Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I appear to have a virus that virus/malware software can't detect


  • Please log in to reply
9 replies to this topic

#1 catladynyc

catladynyc

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:42 AM

Posted 12 October 2013 - 04:12 PM

Hi. I have had ongoing problems with my Acer netbook for a long time now. A few months ago, I ran three different antivirus programs and only SuperAnti-Spyware was able to detect a virus, a trojan. But a few months later, my regular anti-virus, Avast, stopped working and my computer won't let me download it again, nor will it let me download any other antivirus or firewall program. So something is preventing it from working. I also can't download the new version of iTunes, flash or other program updates i've tried. I always get errors. Aside from this, the main indication I have that I have some kind of virus is that the sound on my computer is messed up. You can hear it even in the startup sounds. There is always some kind of delay and crackling sound in part of the sound that is supposed to be played. (I hope this makes sense...it's hard to describe.) Last night I ran ComboFIx and came here to seek help understanding the results and what to do next. I saw that I needed to follow the instructions here, so I did so, and have a DDS file I'm attaching. I can also attach my ComboFix file. Please note the DDS file was created AFTER I ran ComboFix. Please also note, while Avast won't open and I have no icon showing it working on my computer, ComboFix kept telling me Avast was working and that I had to disable it. But I could not disable it since I am unable to open it at all. Thanks SO much, in advance, for your help!

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 19,029 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:42 AM

Posted 14 October 2013 - 10:32 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

--RogueKiller--
  • Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

thisisujrt.gif Please download
Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
===

Please download ComboFix from one of these locations:
Link 1
Link 2
IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
RcAuto1.gif
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
whatnext.png
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Please paste the logs in your next reply, DO NOT ATTACH THEM
Let me know what problem persists.

#3 catladynyc

catladynyc
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:42 AM

Posted 14 October 2013 - 04:05 PM

thanks. here is my rk report:

RogueKiller V8.7.2 [Oct  3 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : ACER [Admin rights]
Mode : Remove -- Date : 10/14/2013 16:18:46
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ POL][PUM] HKLM\[...]\System : DisableTaskMgr (0) -> DELETED
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
[Inline] EAT @explorer.exe (?MILLIS_PER_SECOND@GCDate@@2JB) : GrooveUtil.DLL -> HOOKED (Unknown @ 0xC8F70CD4)
[Inline] EAT @explorer.exe (?_Clocptr@_Locimp@locale@std@@0PAV123@A) : MSVCP60.dll -> HOOKED (Unknown @ 0x5E0E3A95)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1    localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Standard disk drives) - WDC WD1600BEVT-22ZCT0 +++++
--- User ---
[MBR] 5ce735c00609baa0d467b0812888ab27
[BSP] 0639599f9f10526a8845373803eb7b9b : Acer MBR Code
Partition table:
0 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 63 | Size: 4996 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 10233405 | Size: 39660 Mo
2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 91458045 | Size: 107968 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_10142013_161846.txt >>
RKreport[0]_S_10142013_161805.txt


not sure about what to do with adw, however. i followed what you said, scanned, closed, got report, scanned again. but i don't know what boxes to uncheck. there are a bunch of things in microsoft windows folder that could possibly be necessary files but i don't know. so i unchecked all those and then hit clean. now i have to close this for it to finish so i'll report on that in a different reply.



#4 catladynyc

catladynyc
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:42 AM

Posted 14 October 2013 - 04:21 PM

here is my adw report. this one is pre-cleaning:

# AdwCleaner v3.007 - Report created 14/10/2013 at 16:21:30
# Updated 09/10/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : ACER - ACER-6E40E97492
# Running from : C:\Documents and Settings\ACER\Desktop\adwcleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Program Files\Mozilla Firefox\searchplugins\Babylon.xml
Folder Found C:\Documents and Settings\ACER\Local Settings\Application Data\Conduit
Folder Found C:\Documents and Settings\ACER\Local Settings\Application Data\PackageAware
Folder Found C:\Documents and Settings\All Users\Application Data\Viewpoint

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
Key Found : HKLM\SOFTWARE\Classes\.bdc
Key Found : HKLM\SOFTWARE\Classes\.bgl
Key Found : HKLM\SOFTWARE\Classes\.bof
Key Found : HKLM\SOFTWARE\Classes\AppID\{28A88B70-D874-4F73-BBBA-9B2B222FB7D6}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B16632F1-24E0-4D99-A68D-70BFB6447C48}
Key Found : HKLM\SOFTWARE\Classes\AppID\kt_bho_dll.dll
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5F339F0B-716F-408F-A627-DEEB5DEB4020}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B7EA2226-F876-4BE4-B478-76EBAE2A668A}
Key Found : HKLM\SOFTWARE\Classes\kt_bho.KettleBho.1
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3287822
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A1489C85-4F6F-48C4-AC9E-18B63AF4703E}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{F310F027-15CB-4A7F-B10D-3A4AFB5013A5}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\InfoAtoms
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\InfoAtoms
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Viewpoint Manager
Key Found : HKLM\Software\Viewpoint

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v24.0 (en-US)

[ File : C:\Documents and Settings\ACER\Application Data\Mozilla\Firefox\Profiles\dwac4760.default-1363828355015\prefs.js ]


[ File : C:\Documents and Settings\ACER\Application Data\Mozilla\Firefox\Profiles\q2omiatp.default-1375833072921\prefs.js ]

Line Found : user_pref("CT3299872_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1376701858958,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Found : user_pref("browser.startup.homepage", "hxxps://mail.google.com/mail/u/0/?shva=1#inbox");
Line Found : user_pref("plugin.state.npconduitfirefoxplugin", 0);
Line Found : user_pref("smartbar.machineId", "XLF9U+YKTXLNDT+U/HRNLNP3BHZXJRBT8NAWYIXC/FHC9ONKQDBJXSOQCQVYTLWX8E8S+2NYJWXE9I5UAEQTLQ");

[ File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4vllos17.default\prefs.js ]


-\\ Google Chrome v

[ File : C:\Documents and Settings\ACER\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [5352 octets] - [14/10/2013 16:21:30]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [5412 octets] ##########
 

this one is post-cleaning:

 

# AdwCleaner v3.007 - Report created 14/10/2013 at 17:05:55
# Updated 09/10/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : ACER - ACER-6E40E97492
# Running from : C:\Documents and Settings\ACER\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Deleted : C:\Documents and Settings\ACER\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\ACER\Local Settings\Application Data\PackageAware
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\Babylon.xml

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\.bdc
Key Deleted : HKLM\SOFTWARE\Classes\.bgl
Key Deleted : HKLM\SOFTWARE\Classes\.bof
Key Deleted : HKLM\SOFTWARE\Classes\AppID\kt_bho_dll.dll
Key Deleted : HKLM\SOFTWARE\Classes\kt_bho.KettleBho.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3287822
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{28A88B70-D874-4F73-BBBA-9B2B222FB7D6}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B16632F1-24E0-4D99-A68D-70BFB6447C48}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5F339F0B-716F-408F-A627-DEEB5DEB4020}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B7EA2226-F876-4BE4-B478-76EBAE2A668A}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A1489C85-4F6F-48C4-AC9E-18B63AF4703E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{F310F027-15CB-4A7F-B10D-3A4AFB5013A5}
[x] Not Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[x] Not Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
[x] Not Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
[x] Not Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
[x] Not Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[x] Not Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
[x] Not Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[x] Not Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
[x] Not Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
[x] Not Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
[x] Not Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[x] Not Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
[x] Not Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[x] Not Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
[x] Not Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
[x] Not Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\InfoAtoms
Key Deleted : HKLM\Software\Viewpoint
[x] Not Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Viewpoint Manager
[x] Not Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\InfoAtoms

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v24.0 (en-US)

[ File : C:\Documents and Settings\ACER\Application Data\Mozilla\Firefox\Profiles\dwac4760.default-1363828355015\prefs.js ]


[ File : C:\Documents and Settings\ACER\Application Data\Mozilla\Firefox\Profiles\q2omiatp.default-1375833072921\prefs.js ]

Line Deleted : user_pref("CT3299872_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1376701858958,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("browser.startup.homepage", "hxxps://mail.google.com/mail/u/0/?shva=1#inbox");
Line Deleted : user_pref("plugin.state.npconduitfirefoxplugin", 0);
Line Deleted : user_pref("smartbar.machineId", "XLF9U+YKTXLNDT+U/HRNLNP3BHZXJRBT8NAWYIXC/FHC9ONKQDBJXSOQCQVYTLWX8E8S+2NYJWXE9I5UAEQTLQ");

[ File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4vllos17.default\prefs.js ]


-\\ Google Chrome v

[ File : C:\Documents and Settings\ACER\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [5492 octets] - [14/10/2013 16:57:54]
AdwCleaner[S0].txt - [5589 octets] - [14/10/2013 17:05:55]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5649 octets] ##########
 



#5 catladynyc

catladynyc
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:42 AM

Posted 14 October 2013 - 07:35 PM

Last two logs.

JRT:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.4 (10.06.2013:1)
OS: Microsoft Windows XP x86
Ran by ACER on Mon 10/14/2013 at 17:24:17.31
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211621176}



~~~ Files



~~~ Folders





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 10/14/2013 at 17:36:06.54
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

combofix:

ComboFix 13-10-13.02 - ACER 10/14/2013  17:47:15.1.2 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1012.578 [GMT -4:00]
Running from: c:\documents and settings\ACER\Desktop\ComboFix.exe
AV: avast! Internet Security *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Internet Security *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
(((((((((((((((((((((((((   Files Created from 2013-09-14 to 2013-10-14  )))))))))))))))))))))))))))))))
.
.
2013-10-14 21:23 . 2013-10-14 21:23    --------    d-----w-    c:\windows\ERUNT
2013-10-14 20:57 . 2013-10-14 21:06    --------    d-----w-    C:\AdwCleaner
2013-10-14 18:31 . 2013-08-30 07:48    29816    ----a-w-    c:\windows\system32\drivers\aswFsBlk.sys
2013-10-14 18:31 . 2013-08-30 07:48    369584    ----a-w-    c:\windows\system32\drivers\aswSP.sys
2013-10-14 18:30 . 2013-08-30 07:48    204784    ----a-w-    c:\windows\system32\drivers\aswNdis2.sys
2013-10-14 18:30 . 2013-08-30 07:48    104752    ----a-w-    c:\windows\system32\drivers\aswFW.sys
2013-10-14 18:30 . 2013-08-30 07:48    49760    ----a-w-    c:\windows\system32\drivers\aswRdr.sys
2013-10-14 18:30 . 2013-08-30 07:48    56080    ----a-w-    c:\windows\system32\drivers\aswTdi.sys
2013-10-14 18:30 . 2013-08-30 07:48    21576    ----a-w-    c:\windows\system32\drivers\aswKbd.sys
2013-10-14 18:30 . 2013-08-30 07:48    770344    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2013-10-14 18:30 . 2013-08-30 07:48    177864    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2013-10-14 18:29 . 2013-08-30 07:48    49376    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2013-10-14 18:29 . 2013-08-30 07:48    66336    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2013-10-14 18:21 . 2013-07-17 09:17    12112    ----a-w-    c:\windows\system32\drivers\aswNdis.sys
2013-10-14 18:21 . 2013-08-30 07:47    41664    ----a-w-    c:\windows\avastSS.scr
2013-10-13 21:07 . 2013-10-13 21:07    --------    d-----w-    c:\program files\VS Revo Group
2013-10-13 10:50 . 2013-10-13 11:07    --------    d-----w-    c:\windows\system32\MRT
2013-10-13 08:38 . 2013-10-13 09:15    --------    d-----w-    c:\windows\ie8updates
2013-10-13 00:51 . 2013-10-14 04:44    --------    d-----w-    C:\MGtools
2013-10-12 22:57 . 2013-10-12 23:29    --------    d-----w-    c:\documents and settings\All Users\Application Data\HitmanPro
2013-10-12 22:05 . 2013-08-09 00:55    32384    -c----w-    c:\windows\system32\dllcache\usbccgp.sys
2013-10-12 22:05 . 2013-08-09 00:55    5376    -c----w-    c:\windows\system32\dllcache\usbd.sys
2013-10-12 21:12 . 2013-07-03 02:12    25088    -c----w-    c:\windows\system32\dllcache\hidparse.sys
2013-10-12 20:47 . 2013-02-12 00:32    12928    -c----w-    c:\windows\system32\dllcache\usb8023x.sys
2013-10-12 20:35 . 2013-09-23 18:33    12800    -c----w-    c:\windows\system32\dllcache\xpshims.dll
2013-10-12 20:35 . 2013-09-23 18:33    247808    -c----w-    c:\windows\system32\dllcache\ieproxy.dll
2013-10-12 20:34 . 2013-09-23 18:33    743424    -c----w-    c:\windows\system32\dllcache\iedvtool.dll
2013-10-12 20:34 . 2013-09-23 18:33    522240    -c----w-    c:\windows\system32\dllcache\jsdbgui.dll
2013-10-12 19:56 . 2012-01-11 19:06    3072    -c----w-    c:\windows\system32\dllcache\iacenc.dll
2013-10-12 19:56 . 2012-01-11 19:06    3072    ------w-    c:\windows\system32\iacenc.dll
2013-09-26 18:00 . 2013-09-26 18:00    208760    ----a-w-    c:\program files\Internet Explorer\Plugins\nppdf32.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-14 04:44 . 2013-10-13 00:51    240492    ----a-w-    C:\MGlogs.zip
2013-09-23 18:33 . 2007-08-14 01:54    920064    ----a-w-    c:\windows\system32\wininet.dll
2013-09-23 18:33 . 2007-08-14 01:45    1469440    ----a-w-    c:\windows\system32\inetcpl.cpl
2013-09-23 18:33 . 2007-08-14 01:44    43520    ----a-w-    c:\windows\system32\licmgr10.dll
2013-09-23 18:33 . 2008-04-15 03:00    18944    ----a-w-    c:\windows\system32\corpol.dll
2013-09-23 18:06 . 2008-04-15 03:00    385024    ----a-w-    c:\windows\system32\html.iec
2013-08-30 07:47 . 2011-03-01 06:38    229648    ----a-w-    c:\windows\system32\aswBoot.exe
2013-08-29 01:31 . 2008-04-15 03:00    1878656    ----a-w-    c:\windows\system32\win32k.sys
2013-08-09 01:56 . 2008-04-15 03:00    386560    ----a-w-    c:\windows\system32\themeui.dll
2013-08-09 00:55 . 2008-04-14 07:15    144128    ----a-w-    c:\windows\system32\drivers\usbport.sys
2013-08-09 00:55 . 2009-11-16 08:17    32384    ----a-w-    c:\windows\system32\drivers\usbccgp.sys
2013-08-09 00:55 . 2008-04-15 03:00    5376    ----a-w-    c:\windows\system32\drivers\usbd.sys
2013-08-05 13:30 . 2008-04-15 03:00    1289728    ----a-w-    c:\windows\system32\ole32.dll
2013-07-31 19:11 . 2008-04-15 03:00    810496    ----a-w-    c:\windows\system32\wmvdmod.dll
2013-07-29 02:28 . 2013-07-29 02:28    1700352    ----a-w-    c:\windows\system32\gdiplus.dll
2013-07-29 02:28 . 2013-07-29 02:28    1060864    ----a-w-    c:\windows\system32\mfc71.dll
2013-07-19 05:18 . 2013-07-19 05:18    102608    ----a-w-    c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-07-17 00:58 . 2013-07-06 13:34    123008    ----a-w-    c:\windows\system32\drivers\usbvideo.sys
2013-07-17 00:58 . 2013-07-06 13:35    60160    ----a-w-    c:\windows\system32\drivers\usbaudio.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-08-30 07:47    121968    ----a-w-    c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-10-12 5706480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"RTHDCPL"="RTHDCPL.EXE" [2008-12-30 18082304]
"PLFSetL"="c:\windows\PLFSetL.exe" [2007-07-05 94208]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2011-02-26 425984]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1044480]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-15 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-15 455168]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-15 59392]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-15 208952]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-08-30 4858968]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Google Talk (2).lnk - c:\program files\Google\Google Talk\googletalk.exe /startmenu [2007-1-1 3739648]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^ACER^Start Menu^Programs^Startup^setup_9.0.0.722_13.05.2011_18-11.lnk]
path=c:\documents and settings\ACER\Start Menu\Programs\Startup\setup_9.0.0.722_13.05.2011_18-11.lnk
backup=c:\windows\pss\setup_9.0.0.722_13.05.2011_18-11.lnkStartup
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Documents and Settings\\ACER\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\ACER\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [10/14/2013 2:21 PM 12112]
R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [10/14/2013 2:30 PM 204784]
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [10/14/2013 2:29 PM 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [10/14/2013 2:30 PM 177864]
R1 aswFW;avast! TDI Firewall Driver;c:\windows\system32\drivers\aswFW.sys [10/14/2013 2:30 PM 104752]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [10/14/2013 2:30 PM 21576]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [10/14/2013 2:30 PM 770344]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [10/14/2013 2:31 PM 369584]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 12:27 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 5:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [7/11/2012 2:54 PM 116608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10/14/2013 2:31 PM 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [10/14/2013 2:29 PM 66336]
R2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [10/14/2013 2:21 PM 137960]
R2 MBAMScheduler;MBAMScheduler;d:\virus files & programs\Malwarebytes' Anti-Malware\mbamscheduler.exe [3/20/2013 9:08 PM 418376]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [4/16/2011 2:50 PM 22856]
S2 MBAMService;MBAMService;d:\virus files & programs\Malwarebytes' Anti-Malware\mbamservice.exe [4/16/2011 2:51 PM 701512]
S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2/13/2009 9:26 PM 96856]
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 22:57]
.
2013-10-14 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2013-10-14 07:47]
.
2013-10-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-31 20:10]
.
2013-10-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-31 20:10]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://us.yahoo.com?fr=fp-comodo
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{8A187C78-7DDC-4FF1-A768-6A4D707E4D09}: NameServer = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\documents and settings\ACER\Application Data\Mozilla\Firefox\Profiles\q2omiatp.default-1375833072921\
FF - ExtSQL: 2013-10-14 14:22; [email protected]; c:\program files\AVAST Software\Avast\WebRep\FF
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-10-14 18:01
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1952039709-3372901375-602552194-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1952039709-3372901375-602552194-1006\Software\Policies\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (S-1-5-21-1952039709-3372901375-602552194-1006)
@Allowed: (Read) (S-1-5-21-1952039709-3372901375-602552194-1006)
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2060)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2013-10-14  18:06:20
ComboFix-quarantined-files.txt  2013-10-14 22:06
ComboFix2.txt  2013-10-12 06:05
.
Pre-Run: 1,025,667,072 bytes free
Post-Run: 1,383,260,160 bytes free
.
- - End Of File - - B757E27390B786104125CD990308AE1B
99852D5C3A78447C3D6D82B6155FE848
 

 

 



#6 nasdaq

nasdaq

  • Malware Response Team
  • 19,029 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:42 AM

Posted 15 October 2013 - 08:29 AM

Looking better.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please let me know what problem persists.

#7 catladynyc

catladynyc
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:42 AM

Posted 15 October 2013 - 10:59 PM

ok, here it is.

 

Results of screen317's Security Check version 0.99.74  
 Windows XP Service Pack 3 x86   
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
 avast! Internet Security    
 avast! Ad Blocker    
`````````Anti-malware/Other Utilities Check:`````````
 SUPERAntiSpyware     
 Malwarebytes Anti-Malware version 1.75.0.1300  
 CCleaner     
 Adobe Reader XI  
 Mozilla Firefox (24.0)
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes' Anti-Malware mbamscheduler.exe   
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast afwServ.exe  
 AVAST Software Avast avastUI.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 31% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 

the problems with my computer seem the same, however. so maybe it's a problem other than malware...?



#8 nasdaq

nasdaq

  • Malware Response Team
  • 19,029 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:42 AM

Posted 16 October 2013 - 09:24 AM

the problems with my computer seem the same, however. so maybe it's a problem other than malware...?

There were many issues?

Following steps involve registry editing. Please create new restore point before proceeding!!!
How to:
XP - http://support.microsoft.com/kb/948247
Vista and Seven - http://windows.microsoft.com/en-gb/windows7/create-a-restore-point
Windows 8 - http://www.eightforums.com/tutorials/4690-restore-point-create-windows-8-a.html

Download this program to your desktop.
Tweaking.com - Windows Repair 1.9.16
http://www.bleepingcomputer.com/download/windows-repair-all-in-one-portable/


Extract and launch the Repair_Windows.exe file

Click on Start repairs tab-click on Start

check mark following options alone

Reset Registry Permissions
Reset File Permissions
Register System Files
Repair WMI
Repair Windows Firewall
Repair Internet Explorer
Repair MDAC & MS Jet
Repair Hosts File
Remove Policies Set By Infections
Repair Icons
Repair Winsock & DNS Cache
Remove Temp Files
Repair Proxy Settings
Unhide Non System Files
Repair Windows Updates
Repair CD/DVD Missing/Not Working
  • Checkmark Restart System When Finished option
  • click the Start button
  • System should restart after repair
Please let me know what problem persists.

#9 catladynyc

catladynyc
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:42 AM

Posted 26 October 2013 - 11:05 AM

hi. sorry for the long delay. i have done everything but many of the issues still remain, so i guess it's not a malware proble? the main reason i have thought it was a virus was that the sound is messed up, which i was told several years ago was indicative of a virus and when i had my entire hard drive wiped and reinstalled the problem cleared up. i also have a strange problem in that i can't download the latest version of itunes but since now i have been able to finally download flash and avast, it must be an itunes-specific problem. additionally, my computer freezes fairly regularly and sometimes completely crashes from a fatal error (i get the blue screen of death), but again, i guess i should post in a different forum for help with these things. any recommendations? i really appreciate how much you've helped me so far!

#10 nasdaq

nasdaq

  • Malware Response Team
  • 19,029 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:42 AM

Posted 26 October 2013 - 12:52 PM

The Windows XP forum would be a good place to start.
http://www.bleepingcomputer.com/forums/forum56.html




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users