Jump to content

MB Pro hangs on scan


Recommended Posts

Was refered here from general help forum, saying that there is a possible infection.

 

MB Pro hangs on scan.

Happening on 2 machines with Xp Home and Pro, both with SP3.

1 with MSE and the other with Avast 8.0. Tried with AV's turned off.

Did clean uninstall with removal tool and re-install latest versions and set proper exclusions on both.

Happens in safe mode on both intermittently.

 

Will start with the XP Home machine first.

Attached are the files. Only have 1 protection log file since the new install.

attach.txt

CheckResults.txt

dds.txt

protection-log-2013-07-07.txt

Link to post
Share on other sites

Hi there,
my name is Marius and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 
 
 
 
Please download Gmer from here by clicking on the "Download EXE" Button.
  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )

    [*]Leave everything else as it is. [*]Close all other running programs as well as your Browser. [*]Click the Scan button & wait for it to finish. [*]Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post. [*]Save it where you can easily find it, such as your desktop. [*]Please post the content of the ark.txt here.


**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Link to post
Share on other sites

Thanks for the help.

Before your response, I ran Chameleon and it did finish a scan and found nothing.

 

below is the contents of the ark.txt file.

 

GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-07-08 12:45:01
Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e Maxtor_6L160M0 rev.BACE1G10 149.01GB
Running: ywrdxy1k.exe; Driver: C:\DOCUME~1\Ann\LOCALS~1\Temp\uwlyapow.sys


---- Devices - GMER 2.1 ----

Device                                  mrxsmb.sys
Device                                  B29E0D20

AttachedDevice                          fltmgr.sys

Device          \FileSystem\Cdfs \Cdfs  tfsnifs.sys

---- Disk sectors - GMER 2.1 ----

Disk            \Device\Harddisk0\DR0   unknown MBR code

---- EOF - GMER 2.1 ----
 

Link to post
Share on other sites

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================


Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to our sticky topic How to disable your security applications


====================================================


Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.


**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


RC_update.png


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


cfRC_screen_2.png


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.

Link to post
Share on other sites

Combofix log is below. Have not re-booted or enable AV yet.

 

ComboFix 13-07-08.04 - Ann 07/08/2013  14:46:14.1.2 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.3070.2462 [GMT -4:00]
Running from: c:\documents and settings\Ann\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Ann\Local Settings\Application Data\{7C6B3CFB-86BB-4CC6-9E3D-1B7C81802ACB}
c:\documents and settings\Ann\Local Settings\Application Data\{7C6B3CFB-86BB-4CC6-9E3D-1B7C81802ACB}\chrome.manifest
c:\documents and settings\Ann\Local Settings\Application Data\{7C6B3CFB-86BB-4CC6-9E3D-1B7C81802ACB}\chrome\content\overlay.xul
c:\documents and settings\Ann\Local Settings\Application Data\{7C6B3CFB-86BB-4CC6-9E3D-1B7C81802ACB}\install.rdf
c:\documents and settings\Ann\WINDOWS
c:\program files\CouponAlert_2pEI
c:\program files\CouponAlert_2pEI\Installr\1.bin\2pEIPlug.dll
c:\program files\CouponAlert_2pEI\Installr\1.bin\2pEZSETP.dll
c:\program files\CouponAlert_2pEI\Installr\1.bin\NP2pEISb.dll
c:\windows\system32\winsecurityxp
c:\windows\system32\winsecurityxp\rk.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-06-08 to 2013-07-08  )))))))))))))))))))))))))))))))
.
.
2013-07-08 14:59 . 2013-06-12 04:18    7068072    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C0BB4049-0B6E-448D-90A2-4B8074A40B30}\mpengine.dll
2013-07-07 18:58 . 2013-06-12 04:18    7068072    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-07-07 17:23 . 2013-07-07 17:23    --------    d-----w-    c:\documents and settings\Ann\Application Data\Malwarebytes
2013-07-07 17:23 . 2013-07-07 17:23    --------    d-----w-    c:\documents and settings\All Users\Application Data\Malwarebytes
2013-07-07 17:23 . 2013-07-07 17:23    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2013-07-07 17:23 . 2013-04-04 18:50    22856    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-07-04 19:39 . 2013-07-04 19:39    22560    ----a-w-    c:\windows\system32\drivers\HWiNFO32.SYS
2013-07-04 19:30 . 2013-07-04 19:30    --------    d-----w-    c:\program files\GPU-Z
2013-07-04 15:46 . 2013-07-04 15:46    --------    d-----w-    c:\program files\Seagate
2013-07-04 15:34 . 2013-07-04 15:34    --------    d-----w-    c:\program files\Common Files\Wise Installation Wizard
2013-07-02 15:28 . 2013-07-02 15:28    --------    d-----w-    c:\documents and settings\Ann\Application Data\Logitech
2013-07-02 15:27 . 2009-06-17 16:55    10384    ----a-w-    c:\windows\system32\drivers\LBeepKE.sys
2013-07-02 15:26 . 2009-07-20 16:25    301656    ----a-w-    c:\windows\system32\BtCoreIf.dll
2013-07-02 15:25 . 2009-07-20 16:26    84496    ----a-w-    c:\windows\system32\KemXML.dll
2013-07-02 15:25 . 2009-07-20 16:26    170512    ----a-w-    c:\windows\system32\kemutb.dll
2013-07-02 15:25 . 2009-07-20 16:26    117264    ----a-w-    c:\windows\system32\KemWnd.dll
2013-07-02 15:25 . 2009-07-20 16:26    145936    ----a-w-    c:\windows\system32\KemUtil.dll
2013-07-02 15:25 . 2013-07-02 15:25    --------    d-----w-    c:\documents and settings\All Users\Application Data\Logitech
2013-07-02 15:24 . 2013-07-02 15:24    --------    d-----w-    c:\program files\Logitech
2013-06-29 22:08 . 2013-06-29 22:08    --------    d-----w-    c:\program files\ESET
2013-06-26 17:52 . 2008-04-14 00:12    116224    ----a-w-    c:\windows\system32\dllcache\xrxwiadr.dll
2013-06-26 17:52 . 2008-04-14 00:12    18944    ----a-w-    c:\windows\system32\dllcache\xrxscnui.dll
2013-06-26 17:52 . 2008-04-13 18:46    19200    ----a-w-    c:\windows\system32\dllcache\wstcodec.sys
2013-06-26 17:52 . 2008-04-14 00:12    8192    ----a-w-    c:\windows\system32\dllcache\wshirda.dll
2013-06-26 17:51 . 2008-04-13 18:36    8832    ----a-w-    c:\windows\system32\dllcache\wmiacpi.sys
2013-06-26 17:51 . 2008-04-13 18:45    31744    ----a-w-    c:\windows\system32\dllcache\wceusbsh.sys
2013-06-26 17:50 . 2008-04-14 00:12    53760    ----a-w-    c:\windows\system32\dllcache\vfwwdm32.dll
2013-06-26 17:49 . 2008-04-13 18:45    17152    ----a-w-    c:\windows\system32\dllcache\usbohci.sys
2013-06-26 17:49 . 2008-04-13 18:45    60032    ----a-w-    c:\windows\system32\dllcache\usbaudio.sys
2013-06-26 17:48 . 2008-04-14 00:12    82944    ----a-w-    c:\windows\system32\dllcache\tp4mon.exe
2013-06-26 17:47 . 2008-04-13 18:40    149376    ----a-w-    c:\windows\system32\dllcache\tffsport.sys
2013-06-26 17:46 . 2008-04-13 18:46    15232    ----a-w-    c:\windows\system32\dllcache\streamip.sys
2013-06-26 17:45 . 2008-04-13 18:40    7552    ----a-w-    c:\windows\system32\dllcache\sonyait.sys
2013-06-26 17:45 . 2008-04-13 18:36    6912    ----a-w-    c:\windows\system32\dllcache\smbclass.sys
2013-06-26 17:45 . 2008-04-13 18:36    16000    ----a-w-    c:\windows\system32\dllcache\smbbatt.sys
2013-06-26 17:45 . 2008-04-13 18:46    11136    ----a-w-    c:\windows\system32\dllcache\slip.sys
2013-06-26 17:43 . 2008-04-13 18:45    11520    ----a-w-    c:\windows\system32\dllcache\scsiscan.sys
2013-06-26 17:43 . 2008-04-13 18:40    43904    ----a-w-    c:\windows\system32\dllcache\sbp2port.sys
2013-06-26 17:42 . 2008-04-14 00:12    29696    ----a-w-    c:\windows\system32\dllcache\rw450ext.dll
2013-06-26 17:42 . 2008-04-14 00:12    27648    ----a-w-    c:\windows\system32\dllcache\rw430ext.dll
2013-06-26 17:42 . 2008-04-13 18:40    79104    ----a-w-    c:\windows\system32\dllcache\rocket.sys
2013-06-26 17:41 . 2008-04-13 18:40    6016    ----a-w-    c:\windows\system32\dllcache\qic157.sys
2013-06-26 17:41 . 2008-04-14 00:12    159232    ----a-w-    c:\windows\system32\dllcache\ptpusd.dll
2013-06-26 17:41 . 2008-04-14 00:12    363520    ----a-w-    c:\windows\system32\dllcache\psisdecd.dll
2013-06-26 17:41 . 2008-04-13 18:41    17664    ----a-w-    c:\windows\system32\dllcache\ppa3.sys
2013-06-26 17:41 . 2008-04-13 18:40    8832    ----a-w-    c:\windows\system32\dllcache\powerfil.sys
2013-06-26 17:40 . 2008-04-14 00:10    259328    ----a-w-    c:\windows\system32\dllcache\perm3dd.dll
2013-06-26 17:40 . 2008-04-14 00:10    211584    ----a-w-    c:\windows\system32\dllcache\perm2dll.dll
2013-06-26 17:40 . 2008-04-13 18:44    28032    ----a-w-    c:\windows\system32\dllcache\perm3.sys
2013-06-26 17:40 . 2008-04-13 18:44    27904    ----a-w-    c:\windows\system32\dllcache\perm2.sys
2013-06-26 17:39 . 2008-04-13 18:46    61696    ----a-w-    c:\windows\system32\dllcache\ohci1394.sys
2013-06-26 17:38 . 2008-04-13 18:54    28672    ----a-w-    c:\windows\system32\dllcache\nscirda.sys
2013-06-26 17:38 . 2008-04-13 18:46    10880    ----a-w-    c:\windows\system32\dllcache\ndisip.sys
2013-06-26 17:38 . 2008-04-13 18:46    85248    ----a-w-    c:\windows\system32\dllcache\nabtsfec.sys
2013-06-26 17:37 . 2008-04-13 18:39    5504    ----a-w-    c:\windows\system32\dllcache\mstee.sys
2013-06-26 17:37 . 2008-04-13 18:46    49024    ----a-w-    c:\windows\system32\dllcache\mstape.sys
2013-06-26 17:37 . 2008-04-13 18:54    22016    ----a-w-    c:\windows\system32\dllcache\msircomm.sys
2013-06-26 17:36 . 2008-04-13 18:46    51200    ----a-w-    c:\windows\system32\dllcache\msdv.sys
2013-06-26 17:36 . 2008-04-13 18:46    15232    ----a-w-    c:\windows\system32\dllcache\mpe.sys
2013-06-26 17:36 . 2008-04-13 18:41    26112    ----a-w-    c:\windows\system32\dllcache\memstpci.sys
2013-06-26 17:35 . 2008-04-13 18:40    7040    ----a-w-    c:\windows\system32\dllcache\ltotape.sys
2013-06-26 17:35 . 2008-04-13 18:40    34688    ----a-w-    c:\windows\system32\dllcache\lbrtfdc.sys
2013-06-26 17:35 . 2008-04-14 00:11    48640    ----a-w-    c:\windows\system32\dllcache\kdsui.dll
2013-06-26 17:35 . 2008-04-14 00:11    253952    ----a-w-    c:\windows\system32\dllcache\kdsusd.dll
2013-06-26 17:34 . 2008-04-14 00:11    28160    ----a-w-    c:\windows\system32\dllcache\irmon.dll
2013-06-26 17:34 . 2008-04-14 00:12    151552    ----a-w-    c:\windows\system32\dllcache\irftp.exe
2013-06-26 17:34 . 2008-04-13 18:54    88192    ----a-w-    c:\windows\system32\dllcache\irda.sys
2013-06-26 17:33 . 2008-04-14 00:11    702845    ----a-w-    c:\windows\system32\dllcache\i81xdnt5.dll
2013-06-26 17:31 . 2008-04-13 18:40    28288    ----a-w-    c:\windows\system32\dllcache\grserial.sys
2013-06-26 17:31 . 2008-04-13 18:45    59136    ----a-w-    c:\windows\system32\dllcache\gckernel.sys
2013-06-26 17:31 . 2008-04-13 18:45    10624    ----a-w-    c:\windows\system32\dllcache\gameenum.sys
2013-06-26 17:28 . 2008-04-13 18:39    206976    ----a-w-    c:\windows\system32\dllcache\dot4.sys
2013-06-26 17:28 . 2008-04-13 18:40    8320    ----a-w-    c:\windows\system32\dllcache\dlttape.sys
2013-06-26 17:27 . 2008-04-14 00:11    249856    ----a-w-    c:\windows\system32\dllcache\ctmasetp.dll
2013-06-26 17:26 . 2008-04-13 18:36    13952    ----a-w-    c:\windows\system32\dllcache\cmbatt.sys
2013-06-26 17:26 . 2008-04-13 18:40    8192    ----a-w-    c:\windows\system32\dllcache\changer.sys
2013-06-26 17:26 . 2008-04-13 18:46    17024    ----a-w-    c:\windows\system32\dllcache\ccdecode.sys
2013-06-26 17:26 . 2008-04-14 00:11    121856    ----a-w-    c:\windows\system32\dllcache\camext30.dll
2013-06-26 17:25 . 2008-04-13 18:46    11776    ----a-w-    c:\windows\system32\dllcache\bdasup.sys
2013-06-26 17:25 . 2008-04-13 18:46    13696    ----a-w-    c:\windows\system32\dllcache\avcstrm.sys
2013-06-26 17:25 . 2008-04-13 18:46    38912    ----a-w-    c:\windows\system32\dllcache\avc.sys
2013-06-26 17:24 . 2008-04-13 18:46    48128    ----a-w-    c:\windows\system32\dllcache\61883.sys
2013-06-26 17:24 . 2008-04-13 18:40    12288    ----a-w-    c:\windows\system32\dllcache\4mmdat.sys
2013-06-26 17:24 . 2008-04-13 18:46    53376    ----a-w-    c:\windows\system32\dllcache\1394bus.sys
2013-06-25 17:36 . 2013-06-25 17:36    94632    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-25 17:36 . 2012-12-24 18:18    144896    ----a-w-    c:\windows\system32\javacpl.cpl
2013-06-25 17:36 . 2012-06-22 19:22    867240    ----a-w-    c:\windows\system32\npdeployJava1.dll
2013-06-25 17:36 . 2011-06-12 20:32    789416    ----a-w-    c:\windows\system32\deployJava1.dll
2013-06-25 17:30 . 2012-03-30 18:50    692104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-06-25 17:30 . 2011-06-06 22:01    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-07 22:30 . 2004-08-10 18:51    920064    ----a-w-    c:\windows\system32\wininet.dll
2013-05-07 22:30 . 2004-08-10 18:51    43520    ----a-w-    c:\windows\system32\licmgr10.dll
2013-05-07 22:30 . 2004-08-10 18:51    1469440    ------w-    c:\windows\system32\inetcpl.cpl
2013-05-07 21:53 . 2004-08-10 18:51    385024    ----a-w-    c:\windows\system32\html.iec
2013-05-03 01:30 . 2004-08-10 18:51    2149888    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-05-03 00:38 . 2004-08-04 04:59    2028544    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2013-05-02 15:28 . 2009-10-03 13:51    238872    ------w-    c:\windows\system32\MpSigStub.exe
2013-04-10 01:31 . 2004-08-10 18:51    1876352    ----a-w-    c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Active Desktop Calendar"="c:\program files\XemiComputers\Active Desktop Calendar\ADC.exe" [2010-06-15 5730304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 339968]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2013-7-2 813584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 16:28    72208    ----a-w-    c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Controller.LNK]
backup=c:\windows\pss\Controller.LNKCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Ann^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]
path=c:\documents and settings\Ann\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
backup=c:\windows\pss\Logitech . Product Registration.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eTrustPPAP
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 21:06    958576    ----a-w-    c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2005-08-06 03:05    344064    ----a-w-    c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2007-03-15 15:09    460784    ----a-w-    c:\program files\DellSupport\DSAgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
2009-05-21 14:55    206064    ----a-w-    c:\program files\Dell Support Center\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray]
2006-06-07 16:35    319488    ----a-w-    c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
2005-01-27 07:02    86016    ----a-w-    c:\program files\Dell\Media Experience\DMXLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
2007-11-15 14:24    16384    ----a-w-    c:\program files\Dell Support Center\gs_agent\custom\dsca.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2005-02-23 22:19    53248    ------w-    c:\program files\CyberLink\PowerDVD\DVDLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-06-10 16:44    249856    ----a-w-    c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-06-10 16:44    81920    ----a-w-    c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12    1695232    ----a-w-    c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerPanel Personal Edition User Interaction]
2010-04-10 00:49    316864    ----a-w-    c:\program files\CyberPower PowerPanel Personal Edition\pppeuser.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QBReminderFlash]
2004-11-11 16:26    26112    ----a-w-    c:\program files\Intuit\QuickBooks 2005\Atom\QBReminder.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 21:38    421888    ----a-w-    c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2005-12-17 21:51    26112    ----a-w-    c:\program files\Real\RealPlayer\realplay.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RIMBBLaunchAgent.exe]
2011-11-02 06:00    90448    ----a-w-    c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RIMDeviceManager]
2012-01-19 21:05    2061648    ----a-w-    c:\program files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-03-12 11:32    253816    ----a-w-    c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFaxAppPortStarter]
2000-02-14 22:36    43008    ----a-w-    c:\windows\system32\WFXSNT40.EXE
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
R1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\system32\drivers\HWiNFO32.SYS [7/4/2013 3:39 PM 22560]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [7/2/2013 11:27 AM 10384]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [7/7/2013 1:23 PM 418376]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [7/7/2013 1:23 PM 701512]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7/7/2013 1:23 PM 22856]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S1 MpKslfd7e795c;MpKslfd7e795c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C0BB4049-0B6E-448D-90A2-4B8074A40B30}\MpKslfd7e795c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C0BB4049-0B6E-448D-90A2-4B8074A40B30}\MpKslfd7e795c.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-08 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-01-27 16:11]
.
.
------- Supplementary Scan -------
.





TCP: DhcpNameServer = 192.168.1.1



FF - ProfilePath - c:\documents and settings\Ann\Application Data\Mozilla\Firefox\Profiles\nv65vf11.default\
FF - prefs.js: browser.search.selectedEngine - Bing

FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: !HIDDEN! 2009-06-27 13:46; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - user.js: extensions.BabylonToolbar.id - 64f4025b000000000000001372c1da6f
FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
FF - user.js: extensions.BabylonToolbar.instlDay - 15651
FF - user.js: extensions.BabylonToolbar.vrsn - 1.8.3.8
FF - user.js: extensions.BabylonToolbar.vrsni - 1.8.3.8
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.8.3.810:27
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{08FCF7E3-5F7D-444E-8554-76A516EB3C6C} - (no file)
HKU-Default-Run-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
AddRemove-Irj2w32.exe - c:\tlcwin\Rj1-2\uninstal\DeIsL1.isu
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-07-08 14:53
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(668)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
.
Completion time: 2013-07-08  14:57:15
ComboFix-quarantined-files.txt  2013-07-08 18:57
.
Pre-Run: 118,835,507,200 bytes free
Post-Run: 119,142,146,048 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 7E7EEAEFF9B73FE4AFD245E65C6BDFA7
5CB90281D1A59B251F6603134774EEC3
 

Link to post
Share on other sites

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Download the attached CFScript.txt and save it to the location where Combofix is.


CFScriptB-4.gif


Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

 

Then try MBAM again. Please note that some freezes during the scan run are normal and will disappear after a few minutes.

CFScript.txt

Link to post
Share on other sites

Here is the file for combofix again.

 

Scanning with MBAM again now. You say some freezes are normal. Been running for 40 minutes now and at 39,000 objects scanned. Get not responding in task manager for more than a few minutes, then starts again. This did not happen before during quick scans. Use to be able to do a scan in 10 minutes. Will let you know if it finishes the scan.

 

Thnaks for your help.

 

ComboFix 13-07-08.04 - Ann 07/08/2013  15:24:49.2.2 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.3070.2378 [GMT -4:00]
Running from: c:\documents and settings\Ann\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Ann\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
(((((((((((((((((((((((((   Files Created from 2013-06-08 to 2013-07-08  )))))))))))))))))))))))))))))))
.
.
2013-07-08 14:59 . 2013-06-12 04:18    7068072    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C0BB4049-0B6E-448D-90A2-4B8074A40B30}\mpengine.dll
2013-07-07 18:58 . 2013-06-12 04:18    7068072    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-07-07 17:23 . 2013-07-07 17:23    --------    d-----w-    c:\documents and settings\Ann\Application Data\Malwarebytes
2013-07-07 17:23 . 2013-07-07 17:23    --------    d-----w-    c:\documents and settings\All Users\Application Data\Malwarebytes
2013-07-07 17:23 . 2013-07-07 17:23    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2013-07-07 17:23 . 2013-04-04 18:50    22856    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-07-04 19:39 . 2013-07-04 19:39    22560    ----a-w-    c:\windows\system32\drivers\HWiNFO32.SYS
2013-07-04 19:30 . 2013-07-04 19:30    --------    d-----w-    c:\program files\GPU-Z
2013-07-04 15:46 . 2013-07-04 15:46    --------    d-----w-    c:\program files\Seagate
2013-07-04 15:34 . 2013-07-04 15:34    --------    d-----w-    c:\program files\Common Files\Wise Installation Wizard
2013-07-02 15:28 . 2013-07-02 15:28    --------    d-----w-    c:\documents and settings\Ann\Application Data\Logitech
2013-07-02 15:27 . 2009-06-17 16:55    10384    ----a-w-    c:\windows\system32\drivers\LBeepKE.sys
2013-07-02 15:26 . 2009-07-20 16:25    301656    ----a-w-    c:\windows\system32\BtCoreIf.dll
2013-07-02 15:25 . 2009-07-20 16:26    84496    ----a-w-    c:\windows\system32\KemXML.dll
2013-07-02 15:25 . 2009-07-20 16:26    170512    ----a-w-    c:\windows\system32\kemutb.dll
2013-07-02 15:25 . 2009-07-20 16:26    117264    ----a-w-    c:\windows\system32\KemWnd.dll
2013-07-02 15:25 . 2009-07-20 16:26    145936    ----a-w-    c:\windows\system32\KemUtil.dll
2013-07-02 15:25 . 2013-07-02 15:25    --------    d-----w-    c:\documents and settings\All Users\Application Data\Logitech
2013-07-02 15:24 . 2013-07-02 15:24    --------    d-----w-    c:\program files\Logitech
2013-06-29 22:08 . 2013-06-29 22:08    --------    d-----w-    c:\program files\ESET
2013-06-26 17:52 . 2008-04-14 00:12    116224    ----a-w-    c:\windows\system32\dllcache\xrxwiadr.dll
2013-06-26 17:52 . 2008-04-14 00:12    18944    ----a-w-    c:\windows\system32\dllcache\xrxscnui.dll
2013-06-26 17:52 . 2008-04-13 18:46    19200    ----a-w-    c:\windows\system32\dllcache\wstcodec.sys
2013-06-26 17:52 . 2008-04-14 00:12    8192    ----a-w-    c:\windows\system32\dllcache\wshirda.dll
2013-06-26 17:51 . 2008-04-13 18:36    8832    ----a-w-    c:\windows\system32\dllcache\wmiacpi.sys
2013-06-26 17:51 . 2008-04-13 18:45    31744    ----a-w-    c:\windows\system32\dllcache\wceusbsh.sys
2013-06-26 17:50 . 2008-04-14 00:12    53760    ----a-w-    c:\windows\system32\dllcache\vfwwdm32.dll
2013-06-26 17:49 . 2008-04-13 18:45    17152    ----a-w-    c:\windows\system32\dllcache\usbohci.sys
2013-06-26 17:49 . 2008-04-13 18:45    60032    ----a-w-    c:\windows\system32\dllcache\usbaudio.sys
2013-06-26 17:48 . 2008-04-14 00:12    82944    ----a-w-    c:\windows\system32\dllcache\tp4mon.exe
2013-06-26 17:47 . 2008-04-13 18:40    149376    ----a-w-    c:\windows\system32\dllcache\tffsport.sys
2013-06-26 17:46 . 2008-04-13 18:46    15232    ----a-w-    c:\windows\system32\dllcache\streamip.sys
2013-06-26 17:45 . 2008-04-13 18:40    7552    ----a-w-    c:\windows\system32\dllcache\sonyait.sys
2013-06-26 17:45 . 2008-04-13 18:36    6912    ----a-w-    c:\windows\system32\dllcache\smbclass.sys
2013-06-26 17:45 . 2008-04-13 18:36    16000    ----a-w-    c:\windows\system32\dllcache\smbbatt.sys
2013-06-26 17:45 . 2008-04-13 18:46    11136    ----a-w-    c:\windows\system32\dllcache\slip.sys
2013-06-26 17:43 . 2008-04-13 18:45    11520    ----a-w-    c:\windows\system32\dllcache\scsiscan.sys
2013-06-26 17:43 . 2008-04-13 18:40    43904    ----a-w-    c:\windows\system32\dllcache\sbp2port.sys
2013-06-26 17:42 . 2008-04-14 00:12    29696    ----a-w-    c:\windows\system32\dllcache\rw450ext.dll
2013-06-26 17:42 . 2008-04-14 00:12    27648    ----a-w-    c:\windows\system32\dllcache\rw430ext.dll
2013-06-26 17:42 . 2008-04-13 18:40    79104    ----a-w-    c:\windows\system32\dllcache\rocket.sys
2013-06-26 17:41 . 2008-04-13 18:40    6016    ----a-w-    c:\windows\system32\dllcache\qic157.sys
2013-06-26 17:41 . 2008-04-14 00:12    159232    ----a-w-    c:\windows\system32\dllcache\ptpusd.dll
2013-06-26 17:41 . 2008-04-14 00:12    363520    ----a-w-    c:\windows\system32\dllcache\psisdecd.dll
2013-06-26 17:41 . 2008-04-13 18:41    17664    ----a-w-    c:\windows\system32\dllcache\ppa3.sys
2013-06-26 17:41 . 2008-04-13 18:40    8832    ----a-w-    c:\windows\system32\dllcache\powerfil.sys
2013-06-26 17:40 . 2008-04-14 00:10    259328    ----a-w-    c:\windows\system32\dllcache\perm3dd.dll
2013-06-26 17:40 . 2008-04-14 00:10    211584    ----a-w-    c:\windows\system32\dllcache\perm2dll.dll
2013-06-26 17:40 . 2008-04-13 18:44    28032    ----a-w-    c:\windows\system32\dllcache\perm3.sys
2013-06-26 17:40 . 2008-04-13 18:44    27904    ----a-w-    c:\windows\system32\dllcache\perm2.sys
2013-06-26 17:39 . 2008-04-13 18:46    61696    ----a-w-    c:\windows\system32\dllcache\ohci1394.sys
2013-06-26 17:38 . 2008-04-13 18:54    28672    ----a-w-    c:\windows\system32\dllcache\nscirda.sys
2013-06-26 17:38 . 2008-04-13 18:46    10880    ----a-w-    c:\windows\system32\dllcache\ndisip.sys
2013-06-26 17:38 . 2008-04-13 18:46    85248    ----a-w-    c:\windows\system32\dllcache\nabtsfec.sys
2013-06-26 17:37 . 2008-04-13 18:39    5504    ----a-w-    c:\windows\system32\dllcache\mstee.sys
2013-06-26 17:37 . 2008-04-13 18:46    49024    ----a-w-    c:\windows\system32\dllcache\mstape.sys
2013-06-26 17:37 . 2008-04-13 18:54    22016    ----a-w-    c:\windows\system32\dllcache\msircomm.sys
2013-06-26 17:36 . 2008-04-13 18:46    51200    ----a-w-    c:\windows\system32\dllcache\msdv.sys
2013-06-26 17:36 . 2008-04-13 18:46    15232    ----a-w-    c:\windows\system32\dllcache\mpe.sys
2013-06-26 17:36 . 2008-04-13 18:41    26112    ----a-w-    c:\windows\system32\dllcache\memstpci.sys
2013-06-26 17:35 . 2008-04-13 18:40    7040    ----a-w-    c:\windows\system32\dllcache\ltotape.sys
2013-06-26 17:35 . 2008-04-13 18:40    34688    ----a-w-    c:\windows\system32\dllcache\lbrtfdc.sys
2013-06-26 17:35 . 2008-04-14 00:11    48640    ----a-w-    c:\windows\system32\dllcache\kdsui.dll
2013-06-26 17:35 . 2008-04-14 00:11    253952    ----a-w-    c:\windows\system32\dllcache\kdsusd.dll
2013-06-26 17:34 . 2008-04-14 00:11    28160    ----a-w-    c:\windows\system32\dllcache\irmon.dll
2013-06-26 17:34 . 2008-04-14 00:12    151552    ----a-w-    c:\windows\system32\dllcache\irftp.exe
2013-06-26 17:34 . 2008-04-13 18:54    88192    ----a-w-    c:\windows\system32\dllcache\irda.sys
2013-06-26 17:33 . 2008-04-14 00:11    702845    ----a-w-    c:\windows\system32\dllcache\i81xdnt5.dll
2013-06-26 17:31 . 2008-04-13 18:40    28288    ----a-w-    c:\windows\system32\dllcache\grserial.sys
2013-06-26 17:31 . 2008-04-13 18:45    59136    ----a-w-    c:\windows\system32\dllcache\gckernel.sys
2013-06-26 17:31 . 2008-04-13 18:45    10624    ----a-w-    c:\windows\system32\dllcache\gameenum.sys
2013-06-26 17:28 . 2008-04-13 18:39    206976    ----a-w-    c:\windows\system32\dllcache\dot4.sys
2013-06-26 17:28 . 2008-04-13 18:40    8320    ----a-w-    c:\windows\system32\dllcache\dlttape.sys
2013-06-26 17:27 . 2008-04-14 00:11    249856    ----a-w-    c:\windows\system32\dllcache\ctmasetp.dll
2013-06-26 17:26 . 2008-04-13 18:36    13952    ----a-w-    c:\windows\system32\dllcache\cmbatt.sys
2013-06-26 17:26 . 2008-04-13 18:40    8192    ----a-w-    c:\windows\system32\dllcache\changer.sys
2013-06-26 17:26 . 2008-04-13 18:46    17024    ----a-w-    c:\windows\system32\dllcache\ccdecode.sys
2013-06-26 17:26 . 2008-04-14 00:11    121856    ----a-w-    c:\windows\system32\dllcache\camext30.dll
2013-06-26 17:25 . 2008-04-13 18:46    11776    ----a-w-    c:\windows\system32\dllcache\bdasup.sys
2013-06-26 17:25 . 2008-04-13 18:46    13696    ----a-w-    c:\windows\system32\dllcache\avcstrm.sys
2013-06-26 17:25 . 2008-04-13 18:46    38912    ----a-w-    c:\windows\system32\dllcache\avc.sys
2013-06-26 17:24 . 2008-04-13 18:46    48128    ----a-w-    c:\windows\system32\dllcache\61883.sys
2013-06-26 17:24 . 2008-04-13 18:40    12288    ----a-w-    c:\windows\system32\dllcache\4mmdat.sys
2013-06-26 17:24 . 2008-04-13 18:46    53376    ----a-w-    c:\windows\system32\dllcache\1394bus.sys
2013-06-25 17:36 . 2013-06-25 17:36    94632    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-25 17:36 . 2012-12-24 18:18    144896    ----a-w-    c:\windows\system32\javacpl.cpl
2013-06-25 17:36 . 2012-06-22 19:22    867240    ----a-w-    c:\windows\system32\npdeployJava1.dll
2013-06-25 17:36 . 2011-06-12 20:32    789416    ----a-w-    c:\windows\system32\deployJava1.dll
2013-06-25 17:30 . 2012-03-30 18:50    692104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-06-25 17:30 . 2011-06-06 22:01    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-07 22:30 . 2004-08-10 18:51    920064    ----a-w-    c:\windows\system32\wininet.dll
2013-05-07 22:30 . 2004-08-10 18:51    43520    ----a-w-    c:\windows\system32\licmgr10.dll
2013-05-07 22:30 . 2004-08-10 18:51    1469440    ------w-    c:\windows\system32\inetcpl.cpl
2013-05-07 21:53 . 2004-08-10 18:51    385024    ----a-w-    c:\windows\system32\html.iec
2013-05-03 01:30 . 2004-08-10 18:51    2149888    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-05-03 00:38 . 2004-08-04 04:59    2028544    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2013-05-02 15:28 . 2009-10-03 13:51    238872    ------w-    c:\windows\system32\MpSigStub.exe
2013-04-10 01:31 . 2004-08-10 18:51    1876352    ----a-w-    c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Active Desktop Calendar"="c:\program files\XemiComputers\Active Desktop Calendar\ADC.exe" [2010-06-15 5730304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 339968]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2013-7-2 813584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 16:28    72208    ----a-w-    c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Controller.LNK]
backup=c:\windows\pss\Controller.LNKCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Ann^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]
path=c:\documents and settings\Ann\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
backup=c:\windows\pss\Logitech . Product Registration.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 21:06    958576    ----a-w-    c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2005-08-06 03:05    344064    ----a-w-    c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2007-03-15 15:09    460784    ----a-w-    c:\program files\DellSupport\DSAgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
2009-05-21 14:55    206064    ----a-w-    c:\program files\Dell Support Center\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray]
2006-06-07 16:35    319488    ----a-w-    c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
2005-01-27 07:02    86016    ----a-w-    c:\program files\Dell\Media Experience\DMXLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
2007-11-15 14:24    16384    ----a-w-    c:\program files\Dell Support Center\gs_agent\custom\dsca.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2005-02-23 22:19    53248    ------w-    c:\program files\CyberLink\PowerDVD\DVDLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-06-10 16:44    249856    ----a-w-    c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-06-10 16:44    81920    ----a-w-    c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12    1695232    ----a-w-    c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerPanel Personal Edition User Interaction]
2010-04-10 00:49    316864    ----a-w-    c:\program files\CyberPower PowerPanel Personal Edition\pppeuser.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QBReminderFlash]
2004-11-11 16:26    26112    ----a-w-    c:\program files\Intuit\QuickBooks 2005\Atom\QBReminder.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 21:38    421888    ----a-w-    c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2005-12-17 21:51    26112    ----a-w-    c:\program files\Real\RealPlayer\realplay.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RIMBBLaunchAgent.exe]
2011-11-02 06:00    90448    ----a-w-    c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RIMDeviceManager]
2012-01-19 21:05    2061648    ----a-w-    c:\program files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-03-12 11:32    253816    ----a-w-    c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFaxAppPortStarter]
2000-02-14 22:36    43008    ----a-w-    c:\windows\system32\WFXSNT40.EXE
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
R1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\system32\drivers\HWiNFO32.SYS [7/4/2013 3:39 PM 22560]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [7/2/2013 11:27 AM 10384]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [7/7/2013 1:23 PM 418376]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [7/7/2013 1:23 PM 701512]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7/7/2013 1:23 PM 22856]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S1 MpKslfd7e795c;MpKslfd7e795c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C0BB4049-0B6E-448D-90A2-4B8074A40B30}\MpKslfd7e795c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C0BB4049-0B6E-448D-90A2-4B8074A40B30}\MpKslfd7e795c.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-08 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-01-27 16:11]
.
.
------- Supplementary Scan -------
.





TCP: DhcpNameServer = 192.168.1.1



FF - ProfilePath - c:\documents and settings\Ann\Application Data\Mozilla\Firefox\Profiles\nv65vf11.default\
FF - prefs.js: browser.search.selectedEngine - Bing

FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: !HIDDEN! 2009-06-27 13:46; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-07-08 15:29
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(668)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
.
- - - - - - - > 'explorer.exe'(532)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2013-07-08  15:32:36
ComboFix-quarantined-files.txt  2013-07-08 19:32
ComboFix2.txt  2013-07-08 18:57
.
Pre-Run: 119,157,714,944 bytes free
Post-Run: 119,142,092,800 bytes free
.
- - End Of File - - 357296EA83906DA8DF764F9432ED2E69
5CB90281D1A59B251F6603134774EEC3
 

Link to post
Share on other sites

I presume you mean the mbam log as follows:

 

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.07.08.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Ann :: D4T63191 [administrator]

Protection: Enabled

7/8/2013 3:50:26 PM
mbam-log-2013-07-08 (15-50-26).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 258629
Time elapsed: 1 hour(s), 14 minute(s), 2 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 

Link to post
Share on other sites

We need to download Temp File Cleaner (TFC) by OldTimer:

  • Please download TFC.exe by Oldtimer at one of the two links: Link 1 Link 2
  • Save and close all running applications
  • Double-click on TFC.exe to run the program
  • Click on Start to begin the cleaning process note: this program may close running applications, make your screen disappear temporarily, or require a reboot of your PC - this is normal and part of the cleanup
  • When the scan is complete, if you were not asked to reboot the computer, please do so now

More Information can be found about the tool here: http://www.geekstogo.com/forum/files/file/187-tfc-temp-file-cleaner-by-oldtimer/

 

 

 

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology

[*]Click Scan[*]Wait for the scan to finish[*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.

Link to post
Share on other sites

Eset Results, will try TFC again

 

 

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FlvTubePlayer.zip Win32/Bagle.gen.zip worm
C:\Qoobox\Quarantine\C\Program Files\CouponAlert_2pEI\Installr\1.bin\2pEIPlug.dll.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files\CouponAlert_2pEI\Installr\1.bin\2pEZSETP.dll.vir Win32/Toolbar.MyWebSearch.Q application
C:\Qoobox\Quarantine\C\Program Files\CouponAlert_2pEI\Installr\1.bin\NP2pEISb.dll.vir Win32/Toolbar.MyWebSearch application
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP3356\A0364465.dll Win32/Toolbar.MyWebSearch application
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP3356\A0364466.dll Win32/Toolbar.MyWebSearch.Q application
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP3356\A0364467.dll Win32/Toolbar.MyWebSearch application
 

Link to post
Share on other sites

MBAM scan again and continues to stop responding intermittently. See below 1hr, 8 min.

 

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.07.10.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Ann :: D4T63191 [administrator]

Protection: Enabled

7/10/2013 1:23:25 PM
mbam-log-2013-07-10 (13-23-25).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 259564
Time elapsed: 1 hour(s), 8 minute(s), 2 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 

Link to post
Share on other sites

Then we can do the cleanup - if you are facing any issues, report that immediately.

Delete junk with adwCleaner


Please download AdwCleaner to your desktop.


  • Run adwcleaner.exe.
  • Hit delete.
  • When the run is finished, it will open up a text file.
  • Please post its contents within your next reply.
  • You´ll find the log file at C:\AdwCleaner[s1].txt also.


SecurityCheck

Please download SecurityCheck: LINK1 LINK2

  • Save it to your desktop, start it and follow the instructions in the window.
  • After the scan finished the (checkup.txt) will open. Copy its content to your thread.

Link to post
Share on other sites

Adwcleaner and Security check as follows:

 

# AdwCleaner v2.304 - Logfile created 07/11/2013 at 01:05:04
# Updated 03/07/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Ann - D4T63191
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Ann\Desktop\adwcleaner.exe
# Option [Delete]


***** [services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Trymedia
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\registry mechanic
Folder Deleted : C:\Documents and Settings\Ann\Application Data\CheckPoint\ZoneAlarm LTD Toolbar
Folder Deleted : C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\nv65vf11.default\jetpack
Folder Deleted : C:\Documents and Settings\Ann\Application Data\Viewpoint
Folder Deleted : C:\Program Files\registry mechanic
Folder Deleted : C:\Program Files\Viewpoint

***** [Registry] *****

Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2611275
Key Deleted : HKLM\Software\MetaStream
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Homepage Protection Service
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm LTD Toolbar
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\Software\Viewpoint

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702



-\\ Mozilla Firefox v22.0 (en-US)

File : C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\nv65vf11.default\prefs.js

C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\nv65vf11.default\user.js ... Deleted !


Deleted : user_pref("CT2611275.CTID", "ct2611275");
Deleted : user_pref("CT2611275.CurrentServerDate", "17-9-2010");
Deleted : user_pref("CT2611275.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2611275.DownloadReferralCookieData", "");
Deleted : user_pref("CT2611275.EMailNotifierPollDate", "Fri Sep 17 2010 11:44:24 GMT-0400 (Eastern Daylight Ti[...]
Deleted : user_pref("CT2611275.FirstServerDate", "17-9-2010");
Deleted : user_pref("CT2611275.FirstTime", true);
Deleted : user_pref("CT2611275.FirstTimeFF3", true);
Deleted : user_pref("CT2611275.FirstTimeSettingsDone", true);
Deleted : user_pref("CT2611275.FixPageNotFoundErrors", true);
Deleted : user_pref("CT2611275.GroupingServerCheckInterval", 1440);

Deleted : user_pref("CT2611275.Initialize", true);
Deleted : user_pref("CT2611275.InitializeCommonPrefs", true);
Deleted : user_pref("CT2611275.InstallationAndCookieDataSentCount", 2);
Deleted : user_pref("CT2611275.InstallationType", "UnknownIntegration");
Deleted : user_pref("CT2611275.InstalledDate", "Fri Sep 17 2010 11:44:02 GMT-0400 (Eastern Daylight Time)");
Deleted : user_pref("CT2611275.IsGrouping", false);
Deleted : user_pref("CT2611275.IsOpenThankYouPage", false);
Deleted : user_pref("CT2611275.IsOpenUninstallPage", true);
Deleted : user_pref("CT2611275.LanguagePackLastCheckTime", "Fri Sep 17 2010 11:44:23 GMT-0400 (Eastern Dayligh[...]
Deleted : user_pref("CT2611275.LanguagePackReloadIntervalMM", 1440);

Deleted : user_pref("CT2611275.LastLogin_2.6.0.15", "Fri Sep 17 2010 11:44:23 GMT-0400 (Eastern Daylight Time)[...]
Deleted : user_pref("CT2611275.LatestVersion", "2.6.0.15");
Deleted : user_pref("CT2611275.Locale", "en");
Deleted : user_pref("CT2611275.LoginCache", 4);
Deleted : user_pref("CT2611275.MCDetectTooltipHeight", "83");

Deleted : user_pref("CT2611275.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2611275.SHRINK_TOOLBAR", 1);

Deleted : user_pref("CT2611275.SearchFromAddressBarIsInit", true);

Deleted : user_pref("CT2611275.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2611275.SearchInNewTabIntervalMM", 1440);


Deleted : user_pref("CT2611275.SettingsCheckIntervalMin", 120);
Deleted : user_pref("CT2611275.SettingsLastCheckTime", "Fri Sep 17 2010 11:44:02 GMT-0400 (Eastern Daylight Ti[...]
Deleted : user_pref("CT2611275.SettingsLastUpdate", "1284634969");
Deleted : user_pref("CT2611275.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2611275.ThirdPartyComponentsLastCheck", "Fri Sep 17 2010 11:44:02 GMT-0400 (Eastern Day[...]
Deleted : user_pref("CT2611275.ThirdPartyComponentsLastUpdate", "1246790578");

Deleted : user_pref("CT2611275.UserID", "UN50279021686541347");
Deleted : user_pref("CT2611275.alertChannelId", "1004080");
Deleted : user_pref("CT2611275.clientLogIsEnabled", true);

Deleted : user_pref("CT2611275.components.1000082", false);
Deleted : user_pref("CT2611275.components.1000234", false);
Deleted : user_pref("CT2611275.ct2611275.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2611275.ct2611275.FirstTimeSettingsDone", true);
Deleted : user_pref("CT2611275.ct2611275.LanguagePackLastCheckTime", "Fri Sep 17 2010 11:44:23 GMT-0400 (Easte[...]
Deleted : user_pref("CT2611275.ct2611275.Locale", "en");

Deleted : user_pref("CT2611275.ct2611275.SearchInNewTabLastCheckTime", "Fri Sep 17 2010 11:44:23 GMT-0400 (Eas[...]
Deleted : user_pref("CT2611275.ct2611275.SettingsCheckIntervalMin", 120);
Deleted : user_pref("CT2611275.ct2611275.SettingsLastCheckTime", "Fri Sep 17 2010 11:44:21 GMT-0400 (Eastern D[...]
Deleted : user_pref("CT2611275.ct2611275.SettingsLastUpdate", "1284634969");
Deleted : user_pref("CT2611275.ct2611275.ThirdPartyComponentsLastCheck", "Fri Sep 17 2010 11:44:21 GMT-0400 (E[...]
Deleted : user_pref("CT2611275.ct2611275.ThirdPartyComponentsLastUpdate", "1246790578");
Deleted : user_pref("CT2611275.myStuffEnabled", true);
Deleted : user_pref("CT2611275.myStuffPublihserMinWidth", 400);

Deleted : user_pref("CT2611275.myStuffServiceIntervalMM", 1440);



Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2611275");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2611275");
Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Fri Sep 17 2010 11:44:24 GMT-0400 (Eas[...]

Deleted : user_pref("plugin.blocklisted.npviewpoint", true);

*************************

AdwCleaner[s1].txt - [11520 octets] - [11/07/2013 01:05:04]

########## EOF - C:\AdwCleaner[s1].txt - [11581 octets] ##########
 

 

 Results of screen317's Security Check version 0.99.68  
 Windows XP Service Pack 3 x86   
 Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
 ESET Online Scanner v3   
 iolo technologies' System Mechanic 4 Professional
 Microsoft Security Essentials    
`````````Anti-malware/Other Utilities Check:`````````
 Out of date Spybot installed!
 Spybot - Search & Destroy 1.5.2.20
 Spybot - Search & Destroy
 Windows Defender Signatures   
 Malwarebytes Anti-Malware version 1.75.0.1300  
 CCleaner     
 Java 7 Update 25  
 Java 2 Runtime Environment, SE v1.4.2_03
 Adobe Flash Player     11.8.800.94  
 Adobe Reader 9  
 Adobe Reader XI  
 Mozilla Firefox (22.0)
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Malwarebytes' Anti-Malware mbamscheduler.exe   
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 10%
````````````````````End of Log``````````````````````
 

Link to post
Share on other sites

Internet Explorer out of date

Your version of Internet Explorer is outdated.

  1. Please download IE 8 from http://windows.microsoft.com/en-US/internet-explorer/downloads/ie-8.
  2. Save it to your desktop.
  3. Double click on the file on your desktop to start the installation process.
  4. Reboot

 

 

Also, update your Spybot S&D!

 

 

 

That´s it - your system is free of malware! :)

If your are facing any issues regarding Malwareybtes Antimalware, start a new topic here: http://forums.malwarebytes.org/index.php?showforum=41

 

 

 

Uninstall our tools using delfix

Please follow these steps in order:

  1. In the case we used Defogger to turn off your CD emulation software. You can start it again and use the Enable button.
  2. In the case we used Combofix. Deactivate your antivirus software once more, then rename the combofix.exe to uninstall.exe and run it one last time. You shall be noted that Combofix has been removed.
  3. In any case please download delfix to your desktop.
    • Close all other programms and start delfix.
    • Please check all the boxes and run the tool.
    • delfix will now delete all found traces of our removal process

[*] If there is still something left please delete it manualy.

 

 

 

 

How to protect yourself

  • System Updates
    Beeing up to date is very important. Please be sure to activate automatic updates in your control panel.
    Windows XP | Windows Vista |
    Windows 7 | windows 8
  • Protection
    What you need is one (not more) good virus scanner with backgroud protection. Additionally I recommend a special malwarescanner that you run from time to time.
    Personally I am using the avast! Antivirus Free Edition and Malwarebytes Anti-Malware. They offer you good protection for free use. But please remember: You get only the full protection if you use the payed versions of your security software.
  • Up to date Software
    Stay up to date with all the programs you use. Some of those really have to have an eye on are: your browser(s) including add-ons and plug-ins, Java, Flash Player, your virus scanner, and basically every software you use often. These link may help you to check:

    [*] Backups
    There are chances for an emergency every day. So be prepared. Back up your data on a regular basis. If you burn it to DVDs from time to time, use a cloud-drive or a professional network backup system is your choice. [*] Brains
    It's no joke! You really need one of those things. :) It is very important not just to click anywhere it is colored or flashing while you surfing on the web. Do not click an OK button on any popping window without reading what it says. While installing software always choose the custom mode, read what those windows says and uncheck adware that will be installed along the software you want.

Link to post
Share on other sites

Don't use IE8 often, but will upadate that and Spybot and uninstall combofix.

 

Will run MBAM Quick scan tomorrow.

 

Are you saying that if I still have the same "Not Responding issues", that I should start a new thread. That doesn't make sense to me.

Link to post
Share on other sites

We checked your system for malware. Now we are sure the lagging of MBAM isn´t malware related.

As I´m an expert in malware removal but no Malwarebytes employee, troubleshooting their tools isn´t my work, therefore it makes sense to start a new topic within the Malwarebytes Antimalware Help Forum. :)

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.