TechSpot

"Detekt" found "Ghost"_ MWB removed Babylon from Unlocker

By QuestionGhost
Jan 5, 2015
  1. Hello,

    last November I installed and ran the Gov't Malware Program by Amnesty Int. called "Detekt".
    It found that my PC was infected, with "Ghost": Unfortunately, this program only finds spyware/malware but does not offer any removal tools. I tried running Avast and CCleaner but they were not able to find anything on my Computer, Detekt would still find "Ghost".

    Later in 2014 I installed a new Avira Anti Vir program (instead of Avast whih I used before) plus Malwarebytes Anti Malware. All programs were updated. Neither one of these three programs did find anything at the time (to the end of 2014).


    Now today (Jan. 5, 2015) I updated and used Malwarebytes and it found "Babylon.A" (a kind of "Ghost", if I understand right) in the "Unlocker" (1.9.2) program files.It was put into quarantine by MWB.

    I will try to do as you describe the process, and first post the log files that MWB put out today. My external Hard Disc Drive was connected during the scans.

    Please let me know if my Computer is safe now, and if there are any safety measures to take (like , not using old USB sticks, or the like)

    Thank you for your help!

    QuestionGhost
     
    Last edited: Jan 5, 2015
  2. QuestionGhost

    QuestionGhost TS Rookie Topic Starter Posts: 72

    I do not recall exactly when or why I installed Unlocker (1.9.2), or where I got it from, but I must have downloaded and installed it around Nov 2014 (last run Nov 24, 2014)
     
  3. QuestionGhost

    QuestionGhost TS Rookie Topic Starter Posts: 72

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 05.01.2015
    Scan Time: 22:10:39
    Logfile: Babylon.Unlocker_ScanMWB.txt
    Administrator: Yes

    Version: 2.00.4.1028
    Malware Database: v2015.01.05.12
    Rootkit Database: v2014.12.30.01
    License: Trial
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Self-protection: Disabled

    OS: Windows XP Service Pack 3
    CPU: x86
    File System: NTFS
    User: Admin

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 382256
    Time Elapsed: 1 hr, 10 min, 23 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)
     
  4. QuestionGhost

    QuestionGhost TS Rookie Topic Starter Posts: 72

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 05.01.2015
    Scan Time: 22:10:39
    Logfile: Babylon.Unlocker_ScanMWBytes_b.txt
    Administrator: Yes

    Version: 2.00.4.1028
    Malware Database: v2015.01.05.12
    Rootkit Database: v2014.12.30.01
    License: Trial
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Self-protection: Disabled

    OS: Windows XP Service Pack 3
    CPU: x86
    File System: NTFS
    User: Admin

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 382256
    Time Elapsed: 1 hr, 10 min, 23 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)
     
  5. QuestionGhost

    QuestionGhost TS Rookie Topic Starter Posts: 72

    Malwarebytes Anti-Malware
    www.malwarebytes.org


    Update, 05.01.2015 20:59:04, SYSTEM, COMPUTER-P, Manual, Failed, Unable to access update server,
    Update, 05.01.2015 20:59:41, SYSTEM, COMPUTER-P, Manual, Rootkit Database, 2014.12.14.1, 2014.12.30.1,
    Update, 05.01.2015 21:00:28, SYSTEM, COMPUTER-P, Manual, Malware Database, 2014.12.16.4, 2015.1.5.11,
    Update, 05.01.2015 21:00:49, SYSTEM, COMPUTER-P, Manual, program, 2.0.3.1025, 2.0.4.1028,
    Protection, 05.01.2015 21:02:08, SYSTEM, COMPUTER-P, Protection, Malware Protection, Starting,
    Protection, 05.01.2015 21:02:08, SYSTEM, COMPUTER-P, Protection, Malware Protection, Started,
    Protection, 05.01.2015 21:02:08, SYSTEM, COMPUTER-P, Protection, Malicious Website Protection, Starting,
    Protection, 05.01.2015 21:03:30, SYSTEM, COMPUTER-P, Protection, Malicious Website Protection, Started,
    Update, 05.01.2015 21:04:03, SYSTEM, COMPUTER-P, Manual, Failed, Unable to access update server,
    Update, 05.01.2015 21:04:08, SYSTEM, COMPUTER-P, Manual, Failed, Unable to access update server,
    Protection, 05.01.2015 21:07:19, SYSTEM, COMPUTER-P, Protection, Malicious Website Protection, Stopping,
    Protection, 05.01.2015 21:07:25, SYSTEM, COMPUTER-P, Protection, Malicious Website Protection, Stopped,
    Protection, 05.01.2015 21:07:26, SYSTEM, COMPUTER-P, Protection, Malware Protection, Stopping,
    Protection, 05.01.2015 21:07:32, SYSTEM, COMPUTER-P, Protection, Malware Protection, Stopped,
    Protection, 05.01.2015 22:08:22, SYSTEM, COMPUTER-P, Protection, Malware Protection, Starting,
    Protection, 05.01.2015 22:08:22, SYSTEM, COMPUTER-P, Protection, Malware Protection, Started,
    Protection, 05.01.2015 22:08:22, SYSTEM, COMPUTER-P, Protection, Malicious Website Protection, Starting,
    Update, 05.01.2015 22:08:44, SYSTEM, COMPUTER-P, Manual, Failed, Unable to access update server,
    Update, 05.01.2015 22:09:39, SYSTEM, COMPUTER-P, Manual, Rootkit Database, 2014.11.18.1, 2014.12.30.1,
    Update, 05.01.2015 22:09:42, SYSTEM, COMPUTER-P, Manual, Remediation Database, 2013.10.16.1, 2014.12.6.1,
    Protection, 05.01.2015 22:09:56, SYSTEM, COMPUTER-P, Protection, Malicious Website Protection, Started,
    Update, 05.01.2015 22:10:00, SYSTEM, COMPUTER-P, Manual, Malware Database, 2014.11.20.6, 2015.1.5.12,
    Protection, 05.01.2015 22:10:00, SYSTEM, COMPUTER-P, Protection, Refresh, Starting,
    Protection, 05.01.2015 22:10:00, SYSTEM, COMPUTER-P, Protection, Malicious Website Protection, Stopping,
    Protection, 05.01.2015 22:10:00, SYSTEM, COMPUTER-P, Protection, Malicious Website Protection, Stopped,
    Protection, 05.01.2015 22:10:57, SYSTEM, COMPUTER-P, Protection, Refresh, Success,
    Protection, 05.01.2015 22:10:57, SYSTEM, COMPUTER-P, Protection, Malicious Website Protection, Starting,
    Protection, 05.01.2015 22:13:18, SYSTEM, COMPUTER-P, Protection, Malware Protection, Stopping,
    Protection, 05.01.2015 22:13:18, SYSTEM, COMPUTER-P, Protection, Malware Protection, Stopped,
    Protection, 05.01.2015 22:13:27, SYSTEM, COMPUTER-P, Protection, Malware Protection, Starting,
    Protection, 05.01.2015 22:13:27, SYSTEM, COMPUTER-P, Protection, Malware Protection, Started,
    Protection, 05.01.2015 22:14:00, SYSTEM, COMPUTER-P, Protection, Malicious Website Protection, Started,
    Update, 05.01.2015 23:04:50, SYSTEM, COMPUTER-P, Scheduler, Malware Database, 2015.1.5.12, 2015.1.5.13,
    Protection, 05.01.2015 23:04:51, SYSTEM, COMPUTER-P, Protection, Refresh, Starting,
    Protection, 05.01.2015 23:04:51, SYSTEM, COMPUTER-P, Protection, Malicious Website Protection, Stopping,
    Protection, 05.01.2015 23:04:54, SYSTEM, COMPUTER-P, Protection, Malicious Website Protection, Stopped,
    Protection, 05.01.2015 23:10:15, SYSTEM, COMPUTER-P, Protection, Refresh, Success,
    Protection, 05.01.2015 23:10:16, SYSTEM, COMPUTER-P, Protection, Malicious Website Protection, Starting,
    Protection, 05.01.2015 23:19:29, SYSTEM, COMPUTER-P, Protection, Malicious Website Protection, Started,
    Scan, 05.01.2015 23:21:06, SYSTEM, COMPUTER-P, Manual, Start:05.01.2015 22:10:39, Duration:1 hr 10 min 23 sec, Threat Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections,
    Protection, 05.01.2015 23:21:06, SYSTEM, COMPUTER-P, Protection, Malicious Website Protection, Stopping,
    Protection, 05.01.2015 23:21:08, SYSTEM, COMPUTER-P, Protection, Malicious Website Protection, Stopped,
    Protection, 05.01.2015 23:21:09, SYSTEM, COMPUTER-P, Protection, Malicious Website Protection, Starting,
    Protection, 05.01.2015 23:26:23, SYSTEM, COMPUTER-P, Protection, Malicious Website Protection, Started,

    (end)
     
  6. QuestionGhost

    QuestionGhost TS Rookie Topic Starter Posts: 72

    It seems that the log files of the last scan (Jan 5, 2015) do not report any malicious items, isn't that strange? But it is stated by MWB that it has found Babylan.A
     
  7. QuestionGhost

    QuestionGhost TS Rookie Topic Starter Posts: 72

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 23.11.2014
    Scan Time: 01:07:37
    Logfile: MWB Scan Log Nov 23_2014.txt
    Administrator: Yes

    Version: 2.00.3.1025
    Malware Database: v2014.11.22.16
    Rootkit Database: v2014.11.22.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows XP Service Pack 3
    CPU: x86
    File System: NTFS
    User: Admin

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 365250
    Time Elapsed: 32 min, 33 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 1
    PUP.Optional.Babylon.A, C:\Dokumente und Einstellungen\Admin\Eigene Dateien\Downloads\Unlocker1.9.2.exe, Quarantined, [80582a14aad23204652571af44bd9769],

    Physical Sectors: 0
    (No malicious items detected)


    (end)
     
  8. QuestionGhost

    QuestionGhost TS Rookie Topic Starter Posts: 72

    OK, it seems that MWB has found Babylon.A on Nov 23rd, 2014 already. I did not realize that.
     
  9. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Welcome aboard [​IMG]

    Unlocker may install Babylon if you run default installation.
    If you ran custom installation (as it's always recommended) there is an option to uncheck unwanted "extra" installation.
    That type of extra is called foistware.

    We can check if your computer is clean.
    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  10. QuestionGhost

    QuestionGhost TS Rookie Topic Starter Posts: 72

    The only other scan performed by MWB in between the two that I posted above was on Dec.16, 2014 _ No result appearently. I'll post that one too, just to make sure.
     
  11. QuestionGhost

    QuestionGhost TS Rookie Topic Starter Posts: 72

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 16.12.2014
    Scan Time: 20:54:00
    Logfile: MWB Scan Log Dec 16_2014.txt
    Administrator: No

    Version: 2.00.3.1025
    Malware Database: v2014.12.16.04
    Rootkit Database: v2014.12.14.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows XP Service Pack 3
    CPU: x86
    File System: NTFS
    User: P

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 205640
    Time Elapsed: 37 min, 32 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)
     
  12. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Read my previous reply.
     
  13. QuestionGhost

    QuestionGhost TS Rookie Topic Starter Posts: 72

    Hello and thank you. Yes, I did read these instructions. Only probldem is - I don't know how to zip the file. Anyway, I'll post the result of DSS (_editor) here now.
     
  14. QuestionGhost

    QuestionGhost TS Rookie Topic Starter Posts: 72

    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 8.0.6001.18702
    Run by Admin at 0:49:24 on 2015-01-06
    Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.2047.649 [GMT 1:00]
    .
    AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
    .
    ============== Running Processes ================
    .
    C:\Programme\HitmanPro.Alert\hmpalert.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Programme\Avira\AntiVir Desktop\sched.exe
    C:\Programme\Avira\AntiVir Desktop\avguard.exe
    C:\Programme\Freemake\CaptureLib\CaptureLibService.exe
    C:\WINDOWS\Explorer.EXE
    C:\Programme\Avira\AntiVir Desktop\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Programme\CCleaner\CCleaner.exe
    C:\Programme\Avira\AntiVir Desktop\avshadow.exe
    C:\Dokumente und Einstellungen\P\Eigene Dateien\Downloads\Thunderbird_Setup_17.0.6\core\thunderbird.exe
    C:\Programme\PC Connectivity Solution\ServiceLayer.exe
    C:\WINDOWS\System32\alg.exe
    C:\Programme\Avira\AntiVir Desktop\avscan.exe
    C:\WINDOWS\System32\vssvc.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\system32\msdtc.exe
    C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
    C:\Programme\Biet-O-Matic\Biet-O-Matic.exe
    C:\WINDOWS\Explorer.EXE
    C:\Programme\Avira\AntiVir Desktop\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Programme\CCleaner\CCleaner.exe
    C:\Programme\Malwarebytes Anti-Malware\mbam.exe
    C:\Programme\Malwarebytes Anti-Malware\mbamservice.exe
    C:\Programme\Malwarebytes Anti-Malware\mbamscheduler.exe
    C:\Programme\Malwarebytes Anti-Malware\mbam.exe
    C:\Programme\Mozilla Firefox\firefox.exe
    C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe
    C:\Programme\Mozilla Firefox\firefox.exe
    C:\Programme\Biet-O-Matic\Biet-O-Matic.exe
    C:\Programme\Mozilla Firefox\plugin-container.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Programme\Avira\AntiVir Desktop\ipmGui.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Programme\Biet-O-Matic\curl.exe
    C:\Programme\Biet-O-Matic\curl.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    C:\WINDOWS\system32\svchost.exe -k NetworkService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    .
    ============== Pseudo HJT Report ===============
    .
    uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
    uRun: [CCleaner Monitoring] "c:\programme\ccleaner\CCleaner.exe" /MONITOR
    uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil32_15_0_0_246_Plugin.exe -update plugin
    mRun: [avgnt] "c:\programme\avira\antivir desktop\avgnt.exe" /min
    mRun: [DWQueuedReporting] "c:\progra~1\gemein~1\micros~1\dw\dwtrig20.exe" -t
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-System: SoftwareSASGeneration = dword:1
    mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programme\messenger\msmsgs.exe
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1369942188984
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1369942325312
    DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} - hxxp://download.microsoft.com/download/C/9/C/C9C3D86D-84AC-4AF0-8584-842756A66467/MicrosoftDownloadManager.cab
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\programme\google\chrome\application\34.0.1847.137\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\dokumente und einstellungen\admin\anwendungsdaten\mozilla\firefox\profiles\m5mbu6qr.default\
    FF - prefs.js: browser.startup.homepage - hxxps://startpage.com/|about:addons|about:healthreport
    FF - plugin: c:\programme\adobe\reader 11.0\reader\air\nppdf32.dll
    FF - plugin: c:\programme\google\update\1.3.25.11\npGoogleUpdate3.dll
    FF - plugin: c:\programme\nokia\nokia suite\npNokiaSuiteEnabler.dll
    FF - plugin: c:\windows\npMSDM.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_15_0_0_246.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2014-11-24 37352]
    R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2014-11-24 98160]
    R2 hmpalert;HitmanPro.Alert Support Driver;c:\windows\system32\drivers\hmpalert.sys [2014-11-23 75640]
    R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2011-2-11 35088]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-11-23 23256]
    R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-11-23 114904]
    R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\drivers\RTL8192su.sys [2010-7-8 606056]
    S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2013-6-25 137600]
    S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2013-6-25 8576]
    .
    =============== Created Last 30 ================
    .
    2014-12-11 00:42:05 -------- d-----w- c:\programme\OpenOffice 4
    .
    ==================== Find3M ====================
    .
    2015-01-05 21:10:38 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2014-12-09 22:31:27 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2014-12-09 22:31:26 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2014-11-23 12:54:57 75640 ----a-w- c:\windows\system32\drivers\hmpalert.sys
    2014-11-23 12:54:57 477008 ----a-w- c:\windows\system32\hmpalert.dll
    2014-11-21 05:14:14 54360 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2014-11-21 05:14:06 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
    2014-10-23 13:02:01 37352 ----a-w- c:\windows\system32\drivers\avkmgr.sys
    2014-10-23 13:01:57 98160 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2014-01-31 22:37:06 22270576 ----a-w- c:\programme\xul.dll
    2014-01-31 22:35:59 50288 ----a-w- c:\programme\mozMapi32_InUse.dll
    2010-05-26 19:41:02 2106216 ----a-w- c:\programme\D3DCompiler_43.dll
    2010-03-18 16:15:26 770384 ----a-w- c:\programme\msvcr100.dll
    2010-03-18 16:15:26 421200 ----a-w- c:\programme\msvcp100.dll
    .
    ============= FINISH: 0:52:08,40 ===============
     
  15. QuestionGhost

    QuestionGhost TS Rookie Topic Starter Posts: 72

    Now, should I attach the zipped file? As I said, I don't know how to zip it.
     
  16. QuestionGhost

    QuestionGhost TS Rookie Topic Starter Posts: 72

    OK, I seem to have managed to zip the attachment file using 7zip, but I haven't been able to find and upload it yet. It looks like it is not there, even though I know it's there.
     
  17. QuestionGhost

    QuestionGhost TS Rookie Topic Starter Posts: 72

    I tried with a zip file that was not created with 7zip. "There was an error uplading your file"
     
  18. QuestionGhost

    QuestionGhost TS Rookie Topic Starter Posts: 72

    Do you need this DDS attachment for a diagnosis? If so: Any idea how I could uplad the zip file? Thank you!
     
  19. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    You don't have to zip anything.
    All logs have to be pasted.
    Paste Attach.txt log into your next reply.
     
  20. QuestionGhost

    QuestionGhost TS Rookie Topic Starter Posts: 72

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 30.05.2013 19:48:12
    System Uptime: 05.01.2015 08:54:18 (16 hours ago)
    .
    Motherboard: | | KT400-8235
    Processor: AMD Athlon(tm) XP 2400+ | Socket A | 1994/133mhz
    .
    ==== Disk Partitions =========================
    .
    A: is Removable
    C: is FIXED (NTFS) - 38 GiB total, 11,897 GiB free.
    D: is CDROM (CDFS)
    G: is FIXED (NTFS) - 1397 GiB total, 1061,298 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
    Description: C-Media AC97 Audio Device
    Device ID: PCI\VEN_1106&DEV_3059&SUBSYS_0A811019&REV_50\3&61AAA01&0&8D
    Manufacturer: C-Media
    Name: C-Media AC97 Audio Device
    PNP Device ID: PCI\VEN_1106&DEV_3059&SUBSYS_0A811019&REV_50\3&61AAA01&0&8D
    Service: cmuda
    .
    Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
    Description: N8-00
    Device ID: ROOT\WPD\0000
    Manufacturer: Nokia
    Name: N8-00
    PNP Device ID: ROOT\WPD\0000
    Service: WUDFRd
    .
    ==== System Restore Points ===================
    .
    RP384: 24.11.2014 00:40:52 - Systemprüfpunkt
    RP385: 24.11.2014 18:13:23 - avast! antivirus system restore point
    RP386: 24.11.2014 22:46:05 - Systemprüfpunkt
    RP387: 25.11.2014 23:28:11 - Systemprüfpunkt
    RP388: 27.11.2014 08:56:34 - Systemprüfpunkt
    RP389: 28.11.2014 18:28:44 - Systemprüfpunkt
    RP390: 29.11.2014 23:49:06 - Systemprüfpunkt
    RP391: 01.12.2014 01:59:54 - Systemprüfpunkt
    RP392: 03.12.2014 18:48:22 - Systemprüfpunkt
    RP393: 05.12.2014 21:30:36 - Systemprüfpunkt
    RP394: 07.12.2014 19:49:59 - Systemprüfpunkt
    RP395: 08.12.2014 20:34:31 - Systemprüfpunkt
    RP396: 10.12.2014 16:26:55 - Systemprüfpunkt
    RP397: 11.12.2014 01:15:59 - Software Distribution Service 3.0
    RP398: 11.12.2014 01:39:55 - OpenOffice.org 3.4.1 wird entfernt
    RP399: 11.12.2014 01:42:00 - OpenOffice 4.1.1 wird installiert
    RP400: 12.12.2014 20:55:23 - Systemprüfpunkt
    RP401: 13.12.2014 21:53:07 - Systemprüfpunkt
    RP402: 14.12.2014 22:08:38 - Systemprüfpunkt
    RP403: 15.12.2014 22:35:35 - Systemprüfpunkt
    RP404: 17.12.2014 03:18:41 - Systemprüfpunkt
    RP405: 18.12.2014 16:54:21 - Systemprüfpunkt
    RP406: 19.12.2014 16:56:28 - Systemprüfpunkt
    RP407: 20.12.2014 17:24:35 - Systemprüfpunkt
    RP408: 21.12.2014 21:01:21 - Systemprüfpunkt
    RP409: 22.12.2014 21:24:18 - Systemprüfpunkt
    RP410: 24.12.2014 00:12:30 - Systemprüfpunkt
    RP411: 25.12.2014 00:52:34 - Systemprüfpunkt
    RP412: 26.12.2014 01:15:39 - Systemprüfpunkt
    RP413: 27.12.2014 01:19:36 - Systemprüfpunkt
    RP414: 28.12.2014 16:48:38 - Systemprüfpunkt
    RP415: 05.01.2015 15:44:38 - Systemprüfpunkt
    .
    ==== Installed Programs ======================
    .
    7-Zip 9.20
    ABC Amber Audio Converter
    Adobe Flash Player 15 Plugin
    Adobe Reader XI (11.0.06) - Deutsch
    Areca
    Avira Free Antivirus
    Belkin USB Wireless Adaptor
    Biet-O-Matic v2.14.12
    C-Media WDM Audio Driver
    CCleaner
    CDBurnerXP
    Dropbox
    Eraser 6.0.10.2620
    Freemake Video Downloader
    Freemake Youtube Mp3 Converter
    Google Chrome
    Google Update Helper
    HitmanPro.Alert
    Hotfix für Windows XP (KB2779562)
    Hotfix für Windows XP (KB952287)
    Hotfix für Windows XP (KB961118)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB976002-v5)
    IrfanView (remove only)
    LockHunter 3.1, 32/64 bit
    Malwarebytes Anti-Malware Version 2.0.4.1028
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
    Microsoft .NET Framework 3.5 Language Pack SP1 - deu
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Client Profile DEU Language Pack
    Microsoft Download Manager
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    Microsoft User-Mode Driver Framework Feature Pack 1.9
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft_VC100_CRT_SP1_x86
    Mozilla Firefox 34.0.5 (x86 de)
    Mozilla Maintenance Service
    Mozilla Thunderbird 24.3.0 (x86 de)
    MSVC80_x86_v2
    MSVC90_x86
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Nokia Connectivity Cable Driver
    Nokia Suite
    OpenOffice 4.1.1
    PC Connectivity Solution
    Recuva
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2898855v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2901110v2)
    Sicherheitsupdate für Microsoft Windows (KB2564958)
    Sicherheitsupdate für Windows Internet Explorer 8 (KB2510531)
    Sicherheitsupdate für Windows Internet Explorer 8 (KB2829530)
    Sicherheitsupdate für Windows Internet Explorer 8 (KB2838727)
    Sicherheitsupdate für Windows Internet Explorer 8 (KB2846071)
    Sicherheitsupdate für Windows Internet Explorer 8 (KB2847204)
    Sicherheitsupdate für Windows Internet Explorer 8 (KB2862772)
    Sicherheitsupdate für Windows Internet Explorer 8 (KB2870699)
    Sicherheitsupdate für Windows Internet Explorer 8 (KB2879017)
    Sicherheitsupdate für Windows Internet Explorer 8 (KB2888505)
    Sicherheitsupdate für Windows Internet Explorer 8 (KB2898785)
    Sicherheitsupdate für Windows Internet Explorer 8 (KB2909210)
    Sicherheitsupdate für Windows Internet Explorer 8 (KB2909921)
    Sicherheitsupdate für Windows Internet Explorer 8 (KB2936068)
    Sicherheitsupdate für Windows Internet Explorer 8 (KB2964358)
    Sicherheitsupdate für Windows Media Player (KB2378111)
    Sicherheitsupdate für Windows Media Player (KB2834904-v2)
    Sicherheitsupdate für Windows Media Player (KB2834904)
    Sicherheitsupdate für Windows Media Player (KB952069)
    Sicherheitsupdate für Windows Media Player (KB954155)
    Sicherheitsupdate für Windows Media Player (KB973540)
    Sicherheitsupdate für Windows Media Player (KB975558)
    Sicherheitsupdate für Windows Media Player (KB978695)
    Sicherheitsupdate für Windows XP (KB2115168)
    Sicherheitsupdate für Windows XP (KB2229593)
    Sicherheitsupdate für Windows XP (KB2296011)
    Sicherheitsupdate für Windows XP (KB2347290)
    Sicherheitsupdate für Windows XP (KB2360937)
    Sicherheitsupdate für Windows XP (KB2387149)
    Sicherheitsupdate für Windows XP (KB2393802)
    Sicherheitsupdate für Windows XP (KB2419632)
    Sicherheitsupdate für Windows XP (KB2423089)
    Sicherheitsupdate für Windows XP (KB2440591)
    Sicherheitsupdate für Windows XP (KB2443105)
    Sicherheitsupdate für Windows XP (KB2478960)
    Sicherheitsupdate für Windows XP (KB2478971)
    Sicherheitsupdate für Windows XP (KB2479943)
    Sicherheitsupdate für Windows XP (KB2481109)
    Sicherheitsupdate für Windows XP (KB2483185)
    Sicherheitsupdate für Windows XP (KB2485663)
    Sicherheitsupdate für Windows XP (KB2506212)
    Sicherheitsupdate für Windows XP (KB2507938)
    Sicherheitsupdate für Windows XP (KB2508429)
    Sicherheitsupdate für Windows XP (KB2509553)
    Sicherheitsupdate für Windows XP (KB2535512)
    Sicherheitsupdate für Windows XP (KB2536276-v2)
    Sicherheitsupdate für Windows XP (KB2544893-v2)
    Sicherheitsupdate für Windows XP (KB2566454)
    Sicherheitsupdate für Windows XP (KB2570947)
    Sicherheitsupdate für Windows XP (KB2584146)
    Sicherheitsupdate für Windows XP (KB2585542)
    Sicherheitsupdate für Windows XP (KB2592799)
    Sicherheitsupdate für Windows XP (KB2598479)
    Sicherheitsupdate für Windows XP (KB2603381)
    Sicherheitsupdate für Windows XP (KB2618451)
    Sicherheitsupdate für Windows XP (KB2619339)
    Sicherheitsupdate für Windows XP (KB2620712)
    Sicherheitsupdate für Windows XP (KB2624667)
    Sicherheitsupdate für Windows XP (KB2631813)
    Sicherheitsupdate für Windows XP (KB2653956)
    Sicherheitsupdate für Windows XP (KB2655992)
    Sicherheitsupdate für Windows XP (KB2659262)
    Sicherheitsupdate für Windows XP (KB2661637)
    Sicherheitsupdate für Windows XP (KB2676562)
    Sicherheitsupdate für Windows XP (KB2686509)
    Sicherheitsupdate für Windows XP (KB2691442)
    Sicherheitsupdate für Windows XP (KB2698365)
    Sicherheitsupdate für Windows XP (KB2705219-v2)
    Sicherheitsupdate für Windows XP (KB2712808)
    Sicherheitsupdate für Windows XP (KB2719985)
    Sicherheitsupdate für Windows XP (KB2723135-v2)
    Sicherheitsupdate für Windows XP (KB2727528)
    Sicherheitsupdate für Windows XP (KB2753842-v2)
    Sicherheitsupdate für Windows XP (KB2757638)
    Sicherheitsupdate für Windows XP (KB2758857)
    Sicherheitsupdate für Windows XP (KB2770660)
    Sicherheitsupdate für Windows XP (KB2780091)
    Sicherheitsupdate für Windows XP (KB2802968)
    Sicherheitsupdate für Windows XP (KB2807986)
    Sicherheitsupdate für Windows XP (KB2813170)
    Sicherheitsupdate für Windows XP (KB2813345)
    Sicherheitsupdate für Windows XP (KB2820197)
    Sicherheitsupdate für Windows XP (KB2820917)
    Sicherheitsupdate für Windows XP (KB2829361)
    Sicherheitsupdate für Windows XP (KB2834886)
    Sicherheitsupdate für Windows XP (KB2839229)
    Sicherheitsupdate für Windows XP (KB2845187)
    Sicherheitsupdate für Windows XP (KB2847311)
    Sicherheitsupdate für Windows XP (KB2849470)
    Sicherheitsupdate für Windows XP (KB2850851)
    Sicherheitsupdate für Windows XP (KB2862152)
    Sicherheitsupdate für Windows XP (KB2862330)
    Sicherheitsupdate für Windows XP (KB2862335)
    Sicherheitsupdate für Windows XP (KB2864063)
    Sicherheitsupdate für Windows XP (KB2868038)
    Sicherheitsupdate für Windows XP (KB2868626)
    Sicherheitsupdate für Windows XP (KB2876217)
    Sicherheitsupdate für Windows XP (KB2876315)
    Sicherheitsupdate für Windows XP (KB2876331)
    Sicherheitsupdate für Windows XP (KB2883150)
    Sicherheitsupdate für Windows XP (KB2884256)
    Sicherheitsupdate für Windows XP (KB2892075)
    Sicherheitsupdate für Windows XP (KB2893294)
    Sicherheitsupdate für Windows XP (KB2893984)
    Sicherheitsupdate für Windows XP (KB2898715)
    Sicherheitsupdate für Windows XP (KB2900986)
    Sicherheitsupdate für Windows XP (KB2914368)
    Sicherheitsupdate für Windows XP (KB2916036)
    Sicherheitsupdate für Windows XP (KB2922229)
    Sicherheitsupdate für Windows XP (KB2929961)
    Sicherheitsupdate für Windows XP (KB2930275)
    Sicherheitsupdate für Windows XP (KB923561)
    Sicherheitsupdate für Windows XP (KB923789)
    Sicherheitsupdate für Windows XP (KB941569)
    Sicherheitsupdate für Windows XP (KB946648)
    Sicherheitsupdate für Windows XP (KB950762)
    Sicherheitsupdate für Windows XP (KB950974)
    Sicherheitsupdate für Windows XP (KB951376-v2)
    Sicherheitsupdate für Windows XP (KB952004)
    Sicherheitsupdate für Windows XP (KB952954)
    Sicherheitsupdate für Windows XP (KB956572)
    Sicherheitsupdate für Windows XP (KB956802)
    Sicherheitsupdate für Windows XP (KB956844)
    Sicherheitsupdate für Windows XP (KB959426)
    Sicherheitsupdate für Windows XP (KB960803)
    Sicherheitsupdate für Windows XP (KB960859)
    Sicherheitsupdate für Windows XP (KB969059)
    Sicherheitsupdate für Windows XP (KB970430)
    Sicherheitsupdate für Windows XP (KB971657)
    Sicherheitsupdate für Windows XP (KB972270)
    Sicherheitsupdate für Windows XP (KB973507)
    Sicherheitsupdate für Windows XP (KB973869)
    Sicherheitsupdate für Windows XP (KB973904)
    Sicherheitsupdate für Windows XP (KB974112)
    Sicherheitsupdate für Windows XP (KB974318)
    Sicherheitsupdate für Windows XP (KB974392)
    Sicherheitsupdate für Windows XP (KB974571)
    Sicherheitsupdate für Windows XP (KB975025)
    Sicherheitsupdate für Windows XP (KB975467)
    Sicherheitsupdate für Windows XP (KB975560)
    Sicherheitsupdate für Windows XP (KB975713)
    Sicherheitsupdate für Windows XP (KB977816)
    Sicherheitsupdate für Windows XP (KB977914)
    Sicherheitsupdate für Windows XP (KB978338)
    Sicherheitsupdate für Windows XP (KB978542)
    Sicherheitsupdate für Windows XP (KB978706)
    Sicherheitsupdate für Windows XP (KB979309)
    Sicherheitsupdate für Windows XP (KB979482)
    Sicherheitsupdate für Windows XP (KB979687)
    Sicherheitsupdate für Windows XP (KB981322)
    Sicherheitsupdate für Windows XP (KB981997)
    Sicherheitsupdate für Windows XP (KB982132)
    Sicherheitsupdate für Windows XP (KB982665)
    Tinypic 3.18
    Unlocker 1.9.2
    Update für Windows XP (KB2345886)
    Update für Windows XP (KB2661254-v2)
    Update für Windows XP (KB2749655)
    Update für Windows XP (KB2904266)
    Update für Windows XP (KB2934207)
    Update für Windows XP (KB951978)
    Update für Windows XP (KB955759)
    Update für Windows XP (KB968389)
    Update für Windows XP (KB971029)
    Update für Windows XP (KB973815)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    VLC media player
    WebFldrs XP
    Windows-Treiberpaket - Nokia pccsmcfd “LegacyDriver” (05/31/2012 7.1.2.0)
    Windows 7 Upgrade Advisor
    Windows Internet Explorer 8
    Windows Media Format 11 runtime
    Windows XP Service Pack 3
    WinPcap 4.1.2
    WISO Sparbuch 2010
    XML Paper Specification Shared Components Language Pack 1.0
    .
    ==== End Of File ===========================
     
  21. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2

    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Create new restore point before proceeding with the next step....
    How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

    Download [​IMG] Malwarebytes Anti-Rootkit (MBAR) to your desktop.
    • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
    • Double click on downloaded file. OK self extracting prompt.
    • MBAR will start. Click "Next" to continue.
    • Click in the following screen "Update" to obtain the latest malware definitions.
    • Once the update is complete select "Next" and click "Scan".
    • When the scan is finished and no malware has been found select "Exit".
    • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
    • Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
      • "mbar-log-{date} (xx-xx-xx).txt"
      • "system-log.txt"
    NOTE. If you see This version requires you to completely exit the Anti Malware application message right click on the Malwarebytes Anti-Malware icon in the system tray and click on Exit.
     
  22. QuestionGhost

    QuestionGhost TS Rookie Topic Starter Posts: 72

    Sorry, I can't run the first of these programs, Rogue Killer, even after trying many times and renaming it twice like it is suggested.
     
  23. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Go ahead with MBAR
     
  24. QuestionGhost

    QuestionGhost TS Rookie Topic Starter Posts: 72

    Please let me know if there is another way to open Rogue Killer. I will try again in about 7 hrs, since I need to take a break now. Thank you again!
     
  25. QuestionGhost

    QuestionGhost TS Rookie Topic Starter Posts: 72

    OK, I'll go on with MBAR
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...