TechSpot

Infomercials constantly playing on my computer-virusware not picking anything up

By drkdvinity
Sep 3, 2014
  1. I have infomercials playing at will on my computer. Even when I close everything & I'm not working on the computer at all. It seems that they play by themselves when all I've done is turned the computer on.
    I checked my firewall & it was off! I didn't do that. Spybot didn't pick anything up. Neither did Malwarebytes, Kapersky or bitdefender. As a matter of fact, the infomercial was running in the background while Malewarebytes was scanning! :( I tried getting info in the search engine. Someone suggested to try running Malwarebytes in Safemode With Networking. That didn't work either. This is a lot for a teckie challenged individual, lol! But, I was willing to try anything with instructions that I could understand & follow as what ever evil thing has taken control of my computer is making it run seriously slow, freeze it, & causing all kinds of messages to come up saying this & that is not responding. And Malwarebytes are popping up messages saying that they are blocking a malicious website all the time. I am beyond any thing that I can think of to do to try to fix this. I even tried System Restore & it wouldn't work no matter which date I tried back dating it to.
    Can someone please help me? I'm at my wits end!
     
  2. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  3. drkdvinity

    drkdvinity TS Rookie Topic Starter Posts: 20

    Thank you for your reply & assistance.
    I think that I did every thing correctly but if not let me know.
    Also, I am going to paste both the most recent mbam scan results as requested & the results of the first scan as while I was reading the history I saw that there was something called a PUP infection that has been quaranteened. Not sure if that's important or not but I thought I should add it to my reply.
    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Protection, 9/5/2014 12:30:22 AM, SYSTEM, LAURA, Protection, Malicious Website Protection, Stopping,
    Protection, 9/5/2014 12:30:26 AM, SYSTEM, LAURA, Protection, Malicious Website Protection, Stopped,
    Protection, 9/5/2014 12:30:26 AM, SYSTEM, LAURA, Protection, Malicious Website Protection, Starting,
    Protection, 9/5/2014 12:31:15 AM, SYSTEM, LAURA, Protection, Malicious Website Protection, Started,
    Detection, 9/5/2014 1:27:33 AM, SYSTEM, LAURA, Protection, Malicious Website Protection, IP, 88.214.193.174, 0, Outbound,
    Detection, 9/5/2014 1:27:35 AM, SYSTEM, LAURA, Protection, Malicious Website Protection, IP, 88.214.193.174, 0, Outbound,
    Detection, 9/5/2014 1:27:36 AM, SYSTEM, LAURA, Protection, Malicious Website Protection, IP, 88.214.193.174, 0, Outbound,
    Detection, 9/5/2014 1:27:42 AM, SYSTEM, LAURA, Protection, Malicious Website Protection, IP, 88.214.193.174, 0, Outbound,
    Detection, 9/5/2014 1:27:42 AM, SYSTEM, LAURA, Protection, Malicious Website Protection, IP, 88.214.193.174, 0, Outbound,
    (end)
    Malwarebytes Anti-Malware
    www.malwarebytes.org
    Scan Date: 9/2/2014
    Scan Time: 9:35:28 PM
    Logfile: MBAM9-2.txt
    Administrator: Yes
    Version: 2.00.2.1012
    Malware Database: v2014.09.02.11
    Rootkit Database: v2014.08.21.01
    License: Trial
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Self-protection: Disabled
    OS: Windows XP Service Pack 3
    CPU: x86
    File System: NTFS
    User: Karen
    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 336759
    Time Elapsed: 1 hr, 46 min, 29 sec
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled
    Processes: 0
    (No malicious items detected)
    Modules: 0
    (No malicious items detected)
    Registry Keys: 2
    PUP.Optional.FrostwireTB.A, HKU\S-1-5-21-4245672646-903908883-2055752331-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{D4027C7F-154A-4066-A1AD-4243D8127440}, Quarantined, [08db28c098e3bc7a913504b1788afa06],
    PUP.Optional.FrostwireTB.A, HKU\S-1-5-21-4245672646-903908883-2055752331-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{D4027C7F-154A-4066-A1AD-4243D8127440}, Quarantined, [08db28c098e3bc7a913504b1788afa06],
    Registry Values: 0
    (No malicious items detected)
    Registry Data: 0
    (No malicious items detected)
    Folders: 0
    (No malicious items detected)
    Files: 1
    Trojan.Agent, C:\WINDOWS\hosts, Quarantined, [875cb533601b979f72c1a3e119ea4eb2],
    Physical Sectors: 0
    (No malicious items detected)

    (end)
    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.9.2
    Run by Karen at 3:01:19 on 2014-09-05
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.766.85 [GMT -5:00]
    .
    AV: AVG Internet Security 2014 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    FW: AVG Internet Security 2014 *Enabled*
    FW: AVG Firewall *Disabled*
    .
    ============== Running Processes ================
    .
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe
    C:\Program Files\Western Digital\WD Security\WDDriveAutoUnlock.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
    C:\Program Files\Java\jre7\bin\jqs.exe
    C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
    C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
    C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
    C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
    C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
    C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
    C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
    C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Microsoft\BingBar\7.3.132.0\SeaPort.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Karen\Local Settings\Application Data\SupporterInfinity\VinylInfinity\browser.exe
    C:\Documents and Settings\Karen\Local Settings\Application Data\SupporterInfinity\VinylInfinity\browser.exe
    C:\Documents and Settings\Karen\Local Settings\Application Data\SupporterInfinity\VinylInfinity\browser.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\WINDOWS\system32\SearchFilterHost.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    C:\WINDOWS\System32\svchost.exe -k NetworkService
    C:\WINDOWS\System32\svchost.exe -k LocalService
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\WINDOWS\System32\svchost.exe -k imgsvc
    .
    ============== Pseudo HJT Report ===============
    .
    uSearch Bar = hxxp://my.juno.com/s/search?r=minisearch
    uSearch Page = hxxp://my.juno.com/s/search?r=minisearch
    mSearch Page = hxxp://my.juno.com/s/search?r=minisearch
    mDefault_Search_URL = hxxp://my.juno.com/s/search?r=minisearch
    uInternet Connection Wizard,ShellNext = iexplore
    uProxyOverride = <local>;*.local
    uSearchURL,(Default) = hxxp://my.juno.com/s/search?r=minisearch
    mSearchAssistant = hxxp://my.juno.com/s/search?r=minisearch
    BHO: AutorunsDisabled - <orphaned>
    BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
    BHO: AcroIEHlprObj Class: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
    BHO: Bing Bar Helper: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - c:\program files\microsoft\bingbar\7.3.132.0\BingExt.dll
    BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
    BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: Bing Bar: {eec0f710-38b5-4aba-99bf-ec87564a4e13} - c:\program files\microsoft\bingbar\7.3.132.0\BingExt.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [AnyDVD] "c:\program files\slysoft\anydvd\AnyDVD.exe"
    uRun: [NarratorSoftware] c:\windows\system32\rundll32.exe "c:\documents and settings\karen\local settings\application data\narratorsoftware\NarratorSoftware.dll",DllRegisterServer
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [DriveUtilitiesHelper] c:\program files\western digital\wd utilities\WDDriveUtilitiesHelper.exe
    mRun: [WD Drive Unlocker] c:\program files\western digital\wd security\WDDriveAutoUnlock.exe
    mRun: [WD Quick View] c:\program files\western digital\wd quick view\WDDMStatus.exe
    dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\audibl~1.lnk - c:\program files\audible\bin\AudibleDownloadHelper.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
    mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    .
    INFO: HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.1.0.0/GarminAxControl_32.CAB
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    DPF: {23A2712A-7A4F-4D0C-822C-D7BA9974447B} - hxxps://registration.rr.com/RegHelper.cab
    DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab
    DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {C9E2242D-DC05-4C54-9483-A5C90653F7BC} - hxxps://techinline.net/Client/TIClient.cab?8688
    DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.4/jinstall-14_02-windows-i586.cab
    DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - hxxp://download.abacast.com/download/files/abasetup150.cab
    DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{0EA8A4B0-1682-44C4-93FB-7ED2149757ED} : DHCPNameServer = 192.168.1.1
    Notify: GoToAssist - c:\program files\citrix\gotoassist\896\G2AWinLogon.dll
    Notify: igfxcui - igfxsrvc.dll
    Notify: PFW - <no file>
    Notify: SDWinLogon - SDWinLogon.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
    LSA: Notification Packages = :\windows\syste
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\karen\application data\mozilla\firefox\profiles\pf4zwblf.default\
    FF - prefs.js: browser.startup.homepage - www.rr.com
    FF - prefs.js: keyword.URL - hxxps://isearch.avg.com/search?cid=%7Ba6fd3806-14d6-40d7-95f1-4dd033170a29%7D&mid=5e407cc0265447d68f35d1441086ba29-c1e3e0a522e5831530734fba6381b49f3e0b0324&ds=AVG&v=12.2.5.32&lang=en&pr=pr&d=2012-02-26%2017%3A19%3A02&sap=ku&q=
    FF - prefs.js: network.proxy.http - 127.0.0.1
    FF - prefs.js: network.proxy.http_port - 50370
    FF - prefs.js: network.proxy.type - 0
    FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff10.dll
    FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff4.dll
    FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff5.dll
    FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff6.dll
    FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff7.dll
    FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff8.dll
    FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff9.dll
    FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlchromebrowserrecordext.dll
    FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlhtml5videoshim.dll
    FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlpepperflashvideoshim.dll
    FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\npdlplugin.dll
    FF - plugin: c:\documents and settings\karen\local settings\application data\citrix\plugins\104\npappdetector.dll
    FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\program files\microsoft silverlight\5.1.30514.0\npctrlui.dll
    FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
    FF - plugin: c:\program files\veetle\player\npvlc.dll
    FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_14_0_0_145.dll
    FF - plugin: c:\windows\system32\npDeployJava1.dll
    FF - plugin: c:\windows\system32\npptools.dll
    FF - plugin: c:\windows\system32\npwmsdrm.dll
    FF - ExtSQL: !HIDDEN! 2013-09-23 20:45; smartwebprinting@hp.com; c:\program files\hp\digital imaging\smart web printing\MozillaAddOn2
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: network.http.max-persistent-connections-per-server - 4
    FF - user.js: nglayout.initialpaint.delay - 600
    FF - user.js: content.notify.interval - 600000
    FF - user.js: content.max.tokenizing.time - 1800000
    FF - user.js: content.switch.threshold - 600000
    FF - user.js: network.http.max-connections-per-server - 8
    .
    ============= SERVICES / DRIVERS ===============
    .
    .
    =============== Created Last 30 ================
    .
    2014-09-03 22:51:45 -------- d-----w- c:\documents and settings\karen\application data\QuickScan
    2014-09-03 02:32:41 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2014-09-03 02:29:02 53208 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2014-09-03 02:29:02 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
    2014-09-03 02:29:00 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
    2014-09-01 21:01:25 -------- d-----w- c:\documents and settings\karen\local settings\application data\ReceiverJoint
    2014-09-01 20:59:11 -------- d-----w- c:\documents and settings\karen\local settings\application data\SupporterInfinity
    2014-09-01 20:59:11 -------- d-----w- c:\documents and settings\karen\local settings\application data\NarratorSoftware
    2014-08-20 18:29:41 -------- d-----w- c:\program files\common files\Western Digital
    2014-08-19 11:02:37 -------- d-----w- c:\documents and settings\karen\application data\Dropbox
    2014-08-19 02:52:52 -------- d-----w- c:\documents and settings\karen\local settings\application data\Western Digital
    2014-08-19 02:52:09 -------- d-----w- c:\documents and settings\karen\local settings\application data\Western_Digital_Technolog
    2014-08-19 02:49:30 -------- d-----w- c:\program files\Western Digital
    2014-08-19 02:48:49 -------- d-----w- c:\documents and settings\all users\application data\Western Digital
    2014-08-15 05:48:39 -------- d-----w- c:\documents and settings\karen\local settings\application data\Adobe
    .
    ==================== Find3M ====================
    .
    2014-08-15 03:15:36 699568 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2014-08-15 03:15:35 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2003-08-27 19:19:18 36963 ----a-r- c:\program files\common files\SM1updtr.dll
    .
    ============= FINISH: 3:08:41.84 ===============
    .
    ==== Installed Programs ======================
    .
    32 Bit HP CIO Components Installer
    Adobe Flash Player 14 ActiveX
    Adobe Flash Player 14 Plugin
    Adobe Reader 7.0
    Adobe Shockwave Player 11.6
    AnyDVD
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ArcSoft Print Creations
    ArcSoft Print Creations - Album Page
    ArcSoft Print Creations - Funhouse
    ArcSoft Print Creations - Greeting Card
    ArcSoft Print Creations - Photo Book
    ArcSoft Print Creations - Photo Calendar
    ArcSoft Print Creations - Scrapbook
    ArcSoft Print Creations - Slimline Card
    Audible Download Manager
    Banctec Service Agreement
    Bing Bar
    Bonjour
    Broadcom Management Programs
    CCleaner
    CCScore
    Citrix Online Launcher
    CloneDVD2
    Compatibility Pack for the 2007 Office system
    Conexant SmartHSFi V.9x 56K Speakerphone PCI Modem
    Cypress USB Mass Storage Driver Installation
    Dell Networking Guide
    Dell Solution Center
    DellSupport
    DS21Patch
    DVDSentry
    Easy CD Creator 5 Basic
    Elevated Installer
    ESSBrwr
    ESSCDBK
    ESScore
    ESSgui
    ESSini
    ESSPCD
    ESSPDock
    ESSTOOLS
    essvatgt
    fflink
    Garmin Express
    Garmin Express Tray
    Google Chrome
    Google Toolbar for Internet Explorer
    Google Update Helper
    GoToAssist Corporate
    Help and Support Customization
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HP Deskjet 2510 series Basic Device Software
    HP Deskjet 2510 series Help
    HP Deskjet 2510 series Product Improvement Study
    HP Deskjet 2510 series Setup Guide
    HP Photo Creations
    HP Smart Web Printing
    HP Update
    HPSSupply
    Intel(R) Extreme Graphics Driver
    Internet Explorer Default Page
    iTunes
    Java 2 Runtime Environment, SE v1.4.1_02
    Java 2 Runtime Environment, SE v1.4.2
    Java 7 Update 9
    Java Auto Updater
    Java Web Start
    Java(TM) 6 Update 18
    Kodak EasyShare software
    Malwarebytes Anti-Malware version 2.0.2.1012
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2698023)
    Microsoft .NET Framework 1.1 Security Update (KB2833941)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Application Error Reporting
    Microsoft Data Access Components KB870669
    Microsoft Office 2000 Disc 2
    Microsoft Office XP Professional
    Microsoft Silverlight
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    MobileMe Control Panel
    Mozilla Firefox 31.0 (x86 en-US)
    Mozilla Maintenance Service
    MSVCSetup
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    netbrdg
    OfotoXMI
    OGA Notifier 2.0.0048.0
    OverDrive Media Console
    QuickTime 7
    RealDownloader
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealNetworks - Microsoft Visual C++ 2010 Runtime
    RealUpgrade 1.1
    Registry Mechanic 6.0
    Safari
    Satellite Direct v1.6.1.1
    Satellite Direct v2.8.1.1
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2898855v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2901110v2)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
    Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
    Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
    Security Update for Microsoft .NET Framework 4 Extended (KB2901110v2)
    Security Update for Windows Internet Explorer 8 (KB2482017)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2647516)
    Security Update for Windows Internet Explorer 8 (KB2744842)
    Security Update for Windows Internet Explorer 8 (KB2797052)
    Security Update for Windows Internet Explorer 8 (KB2846071)
    Security Update for Windows Internet Explorer 8 (KB2870699)
    Security Update for Windows Internet Explorer 8 (KB2879017)
    Security Update for Windows Internet Explorer 8 (KB2888505)
    Security Update for Windows Internet Explorer 8 (KB2898785)
    Security Update for Windows Internet Explorer 8 (KB2909210)
    Security Update for Windows Internet Explorer 8 (KB2909921)
    Security Update for Windows Internet Explorer 8 (KB2925418)
    Security Update for Windows Internet Explorer 8 (KB2936068)
    Security Update for Windows Internet Explorer 8 (KB2964358)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows XP (KB2847311)
    Security Update for Windows XP (KB2862152)
    Security Update for Windows XP (KB2862330)
    Security Update for Windows XP (KB2862335)
    Security Update for Windows XP (KB2864063)
    Security Update for Windows XP (KB2868038)
    Security Update for Windows XP (KB2868626)
    Security Update for Windows XP (KB2876217)
    Security Update for Windows XP (KB2876315)
    Security Update for Windows XP (KB2876331)
    Security Update for Windows XP (KB2883150)
    Security Update for Windows XP (KB2892075)
    Security Update for Windows XP (KB2893294)
    Security Update for Windows XP (KB2893984)
    Security Update for Windows XP (KB2898715)
    Security Update for Windows XP (KB2900986)
    Security Update for Windows XP (KB2914368)
    Security Update for Windows XP (KB2916036)
    Security Update for Windows XP (KB2922229)
    Security Update for Windows XP (KB2929961)
    Security Update for Windows XP (KB2930275)
    SFR
    Shared C Run-time for x86
    SHASTA
    Shockwave
    Shop for HP Supplies
    skin0001
    SKINXSDK
    SmartWebPrinting
    Spybot - Search & Destroy
    staticcr
    Stomp Backup MyPC
    Update 4.0.3 for Microsoft .NET Framework 4 Client Profile (KB2600211)
    Update 4.0.3 for Microsoft .NET Framework 4 Extended (KB2600211)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB973874)
    Update for Windows Internet Explorer 8 (KB976749)
    Update for Windows XP (KB2904266)
    Update for Windows XP (KB2934207)
    Veetle TV 0.9.18
    Visual Studio 2012 x86 Redistributables
    VPRINTOL
    WD Drive Utilities
    WD Quick View
    WD Security
    WD SmartWare
    WD SmartWare Installer
    WebFldrs XP
    Windows Defender Signatures
    Windows Internet Explorer 8
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows XP Service Pack 3
    WIRELESS
    .
    ==== End Of File ===========================
     
  4. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    [​IMG] You're running two AV programs, AVG and MSE.
    You must uninstall one of them.
    If AVG use AVG Remover: http://www.avg.com/us-en/utilities

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2

    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Create new restore point before proceeding with the next step....
    How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

    Download [img=[url]http://www.imgdumper.nl/uploads6/51a5f31352f71/51a5f31352b88-icon_MBAR.png][/url]Malwarebytes Anti-Rootkit to your desktop.
    • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
    • Double click on downloaded file. OK self extracting prompt.
    • MBAR will start. Click "Next" to continue.
    • Click in the following screen "Update" to obtain the latest malware definitions.
    • Once the update is complete select "Next" and click "Scan".
    • When the scan is finished and no malware has been found select "Exit".
    • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
    • Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
      • "mbar-log-{date} (xx-xx-xx).txt"
      • "system-log.txt"
     
  5. drkdvinity

    drkdvinity TS Rookie Topic Starter Posts: 20

    Broni,
    I purchased my computer used some years ago & though I am the current sole owner/user I've never had the administrator pw. I did ask the computer guy that sold it to me a couple of yrs ago about it. He said the lady that used to own it passed & that he'd recieved the computer from her family. He forgot about giving me the pw when he sold it to me & now doesn't know if he still has it anymore :/ Any suggestions?
    Also, I haven't had AVG for well over a year. When I chose not to renew I went into the control panel, then add/remove programs & then uninstalled. Did I do something wrong?
    I will proceed with your instructions for uninstall & wait for you to advise about proceeding with the anti-root kit.
     
  6. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    AVG doesn't fully uninstall while using Windows Control Panel.
    There will be leftovers so please run AVG Remover to get rid of them.

    As for password thingy I suggest asking at Windows forum.
     
  7. drkdvinity

    drkdvinity TS Rookie Topic Starter Posts: 20

    Broni,
    I tried to use the AVG Remover last night but they ask for imfo first such as the license number. I removed AVG about a year & a half ago & have no idea what the license number used to be. So, I clicked on the help link & left an email. I haven't recieved a reply yet I may have to wait untill the week days arrive.
    I tried running both links for Rogue Killer. After I downloaded the first one to desktop I closed every thing out, went to desktop, then double clicked on it. It completly disapeared, lol! So, I tried the second link & repeated the steps. At desktop I double clicked on it. A notice popped up saying, "Not a valid application". I will try the first link again & go to the Windows Forum to see if I can get help with the pw situation.
    You mentioned that I had two antivirus programs running & that one was called MSE. What is MSE?
     
  8. drkdvinity

    drkdvinity TS Rookie Topic Starter Posts: 20

    Broni,
    Avg is removed.As soon as it finished the security screen popped up & said Microsoft Security Essencials has been turned off and virus protection is turned off. Once again, I didn't think that I had that anymore. I kept recieving notices saying that Microsoft is no longer offering updates for XP & that mse also would no longer be updated & therefore ineffective. So, I removed it & got Spybot. But, I guess it's still there or I think it is I'm not sure. Anyhoo-I tried downloading RogueKiller again. It sat frozen for hours with pop ups going on, lol. But, I think it went through. Here is the report:
    RogueKiller V9.2.9.0 [Jul 11 2014] by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : https://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com
    Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
    Started in : Normal mode
    User : Karen [Admin rights]
    Mode : Remove -- Date : 09/07/2014 03:12:40
    ¤¤¤ Bad processes : 5 ¤¤¤
    [Suspicious.Path] browser.exe -- C:\Documents and Settings\Karen\Local Settings\Application Data\SupporterInfinity\VinylInfinity\browser.exe[7] -> KILLED [TermThr]
    [Suspicious.Path] browser.exe -- C:\Documents and Settings\Karen\Local Settings\Application Data\SupporterInfinity\VinylInfinity\browser.exe[7] -> KILLED [TermThr]
    [Suspicious.Path] browser.exe -- C:\Documents and Settings\Karen\Local Settings\Application Data\SupporterInfinity\VinylInfinity\browser.exe[7] -> KILLED [TermThr]
    [Suspicious.Path] rundll32.exe -- C:\Documents and Settings\Karen\Local Settings\Application Data\NarratorSoftware\NarratorSoftware.dll[-] -> UNLOADED
    [Suspicious.Path] rundll32.exe -- C:\Documents and Settings\Karen\Local Settings\Application Data\NarratorSoftware\NarratorSoftware.dll[-] -> UNLOADED
    ¤¤¤ Registry Entries : 9 ¤¤¤
    [Suspicious.Path] HKEY_USERS\S-1-5-21-4245672646-903908883-2055752331-1006\Software\Microsoft\Windows\CurrentVersion\Run | NarratorSoftware : C:\WINDOWS\system32\rundll32.exe "C:\Documents and Settings\Karen\Local Settings\Application Data\NarratorSoftware\NarratorSoftware.dll",DllRegisterServer [x] -> DELETED
    [PUM.Policies] HKEY_USERS\S-1-5-21-4245672646-903908883-2055752331-1006\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> NOT SELECTED
    [PUM.Policies] HKEY_USERS\S-1-5-21-4245672646-903908883-2055752331-1006\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> NOT SELECTED
    [PUM.Desktop] HKEY_USERS\S-1-5-21-4245672646-903908883-2055752331-1006\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop | NoChangingWallpaper : 0 -> NOT SELECTED
    [PUM.StartMenu] HKEY_USERS\S-1-5-21-4245672646-903908883-2055752331-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRecentDocs : 0 -> NOT SELECTED
    [PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NOT SELECTED
    [PUM.HomePage] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.dell4me.com/myway -> NOT SELECTED
    [PUM.HomePage] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.dell4me.com/myway -> NOT SELECTED
    [PUM.SearchPage] HKEY_USERS\S-1-5-21-4245672646-903908883-2055752331-1006\Software\Microsoft\Internet Explorer\Main | Search Page : http://my.juno.com/s/search?r=minisearch -> NOT SELECTED
    ¤¤¤ Scheduled tasks : 1 ¤¤¤
    [Suspicious.Path] Microsoft Antimalware Scheduled Scan.job -- c:\Program Files\Microsoft Security Client\MpCmdRun.exe (Scan -ScheduleJob -RestrictPrivileges) -> DELETED
    ¤¤¤ Files : 0 ¤¤¤
    ¤¤¤ HOSTS File : 0 ¤¤¤
    ¤¤¤ Antirootkit : 4 (Driver: LOADED) ¤¤¤
    [Filter(Kernel.Filter)] \Driver\atapi @ \Device\Ide\IdeDeviceP1T1L0-17 : \Driver\AnyDVD @ Unknown (\SystemRoot\System32\Drivers\AnyDVD.sys)
    [Filter(Kernel.Filter)] \Driver\atapi @ Unknown : \Driver\Cdrom @ \Device\CdRom1 (\SystemRoot\System32\DRIVERS\serial.sys)
    [Filter(Kernel.Filter)] \Driver\atapi @ \Device\Ide\IdeDeviceP1T0L0-f : \Driver\AnyDVD @ Unknown (\SystemRoot\System32\Drivers\AnyDVD.sys)
    [Filter(Kernel.Filter)] \Driver\atapi @ Unknown : \Driver\Cdrom @ \Device\CdRom0 (\SystemRoot\System32\DRIVERS\serial.sys)
    ¤¤¤ Web browsers : 3 ¤¤¤
    [PUM.Proxy][FIREFX:Config] pf4zwblf.default : user_pref("network.proxy.http", "127.0.0.1"); -> NOT SELECTED
    [PUM.Proxy][FIREFX:Config] pf4zwblf.default : user_pref("network.proxy.http_port", 50370); -> NOT SELECTED
    [PUM.HomePage][FIREFX:Config] pf4zwblf.default : user_pref("browser.startup.homepage", "www.rr.com"); -> NOT SELECTED
    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: IC35L090AVV207-0 +++++
    --- User ---
    [MBR] 6b61654af29af97c554fd93638735cc2
    [BSP] f0531316a6163d16f4ba254ab3fe3bf4 : Windows XP MBR Code
    Partition table:
    0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 31 MB
    1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 64260 | Size: 76253 MB
    User = LL1 ... OK
    User = LL2 ... OK

    ============================================
    RKreport_SCN_09072014_030702.log
    While it was working a page kept comming up for KernelMode RootKits: Part 3, KernelFilters.
    Also, Malwarebytes kept popping up: Malicious website blocked.
    I'll go try to find help with the pw situation as soon as I wake up tomorrow. I've been at this all day & night due to the sluggishness & freezing.
     
  9. Broni

    Broni Malware Annihilator Posts: 52,898   +344

  10. drkdvinity

    drkdvinity TS Rookie Topic Starter Posts: 20

    I installed the Avast. It started running & some thing came up for 3 browser issues. It asked me to delete them so I did. Only one was able to delete. The 2 remaining problems were AVG Safe Search & AVG Secure Search. It asked me to close out all my browsers & try again. I wasn't running any browsers but I hit Try Again any way & this is what came up- "Failed to perform changes: The configuration of your Google Chrome browser could not be updated. Please close your browser & repeat the current operation."
    As I alredy mentioned I had no browser open. However, I did notice that when those unwanted Infomercials were popping up & playing I hit Alt Ctrl Delete & the Windows Task Manager came up it listed the Task as Google Chrome. Just thought I'd mention that.
    So, even though I removed AVG again it seems as though there are still parts remaining.
     
  11. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Please provide MBAR logs.
     
  12. drkdvinity

    drkdvinity TS Rookie Topic Starter Posts: 20

    I've signed up to the Windows Forum & posted for help. I just haven't recieved help yet :/
     
  13. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    We're not done here so I don't know why you posted something at Windows forum.

    All I need from you are MBAR logs and I asked for them twice already.
     
  14. drkdvinity

    drkdvinity TS Rookie Topic Starter Posts: 20

    I am confused. I thought that was what you asked me to do when I told you that I didn't have the administrator pw.

    "AVG doesn't fully uninstall while using Windows Control Panel.
    There will be leftovers so please run AVG Remover to get rid of them.
    As for password thingy I suggest asking at Windows forum."
    The information that you gave me says, "Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrators right"
    I then replied saying, "
    I purchased my computer used some years ago & though I am the current sole owner/user I've never had the administrator pw. I did ask the computer guy that sold it to me a couple of yrs ago about it. He said the lady that used to own it passed & that he'd recieved the computer from her family. He forgot about giving me the pw when he sold it to me & now doesn't know if he still has it anymore :/ Any suggestions?"
    I assumed that I'd need the administrators pw to run this. If I'm I assumed incorrectly just tell me.
     
  15. drkdvinity

    drkdvinity TS Rookie Topic Starter Posts: 20

    In case I am still not making sence, I thought that I needed the admin pass word in order to move forward with your instructions with MBAR but that you needed me to get help with that from Windows Forum before I could continue to proceed.
    I knew we were not done & I wasn't avoiding giving you the info or going elsewere for anything else. I thought I was following your instructions.
    If we miscommunicated that is fine & I apologise if the misunderstanding was on my end.
    Just tell me if I do or do not need to recieve help from Windows Forum with the admin pw for the next step, to run MBAR. I'm not getting an answer there & I'd be happy to run MBAR if I don't need the PW. Just let me know.
    Thank you.
     
  16. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    You can deal with password issue later.
    We can remove AVG leftovers manually.
    All I need for now are MBAR logs.
     
  17. drkdvinity

    drkdvinity TS Rookie Topic Starter Posts: 20

    Okay, I'm assuming that what you are saying is that I do not need administrator rights to download the MBAR. Great. I will go download it now.
     
  18. drkdvinity

    drkdvinity TS Rookie Topic Starter Posts: 20

    Broni,
    I am barely awake so I'm calling it a night. You can let me know tomorrow if I did this correctly or if I missed or forgot something.

    Malwarebytes Anti-Rootkit BETA 1.07.0.1012
    (c) Malwarebytes Corporation 2011-2012
    OS version: 5.1.2600 Windows XP Service Pack 3 x86
    Account is Administrative
    Internet Explorer version: 8.0.6001.18702
    Java version: 1.6.0_18
    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED
    CPU speed: 2.659000 GHz
    Memory total: 803209216, free: 152035328
    Downloaded database version: v2014.09.09.01
    Downloaded database version: v2014.08.21.01
    =======================================
    Initializing...
    Done!
    Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
    The directory C:\WINDOWS\SYSTEM32\drivers seems inaccessible or encrypted.
    Drivers scan is aborted.
    Done!
    Drive 0
    This is a System drive
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 9DC96E9E
    Partition information:
    Partition 0 type is Other (0xde)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63 Numsec = 64197
    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 64260 Numsec = 156167865
    Partition file system is NTFS
    Partition is bootable
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Disk Size: 80000000000 bytes
    Sector size: 512 bytes
    Scanning physical sectors of unpartitioned space on drive 0 (1-62-156230000-156250000)...
    Done!
    Scan finished
    =======================================

    Removal queue found; removal started
    Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-0-I.mbam...
    Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\VBR-0-1-64260-I.mbam...
    Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
    Removal finished

    Malwarebytes Anti-Rootkit BETA 1.07.0.1012
    www.malwarebytes.org
    Database version: v2014.09.09.01
    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    Karen :: LAURA [administrator]
    9/9/2014 2:31:12 AM
    mbar-log-2014-09-09 (02-31-12).txt
    Scan type: Quick scan
    Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
    Scan options disabled:
    Objects scanned: 340424
    Time elapsed: 59 minute(s), 2 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 0
    (No malicious items detected)
    Physical Sectors Detected: 0
    (No malicious items detected)
    (end)
     
  19. drkdvinity

    drkdvinity TS Rookie Topic Starter Posts: 20

    Broni,
    I am at the Public Library useing their computer as I now cannot get in to mine. I know that you told me to worry about the pw issue later but when I turned on my computer this morning it was locked & asking for a pw, which I have mentioned many times, I do not have.
    I've recieved a response from Windows Forum but it seems very complicated. I am going to see if I can get help with it.
    Suggestions???
     
  20. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    I'll wait. Let's see if Windows forum people can get you going.
     
  21. drkdvinity

    drkdvinity TS Rookie Topic Starter Posts: 20

    Broni,
    I'm in!!! :D But, I had a lot of trouble & it looks like I received a ton of viruses along the way. I downloaded Avast on Sunday & it picked up on them a little while ago. After that it asked me to do a boot scan or something like that where my screen went blue with the scanning process. I watched some of it & it looks like I picked up the viruses during the pw change process as I recognised one of the file names, "Ophcrack". I had a lot of trouble useing that program & I was wondering if I'd done something incorrectly because it now looks like my name is combined with the previous owner rather than replacing the previous owner, not to mention I collected a bunch of viruses in the process. It seems like I'm back to the drawing board. But, at least I'm in, lol!
     
  22. drkdvinity

    drkdvinity TS Rookie Topic Starter Posts: 20

    Broni,
    Are you with me?
     
  23. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Good news :)

    Please re-run MBAM, RogueKiller and MBAR. Post all logs.
     
  24. drkdvinity

    drkdvinity TS Rookie Topic Starter Posts: 20

    Malwarebytes Anti-Malware
    www.malwarebytes.org
    Scan Date: 9/14/2014
    Scan Time: 6:57:24 PM
    Logfile: MBAM9-14-14.txt
    Administrator: Yes
    Version: 2.00.2.1012
    Malware Database: v2014.09.14.10
    Rootkit Database: v2014.09.13.01
    License: Trial
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Self-protection: Disabled
    OS: Windows XP Service Pack 3
    CPU: x86
    File System: NTFS
    User: Karen
    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 343923
    Time Elapsed: 24 min, 22 sec
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled
    Processes: 0
    (No malicious items detected)
    Modules: 0
    (No malicious items detected)
    Registry Keys: 0
    (No malicious items detected)
    Registry Values: 0
    (No malicious items detected)
    Registry Data: 0
    (No malicious items detected)
    Folders: 0
    (No malicious items detected)
    Files: 0
    (No malicious items detected)
    Physical Sectors: 0
    (No malicious items detected)

    (end)
     
  25. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Go on...
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...