Jump to content

Recommended Posts

As it says, Last week I somehow got xp antispyware 2011 while I was searching for t-shirts. I removed it with malwarebytes and all was fine, then it came back when I tried to go to google translator. Removed it again...then it came back the next day while again searching google. I just removed it for the third time but I'm sure that it's going to come back. Any suggestions on how to permanently remove this so it doesn't come back everyday?

Link to post
Share on other sites

Hi and :welcome:

We need to see some information about what is happening in your machine. Please perform the following scan:

  • Download DDS by sUBs from one of the following links. Save it to your desktop.

    [*]Double click on the DDS icon, allow it to run.

    [*]A small box will open, with an explaination about the tool. No input is needed, the scan is running.

    [*]Notepad will open with the results.

    [*]Follow the instructions that pop up for posting the results.

    [*]Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

Link to post
Share on other sites

Thanks man, right now I don't have any symptoms but I'm afraid to even search google again.

.

DDS (Ver_11-03-05.01) - NTFSx86

Run by Administrator at 20:28:28.87 on Wed 05/18/2011

Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_14

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1918.1375 [GMT -5:00]

.

.

============== Running Processes ===============

.

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\WINDOWS\System32\svchost.exe -k Akamai

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\Explorer.EXE

svchost.exe

C:\WINDOWS\stsystra.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\AIM\aim.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Administrator\Desktop\dds.scr

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.co.uk/

uSearch Page = hxxp://www.google.co.uk

uSearch Bar = hxxp://www.google.co.uk/ie

uInternet Settings,ProxyOverride = *.local

mSearchAssistant = hxxp://www.google.co.uk/ie

uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll

uURLSearchHooks: AOLSearchHook Class: {54eb34ea-e6be-4cfd-9f4f-c4a0c2eafa22} - c:\program files\aim search\AOLSearch.dll

mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll

mWinlogon: SfcDisable=-99 (0xffffff9d)

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: AOLSearchHook Class: {54eb34ea-e6be-4cfd-9f4f-c4a0c2eafa22} - c:\program files\aim search\AOLSearch.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~1\office12\GRA8E1~1.DLL

BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [AIM] c:\program files\aim\aim.exe -cnetwait.odl

uRun: [Google Update] "c:\documents and settings\administrator\local settings\application data\google\update\GoogleUpdate.exe" /c

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

mRun: [sigmatelSysTrayApp] stsystra.exe

mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay

mRun: [DeadAIM] rundll32.exe "c:\progra~1\aim\\DeadAIM.ocm",ExportedCheckODLs

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"

mRun: [switchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe

mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE

uPolicies-explorer: NoResolveTrack = 1 (0x1)

uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)

uPolicies-explorer: NoInstrumentation = 1 (0x1)

uPolicies-explorer: NoSMBalloonTip = 1 (0x1)

dPolicies-explorer: NoResolveTrack = 1 (0x1)

dPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)

dPolicies-explorer: NoInstrumentation = 1 (0x1)

dPolicies-explorer: NoSMBalloonTip = 1 (0x1)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000

IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~1\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~1\office12\GR99D3~1.DLL

Notify: AtiExtEvent - Ati2evxx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~1\office12\GRA8E1~1.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\fj0ggzqk.default\

FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us

FF - prefs.js: browser.startup.homepage - hxxp://www.houston-imports.com/forums/

FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&query=

FF - plugin: c:\documents and settings\administrator\local settings\application data\google\update\1.3.21.53\npGoogleUpdate3.dll

FF - plugin: c:\documents and settings\all users\application data\id software\quakelive\npquakezero.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll

.

---- FIREFOX POLICIES ----

FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false

============= SERVICES / DRIVERS ===============

.

R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2006-10-1 14336]

S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [2009-8-23 169472]

S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]

.

=============== Created Last 30 ================

.

2011-05-17 02:21:29 43333 ----a-w- c:\program files\mozilla firefox\0.3727128020111796.exe

2011-05-12 01:37:35 -------- d-----w- c:\docume~1\admini~1\applic~1\Malwarebytes

2011-05-12 01:37:30 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-12 01:37:30 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2011-05-12 01:37:27 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-05-12 01:37:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-05-11 07:15:19 0 ----a-w- c:\windows\Inabezuduqiy.bin

2011-05-11 07:15:18 -------- d-----w- c:\docume~1\admini~1\locals~1\applic~1\{BC3B5DB5-3AB8-4717-829F-7F74390437FA}

.

==================== Find3M ====================

.

2011-02-18 21:36:58 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll

.

============= FINISH: 20:29:03.53 ===============

Attach.txt

Link to post
Share on other sites

In that case, lets first start making sure nothing nasty is hiding anymore. :)

COMBOFIX

---------------

Please download ComboFix from one of these locations:


Bleepingcomputer
ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Query_RC.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

Link to post
Share on other sites

First time I got a blue screen and had to restart. But I did it again and got through it.

ComboFix 11-05-18.04 - Administrator 05/19/2011 14:14:44.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1918.1496 [GMT -5:00]

Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Administrator\Local Settings\Application Data\{BC3B5DB5-3AB8-4717-829F-7F74390437FA}

c:\documents and settings\Administrator\Local Settings\Application Data\{BC3B5DB5-3AB8-4717-829F-7F74390437FA}\chrome.manifest

c:\documents and settings\Administrator\Local Settings\Application Data\{BC3B5DB5-3AB8-4717-829F-7F74390437FA}\chrome\content\_cfg.js

c:\documents and settings\Administrator\Local Settings\Application Data\{BC3B5DB5-3AB8-4717-829F-7F74390437FA}\chrome\content\overlay.xul

c:\documents and settings\Administrator\Local Settings\Application Data\{BC3B5DB5-3AB8-4717-829F-7F74390437FA}\install.rdf

c:\documents and settings\Administrator\Local Settings\Application Data\1646560136.dll

c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\1s7QSf.jpg

c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\gGXfrHCp6.jpg

c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\Ia7lS7.jpg

c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\L7P7g1.jpg

c:\windows\system32\Ijl11.dll

c:\windows\system32\Thumbs.db

D:\Autorun.inf

.

.

((((((((((((((((((((((((( Files Created from 2011-04-19 to 2011-05-19 )))))))))))))))))))))))))))))))

.

.

2011-05-19 01:37 . 2011-05-19 01:41 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip

2011-05-17 02:21 . 2011-05-17 02:21 43333 ----a-w- c:\program files\Mozilla Firefox\0.3727128020111796.exe

2011-05-12 01:37 . 2011-05-12 01:37 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2011-05-12 01:37 . 2011-05-12 01:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2011-05-12 01:37 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-12 01:37 . 2011-05-18 03:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-05-12 01:37 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-05-11 07:15 . 2011-05-11 07:15 0 ----a-w- c:\windows\Inabezuduqiy.bin

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-02-18 21:36 . 2009-11-06 21:32 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys

2011-02-18 21:36 . 2009-11-06 21:32 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll

2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll

2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll

2011-04-30 04:10 . 2011-03-23 21:45 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AIM"="c:\program files\AIM\aim.exe" [2003-08-01 61440]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SigmatelSysTrayApp"="stsystra.exe" [2005-12-27 413696]

"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]

"DeadAIM"="c:\progra~1\AIM\\DeadAIM.ocm" [2004-02-23 144896]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-02 148888]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]

"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]

"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]

.

c:\documents and settings\Administrator\Start Menu\Programs\Startup\

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveTrack"= 1 (0x1)

"NoSMConfigurePrograms"= 1 (0x1)

"NoSMBalloonTip"= 1 (0x1)

.

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveTrack"= 1 (0x1)

"NoSMConfigurePrograms"= 1 (0x1)

"NoSMBalloonTip"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"c:\\Program Files\\(uTorrent)\\utorrent.exe"=

"c:\\Program Files\\AIM\\aim.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=

"c:\\WINDOWS\\system32\\PnkBstrA.exe"=

"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

"c:\\Program Files\\AIM Lite\\aimlite.exe"=

"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

.

R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [10/1/2006 7:00 AM 14336]

R3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [8/23/2009 6:49 PM 169472]

S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 1:37 PM 517096]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WUAUSERV

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

Akamai REG_MULTI_SZ Akamai

.

Contents of the 'Scheduled Tasks' folder

.

2011-05-19 c:\windows\Tasks\AdobeAAMUpdater-1.0-EXPERIENCE-Administrator.job

- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-05-03 08:44]

.

2011-05-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-746137067-839522115-500Core.job

- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-08 07:52]

.

2011-05-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-746137067-839522115-500UA.job

- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-08 07:52]

.

2011-05-19 c:\windows\Tasks\WGASetup.job

- c:\windows\system32\KB905474\wgasetup.exe [2010-03-25 03:18]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.co.uk/

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000

FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\fj0ggzqk.default\

FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us

FF - prefs.js: browser.startup.homepage - hxxp://www.houston-imports.com/forums/

FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&query=

FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-HookURL - (no file)

URLSearchHooks-Rank - (no file)

HKLM-Run-Malwarebytes' Anti-Malware (reboot) - c:\program files\Malwarebytes' Anti-Malware\mbam.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-05-19 14:20

Windows 5.1.2600 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(844)

c:\windows\system32\Ati2evxx.dll

.

Completion time: 2011-05-19 14:21:39

ComboFix-quarantined-files.txt 2011-05-19 19:21

.

Pre-Run: 6,004,269,056 bytes free

Post-Run: 16,864,260,096 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

C:\ = "Unidentified operating system on drive D."

.

- - End Of File - - BE6046736C37AA7DE05E56AA16B2F364

Link to post
Share on other sites

How are things running at this point?

P2P WARNING

-------------------

Going over your logs I noticed that you have uTorrent installed.

  • [*] Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.

[*]They are a security risk which can make your computer susceptible to a sm

Link to post
Share on other sites

Didn't come up with anything but It's been clear before and then came back like 2 days later. (without any torrentz or gamesites (dont go to) or anything).

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6621

Windows 5.1.2600 Service Pack 2

Internet Explorer 6.0.2900.2180

5/19/2011 8:23:29 PM

mbam-log-2011-05-19 (20-23-29).txt

Scan type: Quick scan

Objects scanned: 142552

Time elapsed: 7 minute(s), 40 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Do you have any problem left?

UPDATE XP

--------------

Your Microsoft Windows installation is out of date. Using unpatched Windows systems on the Internet is a security risk to everyone. When there are insecure computers connected to the Internet, malware spreads faster and more extensively, distributed denial-of-service attacks are easier to launch, and spammers have more platforms from which to send e-mail. Whenever a security problem in its software is found, Microsoft will usually create a patch for it. After the patch is installed, attackers can't use the vulnerability to install malicious software on your computer. Keeping up-to-date with all these security patches will help prevent malware from reinfecting your machine. If you are not sure how to do this, see How to use Microsoft Update.

For additional information, be sure to read "Windows Xp Service Pack 3 (sp3) Information".

Then go here to check for & install updates to Microsoft applications.

Note: The update process uses ActiveX, so you will need to use Internet Explorer for it, and allow the ActiveX control that it wants to install.

Please reboot and repeat the update process until there are no more updates to install.

ESET ONLINE SCANNER

----------------------------

I'd like us to scan your machine with ESET OnlineScan

  1. Hold down Control and click on this link to open ESET OnlineScan in a new window.
  2. Click the esetonlinebtn.png button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    1. Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the esetsmartinstaller_enu.png
      icon on your desktop.

    3. Check "YES, I accept the Terms of Use."
    4. Click the Start button.
    5. Accept any security warnings from your browser.
    6. Under scan settings, check "Scan Archives" and "Remove found threats"
    7. Click Advanced settings and select the following:
      • Scan potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth technology

[*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

[*]When the scan completes, click List Threats

[*]Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

[*]Click the Back button.

[*]Click the Finish button.

Link to post
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.