rstandi Posted July 5, 2013 ID:699133 Share Posted July 5, 2013 Here's the Logs DDS (Ver_2012-11-20.01) - NTFS_x86Internet Explorer: 9.0.8112.16490Run by Jim at 10:23:39 on 2013-07-05Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3069.1344 [GMT -4:00].AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}.============== Running Processes ================.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\nvvsvc.exeC:\Windows\system32\SLsvc.exeC:\Windows\system32\rundll32.exeC:\Program Files\Alwil Software\Avast5\AvastSvc.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\System32\spoolsv.exeC:\Windows\system32\taskeng.exeC:\Windows\system32\taskeng.exeC:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\DefaultTab\DefaultTabSearch.exeC:\Users\Jim\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exeC:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exeC:\Program Files\TeamViewer\Version8\TeamViewer_Service.exeC:\Windows\system32\DRIVERS\xaudio.exeC:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exeC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exeC:\Windows\sttray.exeC:\Program Files\Alwil Software\Avast5\AvastUI.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\OtShot\otshot.exeC:\Program Files\Spybot - Search & Destroy\TeaTimer.exeC:\Windows\ehome\ehtray.exeC:\Windows\ehome\ehmsas.exeC:\Program Files\Digital Line Detect\DLG.exeC:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exeC:\Windows\system32\SearchIndexer.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTgui.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exeC:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k GPSvcGroupC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Windows\System32\svchost.exe -k HPZ12C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Windows\system32\svchost.exe -k imgsvcC:\Windows\System32\svchost.exe -k WerSvcGroupC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation.============== Pseudo HJT Report ===============.uWindow Title = Internet Explorer provided by DelluURLSearchHooks: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - <orphaned>uURLSearchHooks: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - <orphaned>dURLSearchHooks: {D8278076-BC68-4484-9233-6E7F1628B56C} - <orphaned>BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: Unit: {2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} - c:\users\jim\appdata\local\unitlayers\temp.datBHO: <No Name>: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dllBHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0\bin\ssv.dllBHO: DefaultTab Browser Helper: {7F6AFBF1-E065-4627-A2FD-810366367D01} - c:\users\jim\appdata\roaming\defaulttab\defaulttab\DefaultTabBHO.dllBHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\alwil software\avast5\aswWebRepIE.dllBHO: Arcadesafari BHO: {adff4c9a-4f49-4a1f-8885-360e107b7938} -BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\program files\bae\BAE.dllBHO: SelectionLinks: {D9C8D61C-A7E4-4CA2-8427-CCAF098EB352} - c:\program files\oapps\SelectionLinks.dllTB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\alwil software\avast5\aswWebRepIE.dlluRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exeuRun: [ehTray.exe] c:\windows\ehome\ehTray.exeuRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exeuRun: [DW7] "c:\program files\the weather channel\the weather channel app\TWCApp.exe"mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hidemRun: [iAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -startmRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startupmRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exemRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartupmRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInitmRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exemRun: [sigmatelSysTrayApp] sttray.exemRun: [avast] "c:\program files\alwil software\avast5\avastUI.exe" /noguimRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottimemRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"mRun: [OtShot] c:\program files\otshot\otshot.exe -minimizeStartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exeStartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exeuPolicies-Explorer: NoDriveTypeAutoRun = dword:145mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0mPolicies-System: EnableUIADesktopToggle = dword:0IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\npjpi160.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}.INFO: HKCU has more than 50 listed domains.If you wish to scan all of them, select the 'Force scan all domains' option..DPF: {255B1372-180C-4A22-A02D-1D4AB65F6AC2} - file:///C:/Program%20Files/Mah%20Jong%20Medley/Images/stg_drm.dllDPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Super%20Mah%20Jong%20Solitaire/Images/armhelper.ocxTCP: NameServer = 72.240.13.7 72.240.13.5 156.154.70.43TCP: Interfaces\{C09B1591-522A-4CC5-8763-2038503D72D4} : DHCPNameServer = 72.240.13.7 72.240.13.5 156.154.70.43LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkgmASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\27.0.1453.116\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome.============= SERVICES / DRIVERS ===============.R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-4-3 49376]R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-4-3 175176]R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-7-1 770344]R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2008-6-9 369584]R1 SCT_SKMScan;SCT_SKMScan;c:\windows\system32\drivers\sct_skmscan.sys [2012-10-12 33096]R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-6-9 29816]R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2007-3-8 66336]R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-3-14 46808]R2 DefaultTabSearch;DefaultTabSearch;c:\program files\defaulttab\DefaultTabSearch.exe [2013-2-11 572928]R2 DefaultTabUpdate;DefaultTabUpdate;c:\users\jim\appdata\roaming\defaulttab\defaulttab\DTUpdate.exe [2013-6-24 107520]R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-9-24 21504]R2 TeamViewer8;TeamViewer 8;c:\program files\teamviewer\version8\TeamViewer_Service.exe [2013-4-8 3560288]R3 SophosVirusRemovalTool;Sophos Virus Removal Tool;c:\program files\sophos\sophos virus removal tool\SVRTservice.exe [2013-2-13 153080]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2011-5-13 30312]S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-7-5 40776]S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-5-13 121064]S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2011-5-13 12776]S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2011-5-13 136808]S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504].=============== Created Last 30 ================.2013-07-05 12:10:55 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2013-06-25 01:03:47 -------- d-----w- c:\program files\DefaultTab2013-06-25 01:03:36 -------- d-----w- c:\users\jim\appdata\roaming\DefaultTab2013-06-25 01:03:22 -------- d-----w- c:\users\jim\appdata\local\UnitLayers2013-06-25 01:02:54 -------- d-----w- c:\program files\OtShot2013-06-24 03:11:12 -------- d-----w- c:\program files\MyPC Backup2013-06-24 03:10:17 -------- d-----w- c:\program files\OApps2013-06-11 22:58:36 905576 ----a-w- c:\windows\system32\drivers\tcpip.sys2013-06-11 22:58:34 443904 ----a-w- c:\windows\system32\win32spl.dll2013-06-11 22:58:34 37376 ----a-w- c:\windows\system32\printcom.dll2013-06-11 22:58:22 985600 ----a-w- c:\windows\system32\crypt32.dll2013-06-11 22:58:22 98304 ----a-w- c:\windows\system32\cryptnet.dll2013-06-11 22:58:22 812544 ----a-w- c:\windows\system32\certutil.exe2013-06-11 22:58:22 133120 ----a-w- c:\windows\system32\cryptsvc.dll2013-06-11 22:58:21 41984 ----a-w- c:\windows\system32\certenc.dll2013-06-11 22:58:15 3603832 ----a-w- c:\windows\system32\ntkrnlpa.exe2013-06-11 22:58:13 3551096 ----a-w- c:\windows\system32\ntoskrnl.exe2013-06-11 22:57:45 24576 ----a-w- c:\windows\system32\cryptdlg.dll2013-06-06 02:27:53 -------- d-----w- c:\program files\iPod2013-06-06 02:27:50 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E12013-06-06 02:27:50 -------- d-----w- c:\program files\iTunes2013-06-06 02:23:00 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll2013-06-06 02:23:00 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll2013-06-06 02:23:00 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll2013-06-06 02:23:00 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll2013-06-06 02:23:00 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll.==================== Find3M ====================.2013-06-27 21:22:17 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys2013-06-27 21:22:17 175176 ----a-w- c:\windows\system32\drivers\aswVmm.sys2013-06-24 03:10:15 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2013-06-24 03:10:15 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe2013-05-16 22:39:39 1800704 ----a-w- c:\windows\system32\jscript9.dll2013-05-16 22:28:26 1129472 ----a-w- c:\windows\system32\wininet.dll2013-05-16 22:27:30 1427968 ----a-w- c:\windows\system32\inetcpl.cpl2013-05-16 22:21:37 142848 ----a-w- c:\windows\system32\ieUnatt.exe2013-05-16 22:20:30 420864 ----a-w- c:\windows\system32\vbscript.dll2013-05-16 22:16:57 2382848 ----a-w- c:\windows\system32\mshtml.tlb2013-05-09 08:59:10 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys2013-05-09 08:59:09 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys2013-05-09 08:58:37 41664 ----a-w- c:\windows\avastSS.scr2013-05-01 07:59:12 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx2013-05-01 07:59:12 69632 ----a-w- c:\windows\system32\QuickTime.qts2013-04-15 14:20:04 638328 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys2013-04-13 10:56:44 37376 ----a-w- c:\windows\system32\cdd.dll2013-04-11 14:22:56 770384 ----a-w- c:\windows\system32\msvcr100.dll2013-04-11 14:22:56 421200 ----a-w- c:\windows\system32\msvcp100.dll2013-04-09 01:36:18 2049024 ----a-w- c:\windows\system32\win32k.sys.============= FINISH: 10:24:58.49 ===============.UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft® Windows Vista™ Home PremiumBoot Device: \Device\HarddiskVolume3Install Date: 2/28/2007 2:36:32 AMSystem Uptime: 7/5/2013 10:12:06 AM (0 hours ago).Motherboard: Dell Inc. | | 0WG864Processor: Intel® Pentium® D CPU 2.80GHz | Microprocessor | 2793/800mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 139 GiB total, 64.046 GiB free.D: is FIXED (NTFS) - 10 GiB total, 5.982 GiB free.E: is CDROM ().==== Disabled Device Manager Items =============.==== System Restore Points ===================..==== Installed Programs ======================.Acrobat.comAdobe AIRAdobe Flash Player 11 ActiveXAdobe Flash Player 11 PluginAdobe Reader 9.5.5Adobe Shockwave Player 11AOL InstallApple Application SupportApple Mobile Device SupportApple Software UpdateArcadesafariArcSoft Print CreationsArcSoft Print Creations - Album PageArcSoft Print Creations - FunhouseArcSoft Print Creations - Greeting CardArcSoft Print Creations - Photo BookArcSoft Print Creations - Photo CalendarArcSoft Print Creations - ScrapbookArcSoft Print Creations - Slimline Cardavast! Free AntivirusBonjourCCleanerCCScoreChampionship Mah JonggCompatibility Pack for the 2007 Office systemConexant D850 PCI V.92 ModemDefaultTabDell System Customization WizardDellSupportDigital Line DetectDocumentation & Support LauncherDominoesEarthLink Setup FilesESSBrwrESSCDBKESScoreESSguiESSiniESSPCDESSPDockESSTOOLSessvatgtfflinkGames, Music, & Photos LauncherGoogle ChromeGoogle DriveGoogle Update HelperHotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)HP Driver DiagnosticsHP Print Diagnostic UtilityHP Product DetectioniCloudIntel® Matrix Storage ManagerInternet Service Offers LauncheriPhone Configuration UtilityiTunesJava SE Runtime Environment 6Kodak EasyShare softwareLiveUpdate (Symantec Corporation)Mah Jong MedleyMahjong EscapeMahjong QuestMahjong WorldMalwarebytes Anti-Malware version 1.75.0.1300Memory Mah JonggMicrosoft .NET Framework 3.5 SP1Microsoft .NET Framework 4 Client ProfileMicrosoft Office File Validation Add-InMicrosoft Office Professional Edition 2003Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft WorksMobileMe Control PanelModem Diagnostic ToolMSXML 4.0 SP2 (KB927978)MSXML 4.0 SP2 (KB936181)MSXML 4.0 SP2 (KB941833)MSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)My DellnetbrdgNetWaitingNorton Security ScanNVIDIA DriversOfotoXMIOGA Notifier 2.0.0048.0QuickTimeRoxio Creator AudioRoxio Creator BDAV PluginRoxio Creator CopyRoxio Creator DataRoxio Creator DERoxio Creator ToolsRoxio Drag-to-DiscRoxio Express LabelerRoxio MyDVD DERoxio Update ManagerSafariSecurity Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)SelectionLinksSFRSHASTASigmaTel Audioskin0001SKINXSDKSoftware Version UpdaterSonic Activation ModuleSophos Virus Removal ToolSpybot - Search & Destroy 1.4staticcrSuper Mah Jong SolitaireSupreme SavingsTeamViewer 8Unit LayersUpdate for Microsoft .NET Framework 3.5 SP1 (KB963707)Update for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)URL AssistantUser's GuidesVPRINTOLWatchtower Library 2008 - EnglishWatchtower Library 2012 - EnglishWIRELESS.==== End Of File =========================== ThanksRod Link to post Share on other sites More sharing options...
Maurice Naggar Posted July 7, 2013 ID:699848 Share Posted July 7, 2013 Hello and welcome to the MalwareBytes consumer helpdesk. My name is Maurice Naggar. I will be helping you Restart the system into Safe Mode with Networking, so we can do an MBAM full scan, in this sequence. Logoff and restart. Restart your pc. And right away, tap & retap the F8 Function-key on your keyboard. You should see Windows Advanced Options menu. Select Safe Mode with Networking or Safe mode or VGA mode with Safe Mode with Networking being the ideal first choice. Start your MBAM MalwareBytes' Anti-Malware. Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark. Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark. look down the screen to Action for potentially unwanted programs PUP & look down the screen to Action for potentially unwanted modifications PUM & Action for peer-to-peer software P2P For each one of the 3 select "Show in results list and check for removal" from the drop down (arrow) selections. Next, Click the Update tab. Press the "Check for Updates" button. If prompted for a Restart, do that. When done, click the Scanner tab. Do a FULL Scan. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. When all done, ATTACH the MBAM scan log into a new reply for my review. Also, keep Spybot's Tea Timer turned OFF until after I give the all clear. Otherwise, it will interfere. If you are not familiar with implications of Tea Timer, then do not turn it on. Start Spybot-S&D, switch to the Advanced mode via the menu bar item Mode then select Advanced Mode On the left hand side, slect Tools Then click on the Resident icon in the list Uncheck Resident TeaTimer and OK any prompts. Now Logoff & Restart your computer fresh into normal mode. Link to post Share on other sites More sharing options...
rstandi Posted July 8, 2013 Author ID:700355 Share Posted July 8, 2013 Here is the Malwarebytes scan. Thanks for your help! Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.orgDatabase version: v2013.07.08.07Windows Vista Service Pack 2 x86 NTFS (Safe Mode/Networking)Internet Explorer 9.0.8112.16421Jim :: JIM-PC [administrator]7/8/2013 3:03:55 PMmbam-log-2013-07-08 (15-03-55).txtScan type: Full scan (C:\|)Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 405311Time elapsed: 1 hour(s), 33 minute(s), 52 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 6HKCR\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9} (PUP.Software.Updater) -> Quarantined and deleted successfully.HKCR\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476} (PUP.Software.Updater) -> Quarantined and deleted successfully.HKCR\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67} (PUP.Software.Updater) -> Quarantined and deleted successfully.HKCR\Updater.AmiUpd.1 (PUP.Software.Updater) -> Quarantined and deleted successfully.HKCR\Updater.AmiUpd (PUP.Software.Updater) -> Quarantined and deleted successfully.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96} (PUP.Software.Updater) -> Quarantined and deleted successfully.Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 1C:\Users\Jim\Desktop\eXplorer.exe (Heuristics.Reserved.Word.Exploit) -> No action taken.(end) Link to post Share on other sites More sharing options...
Maurice Naggar Posted July 9, 2013 ID:700832 Share Posted July 9, 2013 OK, that was a good run. Just only some potentially unwanted apps removed. Do these next: 1 Download, & save & then run the MS Safety scanner http://www.microsoft.com/security/scanner/en-us/default.aspx Let me know the result. Note: The Microsoft Safety Scanner expires 10 days after being downloaded. To rerun a scan with the latest anti-malware definitions, download and run the Microsoft Safety Scanner again. Note: Any data files that are infected may only be cleaned by deleting the file entirely, which means there is a potential for data loss. The safety scanner log should be called msert.txt It should be located in the same folder as where you had msert.exe If not there, then look for it under c:\windows 2 Download the Microsoft® Windows® Malicious Software Removal Tool from the Microsoft Download Center http://www.microsoft.com/downloads/details.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en It is suggested that you rename mrt.exe to some other name, such as Omega.exe, then run it. After a run of MSRT has finished, you will find the log at C:\WINDOWS\Debug\mrt.log or C:\WINNT\Debug\mrt.log The file may be opened and viewed with Notepad or similar text editor. Additional information Microsoft® Windows® Malicious Software Removal Tool is here http://support.microsoft.com/?kbid=890830 3 Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs Do NOT turn off the firewall Using Internet Explorer browser only, go to ESET Online Scanner website: {Windows 7 & Vista users should start IE by Start >> Internet Explorer >> Right-Click and select Run As Administrator.}Press the ESET Online scanner" buttonCheck the I accept the terms box. Accept the Terms of Use and press Start button;Approve the install of the required ActiveX Control, then follow on-screen instructions;Un-check the Remove found threats option.Checkmark Scan Archives option.Click on Advanced Settings and checkmark the following Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology click Scan.After the scan completes, the Details tab in the Results window will display what was found and removed.A logfile is created and located at C:\Program Files\Eset\EsetOnlineScanner\log.txt.Look at contents of this file using Notepad or Wordpad. The Frequently Asked Questions for ESET Online Scanner can be viewed here http://www.eset.com/onlinescan/cac4.php?page=faqUse of Internet Explorer for the online scan is preferred. If you use Firefox, you have to install IETab, an add-on. This is to enable ActiveX support.After the scan is done, re-enable your antivirus program. Reply with copy of the Eset scan log. 4 I would suggest you make sure that your MBAM and also your Avast both have trust settings, each one for the other. A template/reference / example is within this post Look for the Avast section in the guides posted in the FAQ's http://forums.malwarebytes.org/index.php?showtopic=10138 Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 13, 2013 Root Admin ID:702196 Share Posted July 13, 2013 Are you still with us? Link to post Share on other sites More sharing options...
rstandi Posted July 13, 2013 Author ID:702220 Share Posted July 13, 2013 Yes still here, out of town. I ran the first scan and it found nothing. No log was created. does that seem right? ThanksRod Link to post Share on other sites More sharing options...
Maurice Naggar Posted July 14, 2013 ID:702601 Share Posted July 14, 2013 Rod, Do you remember when the MS Safety Scanner finished, on the final "Scan results" screen.... if you saw a "green-colored" icon with a white checkmark and with this message..... "The scan completed successfully and no viruses, spyware, and other potentially unwanted software were detected." You should find a log at C:\Windows\debug\msert.log Do proceed forward and do the rest of what I outlined on 9 July (post #4 in this thread) Link to post Share on other sites More sharing options...
rstandi Posted July 14, 2013 Author ID:702726 Share Posted July 14, 2013 Here's the msert scan. Should I do a full scan? Can't remember if I did.. ---------------------------------------------------------------------------------------Microsoft Safety Scanner v1.0, (build 1.153.1656.0)Started On Tue Jul 09 22:44:22 2013Results Summary:----------------No infection found.Microsoft Safety Scanner Finished On Tue Jul 09 22:45:03 2013Return code: 0 (0x0)---------------------------------------------------------------------------------------Microsoft Safety Scanner v1.0, (build 1.153.1656.0)Started On Tue Jul 09 22:45:25 2013->Scan ERROR: resource file://C:\pagefile.sys (code 0x00000020 (32))->Scan ERROR: resource file://C:\pagefile.sys (code 0x0000054F (1359))Results Summary:----------------No infection found.Microsoft Safety Scanner Finished On Wed Jul 10 06:32:55 2013Return code: 0 (0x0)---------------------------------------------------------------------------------------Microsoft Safety Scanner v1.0, (build 1.153.1656.0)Started On Fri Jul 12 22:35:57 2013Microsoft Safety Scanner Finished On Fri Jul 12 22:36:27 2013Return code: 0 (0x0)---------------------------------------------------------------------------------------Microsoft Safety Scanner v1.0, (build 1.153.1901.0)Started On Fri Jul 12 22:41:49 2013->Scan ERROR: resource file://C:\pagefile.sys (code 0x00000020 (32))->Scan ERROR: resource file://C:\pagefile.sys (code 0x0000054F (1359))Results Summary:----------------No infection found.Microsoft Safety Scanner Finished On Fri Jul 12 22:55:24 2013Return code: 0 (0x0)---------------------------------------------------------------------------------------Microsoft Safety Scanner v1.0, (build 1.153.1901.0)Started On Sat Jul 13 06:26:24 2013Extended Scan Results----------------->Scan ERROR: resource file://C:\pagefile.sys (code 0x00000020 (32))->Scan ERROR: resource file://C:\pagefile.sys (code 0x0000054F (1359))->Scan ERROR: resource file://C:\pagefile.sys (code 0x00000020 (32))->Scan ERROR: resource file://C:\System Volume Information\{35ac90d0-d6be-11e2-94bb-0019d14188c7}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))->Scan ERROR: resource file://C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))->Scan ERROR: resource file://C:\System Volume Information\{3f313270-eba5-11e2-a0c3-0019d14188c7}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))->Scan ERROR: resource file://C:\System Volume Information\{51be5ab8-e819-11e2-946e-0019d14188c7}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))->Scan ERROR: resource file://C:\System Volume Information\{59fb9550-e4f0-11e2-aaf0-0019d14188c7}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))->Scan ERROR: resource file://C:\System Volume Information\{985d992b-e82c-11e2-8ab6-0019d14188c7}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))->Scan ERROR: resource file://C:\System Volume Information\{985d9931-e82c-11e2-8ab6-0019d14188c7}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))->Scan ERROR: resource file://C:\System Volume Information\{a1f68520-e384-11e2-8a42-0019d14188c7}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))->Scan ERROR: resource file://C:\System Volume Information\{d951658a-dc40-11e2-92de-0019d14188c7}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))->Scan ERROR: resource file://C:\System Volume Information\{dacea396-e8a4-11e2-bfa9-0019d14188c7}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))->Scan ERROR: resource file://C:\System Volume Information\{f42e6f54-e5c2-11e2-bb1a-0019d14188c7}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))->Scan ERROR: resource file://C:\Windows\Temp\TMP0000001AE250B5C8FD18EF61 (code 0x00000002 (2))->Scan ERROR: resource file://C:\Windows\Temp\TMP0000001BE9C5AA2FBE5D3543 (code 0x00000002 (2))No infection found as part of the extended scanResults Summary:----------------No infection found.Microsoft Safety Scanner Finished On Sat Jul 13 11:50:26 2013Return code: 0 (0x0) Link to post Share on other sites More sharing options...
Maurice Naggar Posted July 14, 2013 ID:702742 Share Posted July 14, 2013 OK, that is fine. Go forward with the Malicious Software Removal Tool from Microsoft and then, next with ESET Online scan. Link to post Share on other sites More sharing options...
rstandi Posted July 15, 2013 Author ID:702805 Share Posted July 15, 2013 Here is eset. It did not remove this ESETSmartInstaller@High as CAB hook log:OnlineScanner.ocx - registred OK# version=8# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)# OnlineScanner.ocx=1.0.0.6920# api_version=3.0.2# EOSSerial=554aa8a9a4fecb46a0ec219933de2454# engine=14397# end=stopped# remove_checked=false# archives_checked=true# unwanted_checked=true# unsafe_checked=true# antistealth_checked=true# utc_time=2013-07-15 04:26:25# local_time=2013-07-15 12:26:25 (-0500, Eastern Daylight Time)# country="United States"# lang=1033# osver=6.0.6002 NT Service Pack 2# compatibility_mode=5892 16776573 100 100 0 210469913 0 0# scanned=51401# found=1# cleaned=0# scan_time=4474sh=B1CF6E1D2CC7797C9CCD51E781DBEF3A1ACA74C8 ft=1 fh=e90057d45239714d vn="a variant of Win32/Toolbar.DefaultTab.B application" ac=I fn="C:\Program Files\DefaultTab\DefaultTabSearch.exe" Link to post Share on other sites More sharing options...
rstandi Posted July 15, 2013 Author ID:702888 Share Posted July 15, 2013 By the way, Malcious software removal found nothing Link to post Share on other sites More sharing options...
Maurice Naggar Posted July 15, 2013 ID:702928 Share Posted July 15, 2013 ok, very good. Please "exclude" (i.e., put Trust settings) for the following MBAM exe files within your Avast Antivirus Software : Note: If using a software firewall besides the built in "Windows Firewall" you'll need to exclude them from it as well For 32-bit Windows Vista or Windows 7 or Windows XP: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe For 64 bit versions of Windows Vista or Windows 7 or Windows 8: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe Note: If using a software firewall besides the built in Windows Firewall you'll need to exclude MBAM.EXE and MBAMSERVICE.EXE from it as well Review the examples / templates mentioned in the FAQ's http://forums.malwarebytes.org/index.php?showtopic=10138 Link to post Share on other sites More sharing options...
rstandi Posted July 15, 2013 Author ID:702950 Share Posted July 15, 2013 Ok, believe I have them excluded. You saw I did not remove the item found in the eset scan, correct? thanksRod Rod Link to post Share on other sites More sharing options...
Maurice Naggar Posted July 15, 2013 ID:703153 Share Posted July 15, 2013 a) Do you still see the exe in this folder still on your system? C:\Program Files\DefaultTab\DefaultTabSearch.exe b) see what Systemlookup says about it http://www.systemlookup.com/search.php?list=&type=filename&search=DefaultTabSearch.exe&s= c) See if DefaultTab or DefaultTabSearch (either) show in your Control Panel >> Programs and Features ( in XP then Add-or-Remove programs) If yes, Uninstall it. d) In any event, do a full scan with MBAM in this sequence: Restart the system into Safe Mode with Networking, so we can do an MBAM full scan, in this sequence. Logoff and restart. Restart your pc. And right away, tap & retap the F8 Function-key on your keyboard. You should see Windows Advanced Options menu. Select Safe Mode with Networking or Safe mode or VGA mode with Safe Mode with Networking being the ideal first choice. Start your MBAM MalwareBytes' Anti-Malware. Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark. Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark. look down the screen to Action for potentially unwanted programs PUP & look down the screen to Action for potentially unwanted modifications PUM & Action for peer-to-peer software P2P For each one of the 3 select "Show in results list and check for removal" from the drop down (arrow) selections. Next, Click the Update tab. Press the "Check for Updates" button. If prompted for a Restart, do that. When done, click the Scanner tab. Do a FULL Scan. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. When all done, ATTACH the MBAM scan log into a new reply for my review. IF this is Windows XP, the log would be under this folder C:\Documents and Settings\(Your Profile Name)\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs IF this is Windows Vista or Win7 or Win8: C:\Users\<USERNAME>\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs I need the most current one that starts with the name mbam-log-2013 ( with the latest time & Date stamp) When all is done, Restart Windows in normal mode. Link to post Share on other sites More sharing options...
rstandi Posted July 16, 2013 Author ID:703438 Share Posted July 16, 2013 Here you go.Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.orgDatabase version: v2013.07.15.05Windows Vista Service Pack 2 x86 NTFS (Safe Mode/Networking)Internet Explorer 9.0.8112.16421Jim :: JIM-PC [administrator]7/15/2013 11:30:38 PMmbam-log-2013-07-15 (23-30-38).txtScan type: Full scan (C:\|)Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra |Heuristics/Shuriken | PUP | PUM | P2PScan options disabled:Objects scanned: 394737Time elapsed: 1 hour(s), 27 minute(s), 50 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 1C:\Users\Jim\Desktop\eXplorer.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined anddeleted successfully.(end) Link to post Share on other sites More sharing options...
Maurice Naggar Posted July 16, 2013 ID:703630 Share Posted July 16, 2013 Good report. How is the system now vis-a-vis MBAM? Ready to wrap-this-up ? Link to post Share on other sites More sharing options...
rstandi Posted July 17, 2013 Author ID:703984 Share Posted July 17, 2013 Hi, Malwarebytes will still not run under windows. locks up at 40,000 items different file everytime and I'm still occasionally getting mypc backup starting up and causing problems, even though it's not listed anywhere. Rod Link to post Share on other sites More sharing options...
Maurice Naggar Posted July 17, 2013 ID:704155 Share Posted July 17, 2013 You ran MBAM just the other day. Though you should need only do a Quick scan in normal everyday usage. There's no need and we typically do not ask that you do a Full scan. You need to do scans at times when backups are not running in the background. Please re-review my reply post # 12 here and make sure your AVAST antivirus suite has "trust settings" for MBAM. The other thing you might try (before starting MBAM scan) is to turn off Avast first. IF you have Avast installed, Click on the Avast ball. Then click on Additional Protections then on AutoSandbox then on Settings then uncheck Enable AutoSandbox. OK Right click on the Avast Ball and select Avast! Shields Control and Disable Until Computer is Restarted Don't give it a time limit. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 23, 2013 Root Admin ID:706190 Share Posted July 23, 2013 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts