Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Persistent virus detection - Trojan Horse


  • Please log in to reply
13 replies to this topic

#1 ro93031

ro93031

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:06 PM

Posted 09 September 2013 - 02:47 PM

Running Win XP Home

Google Chrome,

Avast free antivirus,

 

Trojan Horse Blocked, 

Infection - HTML:HideMe-D [Trj],

 

Keeps occuring during Chrome/email.

Nuisance

 

Help appreciated.

 

 

 



BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,735 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:06 PM

Posted 09 September 2013 - 06:54 PM

Welcome aboard p22002758.gif

 

p22002970.gif Download Security Check from here or here and save it to your Desktop.

  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.

p22002970.gif Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


p22002970.gif Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (do NOT change any settings here)
  • List Users, Partitions and Memory size

Click Go and post the result.

p22002970.gif Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

p22002970.gifDownload Malwarebytes Anti-Rootkit from HERE to your Desktop.
  • Unzip downloaded file.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • DO NOT click on the Cleanup button. Simply exit the program.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt


p22002970.gif Please download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.


If normal mode still doesn't work, run the tool from safe mode.

When the scan is done Notepad will open with rKill log.
Post it in your next reply.

NOTE. rKill.txt log will also be present on your desktop.

NOTE Do NOT wrap your logs in "quote" or "code" brackets.


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 ro93031

ro93031
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:06 PM

Posted 10 September 2013 - 02:41 PM

  Results of screen317's Security Check version 0.99.73  

 Windows XP Service Pack 3 x86   
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
 avast! Free Antivirus    
`````````Anti-malware/Other Utilities Check:````````` 
 Java™ 6 Update 24  
 Java version out of Date! 
 Adobe Flash Player 11.8.800.94  
````````Process Check: objlist.exe by Laurent````````  
 IObit IObit Malware Fighter IMFsrv.exe  
 IObit IObit Malware Fighter IMF.exe  
 Alwil Software Avast5 AvastSvc.exe  
 Alwil Software Avast5 avastUI.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C::  
````````````````````End of Log`````````````````````` 


#4 ro93031

ro93031
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:06 PM

Posted 10 September 2013 - 02:42 PM

Farbar Service Scanner Version: 05-09-2013
Ran by Richard (administrator) on 10-09-2013 at 13:05:06
Running from "C:\Documents and Settings\Richard\My Documents\Downloads"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
"HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall" registry value does not exist.
 
 
System Restore:
============
 
System Restore Disabled Policy: 
========================
 
 
Security Center:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Other Services:
==============
 
 
File Check:
========
C:\WINDOWS2\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS2\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS2\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS2\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS2\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS2\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS2\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS2\system32\netman.dll => MD5 is legit
C:\WINDOWS2\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS2\system32\srsvc.dll => MD5 is legit
C:\WINDOWS2\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS2\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS2\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS2\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS2\system32\qmgr.dll => MD5 is legit
C:\WINDOWS2\system32\es.dll => MD5 is legit
C:\WINDOWS2\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS2\system32\svchost.exe => MD5 is legit
C:\WINDOWS2\system32\rpcss.dll => MD5 is legit
C:\WINDOWS2\system32\services.exe => MD5 is legit
 
Extra List:
=======
aswTdi(8) Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4) 
0x09000000050000000100000002000000030000000400000009000000080000000600000007000000
IpSec Tag value is correct.
 
**** End of log ****


#5 ro93031

ro93031
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:06 PM

Posted 10 September 2013 - 02:43 PM

MiniToolBox by Farbar  Version: 13-07-2013
Ran by Richard (administrator) on 10-09-2013 at 13:09:20
Running from "C:\Documents and Settings\Richard\My Documents\Downloads"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
========================= FF Proxy Settings: ============================== 
 
========================= Hosts content: =================================
 
127.0.0.1       search.babylon.com
127.0.0.1       localhost
127.0.0.1       search.babylon.com
 
========================= IP Configuration: ================================
 
Realtek RTL8139 Family PCI Fast Ethernet NIC = Local Area Connection 2 (Connected)
1394 Net Adapter = 1394 Connection (Connected)
Realtek RTL8139 Family PCI Fast Ethernet NIC = Local Area Connection (Media disconnected)
 
 
# ---------------------------------- 
# Interface IP Configuration         
# ---------------------------------- 
pushd interface ip
 
 
# Interface IP Configuration for "Local Area Connection 2"
 
set address name="Local Area Connection 2" source=dhcp 
set dns name="Local Area Connection 2" source=dhcp register=PRIMARY
set wins name="Local Area Connection 2" source=dhcp
 
# Interface IP Configuration for "Local Area Connection"
 
set address name="Local Area Connection" source=dhcp 
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp
 
 
popd
# End of interface IP configuration
 
 
Windows IP Configuration        Host Name . . . . . . . . . . . . : richard-4y8d6rh        Primary Dns Suffix  . . . . . . . :         Node Type . . . . . . . . . . . . : Unknown        IP Routing Enabled. . . . . . . . : No        WINS Proxy Enabled. . . . . . . . : NoEthernet adapter Local Area Connection 2:        Connection-specific DNS Suffix  . :         Description . . . . . . . . . . . : Realtek RTL8139 Family PCI Fast Ethernet NIC #2        Physical Address. . . . . . . . . : 00-14-D1-16-2B-D8        Dhcp Enabled. . . . . . . . . . . : Yes        Autoconfiguration Enabled . . . . : Yes        IP Address. . . . . . . . . . . . : 192.168.1.64        Subnet Mask . . . . . . . . . . . : 255.255.255.0        Default Gateway . . . . . . . . . : 192.168.1.254        DHCP Server . . . . . . . . . . . : 192.168.1.254        DNS Servers . . . . . . . . . . . : 192.168.1.254        Lease Obtained. . . . . . . . . . : Tuesday, September 10, 2013 10:12:46 AM        Lease Expires . . . . . . . . . . : Wednesday, September 11, 2013 10:12:46 AMEthernet adapter Local Area Connection:        Media State . . . . . . . . . . . : Media disconnected        Description . . . . . . . . . . . : Realtek RTL8139 Family PCI Fast Ethernet NIC        Physical Address. . . . . . . . . : 00-13-D4-CA-4E-51DNS request timed out.
    timeout was 2 seconds.
Server:  UnKnown
Address:  192.168.1.254
 
Name:    google.com
Addresses:  74.125.140.113, 74.125.140.102, 74.125.140.101, 74.125.140.138
 74.125.140.100, 74.125.140.139
 
Pinging google.com [74.125.139.113] with 32 bytes of data:Reply from 74.125.139.113: bytes=32 time=19ms TTL=46Reply from 74.125.139.113: bytes=32 time=23ms TTL=46Ping statistics for 74.125.139.113:    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds:    Minimum = 19ms, Maximum = 23ms, Average = 21msDNS request timed out.
    timeout was 2 seconds.
Server:  UnKnown
Address:  192.168.1.254
 
Name:    yahoo.com
Addresses:  206.190.36.45, 98.139.183.24, 98.138.253.109
 
Pinging yahoo.com [98.138.253.109] with 32 bytes of data:Reply from 98.138.253.109: bytes=32 time=100ms TTL=47Reply from 98.138.253.109: bytes=32 time=102ms TTL=47Ping statistics for 98.138.253.109:    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds:    Minimum = 100ms, Maximum = 102ms, Average = 101msPinging 127.0.0.1 with 32 bytes of data:Reply from 127.0.0.1: bytes=32 time<1ms TTL=64Reply from 127.0.0.1: bytes=32 time<1ms TTL=64Ping statistics for 127.0.0.1:    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds:    Minimum = 0ms, Maximum = 0ms, Average = 0ms===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 14 d1 16 2b d8 ...... Realtek RTL8139 Family PCI Fast Ethernet NIC #2 - Packet Scheduler Miniport
0x3 ...00 13 d4 ca 4e 51 ...... Realtek RTL8139 Family PCI Fast Ethernet NIC - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0    192.168.1.254    192.168.1.64  20
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1  1
      192.168.1.0    255.255.255.0     192.168.1.64    192.168.1.64  20
     192.168.1.64  255.255.255.255        127.0.0.1       127.0.0.1  20
    192.168.1.255  255.255.255.255     192.168.1.64    192.168.1.64  20
        224.0.0.0        240.0.0.0     192.168.1.64    192.168.1.64  20
  255.255.255.255  255.255.255.255     192.168.1.64    192.168.1.64  1
  255.255.255.255  255.255.255.255     192.168.1.64               3  1
Default Gateway:     192.168.1.254
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\WINDOWS2\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS2\system32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS2\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\WINDOWS2\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS2\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS2\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS2\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS2\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS2\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS2\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS2\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS2\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS2\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS2\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS2\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\WINDOWS2\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\WINDOWS2\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\WINDOWS2\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\WINDOWS2\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\WINDOWS2\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\WINDOWS2\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\WINDOWS2\system32\mswsock.dll [245248] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (08/29/2013 11:25:15 PM) (Source: Application Error) (User: )
Description: Faulting application corel paintshop pro.exe, version 14.3.0.95, faulting module corel paintshop pro.exe, version 14.3.0.95, fault address 0x0021381f.
Processing media-specific event for [corel paintshop pro.exe!ws!]
 
Error: (08/27/2013 03:28:35 PM) (Source: MsiInstaller) (User: RICHARD-4Y8D6RH)
Description: Product: IObit Toolbar v7.4 -- Error 1714.The older version of IObit Toolbar v7.4 cannot be removed.  Contact your technical support group.  System Error 1612.
 
Error: (08/22/2013 03:21:20 PM) (Source: MsiInstaller) (User: RICHARD-4Y8D6RH)
Description: Product: IObit Toolbar v7.4 -- Error 1714.The older version of IObit Toolbar v7.4 cannot be removed.  Contact your technical support group.  System Error 1612.
 
Error: (08/21/2013 03:05:13 PM) (Source: Application Error) (User: )
Description: Faulting application corel paintshop pro.exe, version 14.3.0.95, faulting module mfc90u.dll, version 9.0.30729.4148, fault address 0x002140a3.
Processing media-specific event for [corel paintshop pro.exe!ws!]
 
Error: (08/20/2013 03:17:22 PM) (Source: MsiInstaller) (User: RICHARD-4Y8D6RH)
Description: Product: IObit Toolbar v7.4 -- Error 1714.The older version of IObit Toolbar v7.4 cannot be removed.  Contact your technical support group.  System Error 1612.
 
Error: (08/19/2013 05:24:09 PM) (Source: Application Error) (User: )
Description: Faulting application corel paintshop pro.exe, version 14.3.0.95, faulting module unknown, version 0.0.0.0, fault address 0x07eb8f43.
Processing media-specific event for [corel paintshop pro.exe!ws!]
 
Error: (08/19/2013 02:27:09 PM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
 
Error: (08/19/2013 02:27:09 PM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
 
Error: (08/19/2013 01:12:26 PM) (Source: Application Error) (User: )
Description: Faulting application corel paintshop pro.exe, version 14.3.0.95, faulting module unknown, version 0.0.0.0, fault address 0x07eb122a.
Processing media-specific event for [corel paintshop pro.exe!ws!]
 
Error: (08/14/2013 08:37:28 AM) (Source: MsiInstaller) (User: RICHARD-4Y8D6RH)
Description: Product: IObit Toolbar v7.4 -- Error 1714.The older version of IObit Toolbar v7.4 cannot be removed.  Contact your technical support group.  System Error 1612.
 
 
System errors:
=============
Error: (09/10/2013 10:05:43 AM) (Source: Service Control Manager) (User: )
Description: The SecureUpdate service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (09/10/2013 10:05:18 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register with DCOM within the required timeout.
 
Error: (09/10/2013 10:04:50 AM) (Source: Service Control Manager) (User: )
Description: The Background Intelligent Transfer Service service terminated with service-specific error 2147500037 (0x80004005).
 
Error: (09/10/2013 10:04:34 AM) (Source: Service Control Manager) (User: )
Description: The Windows Image Acquisition (WIA) service hung on starting.
 
Error: (09/09/2013 11:06:22 AM) (Source: Service Control Manager) (User: )
Description: The SecureUpdate service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (09/09/2013 11:02:36 AM) (Source: Service Control Manager) (User: )
Description: The Advanced SystemCare Service 6 service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (09/09/2013 10:52:02 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register with DCOM within the required timeout.
 
Error: (09/09/2013 10:51:33 AM) (Source: Service Control Manager) (User: )
Description: The Background Intelligent Transfer Service service terminated with service-specific error 2147500037 (0x80004005).
 
Error: (09/09/2013 10:51:15 AM) (Source: Service Control Manager) (User: )
Description: The Windows Image Acquisition (WIA) service hung on starting.
 
Error: (09/09/2013 10:39:20 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register with DCOM within the required timeout.
 
 
Microsoft Office Sessions:
=========================
Error: (08/29/2013 11:25:15 PM) (Source: Application Error)(User: )
Description: corel paintshop pro.exe14.3.0.95corel paintshop pro.exe14.3.0.950021381f
 
Error: (08/27/2013 03:28:35 PM) (Source: MsiInstaller)(User: RICHARD-4Y8D6RH)
Description: Product: IObit Toolbar v7.4 -- Error 1714.The older version of IObit Toolbar v7.4 cannot be removed.  Contact your technical support group.  System Error 1612.(NULL)(NULL)(NULL)
 
Error: (08/22/2013 03:21:20 PM) (Source: MsiInstaller)(User: RICHARD-4Y8D6RH)
Description: Product: IObit Toolbar v7.4 -- Error 1714.The older version of IObit Toolbar v7.4 cannot be removed.  Contact your technical support group.  System Error 1612.(NULL)(NULL)(NULL)
 
Error: (08/21/2013 03:05:13 PM) (Source: Application Error)(User: )
Description: corel paintshop pro.exe14.3.0.95mfc90u.dll9.0.30729.4148002140a3
 
Error: (08/20/2013 03:17:22 PM) (Source: MsiInstaller)(User: RICHARD-4Y8D6RH)
Description: Product: IObit Toolbar v7.4 -- Error 1714.The older version of IObit Toolbar v7.4 cannot be removed.  Contact your technical support group.  System Error 1612.(NULL)(NULL)(NULL)
 
Error: (08/19/2013 05:24:09 PM) (Source: Application Error)(User: )
Description: corel paintshop pro.exe14.3.0.95unknown0.0.0.007eb8f43
 
Error: (08/19/2013 02:27:09 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
 
Error: (08/19/2013 02:27:09 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
 
Error: (08/19/2013 01:12:26 PM) (Source: Application Error)(User: )
Description: corel paintshop pro.exe14.3.0.95unknown0.0.0.007eb122a
 
Error: (08/14/2013 08:37:28 AM) (Source: MsiInstaller)(User: RICHARD-4Y8D6RH)
Description: Product: IObit Toolbar v7.4 -- Error 1714.The older version of IObit Toolbar v7.4 cannot be removed.  Contact your technical support group.  System Error 1612.(NULL)(NULL)(NULL)
 
 
=========================== Installed Programs ============================
 
 Malaysia - Landclass
32 Bit HP CIO Components Installer (Version: 2.1.5)
AccelerateTab (Version: 1.0)
Adobe Acrobat 4.0 (Version: 4.0)
Adobe AIR (Version: 3.7.0.1530)
Adobe Flash Player 11 ActiveX (Version: 11.8.800.94)
Adobe Flash Player 11 Plugin (Version: 11.8.800.94)
Adobe Photoshop Elements 8.0 (Version: 8.0)
Adobe Photoshop v4.0
Adobe Photoshop.com Inspiration Browser (Version: 3.09)
Adobe Shockwave Player 11.6 (Version: 11.6.8.638)
Advanced SystemCare 6 (Version: 6.4)
Akamai NetSession Interface
Amazon Kindle
Apple Application Support (Version: 1.2.1)
ATT-PRT22
avast! Free Antivirus (Version: 8.0.1489.0)
Canon MOV Decoder (Version: 1.5.0.7)
Canon MOV Encoder (Version: 1.3.1.3)
Canon Pro9000 II series Printer Driver
Canon Pro9000 Mark II series User Registration
Canon Utilities Digital Photo Professional 3.8 (Version: 3.8.1.0)
Canon Utilities Easy-PhotoPrint Pro
Canon Utilities My Printer
Canon Utilities Original Data Security Tools (Version: 1.8.0.1)
Canon Utilities PhotoStitch (Version: 3.1.22.46)
Canon Utilities Solution Menu
Canon Utilities WFT Utility (Version: 3.5.1.1)
Canon ZoomBrowser EX Memory Card Utility (Version: 1.3.0.4)
Celtx (2.9) (Version: 2.9 (en-US))
Complitly
Corel Paint Shop Pro Photo X2 (Version: 12.010.0000)
Corel PaintShop Pro X4 (Version: 14.0.0.332)
Corel PaintShop Pro X4 (Version: 14.3.0.3)
Coupon Companion Plugin (Version: 1.26.152.152)
DealPly (Version: )
digiCamControl (Version: 1.0.0)
Distortion Control Data (Version: 1.00.0000)
Dragon NaturallySpeaking 11 (Version: 11.50.100)
Driver Updater (Version: 1.1.0.0)
Elevated Installer (Version: 2.1.13)
Final Draft 7 (Version: 7.1.3.42)
FYZip 1.00 (Version: 1.00)
Garmin Communicator Plugin (Version: 4.0.4)
Garmin Express (Version: 2.1.13)
Garmin Express Tray (Version: 2.1.13)
Garmin MapSource (Version: 6.16.3)
Garmin Update Service (Version: 2.1.13)
Garmin USB Drivers (Version: 2.3.0.0)
Garmin WebUpdater (Version: 2.5.6)
GIMP 2.6.11 (Version: 2.6.11)
Google Chrome (Version: 29.0.1547.66)
Google Earth (Version: 7.1.1.1888)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.5.4413.1752)
Google Update Helper (Version: 1.3.21.153)
ICA (Version: 14.0.0.332)
IObit Apps Toolbar v7.4 (Version: 7.4)
IObit Malware Fighter (Version: 2.0)
IObit Toolbar v5.9 (Version: 5.9)
IPM_PSP_COM (Version: 14.0.0.332)
Java Auto Updater (Version: 2.0.3.1)
Java™ 6 Update 24 (Version: 6.0.240)
Karen's Directory Printer
KONICA MINOLTA magicolor 1600W
MapSource - Americas BlueChart v5
MapSource - MetroGuide USA v5 (Version: 5)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microtek FineReader OCR Engine
Motorola SM56 Speakerphone Modem
Move Media Player
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
MSXML 6.0 Parser (Version: 6.10.1129.0)
Neat Image v6 Demo (with plug-in)
Nero Suite
Nikon File Uploader 2 (Version: 2.0.2)
Nikon Message Center 2 (Version: 2.1.0)
Nikon Movie Editor (Version: 2.5.0)
Noiseware Community Edition (Version: 2.6.0.1)
NVIDIA Display Control Panel (Version: 6.14.11.9621)
NVIDIA Drivers (Version: 1.10)
NVIDIA nView Desktop Manager (Version: 6.14.10.00)
Octoshape add-in for Adobe Flash Player
OLYMPUS Master 2 (Version: 1.0.4)
Opanda IExif 2.3 (Version: 2.3)
Panel Utility
Picture Control Utility (Version: 1.4.6)
PS2
PSPPContent (Version: 14.0.0.332)
PSPPHelp (Version: 14.0.0.332)
QuickTime (Version: 7.69.80.9)
RAAF Butterworth - FS2004
RealDownloader (Version: 1.3.0)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0)
RealPlayer (Version: 16.0.0)
Realtek AC'97 Audio (Version: 5.16)
RealUpgrade 1.1 (Version: 1.1.0)
ScanWizard 5
Scope (Version: 1.22.0)
Search Protect by conduit (Version: 1.2.5.2)
Search Toolbar (Version: 1.2)
SelectionLinks (Version: 1.0)
Setup (Version: 14.0.0.332)
Smart Defrag 2 (Version: 2.8)
StartNow Toolbar (Version: 2.5.0)
swMSM (Version: 12.0.0.1)
System Requirements Lab
The Real Yellow Pages v5.1.1
unnm=Version Checker for Dealply
Update for Microsoft .NET Framework 3.5 SP1 (KB2836940) (Version: 1)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (Version: 1)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows Internet Explorer 8 (KB2632503) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows Internet Explorer 8 (KB978506) (Version: 1)
Update for Windows Internet Explorer 8 (KB980182) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2492386) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB2808679) (Version: 1)
Update for Windows XP (KB2863058) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Update for Windows XP (KB978207) (Version: 1)
ViewNX 2 (Version: 2.5.1)
Visual C++ 9.0 Runtime for Dragon NaturallySpeaking (Version: 11.0.0)
VisualBee for Microsoft PowerPoint (Version: V3.6)
VisualBee V.1 Toolbar (Version: 6.10.3.27)
Wajam (Version: 1.80)
WebFldrs XP (Version: 9.50.6513)
Westland Wagtail
Winamp (Version: 5.572 )
Winamp Detector Plug-in (Version: 1.0.0.1)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0) (Version: 06/03/2009 2.3.0.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Management Framework Core
Windows Media Format 11 runtime
Windows XP Service Pack 3 (Version: 20080414.031525)
WinRAR archiver
WinZip 15.5 (Version: 15.5.9579)
Yahoo! Install Manager
Yahoo! Toolbar
Yontoo 1.12.02 (Version: 1.12.02)
 
========================= Devices: ================================
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 34%
Total physical RAM: 3070.48 MB
Available physical RAM: 2001.39 MB
Total Pagefile: 4446.83 MB
Available Pagefile: 3266.19 MB
Total Virtual: 2047.88 MB
Available Virtual: 1970.98 MB
 
========================= Partitions: =====================================
 
1 Drive c: (DRV2_VOL1) (Fixed) (Total:74.51 GB) (Free:21.19 GB) FAT32
2 Drive d: (PRESARIO) (Fixed) (Total:225.36 GB) (Free:94.45 GB) NTFS
3 Drive e: () (Fixed) (Total:7.5 GB) (Free:0.89 GB) FAT32
 
========================= Users: ========================================
 
User accounts for \\RICHARD-4Y8D6RH
 
Administrator            ASPNET                   Guest                    
HelpAssistant            Richard                  SUPPORT_388945a0         
 
 
**** End of log ****


#6 ro93031

ro93031
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:06 PM

Posted 10 September 2013 - 02:47 PM

Malwarebytes Anti-Rootkit BETA 1.07.0.1005
www.malwarebytes.org
 
Database version: v2013.09.10.08
 
Windows XP Service Pack 3 x86 FAT32
Internet Explorer 8.0.6001.18702
Richard :: RICHARD-4Y8D6RH [administrator]
 
9/10/2013 2:13:11 PM
mbar-log-2013-09-10 (14-13-11).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 218760
Time elapsed: 12 minute(s), 1 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1005
 
© Malwarebytes Corporation 2011-2012
 
OS version: 5.1.2600 Windows XP Service Pack 3 x86
 
Account is Administrative
 
Internet Explorer version: 8.0.6001.18702
 
Java version: 1.6.0_24
 
File system is: FAT32
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 2.200000 GHz
Memory total: 3219636224, free: 2223394816
 
Downloaded database version: v2013.09.10.08
Downloaded database version: v2013.08.06.01
=======================================
Initializing...
------------ Kernel report ------------
     09/10/2013 14:13:00
------------ Loaded modules -----------
\WINDOWS2\system32\ntkrnlpa.exe
\WINDOWS2\system32\hal.dll
\WINDOWS2\system32\KDCOM.DLL
\WINDOWS2\system32\BOOTVID.dll
fipkhva.sys
ACPI.sys
\WINDOWS2\System32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
ohci1394.sys
\WINDOWS2\System32\DRIVERS\1394BUS.SYS
pciide.sys
\WINDOWS2\System32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
PartMgr.sys
VolSnap.sys
atapi.sys
disk.sys
\WINDOWS2\System32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
PxHelp20.sys
Fastfat.sys
KSecDD.sys
NDIS.sys
Mup.sys
aswVmm.sys
aswRvrt.sys
\SystemRoot\System32\DRIVERS\processr.sys
\SystemRoot\System32\DRIVERS\nv4_mini.sys
\SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\usbohci.sys
\SystemRoot\System32\DRIVERS\USBPORT.SYS
\SystemRoot\System32\DRIVERS\usbehci.sys
\SystemRoot\System32\DRIVERS\imapi.sys
\SystemRoot\System32\DRIVERS\cdrom.sys
\SystemRoot\System32\DRIVERS\redbook.sys
\SystemRoot\System32\DRIVERS\ks.sys
\SystemRoot\System32\DRIVERS\RTL8139.SYS
\SystemRoot\System32\DRIVERS\nic1394.sys
\SystemRoot\system32\drivers\ALCXWDM.SYS
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\System32\DRIVERS\parport.sys
\SystemRoot\System32\DRIVERS\i8042prt.sys
\SystemRoot\System32\DRIVERS\mouclass.sys
\SystemRoot\System32\DRIVERS\PS2.sys
\SystemRoot\System32\DRIVERS\kbdclass.sys
\SystemRoot\System32\DRIVERS\audstub.sys
\SystemRoot\System32\DRIVERS\rasl2tp.sys
\SystemRoot\System32\DRIVERS\ndistapi.sys
\SystemRoot\System32\DRIVERS\ndiswan.sys
\SystemRoot\System32\DRIVERS\raspppoe.sys
\SystemRoot\System32\DRIVERS\raspptp.sys
\SystemRoot\System32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\psched.sys
\SystemRoot\System32\DRIVERS\msgpc.sys
\SystemRoot\System32\DRIVERS\ptilink.sys
\SystemRoot\System32\DRIVERS\raspti.sys
\SystemRoot\System32\DRIVERS\termdd.sys
\SystemRoot\System32\DRIVERS\swenum.sys
\SystemRoot\System32\DRIVERS\update.sys
\SystemRoot\System32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\UimBus.sys
\SystemRoot\System32\Drivers\Uim_IM.sys
\SystemRoot\System32\Drivers\UimFIO.SYS
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\System32\DRIVERS\usbhub.sys
\SystemRoot\System32\DRIVERS\USBD.SYS
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\System32\DRIVERS\ipsec.sys
\SystemRoot\System32\DRIVERS\tcpip.sys
\SystemRoot\System32\Drivers\aswTdi.SYS
\SystemRoot\System32\DRIVERS\ipnat.sys
\SystemRoot\System32\DRIVERS\wanarp.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\System32\DRIVERS\arp1394.sys
\SystemRoot\System32\Drivers\aswRdr.SYS
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbios.sys
\SystemRoot\System32\DRIVERS\rdbss.sys
\SystemRoot\System32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\DRIVERS\USBSTOR.SYS
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\System32\Drivers\aswSP.SYS
\SystemRoot\System32\Drivers\aswSnx.SYS
\SystemRoot\system32\DRIVERS\ser2pl.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\System32\Drivers\Ntfs.SYS
\SystemRoot\System32\DRIVERS\usbprint.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\nv4_disp.dll
\SystemRoot\System32\ATMFD.DLL
\??\C:\WINDOWS2\system32\drivers\aswMonFlt.sys
\SystemRoot\System32\Drivers\aswFsBlk.SYS
\SystemRoot\System32\DRIVERS\ndisuio.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\System32\Drivers\ParVdm.SYS
\SystemRoot\System32\DRIVERS\secdrv.sys
\SystemRoot\System32\Drivers\HTTP.sys
\??\C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\regfilter.sys
\??\C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys
\??\C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\UrlFilter.sys
\SystemRoot\system32\drivers\kmixer.sys
\??\C:\WINDOWS2\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS2\system32\drivers\MBAMSwissArmy.sys
\WINDOWS2\System32\ntdll.dll
----------- End -----------
Done!
Module: \??\\WINDOWS2\system32\ntkrnlpa.exe could not be loadedModule: \??\\WINDOWS2\System32\DRIVERS\CLASSPNP.SYS could not be loadedModule: \??\\WINDOWS2\System32\DRIVERS\CLASSPNP.SYS could not be loadedModule: \??\\WINDOWS2\System32\DRIVERS\CLASSPNP.SYS could not be loadedModule: \??\\WINDOWS2\System32\DRIVERS\CLASSPNP.SYS could not be loadedModule: \??\\WINDOWS2\System32\DRIVERS\CLASSPNP.SYS could not be loadedModule: \??\\WINDOWS2\System32\DRIVERS\CLASSPNP.SYS could not be loadedModule: \??\\WINDOWS2\System32\DRIVERS\CLASSPNP.SYS could not be loadedModule: \??\\WINDOWS2\System32\DRIVERS\CLASSPNP.SYS could not be loadedModule: \??\\WINDOWS2\System32\DRIVERS\CLASSPNP.SYS could not be loadedModule: \??\\WINDOWS2\System32\DRIVERS\CLASSPNP.SYS could not be loadedModule: \??\\WINDOWS2\System32\DRIVERS\CLASSPNP.SYS could not be loaded<<<1>>>
Upper Device Name: \Device\Harddisk5\DR8
Upper Device Object: 0xffffffff8a03aab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000068\
Lower Device Object: 0xffffffff8a03a408
Lower Device Driver Name: \Driver\usbstor\
<<<1>>>
Upper Device Name: \Device\Harddisk4\DR7
Upper Device Object: 0xffffffff89ff78f0
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000067\
Lower Device Object: 0xffffffff8a034ab0
Lower Device Driver Name: \Driver\usbstor\
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR6
Upper Device Object: 0xffffffff8a05dab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000066\
Lower Device Object: 0xffffffff8a054518
Lower Device Driver Name: \Driver\usbstor\
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR5
Upper Device Object: 0xffffffff89feeab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000065\
Lower Device Object: 0xffffffff89ff28a0
Lower Device Driver Name: \Driver\usbstor\
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xffffffff8a4ccab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP2T1L0-24\
Lower Device Object: 0xffffffff8a4a6940
Lower Device Driver Name: \Driver\atapi\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8a4cdab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-3\
Lower Device Object: 0xffffffff8a4f1d98
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffffff8a4ccab8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a4e7b70, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a4ccab8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a4d19e8, DeviceName: \Device\0000005f\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff8a4a6940, DeviceName: \Device\Ide\IdeDeviceP2T1L0-24\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: FAT
SectorSize = 512, ClusterSize = 32768 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: FAT
SectorSize = 512, ClusterSize = 32768 bytes
Scanning drivers directory: C:\WINDOWS2\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: FAT
SectorSize = 512, ClusterSize = 32768 bytes
Done!
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8a4cdab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a4e9900, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a4cdab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a4f1d98, DeviceName: \Device\Ide\IdeDeviceP0T0L0-3\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 1549F232
 
Partition information:
 
    Partition 0 type is Other (0xb)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63  Numsec = 15759702
 
    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 15759765  Numsec = 472616235
    Partition is not bootable
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 250059350016 bytes
Sector size: 512 bytes
 
Scanning physical sectors of unpartitioned space on drive 0 (1-62-488377168-488397168)...
Done!
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 72524AFC
 
Partition information:
 
    Partition 0 type is Other (0xc)
    Partition is ACTIVE.
    Partition starts at LBA: 63  Numsec = 156296322
    Partition file system is FAT32
    Partition is bootable
 
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 80026361856 bytes
Sector size: 512 bytes
 
Done!
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xffffffff89feeab8, DeviceName: \Device\Harddisk2\DR5\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a04c8a8, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff89feeab8, DeviceName: \Device\Harddisk2\DR5\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff89ff28a0, DeviceName: \Device\00000065\, DriverName: \Driver\usbstor\
------------ End ----------
Physical Sector Size: 0
Drive: 3, DevicePointer: 0xffffffff8a05dab8, DeviceName: \Device\Harddisk3\DR6\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a05d2b0, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a05dab8, DeviceName: \Device\Harddisk3\DR6\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a054518, DeviceName: \Device\00000066\, DriverName: \Driver\usbstor\
------------ End ----------
Physical Sector Size: 0
Drive: 4, DevicePointer: 0xffffffff89ff78f0, DeviceName: \Device\Harddisk4\DR7\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a039340, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff89ff78f0, DeviceName: \Device\Harddisk4\DR7\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a034ab0, DeviceName: \Device\00000067\, DriverName: \Driver\usbstor\
------------ End ----------
Physical Sector Size: 0
Drive: 5, DevicePointer: 0xffffffff8a03aab8, DeviceName: \Device\Harddisk5\DR8\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a033020, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a03aab8, DeviceName: \Device\Harddisk5\DR8\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a03a408, DeviceName: \Device\00000068\, DriverName: \Driver\usbstor\
------------ End ----------
Scan finished
=======================================
 
 
Removal queue found; removal started
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_1_15759765_i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR_1_i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\Bootstrap_1_0_63_i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR_1_r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1005
 
© Malwarebytes Corporation 2011-2012
 
OS version: 5.1.2600 Windows XP Service Pack 3 x86
 
Account is Administrative
 
Internet Explorer version: 8.0.6001.18702
 
Java version: 1.6.0_24
 
File system is: FAT32
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 2.200000 GHz
Memory total: 3219636224, free: 2850906112
 
=======================================


#7 ro93031

ro93031
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:06 PM

Posted 10 September 2013 - 02:56 PM

rkill.exe did not work  - a BLACK screen not a box. Then it automatically rebooted followed by c:\ checked for consistency.

 

Tried iExplore.exe   - same result, although ctrl/break stopped consistency in time!!

 

Unable to get into Safe Mode so no rkill.txt log.



#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,735 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:06 PM

Posted 10 September 2013 - 05:42 PM

p22002970.gif 1. Click Start, click Run, type chkdsk /f /r, and then click OK.
2. At the command prompt, type Y to let the disk scanner run when you restart the computer.
3. Restart the computer.
4. Chkdsk will run.
 

p22002970.gif Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

=============================================================================

p22002970.gif Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.


=============================================================================

p22002970.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.


=======================================

p22002970.gif Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    NOTE. If Eset doesn't find any threats it'll NOT produce any log.


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#9 ro93031

ro93031
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:06 PM

Posted 11 September 2013 - 12:45 PM

# AdwCleaner v3.003 - Report created 10/09/2013 at 22:32:16
# Updated 07/09/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Richard - RICHARD-4Y8D6RH
# Running from : C:\Documents and Settings\Richard\My Documents\Downloads\adwcleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
Service Deleted : APNMCP
Service Deleted : Application Updater
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor
Folder Deleted : C:\Documents and Settings\All Users\Application Data\apn
Folder Deleted : C:\Documents and Settings\All Users\Application Data\AskPartnerNetwork
Folder Deleted : C:\Program Files\Application Updater
Folder Deleted : C:\Program Files\AskPartnerNetwork
Folder Deleted : C:\Program Files\Complitly
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\Coupon Companion Plugin
Folder Deleted : C:\Program Files\IObit Apps Toolbar
Folder Deleted : C:\Program Files\OApps
Folder Deleted : C:\Program Files\Search Toolbar
Folder Deleted : C:\Program Files\SearchProtect
Folder Deleted : C:\Program Files\Viewpoint
Folder Deleted : C:\Program Files\VisualBee_V.1
Folder Deleted : C:\Program Files\Common Files\spigot
Folder Deleted : C:\Documents and Settings\Richard\IECompatCache
Folder Deleted : C:\Documents and Settings\Richard\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\Richard\Local Settings\Application Data\cre
Folder Deleted : C:\Documents and Settings\Richard\Local Settings\Application Data\HomeTab
Folder Deleted : C:\Documents and Settings\Richard\Local Settings\Application Data\PackageAware
Folder Deleted : C:\Documents and Settings\Richard\Local Settings\Application Data\SimplyTech
Folder Deleted : C:\Documents and Settings\Richard\Local Settings\Application Data\visualbeeexe
Folder Deleted : C:\Documents and Settings\Richard\Local Settings\Application Data\VisualBee_V.1
Folder Deleted : C:\DOCUME~1\Richard\LOCALS~1\Temp\apn
Folder Deleted : C:\Documents and Settings\Richard\Application Data\Complitly
Folder Deleted : C:\Documents and Settings\Richard\Application Data\Search Settings
Folder Deleted : C:\Documents and Settings\Richard\Application Data\SearchProtect
Folder Deleted : C:\Documents and Settings\Richard\Application Data\SimplyTech
Folder Deleted : C:\Documents and Settings\Richard\Start Menu\Programs\Wajam
Folder Deleted : C:\Documents and Settings\Richard\Application Data\Mozilla\Firefox\Profiles\ayrfhwfv.default\Extensions\{33E0DAA6-3AF3-D8B5-6752-10E949C61516}
Folder Deleted : C:\Documents and Settings\Richard\Application Data\Mozilla\Firefox\Profiles\ayrfhwfv.default\Extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
Folder Deleted : C:\Documents and Settings\Richard\Application Data\Mozilla\Firefox\Profiles\ayrfhwfv.default\Extensions\plugin@yontoo.com
[!] Folder Deleted : C:\Documents and Settings\Richard\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda
[!] Folder Deleted : C:\Documents and Settings\Richard\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nlndmljfcnlkbcbbneenigbpikmdfcdh
File Deleted : C:\Documents and Settings\Richard\Application Data\Mozilla\Firefox\Profiles\ayrfhwfv.default\user.js
File Deleted : C:\Documents and Settings\Richard\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_apps.conduit.com_0.localstorage
File Deleted : C:\Documents and Settings\Richard\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
File Deleted : C:\WINDOWS2\Tasks\Browser Updater.job
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlfienamagdnkekbbbocojppncdambda
Key Deleted : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKCU\Software\Google\Chrome\Extensions\nlndmljfcnlkbcbbneenigbpikmdfcdh
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\nlndmljfcnlkbcbbneenigbpikmdfcdh
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\DealPly
Key Deleted : HKCU\Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Complitly.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Toolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ToolbarBroker.EXE
Key Deleted : HKLM\SOFTWARE\Classes\SuggestMeYes.SuggestMeYesBHO
Key Deleted : HKLM\SOFTWARE\Classes\SuggestMeYes.SuggestMeYesBHO.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.BandObject
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.BandObject.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject.1
Key Deleted : HKLM\SOFTWARE\Classes\ZGClnt.Mngr
Key Deleted : HKLM\SOFTWARE\Classes\ZGClnt.Mngr.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnTbMon]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchSettings]
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3284023
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Updater21804.exe]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{442F13BC-2031-42D5-9520-437F65271153}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7E8A36EA-2501-4ED3-A3C8-CFA9143FB169}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{FAA8C612-F1B6-461B-8B60-B54D74D9642E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2CBD2A57-2FD5-4F1A-9FC8-90ED48FA4187}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5911488E-9D1E-40EC-8CBB-06B231CC153F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E13D095-45C3-4271-9475-F3B48227DD9F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7AEAE561-714B-45F6-ACE3-4A8AED6E227B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F501B2F2-DB28-420F-8D99-32154DA4AC02}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E65F40C8-3CEB-47C2-9E01-BF73323DF4E7}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{01BCB858-2F62-4F06-A8F4-48F927C15333}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{38BF9661-BDA0-4A74-BB3B-576EC7AE16DC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6857AC4A-95B4-4E2C-B2D2-8A235FCCEF4A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13D095-45C3-4271-9475-F3B48227DD9F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7AEAE561-714B-45F6-ACE3-4A8AED6E227B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5911488E-9D1E-40EC-8CBB-06B231CC153F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13D095-45C3-4271-9475-F3B48227DD9F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7AEAE561-714B-45F6-ACE3-4A8AED6E227B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F501B2F2-DB28-420F-8D99-32154DA4AC02}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5911488E-9D1E-40EC-8CBB-06B231CC153F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13D095-45C3-4271-9475-F3B48227DD9F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7AEAE561-714B-45F6-ACE3-4A8AED6E227B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F501B2F2-DB28-420F-8D99-32154DA4AC02}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2CBD2A57-2FD5-4F1A-9FC8-90ED48FA4187}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FBC161C3-155C-48AB-BE50-E06D10A97B69}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3D157368-7366-4664-9440-3B7387B1CC5B}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{03EB0E9C-7A91-4381-A220-9B52B641CDB1}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{5911488E-9D1E-40EC-8CBB-06B231CC153F}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{7AEAE561-714B-45F6-ACE3-4A8AED6E227B}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{7AEAE561-714B-45F6-ACE3-4A8AED6E227B}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{03EB0E9C-7A91-4381-A220-9B52B641CDB1}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{0BDA0769-FD72-49F4-9266-E1FB004F4D8F}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{7AEAE561-714B-45F6-ACE3-4A8AED6E227B}]
Key Deleted : HKCU\Software\Ask&Record
Key Deleted : HKCU\Software\AskPartnerNetwork
Key Deleted : HKCU\Software\Complitly
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\PriceGong
Key Deleted : HKCU\Software\Search Settings
Key Deleted : HKCU\Software\SearchProtect
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\StartNow Toolbar
Key Deleted : HKCU\Software\visualbee
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKCU\Software\VisualBee_V.1
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\Application Updater
Key Deleted : HKLM\Software\AskPartnerNetwork
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\InstallIQ
Key Deleted : HKLM\Software\Search Settings
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\Software\SimplyGen
Key Deleted : HKLM\Software\StartNow Toolbar
Key Deleted : HKLM\Software\Tarma Installer
Key Deleted : HKLM\Software\visualbee
Key Deleted : HKLM\Software\Wajam
Key Deleted : HKLM\Software\VisualBee_V.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4FFBB818-B13C-11E0-931D-B2664824019B}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\StartNow Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VisualBee_V.1 Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DealPly
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{4FFBB818-B13C-11E0-931D-B2664824019B}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DealPly
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\StartNow Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Wajam
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\VisualBee_V.1 Toolbar
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
 
-\\ Mozilla Firefox v
 
[ File : C:\Documents and Settings\Richard\Application Data\Mozilla\Firefox\Profiles\ayrfhwfv.default\prefs.js ]
 
Line Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Line Deleted : user_pref("browser.search.order.1", "Search the web (Babylon)");
Line Deleted : user_pref("extensions.BabylonToolbar.admin", false);
Line Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Line Deleted : user_pref("extensions.BabylonToolbar.babExt", "");
Line Deleted : user_pref("extensions.BabylonToolbar.babTrack", "affID=108907");
Line Deleted : user_pref("extensions.BabylonToolbar.bbDpng", 24);
Line Deleted : user_pref("extensions.BabylonToolbar.dfltSrch", false);
Line Deleted : user_pref("extensions.BabylonToolbar.hmpg", false);
Line Deleted : user_pref("extensions.BabylonToolbar.id", "86f805b80000000000000013d4ca4e51");
Line Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15363");
Line Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Line Deleted : user_pref("extensions.BabylonToolbar.lastDP", 24);
Line Deleted : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.5.3.1719:18:53");
Line Deleted : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "9.0");
Line Deleted : user_pref("extensions.BabylonToolbar.newTab", true);
Line Deleted : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_bb");
Line Deleted : user_pref("extensions.BabylonToolbar.noFFXTlbr", false);
Line Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Line Deleted : user_pref("extensions.BabylonToolbar.propectorlck", 65978777);
Line Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 1);
Line Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 1);
Line Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Line Deleted : user_pref("extensions.BabylonToolbar.ptch_0717", true);
Line Deleted : user_pref("extensions.BabylonToolbar.smplGrp", "none");
Line Deleted : user_pref("extensions.BabylonToolbar.srcExt", "ss");
Line Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Line Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.5.3.17");
Line Deleted : user_pref("extensions.BabylonToolbar.vrsnTs", "1.5.3.1719:18:53");
Line Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.5.3.17");
Line Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Line Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Line Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=108907");
Line Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "86f805b80000000000000013d4ca4e51");
Line Deleted : user_pref("extensions.BabylonToolbar_i.id", "86f805b80000000000000013d4ca4e51");
Line Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15363");
Line Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Line Deleted : user_pref("extensions.BabylonToolbar_i.newTab", false);
Line Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Line Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Line Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Line Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Line Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1719:18:53");
Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Line Deleted : user_pref("extensions.enabledAddons", "{b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.8,ffxtlbr@babylon.com:1.2.0,{972ce4c6-7e08-4474-a285-3208198ce6fd}:9.0.1");
Line Deleted : user_pref("extentions.y2layers.defaultEnableAppsList", "PageRage,PageRageGlobal,PageRageTeases,Buzzdock,BuzzdockTease,PageRage,PageRageGlobal,");
Line Deleted : user_pref("extentions.y2layers.installId", "0271dbed-8958-4112-91fa-770e9ac5b438");
Line Deleted : user_pref("extensions.crossriderapp21804.adsOldValue", -1);
 
-\\ Google Chrome v
 
[ File : C:\Documents and Settings\Richard\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
 
Deleted : icon_url
Deleted : search_url
Deleted : suggest_url
 
*************************
 
AdwCleaner[R0].txt - [19193 octets] - [10/09/2013 22:22:45]
AdwCleaner[S0].txt - [19610 octets] - [10/09/2013 22:32:16]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [19671 octets] ##########


#10 ro93031

ro93031
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:06 PM

Posted 11 September 2013 - 12:46 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.9 (09.07.2013:1)
OS: Microsoft Windows XP x86
Ran by Richard on Tue 09/10/2013 at 23:07:12.60
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220222182204}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660266186604}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{66666666-6666-6666-6666-660266186604}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{899B35FF-D18B-8FBB-580A-E99390A9E0B2}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{A86CB93C-AF88-B5FE-F4D9-E79E5C6A4474}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BDE3F24-D7B3-40D9-BD31-D1CFF12C47B4}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{5BDE3F24-D7B3-40D9-BD31-D1CFF12C47B4}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5BDE3F24-D7B3-40D9-BD31-D1CFF12C47B4}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5BDE3F24-D7B3-40D9-BD31-D1CFF12C47B4}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\visualbee"
Successfully deleted: [Folder] "C:\Documents and Settings\Richard\Application Data\startnow toolbar"
Successfully deleted: [Folder] "C:\Documents and Settings\Richard\Local Settings\Application Data\updater21804"
Successfully deleted: [Folder] "C:\Documents and Settings\Richard\Local Settings\Application Data\visualbeeclient"
Successfully deleted: [Folder] "C:\Program Files\startnow toolbar"
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 09/10/2013 at 23:13:42.37
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#11 ro93031

ro93031
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:06 PM

Posted 11 September 2013 - 12:47 PM

C:\AdwCleaner\Quarantine\C\Documents and Settings\Richard\Application Data\Mozilla\Firefox\Profiles\ayrfhwfv.default\Extensions\plugin@yontoo.com\content\overlay.js.vir Win32/Adware.Yontoo application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\OApps\SelectionLinks.dll.vir Win32/AdWare.Facetheme.F application cleaned by deleting - quarantined
C:\Program Files\Common Files\Real\Toolbar\RealBar.dll probably a variant of Win32/Adware.Toolbar.Visicom.AB application cleaned by deleting - quarantined
C:\System Volume Information\_restore{FE83C8D8-BCEF-4ADE-A3A1-7B601E40FDF3}\RP1362\A0215763.dll Win32/AdWare.Facetheme.F application cleaned by deleting - quarantined
C:\Documents and Settings\Richard\My Documents\Downloads\reginout_setup.exe multiple threats cleaned by deleting - quarantined
E:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\P2KM57MV\srzoy[1].jpeg Win32/Conficker.AA worm cleaned by deleting - quarantined
E:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\P2KM57MV\djazuo[1].png Win32/Conficker.X worm cleaned by deleting - quarantined


#12 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,735 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:06 PM

Posted 11 September 2013 - 12:49 PM

How is computer doing?

 

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: If you're running 64-bit system make sure you install BOTH, 32-bit and 64-bit Java.

Note 3: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it.

  • Run JavaRa.exe (Vista and 7 users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Do NOT post JavaRa log.


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#13 ro93031

ro93031
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:06 PM

Posted 11 September 2013 - 01:47 PM

Java fixed.

 

Pleased to tell you ALL that has done the trick.  I spent a little on Juno email to make sure it had gone.

 

Many thanks. Also the instructions are First Class.

 

Thank you again,

Richard Essom



#14 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,735 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:06 PM

Posted 11 September 2013 - 02:53 PM

thumbsup-thumbs-up-approve-ok-smiley-emo

 

 

Your computer is clean p3879546.jpg

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll remove all old restore points and create fresh, clean restore point.

Turn system restore off.
Restart computer.
Turn system restore back on.

If you don't know how to do it...
Windows XP: http://support.microsoft.com/kb/310405
Vista and Windows 7: http://www.howtogeek.com/howto/windows-vista/disable-system-restore-in-windows-vista/
Windows 8: http://www.bleepingcomputer.com/tutorials/windows-8-system-restore-guide/#disable

2. Make sure Windows Updates are current.

3. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

11. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

12. Except for MBAM and TFC, which are keepers you can simply delete all other tools we used as they don't install.


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users