DonL100 Posted November 15, 2013 ID:754041 Share Posted November 15, 2013 My wife's Del Mini Book is infected with two PUP malwares. I ran MB Pro a few times and seemed to get rid of one but the other lingers. I need help. Thanks Don Link to post Share on other sites More sharing options...
MrCharlie Posted November 15, 2013 ID:754060 Share Posted November 15, 2013 Welcome to the forum, please start HERE Post back the 2 logs here.....DDS.txt and Attach.txt (please don't put logs in code or quotes and use the default font) General P2P/Piracy Warning: 1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here. Failure to remove or disable such software will result in your topic being closed and no further assistance being provided. 2. If you have illegal/cracked software, cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy. Failure to remove such software will result in your topic being closed and no further assistance being provided. <====><====><====><====><====><====><====><====> Next................ Please download and run RogueKiller 32 bit to your desktop. RogueKiller<---use this one for 64 bit systems Which system am I using? Quit all running programs. For Windows XP, double-click to start. For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run. Click Scan to scan the system. When the scan completes > Close out the program > Don't Fix anything! Don't run any other options, they're not all bad!!!!!!! Post back the report which should be located on your desktop. (please don't put logs in code or quotes and use the default font) MrC Note: Please read all of my instructions completely including these. Make sure system restore is turned on and running Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive <+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you. <+>The removal of malware isn't instantaneous, please be patient. <+>When we are done, I'll give to instructions on how to cleanup all the tools and logs <+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that. ------->Your topic will be closed if you haven't replied within 3 days!<-------- (If I don't respond within 24 hours, please send me a PM) Link to post Share on other sites More sharing options...
DonL100 Posted November 15, 2013 Author ID:754088 Share Posted November 15, 2013 Charlie, Thanks for your help. Here are the logs you requested: DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 8.0.6001.18702Run by Joanne at 13:12:16 on 2013-11-15Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.173 [GMT -7:00].AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}FW: avast! Antivirus *Disabled* .============== Running Processes ================.C:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\Program Files\AVAST Software\Avast\AvastSvc.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exeC:\Program Files\Executive Software\Diskeeper\DkService.exeC:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exeC:\Program Files\Google\Update\1.3.21.165\GoogleCrashHandler.exeC:\WINDOWS\system32\WLTRAY.exeC:\Program Files\Elantech\ETDCtrl.exeC:\Program Files\AVAST Software\Avast\avastUI.exeC:\Program Files\CapsLKNotify\CapsLKNotify.exeC:\Program Files\WSED\WSED.exeC:\WINDOWS\RTHDCPL.EXEC:\WINDOWS\system32\igfxtray.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\PersistenceThread.exeC:\Program Files\Spybot - Search & Destroy 2\SDTray.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Messenger\msmsgs.exeC:\WINDOWS\system32\igfxsrvc.exeC:\Program Files\Mobile Broadband Service\WMCore.exeC:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exeC:\WINDOWS\System32\alg.exeC:\Program Files\Malwarebytes' Anti-Malware\mbam.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\WINDOWS\system32\wbem\wmiprvse.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k NetworkServiceC:\WINDOWS\system32\svchost.exe -k LocalServiceC:\WINDOWS\system32\svchost.exe -k LocalServiceC:\WINDOWS\system32\svchost.exe -k imgsvcC:\WINDOWS\System32\svchost.exe -k HTTPFilter.============== Pseudo HJT Report ===============.BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dllBHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dllBHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dllBHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.9012.1008\swg.dllTB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dllTB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dllTB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dlluRun: [ctfmon.exe] c:\windows\system32\ctfmon.exeuRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /backgroundmRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exemRun: [DiskeeperSystray] "c:\program files\executive software\diskeeper\DkIcon.exe"mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"mRun: [ETDWare] c:\program files\elantech\ETDCtrl.exemRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /noguimRun: [CapsLKNotify] c:\program files\capslknotify\CapsLKNotify.exemRun: [WSED] c:\program files\wsed\WSED.exemRun: [RTHDCPL] RTHDCPL.EXEmRun: [Alcmtr] ALCMTR.EXEmRun: [igfxTray] c:\windows\system32\igfxtray.exemRun: [HotKeysCmds] c:\windows\system32\hkcmd.exemRun: [PersistenceThread] c:\windows\system32\PersistenceThread.exemRun: [sDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"uPolicies-Explorer: NoDriveTypeAutoRun = dword:255mPolicies-Explorer: NoDriveTypeAutoRun = dword:145IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dllIE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeTCP: NameServer = 192.168.1.1TCP: Interfaces\{37B964FC-EA3C-4CFB-8D3F-C6D989A1ABC0} : DHCPNameServer = 192.168.0.1TCP: Interfaces\{E10E667A-CD2A-4499-92B6-ABB080CE7DEF} : DHCPNameServer = 192.168.1.1Notify: igdlogin - igdlogin.dllNotify: SDWinLogon - SDWinLogon.dllSSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dllmASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\31.0.1650.57\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome.================= FIREFOX ===================.FF - ProfilePath - c:\documents and settings\joanne\application data\mozilla\firefox\profiles\10cbzh9k.default\FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dllFF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dllFF - plugin: c:\program files\google\update\1.3.21.165\npGoogleUpdate3.dllFF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dllFF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_152.dllFF - ExtSQL: 2013-09-26 09:18; wrc@avast.com; c:\program files\avast software\avast\webrep\FF.============= SERVICES / DRIVERS ===============.R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-3-30 49376]R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-3-30 177864]R0 EMSC;COMPAL Embedded System Control;c:\windows\system32\drivers\EMSC.sys [2011-12-7 14248]R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-12-7 770344]R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-12-7 369584]R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2013-11-14 37664]R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-12-7 29816]R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-3-30 66336]R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-12-7 46808]R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2013-1-5 1103392]R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2013-1-5 1369624]R2 WMCoreService;Mobile Broadband Core Service;c:\program files\mobile broadband service\WMCore.exe [2009-9-24 688128]R3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\drivers\ETD.sys [2011-12-7 93952]R3 igd;igd;c:\windows\system32\drivers\igxpmp32.sys [2011-12-6 5088896]R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2011-12-6 110080]R3 OA012Afx;Provides a software interface to control audio effects of OA012 camera.;c:\windows\system32\drivers\OA012Afx.sys [2011-12-7 148056]R3 OA012Ufd;Creative Camera OA012 Upper Filter Driver;c:\windows\system32\drivers\OA012Ufd.sys [2011-12-7 133472]R3 OA012Vid;Creative Camera OA012 Function Driver;c:\windows\system32\drivers\OA012Vid.sys [2011-12-7 271328]R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [2011-12-7 157696]S?4 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2013-1-5 168384]S2 vToolbarUpdater17.1.2;vToolbarUpdater17.1.2;c:\program files\common files\avg secure search\vtoolbarupdater\17.1.2\toolbarupdater.exe --> c:\program files\common files\avg secure search\vtoolbarupdater\17.1.2\ToolbarUpdater.exe [?]S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2011-12-7 1684736]S3 DrvAgent32;DrvAgent32;\??\c:\windows\system32\drivers\drvagent32.sys --> c:\windows\system32\drivers\DrvAgent32.sys [?]S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\drivers\rts516xir.sys --> c:\windows\system32\drivers\Rts516xIR.sys [?].=============== Created Last 30 ================.2013-11-15 00:26:14 -------- d-----w- c:\documents and settings\joanne\local settings\application data\Mozilla2013-11-15 00:25:46 -------- d-----w- c:\documents and settings\joanne\local settings\application data\AVG SafeGuard toolbar2013-11-15 00:25:09 -------- d-----w- c:\program files\Mozilla Maintenance Service2013-11-15 00:23:59 -------- d-----w- c:\documents and settings\all users\application data\AVG SafeGuard toolbar2013-11-15 00:23:50 -------- d-----w- c:\program files\AVG SafeGuard toolbar2013-11-14 22:33:14 -------- d-----w- C:\Malwarebytes.==================== Find3M ====================.2013-11-15 00:37:31 71048 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2013-11-15 00:37:31 692616 -c--a-w- c:\windows\system32\FlashPlayerApp.exe2013-11-15 00:23:28 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys2013-10-13 07:25:38 920064 ----a-w- c:\windows\system32\wininet.dll2013-10-13 07:25:08 43520 ------w- c:\windows\system32\licmgr10.dll2013-10-13 07:25:02 1469440 ------w- c:\windows\system32\inetcpl.cpl2013-10-13 07:24:17 18944 ----a-w- c:\windows\system32\corpol.dll2013-10-13 06:57:59 385024 ------w- c:\windows\system32\html.iec2013-10-12 15:56:19 278528 ----a-w- c:\windows\system32\oakley.dll2013-10-09 13:12:48 287744 ----a-w- c:\windows\system32\gdi32.dll2013-10-07 10:59:21 603136 ----a-w- c:\windows\system32\crypt32.dll2013-10-05 01:14:01 7168 ----a-w- c:\windows\system32\xpsp4res.dll2013-08-30 07:48:13 177864 ----a-w- c:\windows\system32\drivers\aswVmm.sys2013-08-30 07:48:12 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys2013-08-30 07:48:12 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys2013-08-30 07:48:11 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys2013-08-30 07:47:40 41664 ----a-w- c:\windows\avastSS.scr2013-08-29 01:31:44 1878656 ----a-w- c:\windows\system32\win32k.sys.============= FINISH: 13:13:18.96 ===============.UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows XP Home EditionBoot Device: \Device\HarddiskVolume1Install Date: 12/6/2011 1:30:54 PMSystem Uptime: 11/15/2013 12:12:30 PM (1 hours ago).Motherboard: Dell Inc. | | 0R990KProcessor: Intel® Atom CPU Z530 @ 1.60GHz | U3E1 | 1596/mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 149 GiB total, 139.739 GiB free..==== Disabled Device Manager Items =============.==== System Restore Points ===================.RP1: 11/15/2013 9:04:07 AM - System Checkpoint.==== Installed Programs ======================.Adobe AIRAdobe Flash Player 11 ActiveXAdobe Flash Player 11 PluginAdobe Reader X (10.1.8)Adobe Shockwave Player 11.6Amazon Kindleavast! Free AntivirusAVG SafeGuard toolbarCapsLKNotifyCCleanerData Lifeguard Diagnostic for Windows 1.24Dell 5530 Wireless Broadband PackageDell Driver Download ManagerDell Wireless WLAN Card UtilityDiskeeper Professional EditionEMSCETDWare PS/2-x86 7.0.4.9_WHQLFunction KeysGoogle ChromeGoogle EarthGoogle Toolbar for Internet ExplorerGoogle Update HelperHotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)Hotfix for Windows Media Format 11 SDK (KB929399)Hotfix for Windows Media Player 11 (KB939683)Hotfix for Windows XP (KB2570791)Hotfix for Windows XP (KB2633952)Hotfix for Windows XP (KB2756822)Hotfix for Windows XP (KB2779562)Hotfix for Windows XP (KB952287)Hotfix for Windows XP (KB954550-v5)Hotfix for Windows XP (KB961118)Integrated Webcam Driver (1.01.01.0116) Intel® Graphics Media Accelerator 500Magellan Device DriverMalwarebytes Anti-Malware version 1.75.0.1300Microsoft .NET Framework 2.0 Service Pack 2Microsoft .NET Framework 3.0 Service Pack 2Microsoft .NET Framework 3.5 SP1Microsoft Compression Client Pack 1.0 for Windows XPMicrosoft Kernel-Mode Driver Framework Feature Pack 1.5Microsoft Kernel-Mode Driver Framework Feature Pack 1.7Microsoft SilverlightMicrosoft User-Mode Driver Framework Feature Pack 1.0Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Mobile Broadband serviceMozilla Firefox 25.0 (x86 en-US)Mozilla Maintenance ServiceRealtek Card ReaderREALTEK GbE & FE Ethernet PCI-E NIC DriverRealtek High Definition Audio DriverSecurity Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)Security Update for Microsoft Windows (KB2564958)Security Update for Windows Internet Explorer 8 (KB2510531)Security Update for Windows Internet Explorer 8 (KB2544521)Security Update for Windows Internet Explorer 8 (KB2586448)Security Update for Windows Internet Explorer 8 (KB2618444)Security Update for Windows Internet Explorer 8 (KB2647516)Security Update for Windows Internet Explorer 8 (KB2675157)Security Update for Windows Internet Explorer 8 (KB2699988)Security Update for Windows Internet Explorer 8 (KB2722913)Security Update for Windows Internet Explorer 8 (KB2744842)Security Update for Windows Internet Explorer 8 (KB2761465)Security Update for Windows Internet Explorer 8 (KB2792100)Security Update for Windows Internet Explorer 8 (KB2797052)Security Update for Windows Internet Explorer 8 (KB2799329)Security Update for Windows Internet Explorer 8 (KB2809289)Security Update for Windows Internet Explorer 8 (KB2817183)Security Update for Windows Internet Explorer 8 (KB2829530)Security Update for Windows Internet Explorer 8 (KB2838727)Security Update for Windows Internet Explorer 8 (KB2846071)Security Update for Windows Internet Explorer 8 (KB2847204)Security Update for Windows Internet Explorer 8 (KB2862772)Security Update for Windows Internet Explorer 8 (KB2870699)Security Update for Windows Internet Explorer 8 (KB2879017)Security Update for Windows Internet Explorer 8 (KB2888505)Security Update for Windows Internet Explorer 8 (KB982381)Security Update for Windows Media Player (KB2378111)Security Update for Windows Media Player (KB2834904-v2)Security Update for Windows Media Player (KB2834904)Security Update for Windows Media Player (KB952069)Security Update for Windows Media Player (KB954155)Security Update for Windows Media Player (KB973540)Security Update for Windows Media Player (KB975558)Security Update for Windows Media Player (KB978695)Security Update for Windows Media Player 11 (KB954154)Security Update for Windows XP (KB2079403)Security Update for Windows XP (KB2115168)Security Update for Windows XP (KB2229593)Security Update for Windows XP (KB2296011)Security Update for Windows XP (KB2347290)Security Update for Windows XP (KB2360937)Security Update for Windows XP (KB2387149)Security Update for Windows XP (KB2393802)Security Update for Windows XP (KB2412687)Security Update for Windows XP (KB2419632)Security Update for Windows XP (KB2423089)Security Update for Windows XP (KB2440591)Security Update for Windows XP (KB2443105)Security Update for Windows XP (KB2476490)Security Update for Windows XP (KB2478960)Security Update for Windows XP (KB2478971)Security Update for Windows XP (KB2479943)Security Update for Windows XP (KB2481109)Security Update for Windows XP (KB2483185)Security Update for Windows XP (KB2485663)Security Update for Windows XP (KB2506212)Security Update for Windows XP (KB2507618)Security Update for Windows XP (KB2507938)Security Update for Windows XP (KB2508272)Security Update for Windows XP (KB2508429)Security Update for Windows XP (KB2509553)Security Update for Windows XP (KB2510581)Security Update for Windows XP (KB2535512)Security Update for Windows XP (KB2536276-v2)Security Update for Windows XP (KB2544521)Security Update for Windows XP (KB2544893-v2)Security Update for Windows XP (KB2562937)Security Update for Windows XP (KB2566454)Security Update for Windows XP (KB2567053)Security Update for Windows XP (KB2567680)Security Update for Windows XP (KB2570222)Security Update for Windows XP (KB2570947)Security Update for Windows XP (KB2584146)Security Update for Windows XP (KB2585542)Security Update for Windows XP (KB2586448)Security Update for Windows XP (KB2592799)Security Update for Windows XP (KB2598479)Security Update for Windows XP (KB2603381)Security Update for Windows XP (KB2618451)Security Update for Windows XP (KB2619339)Security Update for Windows XP (KB2620712)Security Update for Windows XP (KB2621440)Security Update for Windows XP (KB2624667)Security Update for Windows XP (KB2631813)Security Update for Windows XP (KB2633171)Security Update for Windows XP (KB2639417)Security Update for Windows XP (KB2641653)Security Update for Windows XP (KB2646524)Security Update for Windows XP (KB2647518)Security Update for Windows XP (KB2653956)Security Update for Windows XP (KB2655992)Security Update for Windows XP (KB2659262)Security Update for Windows XP (KB2660465)Security Update for Windows XP (KB2661637)Security Update for Windows XP (KB2676562)Security Update for Windows XP (KB2685939)Security Update for Windows XP (KB2686509)Security Update for Windows XP (KB2691442)Security Update for Windows XP (KB2695962)Security Update for Windows XP (KB2698365)Security Update for Windows XP (KB2705219)Security Update for Windows XP (KB2707511)Security Update for Windows XP (KB2709162)Security Update for Windows XP (KB2712808)Security Update for Windows XP (KB2718523)Security Update for Windows XP (KB2719985)Security Update for Windows XP (KB2723135)Security Update for Windows XP (KB2724197)Security Update for Windows XP (KB2727528)Security Update for Windows XP (KB2731847)Security Update for Windows XP (KB2753842-v2)Security Update for Windows XP (KB2753842)Security Update for Windows XP (KB2757638)Security Update for Windows XP (KB2758857)Security Update for Windows XP (KB2761226)Security Update for Windows XP (KB2770660)Security Update for Windows XP (KB2778344)Security Update for Windows XP (KB2779030)Security Update for Windows XP (KB2780091)Security Update for Windows XP (KB2799494)Security Update for Windows XP (KB2802968)Security Update for Windows XP (KB2807986)Security Update for Windows XP (KB2808735)Security Update for Windows XP (KB2813170)Security Update for Windows XP (KB2813345)Security Update for Windows XP (KB2820197)Security Update for Windows XP (KB2820917)Security Update for Windows XP (KB2829361)Security Update for Windows XP (KB2834886)Security Update for Windows XP (KB2839229)Security Update for Windows XP (KB2845187)Security Update for Windows XP (KB2847311)Security Update for Windows XP (KB2849470)Security Update for Windows XP (KB2850851)Security Update for Windows XP (KB2850869)Security Update for Windows XP (KB2859537)Security Update for Windows XP (KB2862152)Security Update for Windows XP (KB2862330)Security Update for Windows XP (KB2862335)Security Update for Windows XP (KB2864063)Security Update for Windows XP (KB2868038)Security Update for Windows XP (KB2868626)Security Update for Windows XP (KB2876217)Security Update for Windows XP (KB2876315)Security Update for Windows XP (KB2876331)Security Update for Windows XP (KB2883150)Security Update for Windows XP (KB2900986)Security Update for Windows XP (KB923561)Security Update for Windows XP (KB923789)Security Update for Windows XP (KB941569)Security Update for Windows XP (KB946648)Security Update for Windows XP (KB950762)Security Update for Windows XP (KB950974)Security Update for Windows XP (KB951376-v2)Security Update for Windows XP (KB952004)Security Update for Windows XP (KB952954)Security Update for Windows XP (KB954459)Security Update for Windows XP (KB956572)Security Update for Windows XP (KB956744)Security Update for Windows XP (KB956802)Security Update for Windows XP (KB956844)Security Update for Windows XP (KB958644)Security Update for Windows XP (KB959426)Security Update for Windows XP (KB960803)Security Update for Windows XP (KB960859)Security Update for Windows XP (KB961501)Security Update for Windows XP (KB969059)Security Update for Windows XP (KB970430)Security Update for Windows XP (KB971657)Security Update for Windows XP (KB972270)Security Update for Windows XP (KB973507)Security Update for Windows XP (KB973869)Security Update for Windows XP (KB973904)Security Update for Windows XP (KB974112)Security Update for Windows XP (KB974318)Security Update for Windows XP (KB974392)Security Update for Windows XP (KB974571)Security Update for Windows XP (KB975467)Security Update for Windows XP (KB975560)Security Update for Windows XP (KB975562)Security Update for Windows XP (KB975713)Security Update for Windows XP (KB977816)Security Update for Windows XP (KB977914)Security Update for Windows XP (KB978338)Security Update for Windows XP (KB978542)Security Update for Windows XP (KB978601)Security Update for Windows XP (KB978706)Security Update for Windows XP (KB979309)Security Update for Windows XP (KB979482)Security Update for Windows XP (KB979687)Security Update for Windows XP (KB980436)Security Update for Windows XP (KB981322)Security Update for Windows XP (KB981997)Security Update for Windows XP (KB982132)Security Update for Windows XP (KB982665)Spybot - Search & DestroyswMSMUpdate for Microsoft .NET Framework 3.5 SP1 (KB963707)Update for Windows Internet Explorer 8 (KB2598845)Update for Windows XP (KB2345886)Update for Windows XP (KB2467659)Update for Windows XP (KB2492386)Update for Windows XP (KB2541763)Update for Windows XP (KB2641690)Update for Windows XP (KB2661254-v2)Update for Windows XP (KB2718704)Update for Windows XP (KB2736233)Update for Windows XP (KB2749655)Update for Windows XP (KB2863058)Update for Windows XP (KB898461)Update for Windows XP (KB951978)Update for Windows XP (KB955759)Update for Windows XP (KB968389)Update for Windows XP (KB971029)Update for Windows XP (KB971737)Update for Windows XP (KB973687)Update for Windows XP (KB973815)WebFldrs XPWindows Genuine Advantage Validation Tool (KB892130)Windows Internet Explorer 8Windows Media Format 11 runtimeWindows Media Player 11Wise Registry Cleaner 6.14WSED.==== Event Viewer Messages From Past Week ========.11/15/2013 8:46:38 AM, error: Service Control Manager [7000] - The vToolbarUpdater17.1.2 service failed to start due to the following error: The system cannot find the file specified.11/15/2013 8:14:22 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswRvrt aswSnx aswSP aswTdi aswVmm Fips intelppm11/15/2013 8:14:21 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}11/15/2013 7:55:45 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswRvrt aswSnx aswSP aswTdi aswVmm Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip11/15/2013 7:55:45 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.11/15/2013 7:55:45 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.11/15/2013 7:55:45 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.11/15/2013 7:55:45 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.11/15/2013 7:54:56 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}11/15/2013 7:54:52 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}11/11/2013 4:50:33 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security Center Service service to connect.11/11/2013 4:50:33 AM, error: Service Control Manager [7000] - The Spybot-S&D 2 Security Center Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion..==== End Of File =========================== RogueKiller V8.7.8 [Nov 14 2013] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://www.adlice.com/forum/Website : http://www.adlice.com/softwares/roguekiller/Blog : http://tigzyrk.blogspot.com/ Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits versionStarted in : Normal modeUser : Joanne [Admin rights]Mode : Scan -- Date : 11/15/2013 13:35:45| ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 1 ¤¤¤[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤[inline] EAT @explorer.exe (@Classes@TFiler@) : rtl150.bpl -> HOOKED (Unknown @ 0x3059296C)[inline] EAT @explorer.exe (@Classes@TReader@) : rtl150.bpl -> HOOKED (Unknown @ 0xB45933BC)[inline] EAT @explorer.exe (@Classes@TStreamWriter@) : rtl150.bpl -> HOOKED (Unknown @ 0x54599FB5)[inline] EAT @explorer.exe (@Comobj@TAutoObjectEvent@) : rtl150.bpl -> HOOKED (Unknown @ 0xDC5BB8A4)[inline] EAT @explorer.exe (@Ioutils@TPath@FInvalidFileNameChars) : rtl150.bpl -> HOOKED (Unknown @ 0x101DA0B3)[inline] EAT @explorer.exe (@Msxml@IID_ISAXEntityResolver) : rtl150.bpl -> HOOKED (Unknown @ 0x1FB8BAB5)[inline] EAT @explorer.exe (@Oledb@DBOBJECT_DOMAIN) : rtl150.bpl -> HOOKED (Unknown @ 0x43E12FD7)[inline] EAT @explorer.exe (@Oledb@DBOBJECT_SCHEMA) : rtl150.bpl -> HOOKED (Unknown @ 0x43E12FC7)[inline] EAT @explorer.exe (@System@ExceptionClass) : rtl150.bpl -> HOOKED (Unknown @ 0xDD6A1039)[inline] EAT @explorer.exe (@Wincodec@CATID_WICFormatConverters) : rtl150.bpl -> HOOKED (Unknown @ 0x6490FC7F)[inline] EAT @explorer.exe (@Controls@TCustomTouchManager@) : vcl150.bpl -> HOOKED (Unknown @ 0x34772A44)[inline] EAT @explorer.exe (@Controls@TDockTree@) : vcl150.bpl -> HOOKED (Unknown @ 0xC0779121)[inline] EAT @explorer.exe (@Controls@TTouchManager@) : vcl150.bpl -> HOOKED (Unknown @ 0x34772FF8)[inline] EAT @explorer.exe (@Jclmath@Catalan) : Jcl150.bpl -> HOOKED (Unknown @ 0x00BF2093)[inline] EAT @explorer.exe (@Jclmath@Cbrt3) : Jcl150.bpl -> HOOKED (Unknown @ 0x90B1D717)[inline] EAT @explorer.exe (@Jclmath@LnPi) : Jcl150.bpl -> HOOKED (Unknown @ 0xCA671DA3)[inline] EAT @explorer.exe (@Jclmath@Log3) : Jcl150.bpl -> HOOKED (Unknown @ 0x84D25F65)[inline] EAT @explorer.exe (@Jclsimplexml@TJclSimpleXMLProps@) : Jcl150.bpl -> HOOKED (Unknown @ 0x4858BACA)[inline] EAT @explorer.exe (@Jclstructstorage@UnitVersioning) : Jcl150.bpl -> HOOKED (Unknown @ 0xF469DFA7)[inline] EAT @explorer.exe (@Jclwin32@RtdlNetGroupAdd) : Jcl150.bpl -> HOOKED (Unknown @ 0x3467D32D)[inline] EAT @explorer.exe (@Mscorlib_tlb@CLASS_AsymmetricSignatureDeformatter) : Jcl150.bpl -> HOOKED (Unknown @ 0x269C6902)[inline] EAT @explorer.exe (@Mscorlib_tlb@CLASS_Buffer) : Jcl150.bpl -> HOOKED (Unknown @ 0x8313E316)[inline] EAT @explorer.exe (@Mscorlib_tlb@CLASS_CaseInsensitiveComparer) : Jcl150.bpl -> HOOKED (Unknown @ 0x6C9E7D34)[inline] EAT @explorer.exe (@Mscorlib_tlb@CLASS_FileNotFoundException) : Jcl150.bpl -> HOOKED (Unknown @ 0xEB14FC04)[inline] EAT @explorer.exe (@Mscorlib_tlb@CLASS_JulianCalendar) : Jcl150.bpl -> HOOKED (Unknown @ 0x607DE6A9)[inline] EAT @explorer.exe (@Mscorlib_tlb@CLASS_PKCS1MaskGenerationMethod) : Jcl150.bpl -> HOOKED (Unknown @ 0x5E0E5459)[inline] EAT @explorer.exe (@Mscorlib_tlb@CLASS_ProgIdAttribute) : Jcl150.bpl -> HOOKED (Unknown @ 0x64693527)[inline] EAT @explorer.exe (@Mscorlib_tlb@CLASS_SHA384) : Jcl150.bpl -> HOOKED (Unknown @ 0x062DADDF)[inline] EAT @explorer.exe (@Mscorlib_tlb@CLASS_SoapDateTime) : Jcl150.bpl -> HOOKED (Unknown @ 0x886A688F)[inline] EAT @explorer.exe (@Mscorlib_tlb@IID_IChannel) : Jcl150.bpl -> HOOKED (Unknown @ 0xB577C87E)[inline] EAT @explorer.exe (@Mscorlib_tlb@IID__BitConverter) : Jcl150.bpl -> HOOKED (Unknown @ 0xD97E4C5E)[inline] EAT @explorer.exe (@Mscorlib_tlb@IID__CryptographicException) : Jcl150.bpl -> HOOKED (Unknown @ 0xFA6AC5AF)[inline] EAT @explorer.exe (@Mscorlib_tlb@IID__CustomAttributeBuilder) : Jcl150.bpl -> HOOKED (Unknown @ 0x47E035A9)[inline] EAT @explorer.exe (@Mscorlib_tlb@IID__ExternalException) : Jcl150.bpl -> HOOKED (Unknown @ 0x70C9C911)[inline] EAT @explorer.exe (@Mscorlib_tlb@IID__IsolatedStorageFilePermission) : Jcl150.bpl -> HOOKED (Unknown @ 0x292E9B90)[inline] EAT @explorer.exe (@Mscorlib_tlb@IID__Pointer) : Jcl150.bpl -> HOOKED (Unknown @ 0x03125CDC)[inline] EAT @explorer.exe (@Mscorlib_tlb@IID__RegionInfo) : Jcl150.bpl -> HOOKED (Unknown @ 0xD76F9F58)[inline] EAT @explorer.exe (@Mscorlib_tlb@IID__SiteIdentityPermission) : Jcl150.bpl -> HOOKED (Unknown @ 0x4E9A9BCB)[inline] EAT @explorer.exe (@Mscorlib_tlb@IID__ThaiBuddhistCalendar) : Jcl150.bpl -> HOOKED (Unknown @ 0xA3E88D47)[inline] EAT @explorer.exe (@Aspbehavior@TRulerBehavior@) : vclie150.bpl -> HOOKED (Unknown @ 0x70A59DD1)[inline] EAT @explorer.exe (@Mshtml@CLASS_HTMLFieldSetElement) : vclie150.bpl -> HOOKED (Unknown @ 0x05861024)[inline] EAT @explorer.exe (@Mshtml@CLASS_HTMLLegendElement) : vclie150.bpl -> HOOKED (Unknown @ 0x05861044)[inline] EAT @explorer.exe (@Mshtml@CLASS_HTMLTableSection) : vclie150.bpl -> HOOKED (Unknown @ 0x05860D43)[inline] EAT @explorer.exe (@Mshtml@IID_IHTMLControlElement) : vclie150.bpl -> HOOKED (Unknown @ 0x0585FD25) ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤--> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD1600BEVT-00A23T0 +++++--- User ---[MBR] dc8e1334e78aadd985b76c39a688aee2[bSP] dd6d3b5cb240f4d07fab00841a39590f : Windows XP MBR CodePartition table:0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 152617 MoUser = LL1 ... OK!User = LL2 ... OK! Finished : << RKreport[0]_S_11152013_133545.txt >> Link to post Share on other sites More sharing options...
MrCharlie Posted November 15, 2013 ID:754090 Share Posted November 15, 2013 Please give this a try: Lets clean out any adware/spyware now: (this will require a reboot so save all your work) Please download AdwCleaner by Xplode and save to your Desktop. Make sure you click on download buttons that look like this, not "sponsored ad links": Double click on AdwCleaner.exe to run the tool. Vista/Windows 7/8 users right-click and select Run As AdministratorClick on the Scan button.AdwCleaner will begin...be patient as the scan may take some time to complete.When it's done you'll see: Pending: Please uncheck elements you don't want removed.Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.Look over the log especially under Files/Folders for any program you want to save.If there's a program you may want to save, just uncheck it from AdwCleaner.If you're not sure, post the log for review. (all items found are adware/spyware/foistware)If you're ready to clean it all up.....click the Clean button.After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.Copy and paste the contents of that logfile in your next reply.A copy of that logfile will also be saved in the C:\AdwCleaner folder.Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\QuarantineTo restore an item that has been deleted:Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.Then.................. Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal. Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report. Make sure that everything is checked, and click Remove Selected. Please let me know how computer is running now, MrC Link to post Share on other sites More sharing options...
DonL100 Posted November 15, 2013 Author ID:754111 Share Posted November 15, 2013 Charlie, the mini seems to be normal. Attached are the logs. # AdwCleaner v3.012 - Report created 15/11/2013 at 14:33:39# Updated 11/11/2013 by Xplode# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)# Username : Joanne - JOANNE-87A599C5# Running from : C:\Documents and Settings\Joanne\Desktop\adwcleaner (1).exe# Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKCU\Software\WEDLMNGR ***** [ Browsers ] ***** -\\ Internet Explorer v8.0.6001.18702 -\\ Mozilla Firefox v25.0.1 (en-US) [ File : C:\Documents and Settings\Joanne\Application Data\Mozilla\Firefox\Profiles\10cbzh9k.default\prefs.js ] -\\ Google Chrome v31.0.1650.57 [ File : C:\Documents and Settings\LocalService\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ] [ File : C:\Documents and Settings\Joanne\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [880 octets] - [27/08/2013 14:07:43]AdwCleaner[R1].txt - [941 octets] - [11/09/2013 12:20:56]AdwCleaner[R2].txt - [1170 octets] - [26/09/2013 07:59:02]AdwCleaner[R3].txt - [1804 octets] - [14/11/2013 16:59:30]AdwCleaner[R4].txt - [1452 octets] - [14/11/2013 17:06:38]AdwCleaner[R5].txt - [3961 octets] - [15/11/2013 08:42:24]AdwCleaner[R6].txt - [1865 octets] - [15/11/2013 14:27:51]AdwCleaner[s0].txt - [944 octets] - [27/08/2013 14:10:57]AdwCleaner[s1].txt - [1001 octets] - [11/09/2013 12:23:12]AdwCleaner[s2].txt - [1234 octets] - [26/09/2013 08:01:28]AdwCleaner[s3].txt - [1877 octets] - [14/11/2013 17:02:05]AdwCleaner[s4].txt - [1513 octets] - [14/11/2013 17:08:38]AdwCleaner[s5].txt - [4088 octets] - [15/11/2013 08:44:43]AdwCleaner[s6].txt - [1788 octets] - [15/11/2013 14:33:39] ########## EOF - C:\AdwCleaner\AdwCleaner[s6].txt - [1848 octets] ########## Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.org Database version: v2013.11.14.09 Windows XP Service Pack 3 x86 NTFSInternet Explorer 8.0.6001.18702Joanne :: JOANNE-87A599C5 [administrator] 11/15/2013 2:41:42 PMmbam-log-2013-11-15 (14-41-42).txt Scan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 212157Time elapsed: 9 minute(s), 35 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 0(No malicious items detected) (end) Link to post Share on other sites More sharing options...
MrCharlie Posted November 15, 2013 ID:754115 Share Posted November 15, 2013 Why didn't you tell me you already ran AdwCleaner. Charlie, the mini seems to be normal. What does this mean??? MrC Link to post Share on other sites More sharing options...
DonL100 Posted November 16, 2013 Author ID:754402 Share Posted November 16, 2013 Charlie, I ran the Adwcleaner when I found the problems along with MB and SpyBot S&D before I contacted the MB forum. You never asked if I'd tried to solve the problem on my own. If it is a jproblem I'm sorry. I run these three programs along with CCleaner and ATF Cleaner once a week on my desktop but not on my wifes's mini. When I say running normal I mean no more popups and it's running slow but that is normal for this mini. Not as bad as it was before. I ran a MB scan this morning just to make sure. It was clear. Thanks for your help. By the way, I like your dogs (yellow lab and golden). I've had one black lab (Buster) and two chocolate labs (Chips and Snickers)over the years. I miss them!!!! Don Link to post Share on other sites More sharing options...
MrCharlie Posted November 17, 2013 ID:754612 Share Posted November 17, 2013 OK...... Take a look at My Preventive Maintenance to avoid being infected again. (also HERE) Good Luck and Thanks for using the forum, MrC Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted November 19, 2013 Root Admin ID:755573 Share Posted November 19, 2013 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts