nray53 Posted June 10, 2013 ID:689494 Share Posted June 10, 2013 I did a scan and it told me that Firefox.exe was a trojan.agent and also a registry of Firefox:C:\Program Files\Mozilla Firefox\firefox.exeHKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\RunFirefoxIs this a false positive?I am using Firefox 21.0Thank you. Link to post Share on other sites More sharing options...
Psychotic Posted June 10, 2013 ID:689496 Share Posted June 10, 2013 Hi there,my name is Marius and I will be assisting you with your Malware related problems.Before we move on, please read the following points carefully. First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding. Perform everything in the correct order. Sometimes one step requires the previous one. If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem. Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me. Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts. If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed. Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean. My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.Please check the file in the code box via Virustotal Click browse copy the following into the search box C:\Program Files\Mozilla Firefox\firefox.exe and click open. click Send File. please be patinet until the file is uploade completely. If you get the message File already submitted: The file sent has already been analysed by VirusTotal in the past. This is same basic info regarding the sample itself and its last analysis: click on Reanalyse. Wait until Current status: Finished appears. Now, copy the link from within your browser´s adress bar and poste it here. Link to post Share on other sites More sharing options...
nray53 Posted June 10, 2013 Author ID:689498 Share Posted June 10, 2013 https://www.virustotal.com/en/file/57a6c516e2a06c5e4e9134d8c230a385254a21fba8bde0e6e30ec086812f1f0b/analysis/1370868965/ Link to post Share on other sites More sharing options...
Psychotic Posted June 10, 2013 ID:689499 Share Posted June 10, 2013 The file is clean.Please post up the log files by MBAM where the threats werde detected.Also, do the following:Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)Run FRST. Don´t change one of the checkboxes and hit Scan. Logfiles are created on your desktop. Poste the FRST.txt and (after the first scan only!) the Addition.txt.Download GMER Rootkit Scanner from here or here. Unzip it to your Desktop.Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.Double-click gmer.exe. The program will begin to run. **Caution**These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised by a trained Security AnalystIf possible rootkit activity is found, you will be asked if you would like to perform a full scan.Click Yes.Once the scan is complete, you may receive another notice about rootkit activity. Click OK.GMER will produce a log. Click on the [save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.Save it where you can easily find it, such as your desktop.If you do not receive notice about possible rootkit activity remain on the Rootkit/Malware tab & make sure the 'Show All' button is unticked.Click the Scan button and let the program do its work. GMER will produce a log. Click on the [save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.Save it where you can easily find it, such as your desktop.Pleae attach the gmer.txt to your reply:Click the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, browse to where you saved the file, and Click Upload. Link to post Share on other sites More sharing options...
nray53 Posted June 10, 2013 Author ID:689501 Share Posted June 10, 2013 The log files....locate under the log tab? The Protection Log for that date? Link to post Share on other sites More sharing options...
Psychotic Posted June 10, 2013 ID:689502 Share Posted June 10, 2013 Not the protection log but the scan log where trojan.agent was detected. Link to post Share on other sites More sharing options...
nray53 Posted June 10, 2013 Author ID:689503 Share Posted June 10, 2013 I'm sorry, where would I find that? I am using the Pro version. Link to post Share on other sites More sharing options...
Psychotic Posted June 10, 2013 ID:689504 Share Posted June 10, 2013 You told us that you removed several items with Malwarebytes´ Antimalware. This tool creates a log on every run and we need to see them.The logs can be found here:C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txtOr at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txtZip any and all of these logs and attach the file to your next reply. Link to post Share on other sites More sharing options...
nray53 Posted June 10, 2013 Author ID:689505 Share Posted June 10, 2013 Here are the results of the Farbar Recovery Scan Tool:Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-06-2013Ran by Norm (administrator) on 10-06-2013 08:08:38Running from C:\DownloadsMicrosoft Windows XP Service Pack 3 (X86) OS Language: English(US)Internet Explorer Version 8Boot Mode: Normal==================== Processes (Whitelisted) ===================(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe(PC Tools) C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\avastUI.exe(Acronis) C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe(Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(ASUSTeK COMPUTER INC.) C:\WINDOWS\ATKKBService.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe(Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe(PC Tools) C:\Program Files\PC Tools Firewall Plus\FWService.exe() C:\WINDOWS\system32\PSIService.exe(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe==================== Registry (Whitelisted) ==================HKLM\...\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s [2676696 2010-11-29] (PC Tools)HKLM\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4858968 2013-05-09] (AVAST Software)HKLM\...\Run: [TrueImageMonitor.exe] "C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2637784 2012-04-27] (Acronis)HKU\Administrator\...\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe" [x]HKU\Administrator.UPSTAIRS\...\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe" [x]HKU\Administrator.UPSTAIRS.000\...\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe" [x]HKU\Default User.WINDOWS\...\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe" [x]HKU\LocalService\...\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe" [x]HKU\NetworkService\...\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe" [x]HKU\Norm\...\Run: [AdobeBridge] [x]HKU\Norm\...\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe" [x]HKU\TEMP\...\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe" [x]Startup: C:\Documents and Settings\Norm.UPSTAIRS\Start Menu\Programs\Startup\Adobe Gamma.lnkShortcutTarget: Adobe Gamma.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)==================== Internet (Whitelisted) ====================HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forecast.weather.gov/MapClick.php?CityName=Green+Bay&state=WI&site=GRB&textField1=44.5216&textField2=-87.9898&e=0HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchSearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)Toolbar: HKLM - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cabDPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabHandler: ipp - No CLSID Value -Handler: msdaipp - No CLSID Value -ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)Tcpip\Parameters: [DhcpNameServer] 192.168.254.254FireFox:========FF ProfilePath: C:\Documents and Settings\Norm.UPSTAIRS\Application Data\Mozilla\Firefox\Profiles\knv15azm.defaultFF Homepage: hxxp://forecast.weather.gov/MapClick.php?CityName=Green+Bay&state=WI&site=GRB&textField1=44.5216&textField2=-87.9898&e=0FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()FF Plugin: @garmin.com/GpsControl - C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin: @virtools.com/3DviaPlayer - C:\Program Files\Virtools\3D Life Player\npvirtools.dll No FileFF Plugin: @wacom.com/wtPlugin,version=2.1.0.2 - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Extension: TinEye Reverse Image Search - C:\Documents and Settings\Norm.UPSTAIRS\Application Data\Mozilla\Firefox\Profiles\knv15azm.default\Extensions\tineye@ideeinc.comFF Extension: Garmin Communicator - C:\Documents and Settings\Norm.UPSTAIRS\Application Data\Mozilla\Firefox\Profiles\knv15azm.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}FF Extension: Flashblock - C:\Documents and Settings\Norm.UPSTAIRS\Application Data\Mozilla\Firefox\Profiles\knv15azm.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}FF Extension: DownloadHelper - C:\Documents and Settings\Norm.UPSTAIRS\Application Data\Mozilla\Firefox\Profiles\knv15azm.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}FF Extension: artur.dubovoy - C:\Documents and Settings\Norm.UPSTAIRS\Application Data\Mozilla\Firefox\Profiles\knv15azm.default\Extensions\artur.dubovoy@gmail.com.xpiFF Extension: No Name - C:\Documents and Settings\Norm.UPSTAIRS\Application Data\Mozilla\Firefox\Profiles\knv15azm.default\Extensions\{ab4b5718-3998-4a2c-91ae-18a7c2db513e}.xpiFF Extension: No Name - C:\Documents and Settings\Norm.UPSTAIRS\Application Data\Mozilla\Firefox\Profiles\knv15azm.default\Extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}.xpiFF Extension: No Name - C:\Documents and Settings\Norm.UPSTAIRS\Application Data\Mozilla\Firefox\Profiles\knv15azm.default\Extensions\{b0e1b4a6-2c6f-4e99-94f2-8e625d7ae255}.xpiFF Extension: No Name - C:\Documents and Settings\Norm.UPSTAIRS\Application Data\Mozilla\Firefox\Profiles\knv15azm.default\Extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}.xpiFF Extension: No Name - C:\Documents and Settings\Norm.UPSTAIRS\Application Data\Mozilla\Firefox\Profiles\knv15azm.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpiFF Extension: No Name - C:\Documents and Settings\Norm.UPSTAIRS\Application Data\Mozilla\Firefox\Profiles\knv15azm.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi========================== Services (Whitelisted) =================R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [846048 2012-04-27] (Acronis)R2 ATKKeyboardService; C:\WINDOWS\ATKKBService.exe [262144 2008-05-28] (ASUSTeK COMPUTER INC.)R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [398184 2012-12-14] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [682344 2012-12-14] (Malwarebytes Corporation)R2 nvUpdatusService; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2214504 2011-05-21] (NVIDIA Corporation)R2 PCToolsFirewallPlus; C:\Program Files\PC Tools Firewall Plus\FWService.exe [287024 2010-11-17] (PC Tools)S3 Pml Driver HPH11; C:\WINDOWS\system32\HPHipm11.exe [77824 2002-11-22] (HP)R2 ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [177704 2007-06-05] ()R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [520576 2012-10-29] (Wacom Technology, Corp.)S2 AODService; C:\Program Files\AMD\OverDrive\AODAssist [x]S3 AppMgmt; %SystemRoot%\System32\appmgmts.dll [x]R2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf" [x]S3 SwitchBoard;==================== Drivers (Whitelisted) ====================R1 AmdK8; C:\Windows\System32\DRIVERS\AmdK8.sys [36864 2006-07-01] (Advanced Micro Devices)S3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [16640 2010-12-30] (Wondershare)R1 AsIO; C:\Windows\System32\drivers\AsIO.sys [12400 2007-12-17] ()R2 Aspi32; C:\Windows\System32\Drivers\Aspi32.sys [16877 2002-07-16] (Adaptec)R3 asusgsb; C:\Windows\System32\drivers\asusgsb.sys [12416 2008-05-28] (ASUSTeK Computer Inc.)R1 asuskbnt; C:\Windows\System32\drivers\atkkbnt.sys [11136 2008-05-28] (ASUSTeK COMPUTER INC.)R3 ASUSVRC; C:\Windows\System32\DRIVERS\AsusVRC.sys [18432 2007-01-29] (ASUSTeK COMPUTER INC.)R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-05-09] (AVAST Software)R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [24408 2012-03-06] (AVAST Software)R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [66336 2013-05-09] (AVAST Software)R1 aswRdr; C:\Windows\System32\Drivers\aswRdr.sys [49760 2013-05-09] (AVAST Software)R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-05-09] ()R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [765736 2013-05-09] (AVAST Software)R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [368944 2013-05-09] (AVAST Software)R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [56080 2013-05-09] (AVAST Software)R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [174664 2013-05-09] ()S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)R3 Dot4 HPH11; C:\Windows\System32\DRIVERS\hphid411.sys [50896 2002-11-22] (HP)R3 Dot4Print HPH11; C:\Windows\System32\DRIVERS\hphipr11.sys [16112 2002-11-22] (HP)R3 Dot4Usb HPH11; C:\Windows\System32\drivers\hphius11.sys [18928 2002-11-22] (HP)R1 EIO_XP; C:\WINDOWS\system32\drivers\EIO_XP.sys [12288 2006-06-14] (ASUSTeK Computer Inc.)R3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [144384 2008-04-13] (Windows ® Server 2003 DDK provider)R3 hidkmdf; C:\Windows\System32\DRIVERS\hidkmdf.sys [11680 2012-10-12] (Windows ® Win 7 DDK provider)R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [21104 2012-12-14] (Malwarebytes Corporation)R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\mbamswissarmy.sys [40776 2013-06-10] (Malwarebytes Corporation)S3 MPE; C:\Windows\System32\DRIVERS\MPE.sys [15232 2008-04-13] (Microsoft Corporation)R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-12] ()S3 NABTSFEC; C:\Windows\System32\DRIVERS\NABTSFEC.sys [85248 2008-04-13] (Microsoft Corporation)S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)R2 PCTAppEvent; C:\WINDOWS\system32\drivers\PCTAppEvent.sys [160448 2010-11-25] (PC Tools)R3 PCTFW-PacketFilter; C:\WINDOWS\system32\drivers\pctNdis-PacketFilter.sys [89192 2010-11-24] (PC Tools)R1 pctgntdi; C:\WINDOWS\system32\drivers\pctgntdi.sys [249616 2010-11-17] (PC Tools)S3 pctNdis; C:\Windows\System32\DRIVERS\pctNdis.sys [57536 2010-07-08] (PC Tools)R3 pctNdisMP; C:\Windows\System32\DRIVERS\pctNdis.sys [57536 2010-07-08] (PC Tools)R3 pctplfw; C:\WINDOWS\system32\drivers\pctplfw.sys [124992 2010-11-25] (PC Tools)S3 RT2500; C:\Windows\System32\DRIVERS\RT2500.sys [243328 2005-10-20] (Ralink Technology Inc.)R3 RTLE8023xp; C:\Windows\System32\DRIVERS\Rtenicxp.sys [234392 2010-07-06] (Realtek Semiconductor Corporation )S3 scsiscan; C:\Windows\System32\DRIVERS\scsiscan.sys [11520 2008-04-13] (Microsoft Corporation)S3 SLIP; C:\Windows\System32\DRIVERS\SLIP.sys [11136 2008-04-13] (Microsoft Corporation)R3 stdriver; C:\Windows\System32\DRIVERS\stdriverx86.sys [37656 2012-07-03] ()S3 streamip; C:\Windows\System32\DRIVERS\StreamIP.sys [15232 2008-04-13] (Microsoft Corporation)R3 ULCDRHlp; C:\Windows\System32\Drivers\ULCDRHlp.sys [27392 2004-12-23] (Ulead Systems, Inc.)S3 USB28xxBGA; C:\Windows\System32\DRIVERS\emBDA.sys [609920 2011-06-24] (eMPIA Technology, Inc.)S3 USB28xxOEM; C:\Windows\System32\DRIVERS\emOEM.sys [970496 2011-06-24] (eMPIA Technology, Inc.)R3 Video3D; C:\Windows\System32\Drivers\Video3D32.sys [10752 2008-05-28] (ASUSTeK COMPUTER INC.)R0 vididr; C:\Windows\System32\DRIVERS\vididr.sys [125472 2012-11-20] (Acronis)R0 vidsflt53; C:\Windows\System32\DRIVERS\vsflt53.sys [83392 2012-11-20] (Acronis)R3 WacHidRouter; C:\Windows\System32\DRIVERS\wachidrouter.sys [69024 2012-10-12] (Wacom Technology)R3 wacomrouterfilter; C:\Windows\System32\DRIVERS\wacomrouterfilter.sys [13728 2012-10-12] (Wacom Technology)S3 WSTCODEC; C:\Windows\System32\DRIVERS\WSTCODEC.SYS [19200 2008-04-13] (Microsoft Corporation)S4 Abiosdsk; No ImagePathS4 abp480n5; No ImagePathS4 adpu160m; No ImagePathS4 Aha154x; No ImagePathS4 aic78u2; No ImagePathS4 aic78xx; No ImagePathS4 AliIde; No ImagePathS4 amsint; No ImagePathS3 anvsnddrv; system32\drivers\anvsnddrv.sys [x]S4 asc; No ImagePathS4 asc3350p; No ImagePathS4 asc3550; No ImagePathS4 Atdisk; No ImagePathS4 cd20xrnt; No ImagePathS1 Changer; No ImagePathS4 CmdIde; No ImagePathS4 Cpqarray; No ImagePathU4 dac2w2k; No ImagePathS4 dac960nt; No ImagePathS4 dpti2o; No ImagePathS4 hpn; No ImagePathS1 i2omgmt; No ImagePathS4 i2omp; No ImagePathS4 ini910u; No ImagePathS4 IntelIde; No ImagePathS1 lbrtfdc; No ImagePathS4 mraid35x; No ImagePathS1 PCIDump; No ImagePathS3 PDCOMP; No ImagePathS3 PDFRAME; No ImagePathS3 PDRELI; No ImagePathS3 PDRFRAME; No ImagePathS4 perc2; No ImagePathS4 perc2hib; No ImagePathS4 ql1080; No ImagePathS4 Ql10wnt; No ImagePathS4 ql12160; No ImagePathS4 ql1240; No ImagePathS4 ql1280; No ImagePathS4 Simbad; No ImagePathS4 Sparrow; No ImagePathS4 symc810; No ImagePathS4 symc8xx; No ImagePathS4 sym_hi; No ImagePathS4 sym_u3; No ImagePathS4 TosIde; No ImagePathS4 ultra; No ImagePathS4 ViaIde; No ImagePathS3 wacommousefilter; system32\DRIVERS\wacommousefilter.sys [x]S3 wacomvhid; system32\DRIVERS\wacomvhid.sys [x]S3 WDICA; No ImagePath==================== NetSvcs (Whitelisted) ======================================= One Month Created Files and Folders ========2013-06-10 08:07 - 2013-06-10 08:07 - 00000000 ____D C:\FRST2013-06-10 08:02 - 2013-06-10 08:02 - 00040776 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys2013-06-09 20:39 - 2013-06-09 20:39 - 00001686 ____A C:\AdwCleaner[s9].txt2013-06-09 18:09 - 2013-06-09 18:09 - 00001566 ____A C:\AdwCleaner[s8].txt2013-06-04 14:17 - 2013-06-04 14:19 - 00000000 ____D C:\Documents and Settings\Norm.UPSTAIRS\My Documents\Any Video Recorder2013-06-02 06:53 - 2013-06-02 06:53 - 01040384 ____A C:\Documents and Settings\Norm.UPSTAIRS\Desktop\image3.jpeg2013-06-02 06:53 - 2013-06-02 06:53 - 00884736 ____A C:\Documents and Settings\Norm.UPSTAIRS\Desktop\image2.jpeg2013-06-02 06:53 - 2013-06-02 06:53 - 00782336 ____A C:\Documents and Settings\Norm.UPSTAIRS\Desktop\image5.jpeg2013-06-02 06:53 - 2013-06-02 06:53 - 00765952 ____A C:\Documents and Settings\Norm.UPSTAIRS\Desktop\image4.jpeg2013-06-02 06:51 - 2013-06-02 06:52 - 00901120 ____A C:\Documents and Settings\Norm.UPSTAIRS\Desktop\image.jpeg2013-06-01 20:09 - 2013-06-02 06:52 - 00000000 ____D C:\Documents and Settings\Norm.UPSTAIRS\Desktop\22013-05-31 21:36 - 2013-05-31 21:36 - 00001505 ____A C:\AdwCleaner[R8].txt2013-05-29 04:22 - 2013-05-29 04:22 - 00011432 ____A C:\Documents and Settings\Norm.UPSTAIRS\Desktop\cc_20130529_042253.reg2013-05-28 13:26 - 2013-06-09 20:39 - 00000524 ____A C:\Documents and Settings\Norm.UPSTAIRS\Desktop\Shortcut to adwcleaner(4).exe.lnk2013-05-28 13:26 - 2013-05-28 13:26 - 00001446 ____A C:\AdwCleaner[s7].txt2013-05-27 20:22 - 2013-05-27 20:23 - 00001386 ____A C:\AdwCleaner[s6].txt2013-05-27 20:22 - 2013-05-27 20:22 - 00001325 ____A C:\AdwCleaner[R7].txt2013-05-24 19:58 - 2013-05-24 19:58 - 00001402 ____A C:\AdwCleaner[s5].txt2013-05-24 19:57 - 2013-05-24 19:57 - 00001337 ____A C:\AdwCleaner[R6].txt2013-05-24 19:57 - 2013-05-24 19:57 - 00001277 ____A C:\AdwCleaner[R5].txt2013-05-21 08:25 - 2013-06-10 06:50 - 00000310 ____A C:\Windows\Tasks\GlaryInitialize.job2013-05-21 08:24 - 2013-05-21 08:24 - 00000745 ____A C:\Documents and Settings\Norm.UPSTAIRS\Desktop\Glary Utilities.lnk2013-05-21 08:24 - 2013-05-21 08:24 - 00000000 ____D C:\Program Files\Glary Utilities2013-05-21 08:04 - 2013-05-21 08:04 - 00000000 ____D C:\Program Files\Macrovision Corporation2013-05-21 07:12 - 2013-05-21 08:29 - 00000000 ____D C:\Documents and Settings\Norm.UPSTAIRS\Application Data\GlarySoft2013-05-21 07:12 - 2013-05-21 07:12 - 00000714 ____A C:\Documents and Settings\Norm.UPSTAIRS\Desktop\Quick Startup.lnk2013-05-21 07:12 - 2013-05-21 07:12 - 00000000 ____D C:\Program Files\Quick Startup2013-05-16 08:46 - 2013-05-16 08:46 - 00001738 ____A C:\Documents and Settings\All Users.WINDOWS\Desktop\Adobe Reader XI.lnk2013-05-16 08:09 - 2013-06-02 07:05 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job2013-05-16 08:04 - 2013-05-16 08:06 - 00000000 ____D C:\Program Files\Mozilla Thunderbird2013-05-16 07:58 - 2013-06-01 11:12 - 00000000 ____D C:\Program Files\Mozilla Firefox2013-05-15 06:56 - 2013-05-15 06:56 - 00000000 __HDC C:\Windows\$NtUninstallKB2820197$2013-05-15 06:54 - 2013-05-15 06:54 - 00000000 __HDC C:\Windows\$NtUninstallKB2829361$2013-05-14 09:00 - 2013-06-06 17:52 - 00000000 ____D C:\Documents and Settings\Norm.UPSTAIRS\Application Data\vlc2013-05-14 08:59 - 2013-05-14 08:59 - 00000723 ____A C:\Documents and Settings\All Users.WINDOWS\Desktop\VLC media player.lnk2013-05-11 19:14 - 2013-05-11 19:14 - 00001086 ____A C:\AdwCleaner[R4].txt2013-05-11 12:08 - 2013-05-11 12:08 - 00001025 ____A C:\AdwCleaner[R3].txt==================== One Month Modified Files and Folders ========2013-06-10 08:07 - 2013-06-10 08:07 - 00000000 ____D C:\FRST2013-06-10 08:02 - 2013-06-10 08:02 - 00040776 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys2013-06-10 07:42 - 2013-04-28 06:44 - 00000254 ____A C:\Windows\wiadebug.log2013-06-10 07:06 - 2011-03-30 11:25 - 00000000 ____D C:\Documents and Settings\Norm.UPSTAIRS\Application Data\Macromedia2013-06-10 06:53 - 2011-03-30 09:40 - 01504318 ____A C:\Windows\WindowsUpdate.log2013-06-10 06:52 - 2012-07-04 21:22 - 00000316 ___AH C:\Windows\Tasks\avast! Emergency Update.job2013-06-10 06:51 - 2013-04-28 06:44 - 00000049 ____A C:\Windows\wiaservc.log2013-06-10 06:51 - 2011-10-01 11:18 - 00000062 __ASH C:\Documents and Settings\UpdatusUser\Local Settings\desktop.ini2013-06-10 06:50 - 2013-05-21 08:25 - 00000310 ____A C:\Windows\Tasks\GlaryInitialize.job2013-06-10 06:50 - 2011-03-29 18:50 - 00000062 __ASH C:\Documents and Settings\Norm.UPSTAIRS\Local Settings\desktop.ini2013-06-10 06:50 - 2011-03-29 18:49 - 00000062 __ASH C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\desktop.ini2013-06-10 06:50 - 2011-03-29 18:49 - 00000062 __ASH C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\desktop.ini2013-06-10 06:50 - 2011-03-29 18:44 - 00000006 ___AH C:\Windows\Tasks\SA.DAT2013-06-10 06:50 - 2003-03-31 07:00 - 00013646 ____A C:\Windows\System32\wpa.dbl2013-06-09 21:27 - 2011-03-29 18:50 - 00000178 ___SH C:\Documents and Settings\Norm.UPSTAIRS\ntuser.ini2013-06-09 21:27 - 2011-03-29 18:49 - 00032458 ____A C:\Windows\SchedLgU.Txt2013-06-09 20:39 - 2013-06-09 20:39 - 00001686 ____A C:\AdwCleaner[s9].txt2013-06-09 20:39 - 2013-05-28 13:26 - 00000524 ____A C:\Documents and Settings\Norm.UPSTAIRS\Desktop\Shortcut to adwcleaner(4).exe.lnk2013-06-09 18:20 - 2011-03-30 10:02 - 00000000 __SHD C:\Documents and Settings\Norm.UPSTAIRS\UserData2013-06-09 18:09 - 2013-06-09 18:09 - 00001566 ____A C:\AdwCleaner[s8].txt2013-06-08 09:23 - 2011-03-30 13:55 - 00000020 ____H C:\Documents and Settings\All Users.WINDOWS\Application Data\PKP_DLdu.DAT2013-06-07 21:48 - 2008-08-27 17:08 - 00000563 ____A C:\hpfr5550.xml2013-06-06 17:52 - 2013-05-14 09:00 - 00000000 ____D C:\Documents and Settings\Norm.UPSTAIRS\Application Data\vlc2013-06-06 17:43 - 2011-03-30 10:13 - 00196608 ____A C:\Windows\System32\Drivers\nStandard.bin2013-06-06 10:36 - 2012-12-16 08:25 - 00088576 __ASH C:\Documents and Settings\Norm.UPSTAIRS\My Documents\Thumbs.db2013-06-05 15:13 - 2011-04-20 07:51 - 01755648 __ASH C:\Documents and Settings\Norm.UPSTAIRS\Desktop\Thumbs.db2013-06-04 14:23 - 2012-10-06 13:06 - 00000000 ____D C:\Documents and Settings\Norm.UPSTAIRS\Application Data\AnvSoft2013-06-04 14:19 - 2013-06-04 14:17 - 00000000 ____D C:\Documents and Settings\Norm.UPSTAIRS\My Documents\Any Video Recorder2013-06-04 13:54 - 2008-09-16 04:58 - 00000000 ____D C:\Program Files\Microsoft Silverlight2013-06-02 07:05 - 2013-05-16 08:09 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job2013-06-02 06:53 - 2013-06-02 06:53 - 01040384 ____A C:\Documents and Settings\Norm.UPSTAIRS\Desktop\image3.jpeg2013-06-02 06:53 - 2013-06-02 06:53 - 00884736 ____A C:\Documents and Settings\Norm.UPSTAIRS\Desktop\image2.jpeg2013-06-02 06:53 - 2013-06-02 06:53 - 00782336 ____A C:\Documents and Settings\Norm.UPSTAIRS\Desktop\image5.jpeg2013-06-02 06:53 - 2013-06-02 06:53 - 00765952 ____A C:\Documents and Settings\Norm.UPSTAIRS\Desktop\image4.jpeg2013-06-02 06:52 - 2013-06-02 06:51 - 00901120 ____A C:\Documents and Settings\Norm.UPSTAIRS\Desktop\image.jpeg2013-06-02 06:52 - 2013-06-01 20:09 - 00000000 ____D C:\Documents and Settings\Norm.UPSTAIRS\Desktop\22013-06-02 06:45 - 2012-05-18 10:09 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service2013-06-01 11:12 - 2013-05-16 07:58 - 00000000 ____D C:\Program Files\Mozilla Firefox2013-06-01 11:12 - 2012-11-17 12:29 - 00000728 ____A C:\Documents and Settings\All Users.WINDOWS\Desktop\Mozilla Firefox.lnk2013-06-01 10:24 - 2010-04-14 15:15 - 00000000 __HDC C:\Windows\$NtUninstallKB979683$2013-06-01 08:00 - 2011-03-31 07:44 - 00000340 ____A C:\Windows\Tasks\AdobeAAMUpdater-1.0-UPSTAIRS-Norm.job2013-05-31 21:36 - 2013-05-31 21:36 - 00001505 ____A C:\AdwCleaner[R8].txt2013-05-29 20:29 - 2013-03-04 17:44 - 00000000 ____D C:\Program Files\Recuva2013-05-29 04:22 - 2013-05-29 04:22 - 00011432 ____A C:\Documents and Settings\Norm.UPSTAIRS\Desktop\cc_20130529_042253.reg2013-05-28 13:26 - 2013-05-28 13:26 - 00001446 ____A C:\AdwCleaner[s7].txt2013-05-27 20:23 - 2013-05-27 20:22 - 00001386 ____A C:\AdwCleaner[s6].txt2013-05-27 20:22 - 2013-05-27 20:22 - 00001325 ____A C:\AdwCleaner[R7].txt2013-05-24 19:58 - 2013-05-24 19:58 - 00001402 ____A C:\AdwCleaner[s5].txt2013-05-24 19:57 - 2013-05-24 19:57 - 00001337 ____A C:\AdwCleaner[R6].txt2013-05-24 19:57 - 2013-05-24 19:57 - 00001277 ____A C:\AdwCleaner[R5].txt2013-05-23 13:14 - 2013-02-18 20:16 - 00000000 ____D C:\Documents and Settings\Norm.UPSTAIRS\Desktop\Misc2013-05-21 08:37 - 2011-11-11 22:09 - 00049152 ____A C:\Windows\System32\config\SECURITY.gbck2013-05-21 08:37 - 2011-03-29 12:34 - 00262144 ____A C:\Windows\System32\config\SAM.gbck2013-05-21 08:37 - 2011-03-29 11:18 - 34340864 ____A C:\Windows\System32\config\software.gbck2013-05-21 08:37 - 2011-03-29 11:18 - 14680064 ____A C:\Windows\System32\config\system.gbck2013-05-21 08:37 - 2011-03-29 11:18 - 00524288 ____A C:\Windows\System32\config\default.gbck2013-05-21 08:29 - 2013-05-21 07:12 - 00000000 ____D C:\Documents and Settings\Norm.UPSTAIRS\Application Data\GlarySoft2013-05-21 08:24 - 2013-05-21 08:24 - 00000745 ____A C:\Documents and Settings\Norm.UPSTAIRS\Desktop\Glary Utilities.lnk2013-05-21 08:24 - 2013-05-21 08:24 - 00000000 ____D C:\Program Files\Glary Utilities2013-05-21 08:04 - 2013-05-21 08:04 - 00000000 ____D C:\Program Files\Macrovision Corporation2013-05-21 07:38 - 2011-03-31 07:43 - 00000852 ____A C:\Documents and Settings\Norm.UPSTAIRS\Desktop\Adobe Photoshop CS5.lnk2013-05-21 07:12 - 2013-05-21 07:12 - 00000714 ____A C:\Documents and Settings\Norm.UPSTAIRS\Desktop\Quick Startup.lnk2013-05-21 07:12 - 2013-05-21 07:12 - 00000000 ____D C:\Program Files\Quick Startup2013-05-19 16:48 - 2011-11-15 16:28 - 00000132 ____A C:\Documents and Settings\Norm.UPSTAIRS\Application Data\Adobe AIFF Format CS5 Prefs2013-05-16 13:19 - 2011-03-29 18:44 - 00002577 ____A C:\Windows\System32\CONFIG.NT2013-05-16 08:56 - 2011-12-22 15:08 - 00000000 ____D C:\Documents and Settings\Norm.UPSTAIRS\My Documents\VHS to DVD2013-05-16 08:54 - 2013-01-25 15:17 - 00000000 ____D C:\Documents and Settings\Norm.UPSTAIRS\My Documents\Adobe2013-05-16 08:46 - 2013-05-16 08:46 - 00001738 ____A C:\Documents and Settings\All Users.WINDOWS\Desktop\Adobe Reader XI.lnk2013-05-16 08:46 - 2011-03-30 09:58 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Application Data\Adobe2013-05-16 08:45 - 2008-08-06 11:59 - 00000000 ____D C:\Program Files\Common Files\Adobe2013-05-16 08:45 - 2008-08-06 11:58 - 00000000 ____D C:\Program Files\Adobe2013-05-16 08:44 - 2012-12-12 07:47 - 16948616 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerInstaller.exe2013-05-16 08:44 - 2012-04-05 06:13 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe2013-05-16 08:44 - 2011-05-20 06:11 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl2013-05-16 08:23 - 2008-08-14 13:28 - 00000000 ____D C:\Windows\System32\Adobe2013-05-16 08:06 - 2013-05-16 08:04 - 00000000 ____D C:\Program Files\Mozilla Thunderbird2013-05-15 08:02 - 2008-08-18 09:32 - 00000000 ____D C:\Windows\Microsoft.NET2013-05-15 07:08 - 2011-03-29 12:34 - 03456456 ____A C:\Windows\System32\FNTCACHE.DAT2013-05-15 07:02 - 2011-03-29 12:35 - 00655170 ____A C:\Windows\System32\PerfStringBackup.INI2013-05-15 07:02 - 2009-06-16 20:16 - 00000000 ____D C:\Windows\ie8updates2013-05-15 06:56 - 2013-05-15 06:56 - 00000000 __HDC C:\Windows\$NtUninstallKB2820197$2013-05-15 06:56 - 2008-08-11 18:21 - 00000000 ___HD C:\Windows\$hf_mig$2013-05-15 06:54 - 2013-05-15 06:54 - 00000000 __HDC C:\Windows\$NtUninstallKB2829361$2013-05-15 06:54 - 2011-03-30 11:58 - 72607752 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe2013-05-14 08:59 - 2013-05-14 08:59 - 00000723 ____A C:\Documents and Settings\All Users.WINDOWS\Desktop\VLC media player.lnk2013-05-11 19:14 - 2013-05-11 19:14 - 00001086 ____A C:\AdwCleaner[R4].txt2013-05-11 12:28 - 2013-03-22 18:20 - 00000000 ____D C:\Program Files\DOSBox-0.742013-05-11 12:08 - 2013-05-11 12:08 - 00001025 ____A C:\AdwCleaner[R3].txt2013-05-11 11:51 - 2011-03-31 12:28 - 00000000 ____D C:\Documents and Settings\Norm.UPSTAIRS\Application Data\FileZilla2013-05-11 11:17 - 2011-03-31 12:28 - 00001667 ____A C:\Documents and Settings\All Users.WINDOWS\Desktop\FileZilla Client.lnk2013-05-11 11:17 - 2008-08-16 07:12 - 00000000 ____D C:\Program Files\FileZilla FTP Client2013-05-11 10:46 - 2011-04-28 14:01 - 00002421 ____A C:\Documents and Settings\Norm.UPSTAIRS\Desktop\Adobe GoLive 5.0.lnk==================== Bamital & volsnap Check =================C:\Windows\explorer.exe => MD5 is legitC:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit==================== End Of Log ============================Additional scan result of Farbar Recovery Scan Tool (x86) Version: 09-06-2013Ran by Norm at 2013-06-10 08:09:15 Run:Running from C:\DownloadsBoot Mode: Normal============================================================================== Installed Programs =======================3DVIA player 5.0.0.20 (Version: 5.0.20)Acronis True Image WD Edition (Version: 13.0.14184)Adobe AIR (Version: 3.1.0.4880)Adobe Common File Installer (Version: 1.00.0000)Adobe Flash Player 11 ActiveX (Version: 11.7.700.202)Adobe Flash Player 11 Plugin (Version: 11.7.700.202)Adobe GoLive 5.0 Educational (Version: 5.0)Adobe GoLive CS2 (Version: 8.0.1)Adobe GoLive CS2 English (Version: 8.0.1)Adobe Photoshop CS5 (Version: 12.0)Adobe Reader XI (11.0.03) (Version: 11.0.03)Adobe Shockwave Player 12.0 (Version: 12.0.2.122)Adobe SVG Viewer 3.0 (Version: 3.0)AI Suite (Version: 1.05.06)AMD OverDrive (Version: 2.1.5.0218)AMD Processor Driver (Version: 1.3.2.0053)Any Video Converter 5 5.0.3Apple Application Support (Version: 2.3)Apple Mobile Device Support (Version: 6.0.0.59)Apple Software Update (Version: 2.1.3.127)ASUS Gamer OSD (Version: 2.06.0528)ASUS nVidia Driver (Version: 5.00.0000)ASUS Smart Doctor (Version: 5.21)ASUS Utilities (Version: 1.00.0000)ASUS VideoSecurity Online (Version: 3.5.1.3)ASUSUpdateAuslogics Disk Defrag (Version: version 3.1)avast! Free Antivirus (Version: 8.0.1489.0)Battlestations: Midway (Version: 1.00.0000)Bonjour (Version: 3.0.0.10)CCleaner (Version: 4.01)Compatibility Pack for the 2007 Office system (Version: 12.0.6514.5001)Cool & QuietData Lifeguard Diagnostic for Windows 1.24Data Lifeguard ToolsEPSON Copy Utility 3 (Version: 3.1.0.0)EPSON ScanEpson-SE TWAINEPU (Version: 1.00.07)FileZilla Client 3.7.0.1 (Version: 3.7.0.1)Garmin Communicator Plugin (Version: 4.0.3)Garmin Lifetime Updater (Version: 2.1.11)Glary Utilities 2.55.0.1790 (Version: 2.55.0.1790)GoPro CineForm Studio 1.3.2 (Version: 1.3.2)High Definition Audio Driver Package - KB888111 (Version: 20040219.000000)honestech VHS to DVD 5.0 Deluxe (Version: 5.0)IrfanView (remove only) (Version: 4.35)iTunes (Version: 10.7.0.21)Java 7 Update 21 (Version: 7.0.210)Java Auto Updater (Version: 2.1.9.0)Java 6 Update 33 (Version: 6.0.330)LightScribe Diagnostic Utility (Version: 1.18.24.1)LightScribe System Software (Version: 1.18.24.1)LightScribe Template Labeler (Version: 1.18.24.1)Malwarebytes Anti-Malware version 1.70.0.1100 (Version: 1.70.0.1100)Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)Microsoft .NET Framework 3.5 SP1Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)Microsoft Kernel-Mode Driver Framework Feature Pack 1.9Microsoft Office 2000 Professional (Version: 9.00.2720)Microsoft Silverlight (Version: 5.1.20125.0)Microsoft User-Mode Driver Framework Feature Pack 1.0Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053)Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)Microsoft_VC90_ATL_x86 (Version: 1.00.0000)Microsoft_VC90_CRT_x86 (Version: 1.00.0000)Microsoft_VC90_MFC_x86 (Version: 1.00.0000)Mozilla Firefox 21.0 (x86 en-US) (Version: 21.0)Mozilla Maintenance Service (Version: 21.0)Mozilla Thunderbird 17.0.6 (x86 en-US) (Version: 17.0.6)mscomctlfix (Version: 1.00.0000)MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)neroxml (Version: 1.0.0)nik Color Efex Pro 2.0 IENikon Message Center (Version: 0.92.000)Nikon RAW Codec (Version: 1.00.0000)Nikon Transfer (Version: 1.1.1)NVIDIA Control Panel 275.33 (Version: 275.33)NVIDIA Install Application (Version: 2.275.78.0)NVIDIA nView 135.85 (Version: 135.85)NVIDIA nView Desktop Manager (Version: 6.14.10.13585)NVIDIA PhysX (Version: 9.10.0224)NVIDIA Update 1.3.5 (Version: 1.3.5)NVIDIA Update Components (Version: 1.3.5)Octoshape add-in for Adobe Flash PlayerPC Probe II (Version: 1.04.62)PC Tools Firewall Plus 7.0 (Version: 7.0)PDF Settings CS5 (Version: 10.0)Photosmart 130,230,7150,7345,7350,7550 (Remove only)Picture Control Utility (Version: 1.1.2)ProPreferred BasicProPreferred PlusQuick Startup 2.9.0.823QuickTime (Version: 7.73.80.64)REALTEK GbE & FE Ethernet PCI-E NIC Driver (Version: 1.17.0000)Realtek High Definition Audio Driver (Version: 5.10.0.5657)Recuva (Version: 1.45)SilverFast Epson-SESoundTap Streaming Audio RecorderSWF & FLV Player 3.0 (build 3.0.33.5106) (Version: 3.0.33.5106)swMSM (Version: 12.0.0.1)Trainz (Version: 1.00.000)Trainz Paint Shed (Version: RC1)Ulead Burn.Now 4.5 (Version: 4.5.0)Ulead Burn.Now 4.5 SE (Version: 4.5.0)Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)Update for Microsoft Windows (KB971513)Update for Windows Internet Explorer 8 (KB2447568) (Version: 1)Update for Windows Internet Explorer 8 (KB976662) (Version: 1)Update for Windows XP (KB2141007) (Version: 1)Update for Windows XP (KB2345886) (Version: 1)Update for Windows XP (KB2467659) (Version: 1)Update for Windows XP (KB2492386) (Version: 1)Update for Windows XP (KB2541763) (Version: 1)Update for Windows XP (KB2607712) (Version: 1)Update for Windows XP (KB2616676) (Version: 1)Update for Windows XP (KB2661254-v2) (Version: 2)Update for Windows XP (KB2718704) (Version: 1)Update for Windows XP (KB2736233) (Version: 1)Update for Windows XP (KB2749655) (Version: 1)Update for Windows XP (KB951978) (Version: 1)Update for Windows XP (KB955759) (Version: 1)Update for Windows XP (KB967715) (Version: 1)Update for Windows XP (KB968389) (Version: 1)Update for Windows XP (KB971029) (Version: 1)Update for Windows XP (KB971737) (Version: 1)Update for Windows XP (KB973687) (Version: 1)Update for Windows XP (KB973815) (Version: 1)USB2.0 VIDBOX NW03, NW06 (Version: 3.0.6)ViewNX (Version: 1.1.1)VLC media player 2.0.6 (Version: 2.0.6)Wacom Tablet (Version: 6.3.4-3)WAV to MP3 Encoder (Version: 1.0.0)WebFldrs XP (Version: 9.50.6513)WebTablet FB Plugin 32 bit (Version: 2.1.0.2)Windows Driver Package - GoPro (WinUSB) Universal Serial Bus devices (03/07/2012 ) (Version: 03/07/2012 )Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray (Version: 1.0)Windows Genuine Advantage Validation Tool (KB892130)Windows Internet Explorer 8 (Version: 20090308.140743)Windows Media Format 11 runtimeWindows Media Player 11Windows Search 4.0 (Version: 04.00.6001.503)Windows XP Service Pack 3 (Version: 20080414.031525)==================== Restore Points =========================22-02-2013 18:02:12 System Checkpoint25-02-2013 14:40:23 System Checkpoint26-02-2013 16:56:42 System Checkpoint27-02-2013 23:03:20 System Checkpoint28-02-2013 23:23:16 System Checkpoint01-03-2013 02:45:04 Removed Java 7 Update 701-03-2013 02:45:38 Installed Java 7 Update 1501-03-2013 03:08:05 Installed Microsoft Visual C++ 2005 Redistributable01-03-2013 13:32:08 Restore Operation01-03-2013 15:21:41 Restore Operation01-03-2013 15:36:20 Installed Microsoft Visual C++ 2005 Redistributable01-03-2013 16:47:38 Installed Strongvault Online Backup01-03-2013 16:52:06 Removed Strongvault Online Backup01-03-2013 16:52:20 Removed Strongvault Online Backup02-03-2013 00:33:54 Removed My Photo Creations (Mpix Press Edition)03-03-2013 01:59:55 Installed Windows XP -- Software Updates KB952011.04-03-2013 13:56:42 Removed QuickTime04-03-2013 14:08:13 Installed QuickTime05-03-2013 14:55:13 System Checkpoint07-03-2013 18:34:16 System Checkpoint12-03-2013 19:48:50 System Checkpoint14-03-2013 12:06:30 Software Distribution Service 3.016-03-2013 21:46:24 Software Distribution Service 3.019-03-2013 20:05:53 System Checkpoint21-03-2013 18:41:40 System Checkpoint22-03-2013 02:02:38 Software Distribution Service 3.025-03-2013 19:32:03 System Checkpoint27-03-2013 14:18:02 System Checkpoint29-03-2013 15:37:34 System Checkpoint30-03-2013 18:58:43 System Checkpoint02-04-2013 17:20:53 System Checkpoint03-04-2013 21:54:09 System Checkpoint05-04-2013 23:14:48 Installed Trainz05-04-2013 23:18:12 Installed Trainz Paint Shed05-04-2013 23:21:51 Installed Battlestations: Midway05-04-2013 23:31:23 Installed DirectX06-04-2013 18:06:57 Removed Trainz06-04-2013 18:10:09 Installed Trainz06-04-2013 19:02:56 Removed NetZero For Cosmi08-04-2013 14:44:09 System Checkpoint09-04-2013 16:13:30 Installed HP Officejet Pro K850 Series Toolbox09-04-2013 16:14:47 Removed HP Officejet Pro K850 Series Toolbox10-04-2013 13:42:09 Software Distribution Service 3.011-04-2013 21:30:39 System Checkpoint14-04-2013 12:53:32 System Checkpoint16-04-2013 00:47:46 System Checkpoint17-04-2013 02:52:22 System Checkpoint19-04-2013 01:29:54 System Checkpoint20-04-2013 15:11:24 Installed Microsoft Office Word Viewer 200320-04-2013 15:26:11 Installed Compatibility Pack for the 2007 Office system21-04-2013 12:01:34 Removed Microsoft Office Word Viewer 200321-04-2013 17:21:52 Software Distribution Service 3.023-04-2013 20:21:34 System Checkpoint25-04-2013 00:53:42 System Checkpoint27-04-2013 18:09:57 System Checkpoint28-04-2013 19:29:30 System Checkpoint30-04-2013 15:13:45 System Checkpoint04-05-2013 15:01:21 System Checkpoint05-05-2013 17:41:04 System Checkpoint06-05-2013 23:49:23 Removed Java 7 Update 706-05-2013 23:49:56 Installed Java 7 Update 2108-05-2013 01:43:07 System Checkpoint09-05-2013 17:16:28 System Checkpoint15-05-2013 11:54:01 Software Distribution Service 3.016-05-2013 14:04:17 Removed Microsoft Combat Flight Simulator 3 Mission Pack16-05-2013 14:06:04 Removed Microsoft Silverlight18-05-2013 01:20:22 System Checkpoint22-05-2013 21:05:34 System Checkpoint28-05-2013 23:21:43 System Checkpoint30-05-2013 15:42:11 System Checkpoint==================== Faulty Device Manager Devices =============Name: Linksys Wireless-G PCI AdapterDescription: Linksys Wireless-G PCI AdapterClass Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}Manufacturer: Linksys, A Division of Cisco Systems, Inc.Service: RT2500Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.==================== Event log errors: =========================Application errors:==================Error: (06/09/2013 09:24:51 PM) (Source: Bonjour Service) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 890313Error: (06/09/2013 09:24:51 PM) (Source: Bonjour Service) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 890313Error: (06/09/2013 09:24:51 PM) (Source: Bonjour Service) (User: )Description: Task Scheduling Error: Continuously busy for more than a secondError: (06/09/2013 08:14:17 PM) (Source: Bonjour Service) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 2095266Error: (06/09/2013 08:14:17 PM) (Source: Bonjour Service) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 2095266Error: (06/09/2013 08:14:17 PM) (Source: Bonjour Service) (User: )Description: Task Scheduling Error: Continuously busy for more than a secondError: (06/09/2013 02:19:16 PM) (Source: Bonjour Service) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 1969Error: (06/09/2013 02:19:16 PM) (Source: Bonjour Service) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 1969Error: (06/09/2013 02:19:16 PM) (Source: Bonjour Service) (User: )Description: Task Scheduling Error: Continuously busy for more than a secondError: (06/09/2013 01:52:36 PM) (Source: Bonjour Service) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 1953System errors:=============Error: (05/20/2013 07:05:05 PM) (Source: Service Control Manager) (User: )Description: Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.Error: (05/20/2013 07:04:35 PM) (Source: Service Control Manager) (User: )Description: Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.Error: (05/20/2013 07:03:51 PM) (Source: Service Control Manager) (User: )Description: Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.Error: (05/20/2013 06:06:32 PM) (Source: Service Control Manager) (User: )Description: Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.Error: (05/20/2013 05:42:01 PM) (Source: Service Control Manager) (User: )Description: Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.Error: (05/20/2013 05:41:31 PM) (Source: Service Control Manager) (User: )Description: Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.Error: (05/20/2013 05:40:47 PM) (Source: Service Control Manager) (User: )Description: Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.Error: (05/20/2013 05:12:43 PM) (Source: Service Control Manager) (User: )Description: Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.Error: (05/20/2013 05:08:40 PM) (Source: Service Control Manager) (User: )Description: Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.Error: (05/20/2013 05:08:10 PM) (Source: Service Control Manager) (User: )Description: Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.Microsoft Office Sessions:=========================Error: (06/09/2013 09:24:51 PM) (Source: Bonjour Service)(User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 890313Error: (06/09/2013 09:24:51 PM) (Source: Bonjour Service)(User: )Description: Task Scheduling Error: m->NextScheduledEvent 890313Error: (06/09/2013 09:24:51 PM) (Source: Bonjour Service)(User: )Description: Task Scheduling Error: Continuously busy for more than a secondError: (06/09/2013 08:14:17 PM) (Source: Bonjour Service)(User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 2095266Error: (06/09/2013 08:14:17 PM) (Source: Bonjour Service)(User: )Description: Task Scheduling Error: m->NextScheduledEvent 2095266Error: (06/09/2013 08:14:17 PM) (Source: Bonjour Service)(User: )Description: Task Scheduling Error: Continuously busy for more than a secondError: (06/09/2013 02:19:16 PM) (Source: Bonjour Service)(User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 1969Error: (06/09/2013 02:19:16 PM) (Source: Bonjour Service)(User: )Description: Task Scheduling Error: m->NextScheduledEvent 1969Error: (06/09/2013 02:19:16 PM) (Source: Bonjour Service)(User: )Description: Task Scheduling Error: Continuously busy for more than a secondError: (06/09/2013 01:52:36 PM) (Source: Bonjour Service)(User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 1953==================== Memory info ===========================Percentage of memory in use: 43%Total physical RAM: 3327.11 MBAvailable physical RAM: 1870.86 MBTotal Pagefile: 5210.36 MBAvailable Pagefile: 3899.63 MBTotal Virtual: 2047.88 MBAvailable Virtual: 1951.44 MB==================== Drives ================================Drive c: (Main) (Fixed) (Total:465.76 GB) (Free:307.34 GB) NTFS ==>[Drive with boot components (Windows XP)]Drive d: (Backup) (Fixed) (Total:465.76 GB) (Free:119.38 GB) NTFS ==>[Drive with boot components (Windows XP)]Drive f: (Work) (Fixed) (Total:465.76 GB) (Free:133.93 GB) NTFS==================== MBR & Partition Table ==========================================================================Disk: 0 (MBR Code: Windows XP) (Size: 466 GB) (Disk ID: 1D0A1820)Partition 1: (Active) - (Size=466 GB) - (Type=07 NTFS)========================================================Disk: 1 (MBR Code: Windows XP) (Size: 466 GB) (Disk ID: 17CD1BAF)Partition 1: (Active) - (Size=466 GB) - (Type=07 NTFS)========================================================Disk: 2 (Size: 466 GB) (Disk ID: B78BBFA3)Partition 1: (Active) - (Size=466 GB) - (Type=07 NTFS)==================== End Of Log ============================ Link to post Share on other sites More sharing options...
nray53 Posted June 10, 2013 Author ID:689506 Share Posted June 10, 2013 This is weird....in the logs folder the last log recorded log there is from 3/20/2011?? Link to post Share on other sites More sharing options...
Psychotic Posted June 10, 2013 ID:689508 Share Posted June 10, 2013 Which program reported the firefox.exe as trojan.agent? Link to post Share on other sites More sharing options...
nray53 Posted June 10, 2013 Author ID:689510 Share Posted June 10, 2013 It is under the Quarantine tab in Malwarebytes. Link to post Share on other sites More sharing options...
Psychotic Posted June 10, 2013 ID:689512 Share Posted June 10, 2013 With windows 7/8, you could look here, too:C:\Users\<USERNAME>\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs Link to post Share on other sites More sharing options...
nray53 Posted June 10, 2013 Author ID:689513 Share Posted June 10, 2013 Here is screen shot: Link to post Share on other sites More sharing options...
nray53 Posted June 10, 2013 Author ID:689514 Share Posted June 10, 2013 I am using XP. Link to post Share on other sites More sharing options...
nray53 Posted June 10, 2013 Author ID:689515 Share Posted June 10, 2013 I am so sorry....I have to go for a bit. Gmer is running....I will post when I can. Link to post Share on other sites More sharing options...
nray53 Posted June 10, 2013 Author ID:689516 Share Posted June 10, 2013 Here is attached Gmer.txt:Gmer.txt Link to post Share on other sites More sharing options...
Psychotic Posted June 10, 2013 ID:689517 Share Posted June 10, 2013 Run MBAMOnce the program has loaded, select Perform quick scan, then click Scan.When the scan is complete, click OK, then Show Results to view the results.Be sure that everything is checked, and click Remove Selected.When completed, a log will open in Notepad. Please save it to a convenient location.The log can also be found here:C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txtOr at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txtPost that log back here. Link to post Share on other sites More sharing options...
nray53 Posted June 10, 2013 Author ID:689519 Share Posted June 10, 2013 It found 3:Protection: Enabled6/10/2013 8:48:04 AMmbam-log-2013-06-10 (08-48-04).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 413208Time elapsed: 3 minute(s), 29 second(s)Memory Processes Detected: 1C:\Program Files\Mozilla Firefox\firefox.exe (Trojan.Agent) -> 328 -> Delete on reboot.Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 1HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|Firefox (Trojan.Agent) -> Data: C:\ProgramFiles\Mozilla Firefox\firefox.exe -> Quarantined and deleted successfully.Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 1C:\Program Files\Mozilla Firefox\firefox.exe (Trojan.Agent) -> Delete on reboot.(end) Link to post Share on other sites More sharing options...
nray53 Posted June 10, 2013 Author ID:689521 Share Posted June 10, 2013 This is weird....in the logs folder the last log recorded log there is from 3/20/2011??I found where the logs are stored. Link to post Share on other sites More sharing options...
Psychotic Posted June 10, 2013 ID:689524 Share Posted June 10, 2013 This seems to be a false positive, yes.Please go to here to run the online scannner from ESET. Turn off the real time scanner of any existing antivirus program while performing the online scanTick the box next to YES, I accept the Terms of Use.Click StartWhen asked, allow the activex control to installClick StartMake sure that the option Remove found threats is untickedClick on Advanced Settings and ensure these options are ticked:Scan for potentially unwanted applicationsScan for potentially unsafe applicationsEnable Anti-Stealth Technology[*]Click Scan[*]Wait for the scan to finish[*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic. Link to post Share on other sites More sharing options...
nray53 Posted June 10, 2013 Author ID:689576 Share Posted June 10, 2013 It found 15 threats. Yikes.C:\Documents and Settings\Norm\Desktop\kmp.exe a variant of Win32/Bundled.Toolbar.Ask applicationC:\System Volume Information\_restore{02F3C04D-1526-42F2-A103-E4B79838DBE8}\RP514\A0286564.exe a variant of Win32/RegistryNuke applicationC:\System Volume Information\_restore{02F3C04D-1526-42F2-A103-E4B79838DBE8}\RP515\A0286710.exe a variant of Win32/RegistryNuke applicationC:\System Volume Information\_restore{02F3C04D-1526-42F2-A103-E4B79838DBE8}\RP566\A0308767.dll a variant of Win32/Adware.Yontoo.B applicationC:\System Volume Information\_restore{02F3C04D-1526-42F2-A103-E4B79838DBE8}\RP567\A0308956.exe Win32/Adware.1ClickDownload.AI applicationC:\System Volume Information\_restore{02F3C04D-1526-42F2-A103-E4B79838DBE8}\RP567\A0308959.exe Win32/OpenCandy applicationC:\System Volume Information\_restore{02F3C04D-1526-42F2-A103-E4B79838DBE8}\RP567\A0308960.exe Win32/Adware.RK.AO.Gen applicationC:\System Volume Information\_restore{02F3C04D-1526-42F2-A103-E4B79838DBE8}\RP567\A0308961.exe probably a variant of Win32/CNETInstaller.A applicationC:\System Volume Information\_restore{02F3C04D-1526-42F2-A103-E4B79838DBE8}\RP567\A0308962.exe Win32/OpenCandy applicationC:\System Volume Information\_restore{02F3C04D-1526-42F2-A103-E4B79838DBE8}\RP567\A0308963.exe Win32/DownloadAdmin.G applicationC:\System Volume Information\_restore{02F3C04D-1526-42F2-A103-E4B79838DBE8}\RP567\A0308986.exe Win32/OpenCandy applicationC:\System Volume Information\_restore{02F3C04D-1526-42F2-A103-E4B79838DBE8}\RP567\A0308987.exe Win32/DownloadAdmin.G applicationC:\System Volume Information\_restore{02F3C04D-1526-42F2-A103-E4B79838DBE8}\RP567\A0309000.exe Win32/OpenCandy applicationC:\System Volume Information\_restore{02F3C04D-1526-42F2-A103-E4B79838DBE8}\RP572\A0313611.exe a variant of Win32/SmartInline.A applicationC:\System Volume Information\_restore{02F3C04D-1526-42F2-A103-E4B79838DBE8}\RP572\A0313613.dll a variant of Win32/SmartInline.A application Link to post Share on other sites More sharing options...
Psychotic Posted June 10, 2013 ID:689582 Share Posted June 10, 2013 Please backup your firefox user data following thse instructions: http://support.mozil...irefox-profilesPress the Windows- and the R-key simultanously.Within the textbox, write appwiz.cpl, click OK.Search for and remove the following programsMozilla FirefoxMalwarebytes Antimalwareclose the window.Mozilla Firefox Get the actual firefox from here.Run setup and follow the instructions on your monitor.Report any problems you have with the update.Please download Malwarebytes' Anti-Malware to your desktop. Double-click mbam-setup.exe and follow the prompts to install the program.At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select Perform quick scan, then click Scan.When the scan is complete, click OK, then Show Results to view the results.Be sure that everything is checked, and click Remove Selected.When completed, a log will open in Notepad. Please save it to a convenient location.The log can also be found here:C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txtOr at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txtPost that log back here. Link to post Share on other sites More sharing options...
nray53 Posted June 10, 2013 Author ID:689603 Share Posted June 10, 2013 Nothing was found after a quick scan:Malwarebytes Anti-Malware (PRO) 1.75.0.1300www.malwarebytes.orgDatabase version: v2013.06.10.06Windows XP Service Pack 3 x86 NTFSInternet Explorer 8.0.6001.18702Norm :: UPSTAIRS [administrator]Protection: Disabled6/10/2013 12:38:00 PMmbam-log-2013-06-10 (12-38-00).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 414114Time elapsed: 4 minute(s), 1 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 0(No malicious items detected)(end) Link to post Share on other sites More sharing options...
Psychotic Posted June 10, 2013 ID:689604 Share Posted June 10, 2013 Nice!How is your computer behaving? Any issues left or can we do the cleanup? Link to post Share on other sites More sharing options...
Recommended Posts