-05-16 21:01:00 510 ----a-w- c:\program files\layout.bin2008-05-16 21:01:00 112128 ----a-w- c:\program files\setup.exe.============= FINISH: 9:32:18.43 ===============Attach.UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows XP ProfessionalBoot Device: \Device\HarddiskVolume1Install Date: 6/14/2003 4:53:47 PMSystem Uptime: 3/20/2013 8:55:37 AM (1 hours ago).Motherboard: Intel Corporation | | D865PERL Processor: Intel® Pentium® 4 CPU 2.40GHz | J2E1 | 2394/200mhz.==== Disk Partitions =========================.A: is RemovableC: is FIXED (NTFS) - 112 GiB total, 29.453 GiB free.D: is CDROM ()E: is CDROM ()F: is Removable.==== Disabled Device Manager Items =============.Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}Description: Wireless-G PCI AdapterDevice ID: PCI\VEN_14E4&DEV_4320&SUBSYS_00131737&REV_02\4&2E98101C&0&08F0Manufacturer: LinksysName: Wireless-G PCI AdapterPNP Device ID: PCI\VEN_14E4&DEV_4320&SUBSYS_00131737&REV_02\4&2E98101C&0&08F0Service: BCM43XX.Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}Description: 1394 Net AdapterDevice ID: V1394\NIC1394\6A5A967E900Manufacturer: MicrosoftName: 1394 Net AdapterPNP Device ID: V1394\NIC1394\6A5A967E900Service: NIC1394.Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}Description: Intel® PRO/100 VE Network ConnectionDevice ID: PCI\VEN_8086&DEV_1050&SUBSYS_30208086&REV_01\4&2E98101C&0&40F0Manufacturer: IntelName: Intel® PRO/100 VE Network ConnectionPNP Device ID: PCI\VEN_8086&DEV_1050&SUBSYS_30208086&REV_01\4&2E98101C&0&40F0Service: E100B.==== System Restore Points ===================.RP55: 1/4/2013 12:22:35 PM - System CheckpointRP56: 1/7/2013 12:37:40 PM - System CheckpointRP57: 1/10/2013 10:08:47 AM - System CheckpointRP58: 1/18/2013 9:51:17 AM - System CheckpointRP59: 2/12/2013 9:27:57 AM - System CheckpointRP60: 2/18/2013 11:45:18 AM - System CheckpointRP61: 2/18/2013 2:04:13 PM - Software Distribution Service 3.0RP62: 2/18/2013 3:23:18 PM - Software Distribution Service 3.0RP63: 2/28/2013 12:27:05 PM - System CheckpointRP64: 3/3/2013 2:22:30 PM - System CheckpointRP65: 3/14/2013 1:34:34 PM - System CheckpointRP66: 3/15/2013 9:32:00 PM - System Checkpoint.==== Installed Programs ======================.Adobe Acrobat 6.0.1 StandardAdobe Flash Player 11 ActiveXAdobe Flash Player 11 PluginAdobe Illustrator 10.0.3Adobe Photoshop 7.0.1Adobe Reader X (10.1.6)Adobe Shockwave Player 11Adobe SVG Viewer 3.0Apple Application SupportApple Mobile Device SupportApple Software UpdateAvira Free AntivirusBonjourCamera WindowCanon Camera Window for ZoomBrowser EXCanon PhotoRecordCanon Utilities File Viewer Utility 1.2Canon Utilities PhotoStitch 3.1Canon Utilities RemoteCapture 2.7Canon Utilities ZoomBrowser EXCisco ConnectCuteFTPDisney's Toontown OnlinedoubleTwistEnter The MatrixEye Candy 4000eyeQFlash Video Exporter 1.2FreeRIP v3.02GiPo@MoveOnBoot 1.9.5Google ChromeHotfix for Microsoft .NET Framework 3.0 (KB932471)Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)Hotfix for Windows Internet Explorer 7 (KB947864)Hotfix for Windows XP (KB2158563)Hotfix for Windows XP (KB2443685)Hotfix for Windows XP (KB2570791)Hotfix for Windows XP (KB2633952)Hotfix for Windows XP (KB2779562)Hotfix for Windows XP (KB952287)Hotfix for Windows XP (KB954550-v5)Hotfix for Windows XP (KB961118)Hotfix for Windows XP (KB970653-v3)Hotfix for Windows XP (KB976098-v2)Hotfix for Windows XP (KB979306)Hotfix for Windows XP (KB981793)hp deskjet 990c series (Remove only)Intel® Active MonitorIntel® PRO Network Adapters and DriversIntel® PROSetInternet Explorer Q903235InterVideo DeviceServiceiTunesJava Auto UpdaterJava 6 Update 24jv16 PowerTools 2010jv16 PowerTools 2012Kies miniLogitech iTouch SoftwareLogitech MouseWare 9.79.1 Macromedia ColdFusion Report BuilderMacromedia Dreamweaver MX 2004Macromedia Extension ManagerMacromedia Fireworks MX 2004Macromedia Flash MX 2004Macromedia FreeHand MXaMacromedia HomeSite+Malwarebytes Anti-Malware version 1.70.0.1100Microsoft .NET Framework 2.0 Service Pack 2Microsoft .NET Framework 3.0 Service Pack 2Microsoft .NET Framework 3.5 SP1Microsoft .NET Framework 4 Client ProfileMicrosoft .NET Framework 4 ExtendedMicrosoft Compression Client Pack 1.0 for Windows XPMicrosoft Data Access Components KB870669Microsoft Internationalized Domain Names Mitigation APIsMicrosoft Kernel-Mode Driver Framework Feature Pack 1.5Microsoft National Language Support Downlevel APIsMicrosoft Office XP ProfessionalMicrosoft Text-to-Speech Engine 4.0 (English)Microsoft User-Mode Driver Framework Feature Pack 1.0Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219Microsoft Windows Journal ViewerMobileMe Control PanelMozilla Firefox 18.0.2 (x86 en-US)Mozilla Maintenance ServiceMSXML 4.0 SP2 (KB927978)MSXML 4.0 SP2 (KB936181)MSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)MSXML 4.0 SP2 Parser and SDKMSXML 6 Service Pack 2 (KB973686)Natural ColorNero - Burning RomNero Fast CD-Burning Plug-inNVDVDNVIDIA DriversPhotoStitchQuake III ArenaQuickTimeRemoteCapture 2.7.0SafariSecurity Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)Security Update for Microsoft .NET Framework 4 Extended (KB2416472)Security Update for Microsoft .NET Framework 4 Extended (KB2487367)Security Update for Microsoft .NET Framework 4 Extended (KB2656351)Security Update for Microsoft .NET Framework 4 Extended (KB2736428)Security Update for Microsoft .NET Framework 4 Extended (KB2742595)Security Update for Microsoft Windows (KB2564958)Security Update for Windows Internet Explorer 7 (KB2183461)Security Update for Windows Internet Explorer 7 (KB2360131)Security Update for Windows Internet Explorer 7 (KB2416400)Security Update for Windows Internet Explorer 7 (KB2482017)Security Update for Windows Internet Explorer 7 (KB2497640)Security Update for Windows Internet Explorer 7 (KB2530548)Security Update for Windows Internet Explorer 7 (KB2544521)Security Update for Windows Internet Explorer 7 (KB2559049)Security Update for Windows Internet Explorer 7 (KB2618444)Security Update for Windows Internet Explorer 7 (KB2699988)Security Update for Windows Internet Explorer 7 (KB2792100)Security Update for Windows Internet Explorer 7 (KB2797052)Security Update for Windows Internet Explorer 7 (KB928090)Security Update for Windows Internet Explorer 7 (KB929969)Security Update for Windows Internet Explorer 7 (KB931768)Security Update for Windows Internet Explorer 7 (KB933566)Security Update for Windows Internet Explorer 7 (KB937143)Security Update for Windows Internet Explorer 7 (KB938127)Security Update for Windows Internet Explorer 7 (KB939653)Security Update for Windows Internet Explorer 7 (KB942615)Security Update for Windows Internet Explorer 7 (KB944533)Security Update for Windows Internet Explorer 7 (KB958215)Security Update for Windows Internet Explorer 7 (KB960714)Security Update for Windows Internet Explorer 7 (KB961260)Security Update for Windows Internet Explorer 7 (KB963027)Security Update for Windows Internet Explorer 7 (KB969897)Security Update for Windows Internet Explorer 7 (KB972260)Security Update for Windows Internet Explorer 7 (KB976325)Security Update for Windows Internet Explorer 7 (KB978207)Security Update for Windows Internet Explorer 7 (KB982381)Security Update for Windows Media Player (KB2378111)Security Update for Windows Media Player (KB911564)Security Update for Windows Media Player (KB952069)Security Update for Windows Media Player (KB954155)Security Update for Windows Media Player (KB968816)Security Update for Windows Media Player (KB973540)Security Update for Windows Media Player (KB975558)Security Update for Windows Media Player (KB978695)Security Update for Windows Media Player (KB979402)Security Update for Windows Media Player 9 (KB911565)Security Update for Windows Media Player 9 (KB917734)Security Update for Windows Media Player 9 (KB936782)Security Update for Windows Media Player 9 Series (KB969878)Security Update for Windows XP (KB2079403)Security Update for Windows XP (KB2121546)Security Update for Windows XP (KB2160329)Security Update for Windows XP (KB2229593)Security Update for Windows XP (KB2259922)Security Update for Windows XP (KB2279986)Security Update for Windows XP (KB2286198)Security Update for Windows XP (KB2296011)Security Update for Windows XP (KB2296199)Security Update for Windows XP (KB2347290)Security Update for Windows XP (KB2360937)Security Update for Windows XP (KB2387149)Security Update for Windows XP (KB2393802)Security Update for Windows XP (KB2412687)Security Update for Windows XP (KB2419632)Security Update for Windows XP (KB2423089)Security Update for Windows XP (KB2436673)Security Update for Windows XP (KB2440591)Security Update for Windows XP (KB2443105)Security Update for Windows XP (KB2476490)Security Update for Windows XP (KB2476687)Security Update for Windows XP (KB2478960)Security Update for Windows XP (KB2478971)Security Update for Windows XP (KB2479628)Security Update for Windows XP (KB2479943)Security Update for Windows XP (KB2481109)Security Update for Windows XP (KB2483185)Security Update for Windows XP (KB2485376)Security Update for Windows XP (KB2485663)Security Update for Windows XP (KB2503658)Security Update for Windows XP (KB2503665)Security Update for Windows XP (KB2506212)Security Update for Windows XP (KB2506223)Security Update for Windows XP (KB2507618)Security Update for Windows XP (KB2507938)Security Update for Windows XP (KB2508272)Security Update for Windows XP (KB2508429)Security Update for Windows XP (KB2509553)Security Update for Windows XP (KB2510581)Security Update for Windows XP (KB2511455)Security Update for Windows XP (KB2524375)Security Update for Windows XP (KB2535512)Security Update for Windows XP (KB2536276-v2)Security Update for Windows XP (KB2536276)Security Update for Windows XP (KB2544893-v2)Security Update for Windows XP (KB2544893)Security Update for Windows XP (KB2555917)Security Update for Windows XP (KB2562937)Security Update for Windows XP (KB2566454)Security Update for Windows XP (KB2567680)Security Update for Windows XP (KB2570222)Security Update for Windows XP (KB2570947)Security Update for Windows XP (KB2584146)Security Update for Windows XP (KB2585542)Security Update for Windows XP (KB2592799)Security Update for Windows XP (KB2598479)Security Update for Windows XP (KB2603381)Security Update for Windows XP (KB2618451)Security Update for Windows XP (KB2619339)Security Update for Windows XP (KB2620712)Security Update for Windows XP (KB2624667)Security Update for Windows XP (KB2631813)Security Update for Windows XP (KB2633171)Security Update for Windows XP (KB2639417)Security Update for Windows XP (KB2646524)Security Update for Windows XP (KB2653956)Security Update for Windows XP (KB2655992)Security Update for Windows XP (KB2659262)Security Update for Windows XP (KB2661637)Security Update for Windows XP (KB2676562)Security Update for Windows XP (KB2685939)Security Update for Windows XP (KB2686509)Security Update for Windows XP (KB2691442)Security Update for Windows XP (KB2695962)Security Update for Windows XP (KB2698365)Security Update for Windows XP (KB2705219-v2)Security Update for Windows XP (KB2707511)Security Update for Windows XP (KB2712808)Security Update for Windows XP (KB2718523)Security Update for Windows XP (KB2719985)Security Update for Windows XP (KB2723135-v2)Security Update for Windows XP (KB2727528)Security Update for Windows XP (KB2753842-v2)Security Update for Windows XP (KB2757638)Security Update for Windows XP (KB2758857)Security Update for Windows XP (KB2770660)Security Update for Windows XP (KB2778344)Security Update for Windows XP (KB2780091)Security Update for Windows XP (KB2799494)Security Update for Windows XP (KB2802968)Security Update for Windows XP (KB923561)Security Update for Windows XP (KB923689)Security Update for Windows XP (KB938464)Security Update for Windows XP (KB941569)Security Update for Windows XP (KB946648)Security Update for Windows XP (KB950762)Security Update for Windows XP (KB950974)Security Update for Windows XP (KB951066)Security Update for Windows XP (KB951376-v2)Security Update for Windows XP (KB951698)Security Update for Windows XP (KB951748)Security Update for Windows XP (KB952004)Security Update for Windows XP (KB952954)Security Update for Windows XP (KB954211)Security Update for Windows XP (KB954600)Security Update for Windows XP (KB955069)Security Update for Windows XP (KB956391)Security Update for Windows XP (KB956572)Security Update for Windows XP (KB956744)Security Update for Windows XP (KB956802)Security Update for Windows XP (KB956803)Security Update for Windows XP (KB956841)Security Update for Windows XP (KB956844)Security Update for Windows XP (KB957095)Security Update for Windows XP (KB957097)Security Update for Windows XP (KB958644)Security Update for Windows XP (KB958687)Security Update for Windows XP (KB958690)Security Update for Windows XP (KB958869)Security Update for Windows XP (KB959426)Security Update for Windows XP (KB960225)Security Update for Windows XP (KB960715)Security Update for Windows XP (KB960803)Security Update for Windows XP (KB960859)Security Update for Windows XP (KB961371)Security Update for Windows XP (KB961373)Security Update for Windows XP (KB961501)Security Update for Windows XP (KB968537)Security Update for Windows XP (KB969059)Security Update for Windows XP (KB969898)Security Update for Windows XP (KB969947)Security Update for Windows XP (KB970238)Security Update for Windows XP (KB970430)Security Update for Windows XP (KB971468)Security Update for Windows XP (KB971486)Security Update for Windows XP (KB971557)Security Update for Windows XP (KB971633)Security Update for Windows XP (KB971657)Security Update for Windows XP (KB971961)Security Update for Windows XP (KB972270)Security Update for Windows XP (KB973346)Security Update for Windows XP (KB973354)Security Update for Windows XP (KB973507)Security Update for Windows XP (KB973525)Security Update for Windows XP (KB973869)Security Update for Windows XP (KB973904)Security Update for Windows XP (KB974112)Security Update for Windows XP (KB974318)Security Update for Windows XP (KB974392)Security Update for Windows XP (KB974571)Security Update for Windows XP (KB975025)Security Update for Windows XP (KB975467)Security Update for Windows XP (KB975560)Security Update for Windows XP (KB975561)Security Update for Windows XP (KB975562)Security Update for Windows XP (KB975713)Security Update for Windows XP (KB977165-v2)Security Update for Windows XP (KB977816)Security Update for Windows XP (KB977914)Security Update for Windows XP (KB978037)Security Update for Windows XP (KB978251)Security Update for Windows XP (KB978262)Security Update for Windows XP (KB978338)Security Update for Windows XP (KB978542)Security Update for Windows XP (KB978601)Security Update for Windows XP (KB978706)Security Update for Windows XP (KB979309)Security Update for Windows XP (KB979482)Security Update for Windows XP (KB979559)Security Update for Windows XP (KB979683)Security Update for Windows XP (KB979687)Security Update for Windows XP (KB980195)Security Update for Windows XP (KB980218)Security Update for Windows XP (KB980232)Security Update for Windows XP (KB980436)Security Update for Windows XP (KB981322)Security Update for Windows XP (KB981349)Security Update for Windows XP (KB981852)Security Update for Windows XP (KB981957)Security Update for Windows XP (KB981997)Security Update for Windows XP (KB982132)Security Update for Windows XP (KB982214)Security Update for Windows XP (KB982665)Security Update for Windows XP (KB982802)ShockwaveSonic FocusSoundMAXSystem Requirements LabTopStyle Lite (Version 3.0)Update for Microsoft .NET Framework 3.5 SP1 (KB963707)Update for Windows Internet Explorer 7 (KB980182)Update for Windows XP (KB2141007)Update for Windows XP (KB2345886)Update for Windows XP (KB2467659)Update for Windows XP (KB2541763)Update for Windows XP (KB2616676-v2)Update for Windows XP (KB2641690)Update for Windows XP (KB2661254-v2)Update for Windows XP (KB2718704)Update for Windows XP (KB2736233)Update for Windows XP (KB2749655)Update for Windows XP (KB951978)Update for Windows XP (KB955759)Update for Windows XP (KB955839)Update for Windows XP (KB967715)Update for Windows XP (KB968389)Update for Windows XP (KB971029)Update for Windows XP (KB971737)Update for Windows XP (KB973687)Update for Windows XP (KB973815)Windows Genuine Advantage Notifications (KB905474)Windows Genuine Advantage v1.3.0254.0Windows Genuine Advantage Validation Tool (KB892130)Windows Imaging ComponentWindows Internet Explorer 7Windows Media Format 11 runtimeWindows Media Player 11Windows Media Player 9 Hotfix [see KB840648 for more information]Windows Media Player 9 Hotfix [see KB885492 for more information]Windows PowerShell 1.0Windows Presentation FoundationWindows XP Service Pack 3XML Paper Specification Shared Components Pack 1.0.==== End Of File =========================== Link to post Share on other sites More sharing options...
MrCharlie Posted March 20, 2013 ID:659114 Share Posted March 20, 2013 Welcome to the forum.Please remove any usb or external drives from the computer before you run this scan!Please download and run RogueKiller to your desktop.RogueKiller<---use this one for 64 bit systemsQuit all running programs.For Windows XP, double-click to start.For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.Click Scan to scan the system.When the scan completes > Close out the program > Don't Fix anything!Don't run any other options, they're not all bad!!!!!!!Post back the report which should be located on your desktop.(please don't put logs in code or quotes)P2P Warning:If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.MrCNote:Removing malware can be unpredictable...things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.<+>The removal of malware isn't instantaneous, please be patient.<+>Please stick with me until I give you the "all clear".------->Your topic will be closed if you haven't replied within 3 days!<--------(If I don't respond within 24 hours, please send me a PM) Link to post Share on other sites More sharing options...
fvs Posted March 21, 2013 Author ID:659441 Share Posted March 21, 2013 Hello MrCharlie, here is the report from roguekiller:RogueKiller V8.5.4 [Mar 18 2013] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/Website : http://tigzy.geekstogo.com/roguekiller.phpBlog : http://tigzyrk.blogspot.com/Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits versionStarted in : Normal modeUser : Fabrizio [Admin rights]Mode : Scan -- Date : 03/21/2013 10:40:26| ARK || FAK || MBR |¤¤¤ Bad processes : 0 ¤¤¤¤¤¤ Registry Entries : 0 ¤¤¤¤¤¤ Particular Files / Folders: ¤¤¤¤¤¤ Driver : [LOADED] ¤¤¤SSDT[25] : NtClose @ 0x8056F8D7 -> HOOKED (Unknown @ 0xB9C80684)SSDT[41] : NtCreateKey @ 0x80578ABE -> HOOKED (Unknown @ 0xB9C8063E)SSDT[50] : NtCreateSection @ 0x8056DB66 -> HOOKED (Unknown @ 0xB9C8068E)SSDT[53] : NtCreateThread @ 0x805860C0 -> HOOKED (Unknown @ 0xB9C80634)SSDT[63] : NtDeleteKey @ 0x8059A5CD -> HOOKED (Unknown @ 0xB9C80643)SSDT[65] : NtDeleteValueKey @ 0x805991EC -> HOOKED (Unknown @ 0xB9C8064D)SSDT[68] : NtDuplicateObject @ 0x8057DDAF -> HOOKED (Unknown @ 0xB9C8067F)SSDT[98] : NtLoadKey @ 0x805D608D -> HOOKED (Unknown @ 0xB9C80652)SSDT[122] : NtOpenProcess @ 0x8057BB80 -> HOOKED (Unknown @ 0xB9C80620)SSDT[128] : NtOpenThread @ 0x80596A0F -> HOOKED (Unknown @ 0xB9C80625)SSDT[177] : NtQueryValueKey @ 0x80572F19 -> HOOKED (Unknown @ 0xB9C806A7)SSDT[193] : NtReplaceKey @ 0x8065724C -> HOOKED (Unknown @ 0xB9C8065C)SSDT[200] : NtRequestWaitReplyPort @ 0x8057D89E -> HOOKED (Unknown @ 0xB9C80698)SSDT[204] : NtRestoreKey @ 0x80656DE1 -> HOOKED (Unknown @ 0xB9C80657)SSDT[213] : NtSetContextThread @ 0x8063628D -> HOOKED (Unknown @ 0xB9C80693)SSDT[237] : NtSetSecurityObject @ 0x8059EC29 -> HOOKED (Unknown @ 0xB9C8069D)SSDT[247] : NtSetValueKey @ 0x8057B4EF -> HOOKED (Unknown @ 0xB9C80648)SSDT[255] : NtSystemDebugControl @ 0x80651B27 -> HOOKED (Unknown @ 0xB9C806A2)SSDT[257] : NtTerminateProcess @ 0x8058E6B9 -> HOOKED (Unknown @ 0xB9C8062F)S_SSDT[549] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0xB9C806B6)S_SSDT[552] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0xB9C806BB)¤¤¤ HOSTS File: ¤¤¤--> C:\WINDOWS\system32\drivers\etc\hosts127.0.0.1 localhost¤¤¤ MBR Check: ¤¤¤+++++ PhysicalDrive0: ST3120026AS +++++--- User ---[MBR] 69f07d91d91b7f5e0702abaf8c618a44[bSP] 210a2a26b0eb647057fdc2b59c73864e : Windows XP MBR CodePartition table:0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 114470 MoUser = LL1 ... OK!User = LL2 ... OK!Finished : << RKreport[1]_S_03212013_02d1040.txt >>RKreport[1]_S_03212013_02d1040.txt Link to post Share on other sites More sharing options...
MrCharlie Posted March 21, 2013 ID:659444 Share Posted March 21, 2013 OK, not much showing...lets run some scans:Please create a new system restore point before running Malwarebytes Anti-Rootkit if you can.Download Malwarebytes Anti-Rootkit from HEREUnzip the contents to a folder in a convenient location.Open the folder where the contents were unzipped and run mbar.exeFollow the instructions in the wizard to update and allow the program to scan your computer for threats.Click on the Cleanup button to remove any threats and reboot if prompted to do so.Wait while the system shuts down and the cleanup process is performed.Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txtTo attach a log if needed:Bottom right corner of this page.New window that comes up.~~~~~~~~~~~~~~~~~~~~~~~Note:If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:Internet accessWindows UpdateWindows FirewallIf there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit and reboot.Verify that your system is now functioning normally.MrC Link to post Share on other sites More sharing options...
fvs Posted March 21, 2013 Author ID:659467 Share Posted March 21, 2013 I ran the Malwarebytes Anti-Rootki but no clean up was necessary. Here are the two logs: Mbar LogMalwarebytes Anti-Rootkit BETA 1.01.0.1021www.malwarebytes.orgDatabase version: v2013.03.21.12Windows XP Service Pack 3 x86 NTFSInternet Explorer 7.0.5730.11Fabrizio :: MILAN [administrator]3/21/2013 11:51:41 AMmbar-log-2013-03-21 (11-51-41).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2PScan options disabled: Objects scanned: 26832Time elapsed: 21 minute(s), 30 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 0(No malicious items detected)(end)System-log---------------------------------------Malwarebytes Anti-Rootkit BETA 1.01.0.1021© Malwarebytes Corporation 2011-2012OS version: 5.1.2600 Windows XP Service Pack 3 x86Account is AdministrativeInternet Explorer version: 7.0.5730.11Java version: 1.6.0_24File system is: NTFSDisk drives: C:\ DRIVE_FIXEDCPU speed: 2.393000 GHzMemory total: 2146152448, free: 1473814528------------ Kernel report ------------ 03/21/2013 11:29:28------------ Loaded modules -----------\WINDOWS\system32\ntoskrnl.exe\WINDOWS\system32\hal.dll\WINDOWS\system32\KDCOM.DLL\WINDOWS\system32\BOOTVID.dllACPI.sys\WINDOWS\System32\DRIVERS\WMILIB.SYSpci.sysisapnp.sysohci1394.sys\WINDOWS\System32\DRIVERS\1394BUS.SYSpciide.sys\WINDOWS\System32\DRIVERS\PCIIDEX.SYSMountMgr.sysftdisk.sysdmload.sysdmio.sysPartMgr.sysVolSnap.sysatapi.sysdisk.sys\WINDOWS\System32\DRIVERS\CLASSPNP.SYSfltmgr.syssr.sysPxHelp20.sysKSecDD.sysNtfs.sysNDIS.sysMup.sysagp440.sys\SystemRoot\System32\DRIVERS\SMBios.sys\SystemRoot\System32\DRIVERS\intelppm.sys\SystemRoot\system32\DRIVERS\nv4_mini.sys\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS\SystemRoot\System32\DRIVERS\usbuhci.sys\SystemRoot\System32\DRIVERS\USBPORT.SYS\SystemRoot\System32\DRIVERS\usbehci.sys\SystemRoot\System32\DRIVERS\i8042prt.sys\SystemRoot\System32\DRIVERS\itchfltr.sys\SystemRoot\System32\DRIVERS\kbdclass.sys\SystemRoot\System32\DRIVERS\L8042pr2.Sys\SystemRoot\System32\DRIVERS\LMouFlt2.Sys\SystemRoot\System32\DRIVERS\mouclass.sys\SystemRoot\System32\DRIVERS\fdc.sys\SystemRoot\System32\DRIVERS\serial.sys\SystemRoot\System32\DRIVERS\serenum.sys\SystemRoot\System32\DRIVERS\parport.sys\SystemRoot\System32\DRIVERS\imapi.sys\SystemRoot\System32\DRIVERS\cdrom.sys\SystemRoot\System32\DRIVERS\redbook.sys\SystemRoot\System32\DRIVERS\ks.sys\SystemRoot\System32\Drivers\GEARAspiWDM.sys\SystemRoot\system32\DRIVERS\smb.sys\SystemRoot\system32\drivers\smwdm.sys\SystemRoot\system32\drivers\portcls.sys\SystemRoot\system32\drivers\drmk.sys\SystemRoot\system32\drivers\aeaudio.sys\SystemRoot\system32\drivers\sf.sys\SystemRoot\System32\DRIVERS\audstub.sys\SystemRoot\System32\Drivers\RootMdm.sys\SystemRoot\System32\Drivers\Modem.SYS\SystemRoot\System32\DRIVERS\rasl2tp.sys\SystemRoot\System32\DRIVERS\ndistapi.sys\SystemRoot\System32\DRIVERS\ndiswan.sys\SystemRoot\System32\DRIVERS\raspppoe.sys\SystemRoot\System32\DRIVERS\raspptp.sys\SystemRoot\System32\DRIVERS\TDI.SYS\SystemRoot\System32\DRIVERS\psched.sys\SystemRoot\System32\DRIVERS\msgpc.sys\SystemRoot\System32\DRIVERS\ptilink.sys\SystemRoot\System32\DRIVERS\raspti.sys\SystemRoot\system32\DRIVERS\RimSerial.sys\SystemRoot\System32\DRIVERS\rdpdr.sys\SystemRoot\System32\DRIVERS\termdd.sys\SystemRoot\System32\DRIVERS\swenum.sys\SystemRoot\System32\DRIVERS\update.sys\SystemRoot\system32\drivers\WmBEnum.sys\SystemRoot\system32\drivers\WmXlCore.sys\SystemRoot\System32\DRIVERS\mssmbios.sys\SystemRoot\System32\Drivers\NDProxy.SYS\SystemRoot\System32\DRIVERS\usbhub.sys\SystemRoot\System32\DRIVERS\USBD.SYS\SystemRoot\System32\DRIVERS\flpydisk.sys\SystemRoot\System32\Drivers\Fs_Rec.SYS\SystemRoot\System32\Drivers\Null.SYS\SystemRoot\System32\Drivers\Beep.SYS\SystemRoot\System32\DRIVERS\HIDPARSE.SYS\SystemRoot\System32\drivers\vga.sys\SystemRoot\System32\Drivers\mnmdd.SYS\SystemRoot\System32\DRIVERS\RDPCDD.sys\SystemRoot\System32\Drivers\Msfs.SYS\SystemRoot\System32\Drivers\Npfs.SYS\SystemRoot\System32\DRIVERS\rasacd.sys\SystemRoot\System32\DRIVERS\ipsec.sys\SystemRoot\System32\DRIVERS\tcpip.sys\SystemRoot\System32\DRIVERS\netbt.sys\SystemRoot\System32\DRIVERS\ipnat.sys\SystemRoot\System32\DRIVERS\wanarp.sys\SystemRoot\System32\drivers\afd.sys\SystemRoot\System32\DRIVERS\netbios.sys\SystemRoot\system32\DRIVERS\ssmdrv.sys\SystemRoot\System32\DRIVERS\rdbss.sys\SystemRoot\System32\DRIVERS\mrxsmb.sys\SystemRoot\System32\Drivers\Fips.SYS\SystemRoot\system32\DRIVERS\AE1000XP.sys\SystemRoot\system32\DRIVERS\avkmgr.sys\SystemRoot\system32\DRIVERS\avipbb.sys\SystemRoot\System32\Drivers\Cdfs.SYS\SystemRoot\System32\Drivers\dump_atapi.sys\SystemRoot\System32\Drivers\dump_WMILIB.SYS\SystemRoot\System32\win32k.sys\SystemRoot\System32\drivers\Dxapi.sys\SystemRoot\System32\watchdog.sys\SystemRoot\System32\drivers\dxg.sys\SystemRoot\System32\drivers\dxgthk.sys\SystemRoot\System32\nv4_disp.dll\SystemRoot\System32\ATMFD.DLL\SystemRoot\system32\DRIVERS\avgntflt.sys\??\C:\WINDOWS\system32\drivers\mbam.sys\SystemRoot\System32\DRIVERS\ndisuio.sys\SystemRoot\System32\DRIVERS\mrxdav.sys\SystemRoot\System32\Drivers\ParVdm.SYS\SystemRoot\System32\drivers\aspi32.sys\SystemRoot\system32\drivers\wdmaud.sys\SystemRoot\system32\drivers\sysaudio.sys\??\C:\WINDOWS\system32\drivers\iPodDrv.sys\SystemRoot\system32\DRIVERS\litsgt.sys\SystemRoot\System32\DRIVERS\srv.sys\SystemRoot\System32\DRIVERS\secdrv.sys\??\C:\WINDOWS\system32\drivers\SIODRV.SYS\SystemRoot\system32\DRIVERS\tansgt.sys\SystemRoot\System32\DRIVERS\ipfltdrv.sys\SystemRoot\System32\Drivers\Fastfat.SYS\SystemRoot\system32\drivers\kmixer.sys\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys\WINDOWS\system32\ntdll.dll----------- End -----------<<<1>>>Upper Device Name: \Device\Harddisk1\DR1Upper Device Object: 0xffffffff89b75ab8Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\Ide\IdeDeviceP1T1L0-24\Lower Device Object: 0xffffffff89bbdb00Lower Device Driver Name: \Driver\atapi\Driver name found: atapiInitialization returned 0x0Load Function returned 0x0<<<1>>>Upper Device Name: \Device\Harddisk0\DR0Upper Device Object: 0xffffffff89b6dab8Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\Ide\IdeDeviceP2T0L0-17\Lower Device Object: 0xffffffff89bbed98Lower Device Driver Name: \Driver\atapi\Driver name found: atapiDownloaded database version: v2013.03.21.12Initializing...Done!<<<2>>>Device number: 0, partition: 1Physical Sector Size: 512Drive: 0, DevicePointer: 0xffffffff89b6dab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xffffffff89b7e560, DeviceName: Unknown, DriverName: \Driver\PartMgr\DevicePointer: 0xffffffff89b6dab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\DevicePointer: 0xffffffff89b7db50, DeviceName: \Device\00000070\, DriverName: \Driver\ACPI\DevicePointer: 0xffffffff89bbed98, DeviceName: \Device\Ide\IdeDeviceP2T0L0-17\, DriverName: \Driver\atapi\------------ End ----------Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\Upper DeviceData: 0xffffffffe18eda20, 0xffffffff89b6dab8, 0xffffffff885d69a0Lower DeviceData: 0xffffffffe386b500, 0xffffffff89bbed98, 0xffffffff885fde08<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesScanning directory: C:\WINDOWS\system32\drivers...<<<2>>>Device number: 0, partition: 1<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesThe directory C:\WINDOWS\system32\drivers seems inaccessible or encrypted.Drivers scan is aborted.Done!Drive 0Scanning MBR on drive 0...Inspecting partition table:MBR Signature: 55AADisk Signature: 25226F71Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 63 Numsec = 234436482 Partition file system is NTFS Partition is bootable Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0Disk Size: 120034123776 bytesSector size: 512 bytesScanning physical sectors of unpartitioned space on drive 0 (1-62-234421648-234441648)...Physical Sector Size: 0Drive: 1, DevicePointer: 0xffffffff89b75ab8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xffffffff89b78778, DeviceName: Unknown, DriverName: \Driver\PartMgr\DevicePointer: 0xffffffff89b75ab8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\DevicePointer: 0xffffffff89b719e8, DeviceName: \Device\00000071\, DriverName: \Driver\ACPI\DevicePointer: 0xffffffff89bbdb00, DeviceName: \Device\Ide\IdeDeviceP1T1L0-24\, DriverName: \Driver\atapi\------------ End ----------Done!Performing system, memory and registry scan...Done!Scan finished======================================= Link to post Share on other sites More sharing options...
MrCharlie Posted March 21, 2013 ID:659469 Share Posted March 21, 2013 OK....Next:Please download and run ComboFix.The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.Please visit this webpage for download links, and instructions for running ComboFixhttp://www.bleepingc...to-use-combofixEnsure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Information on disabling your malware programs can be found Here.Make sure you run ComboFix from your desktop. Give it at least 30-45 minutes to finish if needed.Please include the C:\ComboFix.txt in your next reply for further review.---------->NOTE<----------If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.MrC Link to post Share on other sites More sharing options...
fvs Posted March 22, 2013 Author ID:659838 Share Posted March 22, 2013 Here is the log file from the ComboFix scan: ComboFix 13-03-21.02 - Fabrizio 03/22/2013 11:24:51.1.2 - x86Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1616 [GMT -7:00]Running from: c:\documents and settings\Owner\Desktop\ComboFix.exeAV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\documents and settings\Owner\GL4JavbJauGljJNI14.dllc:\documents and settings\Owner\Local Settings\Temporary Internet Files\Sys8787_DataList.binc:\documents and settings\Owner\WINDOWSc:\windows\system32\abdacaf6_d.dllc:\windows\system32\DIFxAPI.dllc:\windows\system32\DIFxAPI.dll\DIFxAPI.dllc:\windows\system32\efaddc2_d.dllc:\windows\system32\SET264.tmpc:\windows\UA000079.DLL..((((((((((((((((((((((((( Files Created from 2013-02-22 to 2013-03-22 )))))))))))))))))))))))))))))))..2013-03-14 19:45 . 2013-03-14 19:45 -------- d-----w- c:\program files\iPod2013-03-14 19:45 . 2013-03-14 19:46 -------- d-----w- c:\documents and settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-03-14 20:09 . 2012-04-03 21:43 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe2013-03-14 20:09 . 2011-05-16 16:12 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2013-02-15 16:23 . 2013-02-15 16:23 22 --sha-w- c:\documents and settings\Owner\Application Data\Windows1569_SettingsRepository.bin2013-01-26 03:55 . 2003-06-14 22:24 552448 ------w- c:\windows\system32\oleaut32.dll2013-01-07 01:19 . 2002-08-29 01:04 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe2013-01-07 00:37 . 2002-08-29 01:04 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe2013-01-04 01:20 . 2003-06-14 22:24 1867264 ----a-w- c:\windows\system32\win32k.sys2013-01-02 06:49 . 2003-11-01 02:58 148992 ----a-w- c:\windows\system32\mpg2splt.ax2013-01-02 06:49 . 2003-05-30 16:00 1292288 ----a-w- c:\windows\system32\quartz.dll2012-12-27 04:24 . 2012-11-02 18:24 83944 ----a-w- c:\windows\system32\drivers\avgntflt.sys2012-12-27 04:24 . 2012-11-02 18:24 134336 ----a-w- c:\windows\system32\drivers\avipbb.sys2012-12-26 20:43 . 2006-06-23 18:33 832512 ----a-w- c:\windows\system32\wininet.dll2012-12-26 20:43 . 2003-06-14 22:24 1830912 ----a-w- c:\windows\system32\inetcpl.cpl2012-12-26 20:43 . 2006-10-07 22:35 78336 ----a-w- c:\windows\system32\ieencode.dll2012-12-26 20:43 . 2003-06-14 22:24 17408 ----a-w- c:\windows\system32\corpol.dll2008-05-16 21:01 . 2008-05-16 21:01 510 ----a-w- c:\program files\layout.bin2008-05-16 21:01 . 2008-05-16 21:01 112128 ----a-w- c:\program files\setup.exe2013-02-18 18:23 . 2013-02-18 18:23 262552 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll2005-09-16 01:26 . 2013-02-18 18:23 44153 ----a-w- c:\program files\mozilla firefox\components\inspector.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-03-20 774144]"PRONoMgr.exe"="c:\program files\Intel\NCS\PROSet\PRONoMgr.exe" [2003-03-11 86016]"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2004-03-18 892928]"HPDJ Taskbar Utility"="c:\windows\System32\spool\drivers\w32x86\3\hpztsb01.exe" [2000-08-07 192512]"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 19968]"IMONTRAY"="c:\program files\Intel\Intel® Active Monitor\imontray.exe" [2005-05-03 32768]"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-17 47392]"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]"nwiz"="nwiz.exe" [2008-05-16 1630208]"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-02-12 385248]"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-02-20 152392].c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2003-7-3 110592]NaturalColorLoad.lnk - c:\program files\SEC\Natural Color\NaturalColorLoad.exe [2006-9-20 155715].[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]"SpecifyDefaultButtons"= 0 (0x0)HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched.[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0).[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"c:\\WINDOWS\\system32\\sessmgr.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Bonjour\\mDNSResponder.exe"="c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"="c:\\Program Files\\iTunes\\iTunes.exe"=.R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [11/2/2012 11:24 AM 36552]R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [11/2/2012 11:24 AM 86752]R2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys [3/9/2011 7:44 PM 6656]R2 litsgt;litsgt;c:\windows\system32\drivers\litsgt.sys [2/16/2007 6:35 PM 137344]R2 tansgt;tansgt;c:\windows\system32\drivers\tansgt.sys [2/16/2007 6:35 PM 12032]R3 AE1000;Linksys AE1000 Driver;c:\windows\system32\drivers\AE1000XP.sys [8/24/2010 1:25 PM 816672]S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [9/12/2012 11:43 AM 398184]S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [4/1/2009 5:09 PM 682344]S3 aaudstum;aaudstum;\??\c:\docume~1\Owner\LOCALS~1\Temp\aaudstum.sys --> c:\docume~1\Owner\LOCALS~1\Temp\aaudstum.sys [?]S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [8/22/2011 11:10 PM 20032]S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [4/1/2009 5:09 PM 21104]S3 NeroCd2k;NeroCd2k;c:\windows\system32\drivers\NeroCD2k.sys [4/16/2001 12:54 PM 44227]S4 Ipsvlasnka;Ipsvlasnka; [x].--- Other Services/Drivers In Memory ---.*Deregistered* - TrueSight.Contents of the 'Scheduled Tasks' folder.2013-03-22 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 20:09].2013-03-16 c:\windows\Tasks\AppleSoftwareUpdate.job- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57].2013-03-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4287081288-3274386564-2991631857-1004Core.job- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-04 17:34].2013-03-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4287081288-3274386564-2991631857-1004UA.job- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-04 17:34]..------- Supplementary Scan -------.uStart Page = hxxp://www.google.com/ig?hl=enuSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7mSearch Bar = uInternet Connection Wizard,ShellNext = iexploreuInternet Settings,ProxyOverride = local;*.localuSearchAssistant = uCustomizeSearch = IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000TCP: DhcpNameServer = 192.168.1.1DPF: DirectAnimation Java ClassesDPF: Microsoft XML Parser for JavaFF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\7tauvwq9.default\FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=..------- File Associations -------.regfile\shell\edit\command=%SystemRoot%\system32\NOTEPAD.EXE %1.- - - - ORPHANS REMOVED - - - -.Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)MSConfigStartUp-jusched - (no file)...**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2013-03-22 11:30Windows 5.1.2600 Service Pack 3 NTFS.scanning hidden processes ... .scanning hidden autostart entries ... .scanning hidden files ... .scan completed successfullyhidden files: 0.**************************************************************************.--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\S-1-5-21-4287081288-3274386564-2991631857-1004\Software\Microsoft\SystemCertificates\AddressBook*]@Allowed: (Read) (RestrictedCode)@Allowed: (Read) (RestrictedCode).[HKEY_USERS\S-1-5-21-1547161642-920026266-682003330-500_Classes\CLSID\{7215100B-E2DF-DAC0-94AB-6526371C16C6}*]"AppID"="{216A23AF-DEDD-5A55-BFE9-458A1BACB68F}".[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe".[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".Completion time: 2013-03-22 11:33:22ComboFix-quarantined-files.txt 2013-03-22 18:33.Pre-Run: 31,412,658,176 bytes freePost-Run: 31,659,073,536 bytes free.WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe[boot loader]timeout=2default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS[operating systems]c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdconsUnsupportedDebug="do not select this" /debugmulti(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn.- - End Of File - - C42A7CA0435A35CEC82E3EE21A797558 Link to post Share on other sites More sharing options...
MrCharlie Posted March 22, 2013 ID:659842 Share Posted March 22, 2013 Please download AdwCleaner from here and save it on your Desktop.AdwCleaner is a reliable removal tool for Adware, Foistware, toolbars and potentially unwanted programs.AdwCleaner is a tool that deletes :· Adwares (software ads)· PUP/LPI (Potentially Undesirable Program)· Toolbars· Hijacker (Hijack of the browser's homepage)It works with a Search and Deletion methode. It can be easily uninstalled using the "Uninstall" mode. Right-click on adwcleaner.exe and select Run As Administrator (for XP just double click) to launch the application.Now click on the Search tab.Please post the contents of the log-file created in your next post.Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1.Note:Please look over what was found......especially any folders, we're going to permanently delete it all in the next step....if there's something you may want to keep...please let me know and I'll explain to why it shouldn't be on your system.If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.MrC Link to post Share on other sites More sharing options...
fvs Posted March 22, 2013 Author ID:659847 Share Posted March 22, 2013 Ok will run it right now. May I uninstall ComboFix? Link to post Share on other sites More sharing options...
fvs Posted March 22, 2013 Author ID:659850 Share Posted March 22, 2013 Here is the scan from AdwCleaner# AdwCleaner v2.115 - Logfile created 03/22/2013 at 11:54:11# Updated 17/03/2013 by Xplode# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)# User : Fabrizio - MILAN# Boot Mode : Normal# Running from : C:\Documents and Settings\Owner\Desktop\adwcleaner.exe# Option [search]***** [services] ********** [Files / Folders] *****Folder Found : C:\Documents and Settings\All Users\Start Menu\Programs\FreeRIP3Folder Found : C:\Program Files\FreeRIP3***** [Registry] *****Key Found : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966***** [internet Browsers] *****-\\ Internet Explorer v7.0.6000.17117[OK] Registry is clean.-\\ Mozilla Firefox v18.0.2 (en-US)File : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7tauvwq9.default\prefs.js[OK] File is clean.File : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7tauvwq9.default\prefs.js[OK] File is clean.File : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7tauvwq9.default\prefs.js[OK] File is clean.File : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7tauvwq9.default\prefs.js[OK] File is clean.-\\ Google Chrome v25.0.1364.172File : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences[OK] File is clean.File : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences[OK] File is clean.File : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences[OK] File is clean.File : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences[OK] File is clean.*************************AdwCleaner[R1].txt - [2036 octets] - [22/03/2013 11:54:11]########## EOF - C:\AdwCleaner[R1].txt - [2096 octets] ########## Link to post Share on other sites More sharing options...
MrCharlie Posted March 22, 2013 ID:659854 Share Posted March 22, 2013 AdwCleaner targeted FreeRIP3 for deletion, is this a program you use?MrC Link to post Share on other sites More sharing options...
fvs Posted March 22, 2013 Author ID:659856 Share Posted March 22, 2013 Yes, i used to use it to rip my cds so that I could put the mp3 files on in my ipod. However, at the moment my cdr-rom and dvd-rom do not work so I haven't had a need to use that program. Link to post Share on other sites More sharing options...
MrCharlie Posted March 22, 2013 ID:659866 Share Posted March 22, 2013 OK, we'll leave it alone.Please do this to reinstall MB:If you have the pro version of MB....make sure you have your license key-----------------------Vista and Windows 7 users:1. These tools MUST be run from the executable. (.exe) every time you run them2. With Admin Rights (Right click, choose "Run as Administrator")Go to your control panels add/remove programs and uninstall MalwareBytes Anti-Malware > rebootDownload and run this cleaner:mbam-clean.exeReboot <---very importantNow download and see if you can install the latest version of MB from here: (disable any malware/anti-virus programs running first)http://fileforum.bet...re/1186760019/1Let me know, MrC Link to post Share on other sites More sharing options...
fvs Posted March 22, 2013 Author ID:659892 Share Posted March 22, 2013 O.K. did what you suggested. However, something very odd happened. When I was re-installing Malwarebytes an old Blackberry Desktop program (that I thought it was no longer in my computer) popped up tried to install itself. When I hit cancel (to install the Blackberry Desktop program) a bunch of failed installation messages popped up. I think the messages were from the Blackberry Desktop program. Link to post Share on other sites More sharing options...
MrCharlie Posted March 22, 2013 ID:659895 Share Posted March 22, 2013 Were you able to install Malwarebytes?? MrC Link to post Share on other sites More sharing options...
fvs Posted March 23, 2013 Author ID:660199 Share Posted March 23, 2013 Yes, I was able to re-install Malwarebytes. The "Enable malicious web site blocking" was checked after yesterday's re-installation. However, this morning the "Enable malicious web site blocking" is once again unchecked and the Malwarebytes icon in the sys tray is once again grayed out. Not sure if that Blackberry desktop installation program that popped up during the re-installation screwed something up with the Malwarebytes re-installation. The thing that's weird is that there seems to be no physical trace of that Blackberry desktop install and yet every time I install a new program on my computer that thing pops up and tries to install as well. May I uninstall ComboFix or do I need to keep it installed?? Link to post Share on other sites More sharing options...
fvs Posted March 23, 2013 Author ID:660203 Share Posted March 23, 2013 I just manually updated the Malwarebytes database to the latest version. Also, in the Settings tab/Updater Settings tab I unchecked both "download and install program updates if available" and "notify me when a program update is ready for installation". I rebooted the computer and now the "Enable malicious web site blocking" is checked and the Malwarebytes Icon in the system tray is blue. Link to post Share on other sites More sharing options...
MrCharlie Posted March 23, 2013 ID:660208 Share Posted March 23, 2013 So it's OK now?? MrC Link to post Share on other sites More sharing options...
fvs Posted March 23, 2013 Author ID:660211 Share Posted March 23, 2013 Yes right now it's OK. May I uninstall ComboFix or do I need to keep it installed?? Link to post Share on other sites More sharing options...
MrCharlie Posted March 23, 2013 ID:660213 Share Posted March 23, 2013 Great.....Lets check your computers security before you go and we have a little cleanup to do also:Download Security Check by screen317 from HERE or HERE.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt.Please Post the contents of that document.Do Not Attach It!!!MrC Link to post Share on other sites More sharing options...
fvs Posted March 25, 2013 Author ID:660831 Share Posted March 25, 2013 This morning when I booted up the computer the Malwarebytes in the sys-tray was grayed out again. I updated to the latest database, rebooted and it was once again blue. However that lasted for about 2 minutes and then it turned gray again. I am going to reboot once again to see if it turns blue again after 2 consecutive reboots. Here are the results from the Security Check scan. Results of screen317's Security Check version 0.99.61 Windows XP Service Pack 3 x86 Internet Explorer 7 Out of date! ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Disabled! Avira Desktop Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.70.0.1100 Java 6 Update 24 Java version out of Date! Adobe Flash Player 11.6.602.180 Adobe Reader 10.1.6 Adobe Reader out of Date! Mozilla Firefox 18.0.2 Firefox out of Date! ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Avira Antivir avgnt.exe Avira Antivir avguard.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C:: 6% ````````````````````End of Log`````````````````````` Link to post Share on other sites More sharing options...
fvs Posted March 25, 2013 Author ID:660835 Share Posted March 25, 2013 Rebooted again and at first the Malwarebytes icon was blue but within two or three minutes it turned gray again. One thing I noticed is that this morning Avira Antivirus is timing out the during the automantic database update. Perhaps Avira is the culprit tripping on Malwarebytes. Malwarebytes is listed in the exceptions but I am thinking that Avira doesn't like it. Link to post Share on other sites More sharing options...
MrCharlie Posted March 25, 2013 ID:660838 Share Posted March 25, 2013 Well uninstall it and install Avast (free), see what happens:http://www.avast.com/en-us/indexExclusions:http://forums.malwar...ndpost&p=655429Let me know.....MrC Link to post Share on other sites More sharing options...
fvs Posted March 25, 2013 Author ID:660845 Share Posted March 25, 2013 OK. So I rebooted once again. However, this time as soon as I had the Avira logo in the system tray I disabled the real time protection so that it wouldn't try to auto-update to the latest database. I noticed that the Malwarebytes logo in the system tray remained blue and both the files system protection and website blocking remained enabled for longer than just a few minutes. Then, I manually updated Avira to the latest database and when it was done I re-enabled the real time protection. Malwarebytes is still functioning properly. I am suspecting that Avira might have been the culprit. Do you have any suggestions for a different free antivirus software? Avira is starting to behave like bloatware. Link to post Share on other sites More sharing options...
fvs Posted March 25, 2013 Author ID:660846 Share Posted March 25, 2013 I just saw your post. I will uninstall Avira and try Avast instead. Link to post Share on other sites More sharing options...
Recommended Posts