Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

IE8 history fills itself with entries from "ad.helpertrack.com" and other sites


  • This topic is locked This topic is locked
9 replies to this topic

#1 Forzaholland

Forzaholland

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Netherlands
  • Local time:03:10 PM

Posted 09 June 2013 - 02:49 PM

Dear member(s) of BleepingComputer,

 

Lately I have encountered a serious issue with Internet Explorer 8. I believe it started yesterday after solving some online chess puzzles. This is what happens:

 

First I start up Internet Explorer 8. About 20 seconds later, a second "iexplore.exe" process pops up in Windows Task Manager, and 20 seconds later a third process pops up. Once this third process has spawned, the history of IE starts to fill itself with entries from "ad.helpertrack.com" as well as seemingly random other sites. When I manually close down the two newest "iexplore.exe" processes the history stops filling itself and IE works as normal again until it's restarted. 

 

I have run AVG free and used Malwarebytes Anti-Malware, but unfortunately this did not help. The virus scanner nor the anti-malware software come up with anything, while there is clearly something wrong. I believe the issue is related to the following threads on the forums:

 

 

http://www.bleepingcomputer.com/forums/t/495368/odd-behaviour-and-spam-into-favorites/

 

http://www.bleepingcomputer.com/forums/t/495932/mouse-cursor-moved-around-scrren-ie-history-folder-fills-with-adhelpercom/

 

I have followed the steps of the first thread and created the logs in the order Broni suggested. 

 

Security Check:

 

 Results of screen317's Security Check version 0.99.64  
 Windows XP Service Pack 3 x86   
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300  
 CCleaner     
 Java™ 6 Update 33  
 Java version out of Date!
 Adobe Flash Player     11.7.700.202  
 Adobe Reader 9 Adobe Reader out of Date!
 Mozilla Firefox (21.0)
 Google Chrome 27.0.1453.110  
 Google Chrome 27.0.1453.94  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes' Anti-Malware mbamscheduler.exe   
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 6%
````````````````````End of Log``````````````````````
 

 

FSS:

 

Farbar Service Scanner Version: 31-05-2013 01
Ran by Forza (administrator) on 09-06-2013 at 21:32:12
Running from "C:\Documents and Settings\Forza\Local Settings\Temporary Internet Files\Content.IE5\H1TDA2HW"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(3) IPSec(5) NetBT(6) NwlnkIpx(9) NwlnkNb(10) PSched(7) Tcpip(4) Tcpip6(8)
0x0D0000000500000001000000020000000300000004000000080000000B0000000C0000000D0000000600000007000000090000000A000000
IpSec Tag value is correct.

**** End of log ****

 

 

MiniToolBox: 

 

MiniToolBox by Farbar  Version:21-04-2013
Ran by Forza (administrator) on 09-06-2013 at 21:33:32
Running from "C:\Documents and Settings\Forza\Local Settings\Temporary Internet Files\Content.IE5\VQP34CPD"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 0
========================= Hosts content: =================================


0.0.0.0 geo.messenger.services.live.com
0.0.0.0 geo.gateway.messenger.live.com
0.0.0.0 ad.helpertrack.com

127.0.0.1 mpa.one.microsoft.com
127.0.0.1 nwmaster.bioware.com

========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Local Area Connection (Connected)
Hamachi Network Interface = Hamachi (Connected)


# ----------------------------------
# Interface IP Configuration         
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Hamachi"

set address name="Hamachi" source=dhcp
set dns name="Hamachi" source=dhcp register=NONE
set wins name="Hamachi" source=dhcp

# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



        Host Name . . . . . . . . . . . . : gerlach

        Primary Dns Suffix  . . . . . . . :

        Node Type . . . . . . . . . . . . : Unknown

        IP Routing Enabled. . . . . . . . : No

        WINS Proxy Enabled. . . . . . . . : No

        DNS Suffix Search List. . . . . . : lan



Ethernet adapter Hamachi:



        Connection-specific DNS Suffix  . :

        Description . . . . . . . . . . . : Hamachi Network Interface

        Physical Address. . . . . . . . . : 7A-79-19-8D-60-F9

        Dhcp Enabled. . . . . . . . . . . : Yes

        Autoconfiguration Enabled . . . . : No

        IP Address. . . . . . . . . . . . : 25.141.96.249

        Subnet Mask . . . . . . . . . . . : 255.0.0.0

        IP Address. . . . . . . . . . . . : 2620:9b::198d:60f9

        IP Address. . . . . . . . . . . . : fe80::7879:19ff:fe8d:60f9%4

        Default Gateway . . . . . . . . . : 2620:9b::500:1

                                            2620:9b::1900:1

        DHCP Server . . . . . . . . . . . : 25.0.0.1

        DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%2

                                            fec0:0:0:ffff::2%2

                                            fec0:0:0:ffff::3%2

        Lease Obtained. . . . . . . . . . : zondag 9 juni 2013 21:33:33

        Lease Expires . . . . . . . . . . : zondag 9 juni 2013 21:37:48



Ethernet adapter Local Area Connection:



        Connection-specific DNS Suffix  . : lan

        Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller

        Physical Address. . . . . . . . . : 00-24-1D-CE-48-49

        Dhcp Enabled. . . . . . . . . . . : Yes

        Autoconfiguration Enabled . . . . : Yes

        IP Address. . . . . . . . . . . . : 192.168.0.104

        Subnet Mask . . . . . . . . . . . : 255.255.255.0

        IP Address. . . . . . . . . . . . : fe80::224:1dff:fece:4849%5

        Default Gateway . . . . . . . . . : 192.168.0.1

        DHCP Server . . . . . . . . . . . : 192.168.0.1

        DNS Servers . . . . . . . . . . . : 192.168.0.1

                                            fec0:0:0:ffff::1%1

                                            fec0:0:0:ffff::2%1

                                            fec0:0:0:ffff::3%1

        Lease Obtained. . . . . . . . . . : zondag 9 juni 2013 21:01:48

        Lease Expires . . . . . . . . . . : dinsdag 19 januari 2038 5:14:07



Tunnel adapter Teredo Tunneling Pseudo-Interface:



        Connection-specific DNS Suffix  . :

        Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface

        Physical Address. . . . . . . . . : FF-FF-FF-FF-FF-FF-FF-FF

        Dhcp Enabled. . . . . . . . . . . : No

        IP Address. . . . . . . . . . . . : fe80::ffff:ffff:fffd%6

        Default Gateway . . . . . . . . . :

        NetBIOS over Tcpip. . . . . . . . : Disabled



Tunnel adapter Automatic Tunneling Pseudo-Interface:



        Connection-specific DNS Suffix  . :

        Description . . . . . . . . . . . : Automatic Tunneling Pseudo-Interface

        Physical Address. . . . . . . . . : 19-8D-60-F9

        Dhcp Enabled. . . . . . . . . . . : No

        IP Address. . . . . . . . . . . . : fe80::5efe:25.141.96.249%2

        Default Gateway . . . . . . . . . :

        DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%2

                                            fec0:0:0:ffff::2%2

                                            fec0:0:0:ffff::3%2

        NetBIOS over Tcpip. . . . . . . . : Disabled



Tunnel adapter Automatic Tunneling Pseudo-Interface:



        Connection-specific DNS Suffix  . : lan

        Description . . . . . . . . . . . : Automatic Tunneling Pseudo-Interface

        Physical Address. . . . . . . . . : C0-A8-00-68

        Dhcp Enabled. . . . . . . . . . . : No

        IP Address. . . . . . . . . . . . : fe80::5efe:192.168.0.104%2

        Default Gateway . . . . . . . . . :

        DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1

                                            fec0:0:0:ffff::2%1

                                            fec0:0:0:ffff::3%1

        NetBIOS over Tcpip. . . . . . . . : Disabled

DNS request timed out.
    timeout was 2 seconds.
Server:  UnKnown
Address:  192.168.0.1

Name:    google.com
Addresses:  173.194.66.100, 173.194.66.113, 173.194.66.102, 173.194.66.138
      173.194.66.139, 173.194.66.101



Pinging google.com [173.194.66.139] with 32 bytes of data:



Reply from 173.194.66.139: bytes=32 time=26ms TTL=48

Reply from 173.194.66.139: bytes=32 time=24ms TTL=48



Ping statistics for 173.194.66.139:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 24ms, Maximum = 26ms, Average = 25ms

DNS request timed out.
    timeout was 2 seconds.
Server:  UnKnown
Address:  192.168.0.1

Name:    yahoo.com
Addresses:  206.190.36.45, 98.138.253.109, 98.139.183.24



Pinging yahoo.com [206.190.36.45] with 32 bytes of data:



Reply from 206.190.36.45: bytes=32 time=184ms TTL=48

Reply from 206.190.36.45: bytes=32 time=179ms TTL=48



Ping statistics for 206.190.36.45:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 179ms, Maximum = 184ms, Average = 181ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...7a 79 19 8d 60 f9 ...... Hamachi Network Interface
0x3 ...00 24 1d ce 48 49 ...... Realtek PCIe GBE Family Controller - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1   192.168.0.104      20
         25.0.0.0        255.0.0.0    25.141.96.249   25.141.96.249      20
    25.141.96.249  255.255.255.255        127.0.0.1       127.0.0.1      20
   25.255.255.255  255.255.255.255    25.141.96.249   25.141.96.249      20
      81.30.148.6  255.255.255.255      192.168.0.1   192.168.0.104      20
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1      1
      192.168.0.0    255.255.255.0    192.168.0.104   192.168.0.104      20
    192.168.0.104  255.255.255.255        127.0.0.1       127.0.0.1      20
    192.168.0.255  255.255.255.255    192.168.0.104   192.168.0.104      20
        224.0.0.0        240.0.0.0    25.141.96.249   25.141.96.249      20
        224.0.0.0        240.0.0.0    192.168.0.104   192.168.0.104      20
  255.255.255.255  255.255.255.255    25.141.96.249   25.141.96.249      1
  255.255.255.255  255.255.255.255    192.168.0.104   192.168.0.104      1
Default Gateway:       192.168.0.1
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\system32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\system32\nwprovau.dll [142336] (Microsoft Corporation)
Catalog9 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 20 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 21 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 22 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 23 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 24 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 25 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 26 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 27 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 28 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 29 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (06/08/2013 03:42:17 PM) (Source: Application Hang) (User: )
Description: Hanging application regedit.exe, version 5.1.2600.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (06/07/2013 08:20:44 PM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (06/07/2013 08:20:44 PM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (06/02/2013 06:28:45 PM) (Source: Application Error) (User: )
Description: Faulting application pcm.exe, version 1.0.0.8, faulting module pcm.exe, version 1.0.0.8, fault address 0x00287d6f.
Processing media-specific event for [pcm.exe!ws!]

Error: (06/02/2013 05:03:39 PM) (Source: Application Error) (User: )
Description: Faulting application pcm.exe, version 1.0.0.8, faulting module pcm.exe, version 1.0.0.8, fault address 0x00287d6f.
Processing media-specific event for [pcm.exe!ws!]

Error: (06/01/2013 01:23:19 PM) (Source: Application Error) (User: )
Description: Faulting application pcm.exe, version 1.0.0.8, faulting module pcm.exe, version 1.0.0.8, fault address 0x0012388a.
Processing media-specific event for [pcm.exe!ws!]

Error: (05/29/2013 09:43:40 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (05/26/2013 07:58:42 PM) (Source: Application Error) (User: )
Description: Faulting application pcm.exe, version 1.0.0.8, faulting module pcm.exe, version 1.0.0.8, fault address 0x00287d6f.
Processing media-specific event for [pcm.exe!ws!]

Error: (05/25/2013 02:06:02 PM) (Source: Application Error) (User: )
Description: Faulting application pcm.exe, version 1.0.0.8, faulting module pcm.exe, version 1.0.0.8, fault address 0x003ac70f.
Processing media-specific event for [pcm.exe!ws!]

Error: (05/25/2013 02:04:42 PM) (Source: Application Error) (User: )
Description: Faulting application pcm.exe, version 1.0.0.8, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x00011689.
Processing media-specific event for [pcm.exe!ws!]


System errors:
=============
Error: (06/09/2013 09:03:21 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the nvsvc service.

Error: (06/09/2013 08:25:11 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the nvsvc service.

Error: (06/09/2013 01:12:58 PM) (Source: 0) (User: )
Description: \Device\LanmanDatagramReceiverKEESNetBT_Tcpip_{85696BCC-FC5E-4EA3-A5D9

Error: (06/09/2013 10:49:33 AM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the nvsvc service.

Error: (06/08/2013 09:57:51 PM) (Source: 0) (User: )
Description: \Device\LanmanDatagramReceiverKEESNetBT_Tcpip_{85696BCC-FC5E-4EA3-A5D9

Error: (06/08/2013 04:22:15 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the nvsvc service.

Error: (06/08/2013 02:28:11 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the nvsvc service.

Error: (06/08/2013 00:29:01 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the nvsvc service.

Error: (06/08/2013 10:19:26 AM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the nvsvc service.

Error: (06/07/2013 07:31:46 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the nvsvc service.


Microsoft Office Sessions:
=========================
Error: (06/08/2013 03:42:17 PM) (Source: Application Hang)(User: )
Description: regedit.exe5.1.2600.5512hungapp0.0.0.000000000

Error: (06/07/2013 08:20:44 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (06/07/2013 08:20:44 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (06/02/2013 06:28:45 PM) (Source: Application Error)(User: )
Description: pcm.exe1.0.0.8pcm.exe1.0.0.800287d6f

Error: (06/02/2013 05:03:39 PM) (Source: Application Error)(User: )
Description: pcm.exe1.0.0.8pcm.exe1.0.0.800287d6f

Error: (06/01/2013 01:23:19 PM) (Source: Application Error)(User: )
Description: pcm.exe1.0.0.8pcm.exe1.0.0.80012388a

Error: (05/29/2013 09:43:40 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (05/26/2013 07:58:42 PM) (Source: Application Error)(User: )
Description: pcm.exe1.0.0.8pcm.exe1.0.0.800287d6f

Error: (05/25/2013 02:06:02 PM) (Source: Application Error)(User: )
Description: pcm.exe1.0.0.8pcm.exe1.0.0.8003ac70f

Error: (05/25/2013 02:04:42 PM) (Source: Application Error)(User: )
Description: pcm.exe1.0.0.8ntdll.dll5.1.2600.605500011689


=========================== Installed Programs ============================

µTorrent (Version: 2.0.2)
Aangifte inkomstenbelasting 2010
Aangifte inkomstenbelasting 2011
Aangifte inkomstenbelasting 2012
Adobe Flash Player 11 ActiveX (Version: 11.5.502.110)
Adobe Flash Player 11 Plugin (Version: 11.7.700.202)
Adobe Photoshop 7.0 (Version: 7.0)
Adobe Reader 9.3 (Version: 9.3.0)
Age of Wonders Shadow Magic
Borderlands 2
Canon MP520 series
CCleaner (Version: 3.12)
Chess Mentor 3.0 (Version: 3.0)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
CPUID HWMonitor 1.16
Deep Shredder 12 (Version: 12.0.0)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dungeon Siege Legends of Aranna
Dungeons & Dragons Online ®:  Eberron Unlimited ™ v01.11.00.812 (Version: 01.11.00.8122)
DYNASTY WARRIORS 6 (Version: 1.00.0000)
Dynasty Warriors 6 (Version: 1.00.0000)
EPSON Scan
EpsonNet Print (Version: 2.6.0)
GameCenter
Google Chrome Frame (Version: 27.0.1453.110)
Google Talk (remove only)
Google Update Helper (Version: 1.3.21.145)
Heroes of Might and Magic V Collector Edition
High Definition Audio Driver Package - KB888111 (Version: 20040219.000000)
IrfanView (remove only) (Version: 4.27)
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 33 (Version: 6.0.330)
L.A. Noire (Version: 1.00.0000)
Logic3 PC PowerPad (JP283) (Version: V1.0)
LogMeIn Hamachi (Version: 2.1.0.284)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2742597)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Games for Windows - LIVE (Version: 3.2.217.0)
Microsoft Games for Windows - LIVE Redistributable (Version: 3.1.99.0)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft Software Update for Web Folders  (English) 14 (Version: 14.0.6029.1000)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
MioMore Desktop 7.50 (Version: 7.50.0109.128)
Mozilla Firefox 21.0 (x86 nl) (Version: 21.0)
Mozilla Maintenance Service (Version: 21.0)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
NVIDIA Control Panel 285.58 (Version: 285.58)
NVIDIA Display Control Panel (Version: 6.14.12.5721)
NVIDIA Graphics Driver 285.58 (Version: 285.58)
NVIDIA Install Application (Version: 2.1002.46.235)
NVIDIA nView 135.95 (Version: 135.95)
NVIDIA nView Desktop Manager (Version: 6.14.10.13518)
NVIDIA PhysX (Version: 9.11.0621)
NVIDIA PhysX System Software 9.11.0621 (Version: 9.11.0621)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
Printer EPSON XP-205 207 Series verwijderen
Pro Cycling Manager - Saison 2006
Pro Cycling Manager - Season 2012 version 1.2.0.0 (Version: 1.2.0.0)
Pro Evolution Soccer 5 (Version: 1.00.0000)
Python 2.7 matplotlib-1.2.0
Python 2.7 NLopt-2.2.4
Python 2.7 numpy-1.6.1
Python 2.7 pysparse-1.1.1
Python 2.7 scipy-0.10.1
Python 2.7 setuptools-0.6c11
Python 2.7.3 (Version: 2.7.3150)
R for Windows 3.0.0 (Version: 3.0.0)
REALTEK GbE & FE Ethernet PCI-E NIC Driver (Version: 1.35.0000)
Realtek High Definition Audio Driver (Version: 5.10.0.6482)
RoadRash
Rockstar Games Social Club (Version: 1.0.5.0)
Segoe UI (Version: 14.0.4327.805)
Skype™ 6.3 (Version: 6.3.107)
SopCast 3.2.9 (Version: 3.2.9)
System Requirements Lab for Intel (Version: 4.4.24.0)
TeamSpeak 3 Client
TeX Live 2009 (Version: 2009)
TeXnicCenter Version 1.0 Stable RC1 (Version: Version 1.0 Stable RC1)
The Witcher 2 - Assassins of Kings Enhanced Edition
TortoiseHg 2.6.2 (x86) (Version: 2.6.2)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Update for Windows Internet Explorer 8 (KB2447568) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows Internet Explorer 8 (KB980182) (Version: 1)
Update for Windows Internet Explorer 8 (KB982632) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2616676-v2) (Version: 2)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB961503) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Update for Windows XP (KB980182) (Version: 1)
VLC media player 1.1.11 (Version: 1.1.11)
WebFldrs XP (Version: 9.50.7523)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Grep 2.3
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live - Hulpprogramma voor uploaden (Version: 14.0.8014.1029)
Windows Live aanmeldhulp (Version: 5.000.818.5)
Windows Live Call (Version: 14.0.8117.0416)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live Messenger (Version: 14.0.8117.0416)
Windows Media Format 11 runtime
Windows XP Service Pack 3 (Version: 20080414.031525)
WinRAR archiver
XML Paper Specification Shared Components Pack 1.0

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 48%
Total physical RAM: 2046.42 MB
Available physical RAM: 1055.98 MB
Total Pagefile: 3938.68 MB
Available Pagefile: 3109.41 MB
Total Virtual: 2047.88 MB
Available Virtual: 1969.75 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:232.75 GB) (Free:47.93 GB) NTFS
3 Drive d: () (Fixed) (Total:146.73 GB) (Free:109.18 GB) NTFS
4 Drive e: (Muziek) (Fixed) (Total:118.16 GB) (Free:48.03 GB) NTFS
5 Drive f: (BACKUP) (Fixed) (Total:33.14 GB) (Free:32.61 GB) FAT32

========================= Users: ========================================

User accounts for \\GERLACH

Administrator            ASPNET                   Forza                    
Guest                    HelpAssistant            SUPPORT_388945a0         


**** End of log ****
 

Malwarebytes Anti-Malware:

 

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.06.09.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Forza :: GERLACH [administrator]

Protection: Enabled

9-6-2013 21:35:05
mbam-log-2013-06-09 (21-35-05).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 200653
Time elapsed: 5 minute(s), 38 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 

Malwarebytes Anti-Rootkit (system-log + mbar-log-....)

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.0.1003

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

Java version: 1.6.0_33

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED, F:\ DRIVE_FIXED
CPU speed: 2.666000 GHz
Memory total: 2145824768, free: 1035702272

Downloaded database version: v2013.06.09.04
Downloaded database version: v2013.05.22.01
Initializing...
DDA Driver installation error.
=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.0.1003

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

Java version: 1.6.0_33

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED, F:\ DRIVE_FIXED
CPU speed: 2.666000 GHz
Memory total: 2145824768, free: 1217445888

Initializing...
------------ Kernel report ------------
     06/09/2013 21:51:23
------------ Loaded modules -----------
\WINDOWS\system32\ntkrnlpa.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
spwy.sys
\WINDOWS\System32\Drivers\WMILIB.SYS
\WINDOWS\System32\Drivers\SCSIPORT.SYS
ACPI.sys
pci.sys
isapnp.sys
sfsync04.sys
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
VolSnap.sys
atapi.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
KSecDD.sys
WudfPf.sys
Ntfs.sys
NDIS.sys
sfvfs02.sys
sfhlp02.sys
sfdrv01a.sys
sfdrv01.sys
Mup.sys
\SystemRoot\system32\DRIVERS\tunmp.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\nv4_mini.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\Rtenicxp.sys
\SystemRoot\system32\DRIVERS\fdc.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\System32\Drivers\azwpn342.SYS
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\hamachi.sys
\SystemRoot\system32\DRIVERS\rdpdr.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\drivers\RtkHDAud.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\flpydisk.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\DRIVERS\tcpip6.sys
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ip6fw.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\Drivers\Fastfat.SYS
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\nv4_disp.dll
\SystemRoot\System32\ATMFD.DLL
\??\C:\WINDOWS\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\nwlnkipx.sys
\SystemRoot\system32\DRIVERS\nwlnknb.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\system32\DRIVERS\nwlnkspx.sys
\SystemRoot\system32\DRIVERS\mrxdav.sys
\SystemRoot\System32\Drivers\ParVdm.SYS
\??\C:\WINDOWS\system32\drivers\cpuz133_x32.sys
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\ipfltdrv.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\system32\drivers\kmixer.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys
\WINDOWS\system32\ntdll.dll
\Program Files\DAEMON Tools Lite\Engine.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xffffffff8a8efab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP2T0L0-1f\
Lower Device Object: 0xffffffff8a8f1940
Lower Device Driver Name: \Driver\atapi\
IRP handler 0 of \Driver\atapi is hooked
IRP handler 2 of \Driver\atapi is hooked
IRP handler 14 of \Driver\atapi is hooked
IRP handler 15 of \Driver\atapi points to an unknown module
Unhooking enabled.
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xffffffff8a8efab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP2T0L0-1f\
Lower Device Object: 0xffffffff8a8f1940
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
Initialization returned 0x0
Load Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8a8b9ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP3T1L0-7\
Lower Device Object: 0xffffffff8a8f3d98
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
<<<2>>>
Device number: 1, partition: 1
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffffff8a8efab8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a95fe08, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a8efab8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a8bf948, DeviceName: \Device\0000007d\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff8a8f1940, DeviceName: \Device\Ide\IdeDeviceP2T0L0-1f\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0xffffffffe5492988, 0xffffffff8a8efab8, 0xffffffff894a1040
Lower DeviceData: 0xffffffffe15e0a50, 0xffffffff8a8f1940, 0xffffffff8911fa40
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
Device number: 1, partition: 1
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\system32\drivers...
<<<2>>>
Device number: 1, partition: 1
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
File user open failed: C:\WINDOWS\system32\drivers\sptd.sys (0x00000020)
Done!
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8a8b9ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a9983e8, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a8b9ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a9060a8, DeviceName: \Device\0000007b\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff8a8f3d98, DeviceName: \Device\Ide\IdeDeviceP3T1L0-7\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0xffffffffe2734d88, 0xffffffff8a8b9ab8, 0xffffffff88f4e218
Lower DeviceData: 0xffffffffe15ef478, 0xffffffff8a8f3d98, 0xffffffff89a4fe28
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: A45F79E2

Partition information:

    Partition 0 type is Extended with LBA (0xf)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 307709010  Numsec = 317428335

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63  Numsec = 307708947

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 320071851520 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-625120335-625140335)...
Done!
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 875F875F

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63  Numsec = 488102832
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 249923032064 bytes
Sector size: 512 bytes

Done!
Scan finished
=======================================


Removal queue found; removal started
Removing c:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...
Removing c:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...
Removing c:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\mbr_1_i.mbam...
Removing c:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\bootstrap_1_0_63_i.mbam...
Removing c:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\mbr_1_r.mbam...
Removal finished
 

Malwarebytes Anti-Rootkit BETA 1.06.0.1003
www.malwarebytes.org

Database version: v2013.06.09.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Forza :: GERLACH [administrator]

9-6-2013 21:51:28
mbar-log-2013-06-09 (21-51-28).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | Deep Anti-Rootkit Scan | PUM | P2P
Scan options disabled: PUP
Objects scanned: 201610
Time elapsed: 17 minute(s), 56 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

 

 

rKill:

 

Rkill 2.5.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 06/09/2013 10:17:37 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Reparse Point/Junctions Found (Most likely legitimate)!

     * C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a => C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492 [Dir]
     * C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler\v4.0_4.0.0.0__31bf3856ad364e35 => C:\WINDOWS\WinSxS\MSIL_Microsoft.Workflow.Compiler_31bf3856ad364e35_4.0.0.0_x-ww_97359ba5 [Dir]

Checking Windows Service Integrity:

 * No issues found.

Searching for Missing Digital Signatures:

 * C:\WINDOWS\System32\drivers\mqac.sys [NoSig]
 +-> C:\WINDOWS\$hf_mig$\KB971032\SP2QFE\mqac.sys : 91.776 : 06/22/2009 01:30 PM : 9229e191fe206628be17d1e67a5faed9 [Pos Repl]
 +-> C:\WINDOWS\$NtUninstallKB971032$\mqac.sys : 72.960 : 08/04/2004 02:00 PM : db07b0088cdfd20c2a22e675120ede34 [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\mqac.sys : 92.544 : 04/13/2008 08:39 PM : 70c14f5cca5cf73f8a645c73a01d8726 [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\mqac.sys : 91.776 : 06/22/2009 01:48 PM : eee50bf24caeedb515a8f3b22756d3bb [Pos Repl]

Checking HOSTS File:

 * HOSTS file entries found:

  127.0.0.1 mpa.one.microsoft.com
  127.0.0.1 nwmaster.bioware.com
  0.0.0.0 geo.messenger.services.live.com
  0.0.0.0 geo.gateway.messenger.live.com
  0.0.0.0 ad.helpertrack.com

Program finished at: 06/09/2013 10:18:42 PM
Execution time: 0 hours(s), 1 minute(s), and 5 seconds(s)
 

 

 

 

 

Note that I added the line "0.0.0.0 ad.helpertrack.com" to the hosts file myself; but it did not help.

 

I would really appreciate your assistance in tackling this problem.

 

Yours sincerely,

 

Forza


Edited by Forzaholland, 09 June 2013 - 03:19 PM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:10 AM

Posted 09 June 2013 - 07:33 PM

Hello Go to Control Panel, Add/Remove
Uninstall these
Adobe Reader 9.3 (Version: 9.3.0
Java™ 6 Update 33

 

Reboot

 

Please download AdwCleaner by Xplode onto your desktop.
Close all open programs and internet browsers.
Double click on adwcleaner.exe to run the tool.
Click on Delete.
Confirm each time with Ok.
You will be prompted to restart your computer. A text file will open after the restart.
Please post the contents of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Forzaholland

Forzaholland
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Netherlands
  • Local time:03:10 PM

Posted 10 June 2013 - 10:59 AM

Thanks for your reply!

 

I've deleted the two programs and run AdwCleaner. The problem still occurs.

 

Note that prior to the creation of this log I have run AdwCleaner yesterday. I'm posting that log too for sake of completeness.

 

Today's log:

 

# AdwCleaner v2.303 - Logfile created 06/10/2013 at 17:50:11
# Updated 08/06/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Forza - GERLACH
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Forza\Desktop\AdwCleaner(1).exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\14919ea49a8f3b4aa3cf1058d9a64cec

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v21.0 (nl)

File : C:\Documents and Settings\Forza\Application Data\Mozilla\Firefox\Profiles\60670lbd.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1322 octets] - [09/06/2013 20:58:25]
AdwCleaner[R2].txt - [1382 octets] - [09/06/2013 20:58:46]
AdwCleaner[S1].txt - [1456 octets] - [09/06/2013 20:59:47]
AdwCleaner[S2].txt - [941 octets] - [10/06/2013 17:50:11]

########## EOF - C:\AdwCleaner[S2].txt - [1000 octets] ##########
 

 

This is the log from yesterday:

 

# AdwCleaner v2.303 - Logfile created 06/09/2013 at 20:59:47
# Updated 08/06/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Forza - GERLACH
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Forza\My Documents\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\SOFTWARE\14919ea49a8f3b4aa3cf1058d9a64cec
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\Software\Conduit

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v21.0 (nl)

File : C:\Documents and Settings\Forza\Application Data\Mozilla\Firefox\Profiles\60670lbd.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1322 octets] - [09/06/2013 20:58:25]
AdwCleaner[R2].txt - [1382 octets] - [09/06/2013 20:58:46]
AdwCleaner[S1].txt - [1327 octets] - [09/06/2013 20:59:47]

########## EOF - C:\AdwCleaner[S1].txt - [1387 octets] ##########


Edited by Forzaholland, 10 June 2013 - 11:06 AM.


#4 Forzaholland

Forzaholland
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Netherlands
  • Local time:03:10 PM

Posted 13 June 2013 - 07:20 AM

Note - I've installed Adobe Reader 11.0 in the meanwhile, need to use a pdf reader for my work.



#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:10 AM

Posted 13 June 2013 - 10:16 AM

That's good ..We were going to install the latest for each if you wanted them.. I just usually do it at the end.

Lets reset the Hosts file back to the default, I think it's Hijacked and see. Use the Fix It in the link.


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 Forzaholland

Forzaholland
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Netherlands
  • Local time:03:10 PM

Posted 13 June 2013 - 11:25 AM

I've added all those 5 links in the hosts files myself, so it's not hijacked.

 

For the time being, though, I have reset the hosts file to default. I did, however, readd one line which I cannot leave out.

 

The hosts file does not seem to be the cause of the problem; it still occurs.


Edited by Forzaholland, 13 June 2013 - 11:31 AM.


#7 Forzaholland

Forzaholland
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Netherlands
  • Local time:03:10 PM

Posted 13 June 2013 - 11:46 AM

Oh, funny, Malwarebytes Anti-Malware is catching an IP now while I have internet explorer opened.

 

2013/06/13 18:31:41 +0200    GERLACH    Forza    IP-BLOCK    80.82.70.145 (Type: outgoing)
2013/06/13 18:31:44 +0200    GERLACH    Forza    IP-BLOCK    80.82.70.145 (Type: outgoing)
2013/06/13 18:31:50 +0200    GERLACH    Forza    IP-BLOCK    80.82.70.145 (Type: outgoing)
 

This IP seems to be related to the site "adstatistics.org" according to http://webtarantula.com/www/adstatistics.org



#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:10 AM

Posted 13 June 2013 - 01:21 PM

I think we are going to need a deeper look to find this malware.
Since we are not getting t , we need stronger tools.

We'll need a new topic.

Please follow the instructions in ==>This Guide<== starting at step 6.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<==

Let me know if that went well.

Edited by boopme, 13 June 2013 - 01:22 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 Forzaholland

Forzaholland
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Netherlands
  • Local time:03:10 PM

Posted 13 June 2013 - 02:20 PM

I did what you asked. Here is the link to the new topic:

 

http://www.bleepingcomputer.com/forums/t/497967/ie8-history-fills-itself-with-entries-from-adhelpertrackcom-and-other-sites/



#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:10 AM

Posted 13 June 2013 - 08:31 PM

Thank you...

Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.
From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.
Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRL Team member is already assisting you and not open the thread to respond.
The current wait time is 1 - 2 days and ALL logs are answered.
If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.
To avoid confusion, I am closing this topic.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users