Jump to content

malwarebytes not detecting virus


jwest

Recommended Posts

Hello,

 

I have been getting random pop ups for several weeks that are disguised to look like windows or adobe messages. I have not clicked on any of them. I have run a full Malwarebytes scan which detected and deleted 4 files however the pops ups have continued.

 

Any help would be greatly appreciated!

 

Here are my logs:

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Student at 11:13:08 on 2013-11-14
Microsoft Windows XP Professional  5.1.2600.3.1252.44.1033.18.1916.833 [GMT 0:00]
.
AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2014\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\AVG\AVG2014\avgui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Student\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Student\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank





BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe
uRun: [Google Update] "c:\documents and settings\student\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [showBatteryBar] "c:\program files\batterybar\ShowBatteryBar.exe" show
uRun: [AVG-Secure-Search-Update_0913b] c:\documents and settings\student\application data\avg 0913b campaign\AVG-Secure-Search-Update-0913b.exe /PROMPT --mid b47b4178fbe247d3ae92d16ff0f5cd0e-06052135a5a8d094d7dd69b16dac467565e3bb21 --CMPID 0913b
mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [THotkey] c:\program files\toshiba\toshiba applet\thotkey.exe
mRun: [igfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [Camera Assistant Software] "c:\program files\camera assistant software for toshiba\traybar.exe" /start
mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [AVG_UI] "c:\program files\avg\avg2014\avgui.exe" /TRAYONLY
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
dRunOnce: [nltide_2] regsvr32 /s /n /i:U shell32
dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10c.exe
StartupFolder: c:\docume~1\student\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\student\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\student\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\interv~1.lnk - c:\program files\intervideo\common\bin\WinCinemaMgr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe






Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\student\application data\mozilla\firefox\profiles\hd2uo6x9.default\
FF - prefs.js: browser.startup.homepage - www.gmail.com
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\bitdefender\bitdefender 2010\bdaphffext\components\bdaphff2.dll
FF - component: c:\program files\bitdefender\bitdefender 2010\bdaphffext\components\bdaphff3.6.dll
FF - component: c:\program files\bitdefender\bitdefender 2010\bdaphffext\components\bdaphff3.dll
FF - plugin: c:\documents and settings\student\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\student\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\student\application data\mozilla\plugins\npo1d.dll
FF - plugin: c:\documents and settings\student\local settings\application data\google\update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_117.dll
FF - ExtSQL: !HIDDEN! 2009-10-07 16:18; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2013-2-8 145720]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2013-2-8 223032]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2013-2-8 102200]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2013-2-8 27448]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [2013-8-1 120632]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2013-3-29 209208]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2013-3-1 22840]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2013-2-8 176952]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2013-3-21 193848]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2014\avgwdsvc.exe [2013-9-25 301152]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-11-9 418376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-11-9 701512]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2009-10-5 5888]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-11-9 22856]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2014\avgidsagent.exe [2013-10-3 3538480]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-7-25 162672]
S3 DMService;Whale Component Manager;c:\windows\downlo~1\DMService.exe [2009-11-6 428184]
.
=============== Created Last 30 ================
.
2013-11-13 19:42:00    55296    ----a-w-    c:\windows\system32\SET41.tmp
2013-11-13 19:41:59    920064    ----a-w-    c:\windows\system32\SET3A.tmp
2013-11-13 19:41:58    630272    ----a-w-    c:\windows\system32\SET42.tmp
2013-11-13 19:41:58    6021120    ----a-w-    c:\windows\system32\SET40.tmp
2013-11-13 19:41:58    1215488    ----a-w-    c:\windows\system32\SET3B.tmp
2013-11-13 19:41:58    105984    ----a-w-    c:\windows\system32\SET3C.tmp
2013-11-13 19:41:57    11113472    ----a-w-    c:\windows\system32\SET48.tmp
2013-11-13 19:41:56    2006016    ----a-w-    c:\windows\system32\SET46.tmp
2013-11-09 19:45:46    --------    d-----w-    c:\documents and settings\student\application data\Malwarebytes
2013-11-09 19:45:36    --------    d-----w-    c:\documents and settings\all users\application data\Malwarebytes
2013-11-09 19:45:34    22856    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-11-09 19:45:34    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2013-10-23 13:08:54    --------    d-----w-    c:\documents and settings\student\application data\BBCiPlayerDownloads
2013-10-23 13:08:08    --------    d-----w-    c:\documents and settings\student\local settings\application data\BBC
.
==================== Find3M  ====================
.
2013-10-13 07:25:08    43520    ------w-    c:\windows\system32\licmgr10.dll
2013-10-13 07:25:02    1469440    ------w-    c:\windows\system32\inetcpl.cpl
2013-10-13 07:24:17    18944    ----a-w-    c:\windows\system32\corpol.dll
2013-10-13 06:57:59    385024    ------w-    c:\windows\system32\html.iec
2013-10-12 15:56:19    278528    ----a-w-    c:\windows\system32\SET6D.tmp
2013-10-09 13:12:48    287744    ----a-w-    c:\windows\system32\SET6A.tmp
2013-10-08 19:39:49    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-08 19:39:49    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-10-07 10:59:21    603136    ----a-w-    c:\windows\system32\SETBB.tmp
2013-10-05 01:14:01    7168    ----a-w-    c:\windows\system32\SETBC.tmp
2013-09-25 19:57:14    120632    ----a-w-    c:\windows\system32\drivers\avgdiskx.sys
2013-09-23 18:33:58    920064    ------w-    c:\windows\system32\wininet.dll
2013-09-10 21:11:44    22840    ----a-w-    c:\windows\system32\drivers\avgidsshimx.sys
2013-09-08 21:12:16    27448    ----a-w-    c:\windows\system32\drivers\avgrkx86.sys
2013-09-02 09:39:32    176952    ----a-w-    c:\windows\system32\drivers\avgldx86.sys
2013-09-02 09:28:06    145720    ----a-w-    c:\windows\system32\drivers\avgidshx.sys
2013-09-02 09:28:04    209208    ----a-w-    c:\windows\system32\drivers\avgidsdriverx.sys
2013-09-02 09:28:00    223032    ----a-w-    c:\windows\system32\drivers\avglogx.sys
2013-08-29 01:31:44    1878656    ----a-w-    c:\windows\system32\win32k.sys
.
============= FINISH: 11:14:00.43 ===============
 

 

 

 

 

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 02/10/2009 13:11:03
System Uptime: 14/11/2013 10:23:42 (1 hours ago)
.
Motherboard: TOSHIBA |  | Portable PC
Processor: Intel® Core2 Duo CPU     T5870  @ 2.00GHz | CPU | 1995/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 233 GiB total, 172.808 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP829: 15/08/2013 11:43:42 - Software Distribution Service 3.0
RP830: 16/08/2013 14:47:49 - System Checkpoint
RP831: 19/08/2013 08:44:50 - System Checkpoint
RP832: 20/08/2013 09:33:52 - System Checkpoint
RP833: 21/08/2013 15:51:37 - System Checkpoint
RP834: 23/08/2013 14:37:21 - System Checkpoint
RP835: 24/08/2013 16:30:07 - System Checkpoint
RP836: 25/08/2013 18:24:11 - System Checkpoint
RP837: 27/08/2013 09:26:20 - System Checkpoint
RP838: 28/08/2013 13:50:34 - System Checkpoint
RP839: 28/08/2013 22:02:53 - Software Distribution Service 3.0
RP840: 30/08/2013 13:29:14 - System Checkpoint
RP841: 31/08/2013 16:15:54 - System Checkpoint
RP842: 01/09/2013 17:37:23 - System Checkpoint
RP843: 02/09/2013 18:37:37 - System Checkpoint
RP844: 03/09/2013 20:33:25 - System Checkpoint
RP845: 05/09/2013 09:17:36 - System Checkpoint
RP846: 06/09/2013 22:21:38 - System Checkpoint
RP847: 08/09/2013 10:01:32 - System Checkpoint
RP848: 10/09/2013 17:00:36 - System Checkpoint
RP849: 12/09/2013 15:16:09 - System Checkpoint
RP850: 13/09/2013 11:56:33 - Software Distribution Service 3.0
RP851: 13/09/2013 20:51:05 - Software Distribution Service 3.0
RP852: 13/09/2013 23:05:36 - Software Distribution Service 3.0
RP853: 14/09/2013 08:50:01 - Software Distribution Service 3.0
RP854: 15/09/2013 15:31:42 - System Checkpoint
RP855: 16/09/2013 16:17:53 - System Checkpoint
RP856: 19/09/2013 07:52:58 - System Checkpoint
RP857: 20/09/2013 16:58:29 - System Checkpoint
RP858: 22/09/2013 18:31:51 - System Checkpoint
RP859: 25/09/2013 07:50:56 - System Checkpoint
RP860: 26/09/2013 13:27:08 - System Checkpoint
RP861: 28/09/2013 12:48:33 - System Checkpoint
RP862: 29/09/2013 16:12:56 - System Checkpoint
RP863: 01/10/2013 07:12:12 - System Checkpoint
RP864: 03/10/2013 06:51:12 - System Checkpoint
RP865: 04/10/2013 08:18:13 - System Checkpoint
RP866: 05/10/2013 10:09:11 - System Checkpoint
RP867: 05/10/2013 21:40:56 - Installed AVG 2014
RP868: 05/10/2013 21:41:16 - Removed AVG 2013
RP869: 05/10/2013 21:41:54 - Installed AVG 2014
RP870: 05/10/2013 21:45:26 - Removed AVG 2013
RP871: 07/10/2013 07:32:37 - System Checkpoint
RP872: 08/10/2013 19:53:36 - System Checkpoint
RP873: 10/10/2013 12:29:27 - System Checkpoint
RP874: 10/10/2013 14:20:41 - Software Distribution Service 3.0
RP875: 11/10/2013 19:28:34 - System Checkpoint
RP876: 14/10/2013 07:56:46 - Software Distribution Service 3.0
RP877: 17/10/2013 17:10:28 - System Checkpoint
RP878: 18/10/2013 17:25:25 - System Checkpoint
RP879: 21/10/2013 10:08:36 - System Checkpoint
RP880: 22/10/2013 20:35:53 - System Checkpoint
RP881: 23/10/2013 14:08:08 - Installed BBC iPlayer Downloads
RP882: 24/10/2013 18:42:25 - System Checkpoint
RP883: 26/10/2013 11:43:55 - System Checkpoint
RP884: 29/10/2013 08:52:25 - System Checkpoint
RP885: 30/10/2013 18:11:10 - System Checkpoint
RP886: 31/10/2013 18:53:04 - System Checkpoint
RP887: 02/11/2013 14:28:47 - System Checkpoint
RP888: 04/11/2013 08:07:11 - System Checkpoint
RP889: 05/11/2013 16:25:23 - System Checkpoint
RP890: 06/11/2013 20:45:52 - System Checkpoint
RP891: 08/11/2013 19:08:03 - System Checkpoint
RP892: 09/11/2013 21:55:56 - System Checkpoint
RP893: 11/11/2013 09:03:11 - System Checkpoint
RP894: 12/11/2013 11:42:05 - System Checkpoint
RP895: 13/11/2013 19:40:31 - System Checkpoint
RP896: 14/11/2013 10:27:42 - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.05)
Amazon Kindle
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AVG 2014
BatteryBar (remove only)
BBC iPlayer Desktop
BBC iPlayer Downloads
Bonjour
Camera Assistant Software for Toshiba
CD/DVD Drive Acoustic Silencer
Dropbox
Filzip 3.0
Google Talk Plugin
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP LaserJet P1000 series
hppMSRedist
hppusgP1000
HPSSupply
Intel® Graphics Media Accelerator Driver
InterVideo XPack (DVD Only)
iTunes
Java 6 Update 17
Malwarebytes Anti-Malware version 1.75.0.1300
MarketResearch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders  (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Mozilla Firefox 25.0 (x86 en-US)
Mozilla Maintenance Service
MrvlUsgTracking
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
OGA Notifier 2.0.0048.0
PASW Statistics 18
PDFCreator
Picasa 3
QuickTime
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827329) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office Outlook 2007 (KB2825644) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2827330) 32-Bit Edition
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB2497640)
Security Update for Windows Internet Explorer 7 (KB2530548)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2559049)
Security Update for Windows Internet Explorer 7 (KB2586448)
Security Update for Windows Internet Explorer 7 (KB2618444)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB2809289)
Security Update for Windows Internet Explorer 8 (KB2817183)
Security Update for Windows Internet Explorer 8 (KB2829530)
Security Update for Windows Internet Explorer 8 (KB2838727)
Security Update for Windows Internet Explorer 8 (KB2846071)
Security Update for Windows Internet Explorer 8 (KB2847204)
Security Update for Windows Internet Explorer 8 (KB2862772)
Security Update for Windows Internet Explorer 8 (KB2870699)
Security Update for Windows Internet Explorer 8 (KB2879017)
Security Update for Windows Internet Explorer 8 (KB2888505)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB2834904-v2)
Security Update for Windows Media Player (KB2834904)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2808735)
Security Update for Windows XP (KB2813170)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820197)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2829361)
Security Update for Windows XP (KB2834886)
Security Update for Windows XP (KB2839229)
Security Update for Windows XP (KB2845187)
Security Update for Windows XP (KB2847311)
Security Update for Windows XP (KB2849470)
Security Update for Windows XP (KB2850851)
Security Update for Windows XP (KB2850869)
Security Update for Windows XP (KB2859537)
Security Update for Windows XP (KB2862152)
Security Update for Windows XP (KB2862330)
Security Update for Windows XP (KB2862335)
Security Update for Windows XP (KB2864063)
Security Update for Windows XP (KB2868038)
Security Update for Windows XP (KB2868626)
Security Update for Windows XP (KB2876217)
Security Update for Windows XP (KB2876315)
Security Update for Windows XP (KB2876331)
Security Update for Windows XP (KB2883150)
Security Update for Windows XP (KB2900986)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Skype™ 6.7
Synaptics Pointing Device Driver
TOSHIBA Controls
TOSHIBA Hotkey Utility
TOSHIBA PC Diagnostic Tool
TOSHIBA Software Modem
TOSHIBA TouchPad ON/Off Utility
TOSHIBA Utilities
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2825642) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB2863058)
Update for Windows XP (KB898461)
Update for Windows XP (KB943729)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Zip Opener
Visual Studio 2012 x86 Redistributables
WebFldrs XP
Whale Communications' Client Components v3.7.2
Windows Driver Package - HP Printer  (09/10/2007 1.0.2.1)
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0
Write-N-Cite
.
==== Event Viewer Messages From Past Week ========
.
14/11/2013 10:34:02, error: Service Control Manager [7009]  - Timeout (30000 milliseconds) waiting for the Windows Search service to connect.
14/11/2013 10:34:02, error: Service Control Manager [7000]  - The Windows Search service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
14/11/2013 10:34:02, error: DCOM [10005]  - DCOM got error "%1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
11/11/2013 21:05:28, error: Dhcp [1002]  - The IP address lease 192.168.1.64 for the Network Card with network address 0026B61124FD has been denied by the DHCP server 192.168.1.254 (The DHCP Server sent a DHCPNACK message).
.
==== End Of File ===========================
 

Link to post
Share on other sites

Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.

  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )

    [*]Leave everything else as it is. [*]Close all other running programs as well as your Browser. [*]Click the Scan button & wait for it to finish. [*]Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post. [*]Save it where you can easily find it, such as your desktop. [*]Please post the content of the ark.txt here.


**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

 

 

 

You told us that you removed several items with Malwarebytes´ Antimalware. This tool creates a log on every run and we need to see them.


  • The logs can be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Zip any and all of these logs and attach the file to your next reply.

Link to post
Share on other sites

Thanks for the quick reply.

 

Here is the Gmer log:

 

GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-11-14 15:59:44
Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.FG00 232.89GB
Running: j0ko344v.exe; Driver: C:\DOCUME~1\Student\LOCALS~1\Temp\kfldypod.sys


---- System - GMER 2.1 ----

SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys  ZwNotifyChangeKey [0xBA401690]
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys  ZwNotifyChangeMultipleKeys [0xBA4017B0]
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys  ZwOpenProcess [0xBA401010]
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys  ZwOpenThread [0xBA401490]
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys  ZwSuspendProcess [0xBA4012D0]
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys  ZwSuspendThread [0xBA4013B0]
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys  ZwTerminateProcess [0xBA401110]
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys  ZwTerminateThread [0xBA4011F0]
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys  ZwWriteVirtualMemory [0xBA401590]

---- Devices - GMER 2.1 ----

AttachedDevice  \Driver\Tcpip \Device\Ip                      avgtdix.sys
AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass0       SynTP.sys
AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass1       SynTP.sys
AttachedDevice  \Driver\Tcpip \Device\Tcp                     avgtdix.sys
AttachedDevice  \Driver\Tcpip \Device\Udp                     avgtdix.sys
AttachedDevice  \Driver\Tcpip \Device\RawIp                   avgtdix.sys

---- EOF - GMER 2.1 ----
 

 

I was having trouble zipping the Malwarebytes logs but since they're short I just copied and pasted them as is. Hope that's okay. Here they are:

 

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.11.09.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Student :: 99075156Q [administrator]

Protection: Enabled

09/11/2013 19:48:45
mbam-log-2013-11-09 (19-48-45).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 321294
Time elapsed: 2 hour(s), 51 minute(s), 8 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 4
C:\Documents and Settings\Student\Local Settings\Temp\ICReinstall_ZipOpenerSetup.exe (PUP.Optional.InstallCore) -> Quarantined and deleted successfully.
C:\Documents and Settings\Student\My Documents\Downloads\ZipOpenerSetup.exe (PUP.Optional.InstallCore) -> Quarantined and deleted successfully.
C:\Documents and Settings\Student\Application Data\Adobe\plugs\KB29662750.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Student\Local Settings\Temp\0.5633802423358757.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.

(end)
 

 

 

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.11.12.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Student :: 99075156Q [administrator]

Protection: Enabled

12/11/2013 11:22:56
mbam-log-2013-11-12 (11-22-56).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 316056
Time elapsed: 2 hour(s), 30 minute(s), 52 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 

 

 

Link to post
Share on other sites

Delete junk with adwCleaner


Please download AdwCleaner to your desktop.


  • Run adwcleaner.exe
  • Hit Scan and wait for the scan to finish.
  • Confirm the message but don´t uncheck anything.
  • Hit Clean
  • When the run is finished, it will open up a text file
  • Please post its contents within your next reply
  • You´ll find the log file at C:\AdwCleaner[s1].txt also

 
 
 
Delete junk with JRT

thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Link to post
Share on other sites

Sorry for the delay. Here are the logs you asked for:

 

 

 

# AdwCleaner v3.012 - Report created 17/11/2013 at 20:15:52
# Updated 11/11/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Student - 99075156Q
# Running from : C:\Documents and Settings\Student\My Documents\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\Student\Application Data\DSite

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\AVG Nation toolbar
Key Deleted : HKCU\Software\dsiteproducts
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\Software\AVG Nation toolbar
Key Deleted : HKLM\Software\AVG Security Toolbar

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v25.0 (en-US)

[ File : C:\Documents and Settings\NetworkService\Application Data\Mozilla\Firefox\Profiles\km93r8mc.default\prefs.js ]


[ File : C:\Documents and Settings\Student\Application Data\Mozilla\Firefox\Profiles\hd2uo6x9.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [1251 octets] - [17/11/2013 20:12:53]
AdwCleaner[s0].txt - [1186 octets] - [17/11/2013 20:15:52]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1246 octets] ##########
 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Microsoft Windows XP x86
Ran by Student on 17/11/2013 at 20:24:15.68
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Documents and Settings\Student\Application Data\mozilla\firefox\profiles\hd2uo6x9.default\minidumps [60 files]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 17/11/2013 at 20:31:21.03
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

Link to post
Share on other sites

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology

[*]Click Scan[*]Wait for the scan to finish[*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.

Link to post
Share on other sites

Here is the ESET log:

 

C:\AdwCleaner\Quarantine\C\Documents and Settings\Student\Application Data\DSite\UpdateProc\UpdateTask.exe.vir    

a variant of Win32/DealPly.H application
 

 

Is this the sort of infection for which I should be changing all of my passwords?

 

Thanks for all your help so far!

Link to post
Share on other sites

Here is the SecurityCheck log:

 

 Results of screen317's Security Check version 0.99.77  
 Windows XP Service Pack 3 x86   
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
AVG AntiVirus Free Edition 2014   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java 6 Update 17  
 Java version out of Date!
 Adobe Flash Player 10 Flash Player out of Date!
 Adobe Flash Player     11.9.900.117  
 Adobe Reader XI  
 Mozilla Firefox (25.0.1)
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 AVG avgwdsvc.exe
 AVG avgrsx.exe
 AVG avgnsx.exe
 AVG avgemc.exe
 Malwarebytes' Anti-Malware mbamscheduler.exe   
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 5%
````````````````````End of Log``````````````````````
 

Link to post
Share on other sites

Your system is clean now! :)

 

 

Java runtime Environment out of date

Your Java runtime environment is outdated. We will fix this.

  • Get the actual JRE from here
  • Save jxpiinstall.exe to your desktop
  • Close all running programs, especially your browser(s)
  • Run jxpiinstall.exe. This will download the newest JRE installer and install the software
  • when finished, go to
    Start-->control panel-->add/remove programs and remove all older Java versions. (if existing)
  • When finished, reboot your computer.


After the reboot

  • Open control panel again and click the java symbol.
  • Click Settings under Temporary Internet Files.
    The Temporary Files Settings dialog box appears.
  • Click Delete Files.
    The Delete Temporary Files dialog box appears
  • Click OK on Delete Temporary Files window.
  • Click OK again.

 

 

 

Adobe Flash Player out of date

Your Adobe flash player is outdated. We will fix this.

  • Get the actual player from here. Important: Uncheck any optional software (for example Google Chrome, etc.) offered.
  • Click upon Start-->control panel-->add/remove programs.
  • Search for and remove any older reader versions.

 

 

 

Uninstall our tools using delfix

Please follow these steps in order:

  1. In the case we used Defogger to turn off your CD emulation software. You can start it again and use the Enable button.
  2. In the case we used Combofix. Deactivate your antivirus software once more, then rename the combofix.exe to uninstall.exe and run it one last time. You shall be noted that Combofix has been removed.
  3. In any case please download delfix to your desktop.
    • Close all other programms and start delfix.
    • Please check all the boxes and run the tool.
    • delfix will now delete all found traces of our removal process

[*] If there is still something left please delete it manualy.

 

 

 

How to protect yourself

  • System Updates
    Beeing up to date is very important. Please be sure to activate automatic updates in your control panel.
    Windows XP | Windows Vista |
    Windows 7 | windows 8
  • Protection
    What you need is one (not more) good virus scanner with backgroud protection. Additionally I recommend a special malwarescanner that you run from time to time.
    Personally I am using the avast! Antivirus Free Edition and Malwarebytes Anti-Malware. They offer you good protection for free use. But please remember: You get only the full protection if you use the payed versions of your security software.
  • Up to date Software
    Stay up to date with all the programs you use. Some of those really have to have an eye on are: your browser(s) including add-ons and plug-ins, Java, Flash Player, your virus scanner, and basically every software you use often. These link may help you to check:

    [*] Backups
    There are chances for an emergency every day. So be prepared. Back up your data on a regular basis. If you burn it to DVDs from time to time, use a cloud-drive or a professional network backup system is your choice. [*] Brains
    It's no joke! You really need one of those things. :) It is very important not just to click anywhere it is colored or flashing while you surfing on the web. Do not click an OK button on any popping window without reading what it says. While installing software always choose the custom mode, read what those windows says and uncheck adware that will be installed along the software you want.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.