Slow computer, lots of bugs!....i think

Inactive-A
By BrokePTstudent
Jul 22, 2013
Topic Status:
Not open for further replies.
  1. So here is the problem. I have a Dell desktop 8400 series that I bought new in 2004 before going to undergrad. It used to start up and be ready to go in about 10 seconds. Now I turn it on and it takes about 5 minutes on average to boot up and allow me to get online. I am running a netgear N300 USB connector to get onto wireless but it constantly disconnects and reconnects but my main problem is the slow start up and slow to open ANY program. My overall goal is to get it cleaned up, transfer my files to a USB drive, do a system restore if necessary, and download Windows 8 through school (if my computer will run Windows 8) but all that is probably a topic for another thread.

    I have McAfee Internet Security, I'm not even sure if it is an antivirus program but I think it is. I have not ran a sweep yet since the directions said to hold off. I have followed the the 4 step instructions and the results are as follows. Thanks in advance for any help.

    MBAM Log:
    Malwarebytes Anti-Malware (Trial) 1.75.0.1300
    www.malwarebytes.org

    Database version: v2013.07.17.09

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 7.0.5730.11
    Antonio :: ANTHONY [administrator]

    Protection: Enabled

    7/17/2013 8:43:52 PM
    MBAM-log-2013-07-18 (07-02-10).txt

    Scan type: Full scan (C:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 598744
    Time elapsed: 3 hour(s), 48 minute(s), 32 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 2
    HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 2
    C:\Documents and Settings\Antonio\Local Settings\Temp\is357113909\SuperLyrics_1060-2024_v116.exe (PUP.LyricsAd) -> No action taken.
    C:\Documents and Settings\Antonio\My Documents\Downloads\mozilla-firefox-setup.exe (Adware.ToDownload) -> No action taken.

    (end)

    DDS:
    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 7.0.6000.21342 BrowserJavaVersion: 1.6.0_24
    Run by Antonio at 19:26:05 on 2013-07-18
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.78 [GMT -4:00]
    .
    AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    FW: McAfee Firewall *Enabled*
    .
    ============== Running Processes ================
    .
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Babelgum Player\babelgumupdater_service.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\WINDOWS\System32\CTsvcCDA.EXE
    C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\mfevtps.exe
    C:\Program Files\McAfee Online Backup\MOBKbackup.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Dell\Media Experience\PCMService.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVA.EXE
    C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    c:\PROGRA~1\mcafee\SITEAD~1\saui.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    C:\WINDOWS\system32\svchost.exe -k NetworkService
    C:\WINDOWS\System32\svchost.exe -k LocalService
    C:\WINDOWS\System32\svchost.exe -k LocalService
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\WINDOWS\System32\svchost.exe -k imgsvc
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=F4CAE091F5119B00&affID=119351&tsp=4946
    uSearch Bar = hxxp://channels.aimtoday.com/search/aimtoolbar.jsp
    uDefault_Page_URL = hxxp://www.dell4me.com/myway
    mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html
    uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s%s
    uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
    uURLSearchHooks: AOLTBSearch Class: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - c:\program files\aol\aol toolbar 2.0\aoltb.dll
    uURLSearchHooks: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - <orphaned>
    uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
    mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
    BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\smart web printing\hpswp_printenhancer.dll
    BHO: HP Print Clips: {053F9267-DC04-4294-A72C-58F732D338C0} - c:\program files\hp\smart web printing\hpswp_framework.dll
    BHO: DriveLetterAccess: {5CA3D70E-1895-11CF-8E15-001234567890} - c:\windows\system32\dla\tfswshx.dll
    BHO: AOL Toolbar Launcher: {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - c:\program files\aol\aol toolbar 2.0\aoltb.dll
    BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
    BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
    BHO: delta Helper Object: {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - c:\program files\delta\delta\1.8.21.5\bh\delta.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - <orphaned>
    TB: AIM Search: {40D41A8B-D79B-43D7-99A7-9EE0F344C385} - LocalServer32 - <no file>
    TB: AOL Toolbar: {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aol toolbar 2.0\aoltb.dll
    TB: AIM Toolbar: {61539ECD-CC67-4437-A03C-9AACCBD14326} - c:\program files\aim toolbar\aimtb.dll
    TB: AOL Toolbar: {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aol toolbar 2.0\aoltb.dll
    TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
    TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
    TB: Delta Toolbar: {82E1477C-B154-48D3-9891-33D83C26BCD3} - c:\program files\delta\delta\1.8.21.5\deltaTlbr.dll
    EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>
    EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - <orphaned>
    EB: Real.com: {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\shdocvw.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [Aim6] <no file>
    mRun: [IAAnotif] "c:\program files\intel\intel application accelerator\iaanotif.exe"
    mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
    mRun: [dla] "c:\windows\system32\dla\tfswctrl.exe"
    mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
    mRun: [CTSysVol] "c:\program files\creative\sound blaster live! 24-bit\surround mixer\CTSysVol.exe" /r
    mRun: [P17Helper] "c:\windows\system32\rundll32.exe" P17.dll,P17Helper
    mRun: [UpdReg] "c:\windows\UpdReg.EXE"
    mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"
    mRun: [MMTray] "c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe"
    mRun: [mmtask] "c:\program files\musicmatch\musicmatch jukebox\mmtask.exe"
    mRun: [ArcSoft Connection Service] "c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe"
    mRun: [EPSON Stylus CX5000 Series] "c:\windows\system32\spool\drivers\w32x86\3\e_fatibva.exe" /fu "c:\windows\temp\E_S12B.tmp" /EF "HKLM"
    mRun: [AppleSyncNotifier] "c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [RIMBBLaunchAgent.exe] "c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe"
    mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wg111v~1.lnk - c:\program files\netgear\wg111v2 configuration utility\RtlWake.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    IE: &AIM Search - c:\program files\aim toolbar\AIMBar.dll/aimsearch.htm
    IE: &AIM Toolbar Search - c:\documents and settings\all users\application data\aim toolbar\ietoolbar\resources\en-us\local\search.html
    IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-us\local\search.html
    IE: Customize Menu - c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000
    IE: Fill Forms - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
    IE: RoboForm Toolbar - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
    IE: Save Forms - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
    IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
    IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
    IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
    IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aol toolbar 2.0\aoltb.dll
    IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll
    IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
    IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
    IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
    IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partygaming\partypoker\RunApp.exe
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE}
    IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
    DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} - hxxp://www.cult3d.com/download/cult.cab
    DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} - hxxps://email1.uncg.edu/iNotes6W.cab
    DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093022982828
    DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - hxxp://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
    DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} - hxxp://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab
    DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} - hxxps://email1.uncg.edu/dwa7W.cab
    TCP: NameServer = 192.168.2.1
    TCP: Interfaces\{196884E1-B8D6-4BC4-9567-F3FB9D5C7A3C} : DHCPNameServer = 24.25.5.148 24.25.5.147
    TCP: Interfaces\{B736D6DA-89A2-4C2F-8C32-D810EA1BDED8} : DHCPNameServer = 192.168.2.1
    Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\program files\mcafee\msc\McSnIePl.dll
    Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\28.0.1500.72\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    Hosts: 65.75.216.6www.winmx.com err.winmx.com
    Hosts: 205.238.40.54www.winmx.com err.winmx.com
    Hosts: 65.75.216.6cache0.winmx.com test3201.winmx.com test3206.winmx.com
    Hosts: 65.75.216.7cache1.winmx.com test3202.winmx.com test3207.winmx.com
    Hosts: 82.43.229.238cache2.winmx.com test3203.winmx.com test3208.winmx.com
    .
    Note: multiple HOSTS entries found. Please refer to Attach.txt
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\antonio\application data\mozilla\firefox\profiles\7yv82uzq.default\
    FF - prefs.js: browser.search.selectedEngine - Delta Search
    FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?affID=110790&tt=3612_3&babsrc=HP_ss&mntrId=f4ca058700000000000000111136fae7
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
    FF - plugin: c:\progra~1\mcafee\msc\npMcSnFFPl.dll
    FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\babelgum player\npweb_babelgumplayer_0.9.18.dll
    FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\update\1.3.21.145\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin8.dll
    FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll
    FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_224.dll
    FF - ExtSQL: !HIDDEN! 2009-09-08 19:59; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: extensions.BabylonToolbar.autoRvrt - false
    FF - user.js: extensions.BabylonToolbar_i.newTab - false
    FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=f4ca058700000000000000111136fae7&q=
    FF - user.js: extensions.BabylonToolbar.id - f4ca058700000000000000111136fae7
    FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
    FF - user.js: extensions.BabylonToolbar.instlDay - 15589
    FF - user.js: extensions.BabylonToolbar.vrsn - 1.6.9.12
    FF - user.js: extensions.BabylonToolbar.vrsni - 1.6.9.12
    FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.6.9.1222:53:52
    FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
    FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
    FF - user.js: extensions.BabylonToolbar.aflt - babsst
    FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
    FF - user.js: extensions.BabylonToolbar.tlbrId - tb9
    FF - user.js: extensions.BabylonToolbar.instlRef - sst
    FF - user.js: extensions.BabylonToolbar.dfltLng - en
    FF - user.js: extensions.BabylonToolbar.excTlbr - false
    FF - user.js: extensions.BabylonToolbar.admin - false
    FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110790&tt=3612_3
    FF - user.js: extensions.BabylonToolbar_i.babExt -
    FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
    FF - user.js: extensions.delta.tlbrSrchUrl -
    FF - user.js: extensions.delta.id - f4ca0587000000000000e091f5119b00
    FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
    FF - user.js: extensions.delta.instlDay - 15903
    FF - user.js: extensions.delta.vrsn - 1.8.21.5
    FF - user.js: extensions.delta.vrsni - 1.8.21.5
    FF - user.js: extensions.delta.vrsnTs - 1.8.21.519:36:23
    FF - user.js: extensions.delta.prtnrId - delta
    FF - user.js: extensions.delta.prdct - delta
    FF - user.js: extensions.delta.aflt - babsst
    FF - user.js: extensions.delta.smplGrp - none
    FF - user.js: extensions.delta.tlbrId - base
    FF - user.js: extensions.delta.instlRef - sst
    FF - user.js: extensions.delta.dfltLng - en
    FF - user.js: extensions.delta.excTlbr - false
    FF - user.js: extensions.delta.ffxUnstlRst - true
    FF - user.js: extensions.delta.admin - false
    FF - user.js: extensions.delta_i.babTrack - affID=119351&tsp=4946
    FF - user.js: extensions.delta_i.babExt -
    FF - user.js: extensions.delta_i.srcExt - ss
    FF - user.js: extensions.delta.autoRvrt - false
    FF - user.js: extensions.delta.rvrt - false
    FF - user.js: extensions.delta.newTab - false
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2012-7-17 565888]
    R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2012-7-17 91640]
    R1 MOBKFilter;MOBKFilter;c:\windows\system32\drivers\MOBK.sys [2013-1-29 54776]
    R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2008-9-10 66048]
    R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2013-1-29 60920]
    R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [2008-10-1 57440]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-7-17 22856]
    R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2013-1-29 235264]
    R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2013-1-29 363080]
    R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2013-1-29 84904]
    R3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\drivers\WN111v2.sys [2009-1-14 458752]
    S3 AWINDIS5;AWINDIS5 Protocol Driver;c:\windows\system32\AWINDIS5.SYS [2005-8-18 16194]
    S3 DCamUSB20;Veo Web Camera;c:\windows\system32\drivers\VeoMini20.sys [2004-8-15 122219]
    S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2003-7-24 17149]
    S3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2013-1-29 146872]
    S3 LEX_ILU2;LAN-Express IL 802.11 USB 2.0 Driver;c:\windows\system32\drivers\expilu2.sys --> c:\windows\system32\drivers\Expilu2.sys [?]
    S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2013-1-29 65928]
    S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2013-1-29 84904]
    S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2013-1-29 92632]
    S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [2008-9-10 167808]
    S3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [2008-9-10 13532]
    S3 Wdm1;USB Bridge Cable Driver;c:\windows\system32\drivers\usbbc.sys [2004-8-13 15576]
    .
    =============== Created Last 30 ================
    .
    2013-07-18 00:41:2813107200----a-w-c:\windows\system32\oembios.bin
    2013-07-17 23:39:5622856----a-w-c:\windows\system32\drivers\mbam.sys
    2013-07-17 23:39:55--------d-----w-c:\program files\Malwarebytes' Anti-Malware
    2013-07-17 23:36:46--------d-----w-c:\documents and settings\antonio\application data\Zip Opener Packages
    2013-07-17 23:36:08--------d-----w-c:\program files\Delta
    2013-07-17 23:35:49--------d-----w-c:\documents and settings\antonio\application data\Delta
    2013-07-17 23:34:38--------d-----w-c:\documents and settings\antonio\application data\DSite
    2013-07-17 23:34:33--------d-----w-c:\program files\OpenIt
    2013-07-17 01:50:10--------d-----w-c:\program files\iPod
    2013-07-17 01:49:42--------d-----w-c:\documents and settings\all users\application data\188F1432-103A-4ffb-80F1-36B633C5C9E1
    .
    ==================== Find3M ====================
    .
    2013-06-13 18:07:1571048----a-w-c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-06-13 18:07:15692104----a-w-c:\windows\system32\FlashPlayerApp.exe
    2013-06-13 18:07:099089416----a-w-c:\windows\system32\FlashPlayerInstaller.exe
    2013-06-07 21:30:55841216----a-w-c:\windows\system32\wininet.dll
    2013-06-07 21:30:5478336----a-w-c:\windows\system32\ieencode.dll
    2013-06-07 21:30:541830912----a-w-c:\windows\system32\inetcpl.cpl
    2013-06-07 21:30:5417408----a-w-c:\windows\system32\corpol.dll
    2013-06-04 07:23:02562688----a-w-c:\windows\system32\qedit.dll
    2013-06-04 01:40:451876736----a-w-c:\windows\system32\win32k.sys
    2013-05-09 04:28:021543680------w-c:\windows\system32\wmvdecod.dll
    2013-05-03 01:30:202149888----a-w-c:\windows\system32\ntoskrnl.exe
    2013-05-03 00:38:172028544----a-w-c:\windows\system32\ntkrnlpa.exe
    .
    ============= FINISH: 19:29:05.29 ===============
  2. Broni

    Broni Malware Annihilator Posts: 46,143   +251

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ==============================

    [​IMG] I still need Attach.txt log from DDS.

    [​IMG] Your MBAM log says "No action taken".
    Re-run MBAM, fix all issues and post new log.
  3. BrokePTstudent

    BrokePTstudent Newcomer, in training Topic Starter

    Am I supposed to "post reply" when responding on here? if not please let me know proper way to reply. The next log on my log list is as follows. I tried to re run program last night but 10 hours later it was still running. I will attempt to run again and repost results tomorrow. I will also post attach.txt log.

    2013/07/17 19:43:47 -0400ANTHONYAntonioMESSAGEExecuting scheduled update: Daily
    2013/07/17 19:43:59 -0400ANTHONYAntonioMESSAGEStarting protection
    2013/07/17 19:43:59 -0400ANTHONYAntonioMESSAGEProtection started successfully
    2013/07/17 19:43:59 -0400ANTHONYAntonioMESSAGEStarting IP protection
    2013/07/17 19:48:20 -0400ANTHONYAntonioMESSAGEIP Protection started successfully
    2013/07/17 19:52:14 -0400ANTHONYAntonioMESSAGEStarting database refresh
    2013/07/17 19:52:15 -0400ANTHONYAntonioMESSAGEStopping IP protection
    2013/07/17 19:52:42 -0400ANTHONYAntonioERRORScheduled update failed: Host not found failed with error code 0
    2013/07/17 19:54:43 -0400ANTHONYAntonioMESSAGEIP Protection stopped successfully
    2013/07/17 20:09:44 -0400ANTHONYMESSAGEStarting protection
    2013/07/17 20:09:44 -0400ANTHONYMESSAGEProtection started successfully
    2013/07/17 20:09:44 -0400ANTHONYMESSAGEStarting IP protection
    2013/07/17 20:10:11 -0400ANTHONYMESSAGEIP Protection started successfully
    2013/07/17 20:27:29 -0400ANTHONYAntonioMESSAGEStarting database refresh
    2013/07/17 20:27:30 -0400ANTHONYAntonioMESSAGEStopping IP protection
    2013/07/17 20:28:14 -0400ANTHONYAntonioMESSAGEIP Protection stopped successfully
    2013/07/17 20:43:31 -0400ANTHONYAntonioMESSAGEDatabase refreshed successfully
    2013/07/17 20:43:32 -0400ANTHONYAntonioMESSAGEStarting IP protection
    2013/07/17 20:44:06 -0400ANTHONYAntonioMESSAGEIP Protection started successfully

    and the next one is:

    2013/07/18 06:22:32 -0400ANTHONYAntonioMESSAGEExecuting scheduled update: Daily
    2013/07/18 06:22:42 -0400ANTHONYAntonioERRORScheduled update failed: Host not found failed with error code 0
    2013/07/18 07:07:33 -0400ANTHONYMESSAGEStarting protection
    2013/07/18 07:07:33 -0400ANTHONYMESSAGEProtection started successfully
    2013/07/18 07:07:33 -0400ANTHONYMESSAGEStarting IP protection
    2013/07/18 07:07:43 -0400ANTHONYMESSAGEIP Protection started successfully
    2013/07/18 18:58:30 -0400ANTHONYMESSAGEStarting protection
    2013/07/18 18:58:30 -0400ANTHONYMESSAGEProtection started successfully
    2013/07/18 18:58:30 -0400ANTHONYMESSAGEStarting IP protection
    2013/07/18 18:58:41 -0400ANTHONYMESSAGEIP Protection started successfully



    attach.txt
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume2
    Install Date: 8/13/2004 10:54:17 AM
    System Uptime: 7/18/2013 6:57:48 PM (1 hours ago)
    .
    Motherboard: Dell Inc. | | 0J3492
    Processor: Intel(R) Pentium(R) 4 CPU 3.20GHz | Microprocessor | 3192/800mhz
    .
    ==== Disk Partitions =========================
    .
    A: is Removable
    C: is FIXED (NTFS) - 145 GiB total, 76.73 GiB free.
    D: is CDROM ()
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Broadcom NetXtreme 57xx Gigabit Controller
    Device ID: PCI\VEN_14E4&DEV_1677&SUBSYS_01771028&REV_01\4&1D7EFF9E&0&00E0
    Manufacturer: Broadcom
    Name: Broadcom NetXtreme 57xx Gigabit Controller
    PNP Device ID: PCI\VEN_14E4&DEV_1677&SUBSYS_01771028&REV_01\4&1D7EFF9E&0&00E0
    Service: b57w2k
    .
    ==== System Restore Points ===================
    .
    RP1211: 5/19/2013 12:26:41 PM - System Checkpoint
    RP1212: 5/19/2013 11:28:14 PM - Software Distribution Service 3.0
    RP1213: 5/21/2013 11:02:41 AM - System Checkpoint
    RP1214: 5/22/2013 6:21:02 PM - System Checkpoint
    RP1215: 6/3/2013 7:02:17 PM - System Checkpoint
    RP1216: 6/5/2013 10:23:40 PM - System Checkpoint
    RP1217: 6/10/2013 9:11:41 PM - System Checkpoint
    RP1218: 6/13/2013 1:33:42 PM - System Checkpoint
    RP1219: 6/13/2013 10:54:34 PM - Software Distribution Service 3.0
    RP1220: 6/17/2013 7:15:10 PM - System Checkpoint
    RP1221: 6/18/2013 7:46:11 PM - System Checkpoint
    RP1222: 6/20/2013 7:10:51 PM - System Checkpoint
    RP1223: 6/24/2013 5:19:28 PM - System Checkpoint
    RP1224: 6/25/2013 6:53:17 PM - System Checkpoint
    RP1225: 7/4/2013 10:54:10 AM - System Checkpoint
    RP1226: 7/15/2013 10:15:37 PM - Software Distribution Service 3.0
    RP1227: 7/15/2013 11:07:53 PM - Software Distribution Service 3.0
    RP1228: 7/16/2013 9:46:54 PM - Installed iTunes
    RP1229: 7/17/2013 11:55:29 PM - System Checkpoint
    .
    ==== Hosts File Hijack ======================
    .
    Hosts: 65.75.216.6www.winmx.com err.winmx.com
    Hosts: 205.238.40.54www.winmx.com err.winmx.com
    Hosts: 65.75.216.6cache0.winmx.com test3201.winmx.com test3206.winmx.com
    Hosts: 65.75.216.7cache1.winmx.com test3202.winmx.com test3207.winmx.com
    Hosts: 82.43.229.238cache2.winmx.com test3203.winmx.com test3208.winmx.com
    Hosts: 205.238.40.1cache3.winmx.com test3204.winmx.com
    Hosts: 205.238.40.2cache4.winmx.com test3205.winmx.com
    Hosts: 65.75.216.6c3310.z1301.winmx.com c3310.z1302.winmx.com c3310.z1303.winmx.com c3310.z1304.winmx.com c3310.z1305.winmx.com c3310.z1306.winmx.com
    Hosts: 65.75.216.6c3311.z1301.winmx.com c3311.z1302.winmx.com c3311.z1303.winmx.com c3311.z1304.winmx.com c3311.z1305.winmx.com c3311.z1306.winmx.com
    Hosts: 65.75.216.6c3312.z1301.winmx.com c3312.z1302.winmx.com c3312.z1303.winmx.com c3312.z1304.winmx.com c3312.z1305.winmx.com c3312.z1306.winmx.com
    Hosts: 65.75.216.7c3313.z1301.winmx.com c3313.z1302.winmx.com c3313.z1303.winmx.com c3313.z1304.winmx.com c3313.z1305.winmx.com c3313.z1306.winmx.com
    Hosts: 65.75.216.7c3314.z1301.winmx.com c3314.z1302.winmx.com c3314.z1303.winmx.com c3314.z1304.winmx.com c3314.z1305.winmx.com c3314.z1306.winmx.com
    Hosts: 65.75.216.7c3315.z1301.winmx.com c3315.z1302.winmx.com c3315.z1303.winmx.com c3315.z1304.winmx.com c3315.z1305.winmx.com c3315.z1306.winmx.com
    Hosts: 82.43.229.238c3316.z1301.winmx.com c3316.z1302.winmx.com c3316.z1303.winmx.com c3316.z1304.winmx.com c3316.z1305.winmx.com c3316.z1306.winmx.com
    Hosts: 82.43.229.238c3317.z1301.winmx.com c3317.z1302.winmx.com c3317.z1303.winmx.com c3317.z1304.winmx.com c3317.z1305.winmx.com c3317.z1306.winmx.com
    Hosts: 205.238.40.1c3318.z1301.winmx.com c3318.z1302.winmx.com c3318.z1303.winmx.com c3318.z1304.winmx.com c3318.z1305.winmx.com c3318.z1306.winmx.com
    Hosts: 205.238.40.2c3319.z1301.winmx.com c3319.z1302.winmx.com c3319.z1303.winmx.com c3319.z1304.winmx.com c3319.z1305.winmx.com c3319.z1306.winmx.com
    Hosts: 65.75.216.6c3520.z1301.winmx.com c3520.z1302.winmx.com c3520.z1303.winmx.com c3520.z1304.winmx.com c3520.z1305.winmx.com c3520.z1306.winmx.com
    Hosts: 65.75.216.6c3521.z1301.winmx.com c3521.z1302.winmx.com c3521.z1303.winmx.com c3521.z1304.winmx.com c3521.z1305.winmx.com c3521.z1306.winmx.com
    Hosts: 65.75.216.6c3522.z1301.winmx.com c3522.z1302.winmx.com c3522.z1303.winmx.com c3522.z1304.winmx.com c3522.z1305.winmx.com c3522.z1306.winmx.com
    Hosts: 65.75.216.7c3523.z1301.winmx.com c3523.z1302.winmx.com c3523.z1303.winmx.com c3523.z1304.winmx.com c3523.z1305.winmx.com c3523.z1306.winmx.com
    Hosts: 65.75.216.7c3524.z1301.winmx.com c3524.z1302.winmx.com c3524.z1303.winmx.com c3524.z1304.winmx.com c3524.z1305.winmx.com c3524.z1306.winmx.com
    Hosts: 65.75.216.7c3525.z1301.winmx.com c3525.z1302.winmx.com c3525.z1303.winmx.com c3525.z1304.winmx.com c3525.z1305.winmx.com c3525.z1306.winmx.com
    Hosts: 82.43.229.238c3526.z1301.winmx.com c3526.z1302.winmx.com c3526.z1303.winmx.com c3526.z1304.winmx.com c3526.z1305.winmx.com c3526.z1306.winmx.com
    Hosts: 82.43.229.238c3527.z1301.winmx.com c3527.z1302.winmx.com c3527.z1303.winmx.com c3527.z1304.winmx.com c3527.z1305.winmx.com c3527.z1306.winmx.com
    Hosts: 205.238.40.1c3528.z1301.winmx.com c3528.z1302.winmx.com c3528.z1303.winmx.com c3528.z1304.winmx.com c3528.z1305.winmx.com c3528.z1306.winmx.com
    Hosts: 205.238.40.2c3529.z1301.winmx.com c3529.z1302.winmx.com c3529.z1303.winmx.com c3529.z1304.winmx.com c3529.z1305.winmx.com c3529.z1306.winmx.com
    Hosts: 65.75.216.6winmx-com.winmxgroup.com winmx-com-v30.winmxgroup.com
    Hosts: 205.238.40.54winmx-com.winmxgroup.com winmx-com-v30.winmxgroup.com
    Hosts: 65.75.216.6test0.winmxgroup.net test5.winmxgroup.net
    Hosts: 65.75.216.7test1.winmxgroup.net test6.winmxgroup.net
    Hosts: 82.43.229.238test2.winmxgroup.net
    Hosts: 205.238.40.1test3.winmxgroup.net
    Hosts: 205.238.40.2test4.winmxgroup.net
    Hosts: 65.75.216.6cache0.winmxgroup.com cache5.winmxgroup.com cache0.winmxgroup.net cache5.winmxgroup.net cache10.winmxgroup.net cache15.winmxgroup.net
    Hosts: 65.75.216.7cache1.winmxgroup.com cache6.winmxgroup.com cache1.winmxgroup.net cache6.winmxgroup.net cache11.winmxgroup.net cache16.winmxgroup.net
    Hosts: 82.43.229.238cache2.winmxgroup.com cache7.winmxgroup.com cache2.winmxgroup.net cache7.winmxgroup.net cache12.winmxgroup.net cache17.winmxgroup.net
    Hosts: 205.238.40.1cache3.winmxgroup.com cache8.winmxgroup.com cache3.winmxgroup.net cache8.winmxgroup.net cache13.winmxgroup.net cache18.winmxgroup.net
    Hosts: 205.238.40.2cache4.winmxgroup.com cache9.winmxgroup.com cache4.winmxgroup.net cache9.winmxgroup.net cache14.winmxgroup.net cache19.winmxgroup.net
    .
    ==== Installed Programs ======================
    .
    32 Bit HP CIO Components Installer
    Acrobat.com
    Adobe Acrobat 5.0
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader XI (11.0.03)
    Adobe Shockwave Player
    AI RoboForm
    AIM 6
    AIM Toolbar
    Amazon Cloud Drive
    AOL Explorer
    AOL Instant Messenger
    AOL Toolbar 2.0
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ArcSoft PhotoImpression 5
    ArcSoft Print Creations
    ArcSoft Print Creations - Album Page
    ArcSoft Print Creations - Funhouse
    ArcSoft Print Creations - Greeting Card
    ArcSoft Print Creations - Photo Book
    ArcSoft Print Creations - Photo Calendar
    ArcSoft Print Creations - Scrapbook
    ArcSoft Print Creations - Slimline Card
    ATI Control Panel
    ATI Display Driver
    Babelgum
    Babylon toolbar on IE
    BabylonObjectInstaller
    Banctec Service Agreement
    BlackBerry Desktop Software 7.0
    Bonjour
    Broadcom Advanced Control Suite 2
    BufferChm
    BZFlag 2.0.8 (remove only)
    CardRd81
    CCScore
    ClubWPT
    Compatibility Pack for the 2007 Office system
    CR2
    Creative MediaSource
    Critical Update for Windows Media Player 11 (KB959772)
    CustomerResearchQFolder
    DA920EN
    Deer Hunter 2
    Dell AIO Printer A920
    Dell Digital Jukebox Driver
    Dell Media Experience
    Dell Networking Guide
    Dell Solution Center
    Dell Support 5.0.0 (766)
    Delta Chrome Toolbar
    Delta toolbar
    Diet Analysis Plus 7.0.1
    Download Updater (AOL LLC)
    EPSON CX5000 Series User's Guide
    EPSON Printer Software
    EPSON Scan
    EPSON Stylus CX5000 Scanner Driver Update
    ESSBrwr
    ESSCDBK
    ESScore
    ESSgui
    ESSini
    ESSPCD
    ESSPDock
    ESSTOOLS
    essvatgt
    eSupportQFolder
    Google Chrome
    Google Earth
    Google Update Helper
    Help and Support Customization
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB2570791)
    Hotfix for Windows XP (KB2633952)
    Hotfix for Windows XP (KB2756822)
    Hotfix for Windows XP (KB2779562)
    Hotfix for Windows XP (KB932716-v2)
    Hotfix for Windows XP (KB945060-v3)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    HP Customer Participation Program 9.0
    HP Photosmart Essential 2.01
    HP Photosmart Essential2.01
    HP Smart Web Printing
    HP Solution Center 9.0
    HP Update
    HPProductAssistant
    HPSSupply
    Intel Application Accelerator
    Intel(R) 537EP V9x DF PCI Modem
    IntelliMover
    Internet Explorer Default Page
    iTunes
    Jasc Paint Shop Photo Album
    Jasc Paint Shop Pro 8 Dell Edition
    Java Auto Updater
    Java(TM) 6 Update 24
    Kodak EasyShare software
    Learn2 Player (Uninstall Only)
    LiveUpdate 2.6 (Symantec Corporation)
    MAGIX Media Manager 2004 silver
    MAGIX PhotoStory on CD & DVD 2005
    Malwarebytes Anti-Malware version 1.75.0.1300
    MarketResearch
    McAfee Internet Security
    McAfee Online Backup
    MediaFACE II
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2833941)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft ActiveX Control Pad
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Encarta Encyclopedia Standard 2004
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    Microsoft Money 2004
    Microsoft Money 2004 System Pack
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Word Viewer 2003
    Microsoft Office XP Professional
    Microsoft PowerPoint Viewer
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft XML Parser
    MobileMe Control Panel
    Modem Helper
    Modem On Hold
    Mozilla Firefox 19.0.2 (x86 en-US)
    Mozilla Maintenance Service
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MUSICMATCH® Jukebox
    MXpie Patch for WinMX Network/WPNP 3.6.3.6
    My Wal-Mart Digital Photo Center
    netbrdg
    Norton WMI Update
    OfotoXMI
    Open It!
    PartyPoker
    Philips Intelligent Agent
    PokerStars.net
    Polar Golfer from AIM (remove only)
    PSSWCORE
    PTEXAM:The Complete Study Guide
    QuickTime
    RealPlayer
    RegCure
    Safari
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Step By Step Interactive Training (KB898458)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Internet Explorer 7 (KB2183461)
    Security Update for Windows Internet Explorer 7 (KB2360131)
    Security Update for Windows Internet Explorer 7 (KB2416400)
    Security Update for Windows Internet Explorer 7 (KB2482017)
    Security Update for Windows Internet Explorer 7 (KB2497640)
    Security Update for Windows Internet Explorer 7 (KB2530548)
    Security Update for Windows Internet Explorer 7 (KB2544521)
    Security Update for Windows Internet Explorer 7 (KB2559049)
    Security Update for Windows Internet Explorer 7 (KB2586448)
    Security Update for Windows Internet Explorer 7 (KB2618444)
    Security Update for Windows Internet Explorer 7 (KB2647516)
    Security Update for Windows Internet Explorer 7 (KB2675157)
    Security Update for Windows Internet Explorer 7 (KB2699988)
    Security Update for Windows Internet Explorer 7 (KB2722913)
    Security Update for Windows Internet Explorer 7 (KB2761465)
    Security Update for Windows Internet Explorer 7 (KB2792100)
    Security Update for Windows Internet Explorer 7 (KB2797052)
    Security Update for Windows Internet Explorer 7 (KB2799329)
    Security Update for Windows Internet Explorer 7 (KB2809289)
    Security Update for Windows Internet Explorer 7 (KB2829530)
    Security Update for Windows Internet Explorer 7 (KB2838727)
    Security Update for Windows Internet Explorer 7 (KB2846071)
    Security Update for Windows Internet Explorer 7 (KB928090)
    Security Update for Windows Internet Explorer 7 (KB929969)
    Security Update for Windows Internet Explorer 7 (KB937143)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB939653)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB969897)
    Security Update for Windows Internet Explorer 7 (KB972260)
    Security Update for Windows Internet Explorer 7 (KB974455)
    Security Update for Windows Internet Explorer 7 (KB976325)
    Security Update for Windows Internet Explorer 7 (KB978207)
    Security Update for Windows Internet Explorer 7 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB2834904)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 10 (KB911565)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2491683)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2510581)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2536276)
    Security Update for Windows XP (KB2544893-v2)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2555917)
    Security Update for Windows XP (KB2562937)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567053)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2584146)
    Security Update for Windows XP (KB2585542)
    Security Update for Windows XP (KB2592799)
    Security Update for Windows XP (KB2598479)
    Security Update for Windows XP (KB2603381)
    Security Update for Windows XP (KB2618451)
    Security Update for Windows XP (KB2619339)
    Security Update for Windows XP (KB2620712)
    Security Update for Windows XP (KB2621440)
    Security Update for Windows XP (KB2624667)
    Security Update for Windows XP (KB2631813)
    Security Update for Windows XP (KB2633171)
    Security Update for Windows XP (KB2639417)
    Security Update for Windows XP (KB2641653)
    Security Update for Windows XP (KB2646524)
    Security Update for Windows XP (KB2647518)
    Security Update for Windows XP (KB2653956)
    Security Update for Windows XP (KB2655992)
    Security Update for Windows XP (KB2659262)
    Security Update for Windows XP (KB2660465)
    Security Update for Windows XP (KB2661637)
    Security Update for Windows XP (KB2676562)
    Security Update for Windows XP (KB2685939)
    Security Update for Windows XP (KB2686509)
    Security Update for Windows XP (KB2691442)
    Security Update for Windows XP (KB2695962)
    Security Update for Windows XP (KB2698365)
    Security Update for Windows XP (KB2705219)
    Security Update for Windows XP (KB2707511)
    Security Update for Windows XP (KB2709162)
    Security Update for Windows XP (KB2712808)
    Security Update for Windows XP (KB2718523)
    Security Update for Windows XP (KB2719985)
    Security Update for Windows XP (KB2723135)
    Security Update for Windows XP (KB2724197)
    Security Update for Windows XP (KB2727528)
    Security Update for Windows XP (KB2731847)
    Security Update for Windows XP (KB2753842-v2)
    Security Update for Windows XP (KB2757638)
    Security Update for Windows XP (KB2758857)
    Security Update for Windows XP (KB2761226)
    Security Update for Windows XP (KB2770660)
    Security Update for Windows XP (KB2778344)
    Security Update for Windows XP (KB2779030)
    Security Update for Windows XP (KB2780091)
    Security Update for Windows XP (KB2799494)
    Security Update for Windows XP (KB2802968)
    Security Update for Windows XP (KB2807986)
    Security Update for Windows XP (KB2813170)
    Security Update for Windows XP (KB2813345)
    Security Update for Windows XP (KB2820197)
    Security Update for Windows XP (KB2820917)
    Security Update for Windows XP (KB2829361)
    Security Update for Windows XP (KB2834886)
    Security Update for Windows XP (KB2839229)
    Security Update for Windows XP (KB2845187)
    Security Update for Windows XP (KB2850851)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981349)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    SFR
    SFR2
    Shared C Run-time for x86
    SHASTA
    Shockwave
    skin0001
    SKINXSDK
    Snood for Windows version 3.52-W
    SolutionCenter
    Sonic DLA
    Sonic RecordNow!
    Sonic Update Manager
    Sound Blaster Live! 24-bit
    staticcr
    tooltips
    UnloadSupport
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 7 (KB976749)
    Update for Windows Internet Explorer 7 (KB980182)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB2607712)
    Update for Windows XP (KB2616676-v2)
    Update for Windows XP (KB2641690)
    Update for Windows XP (KB2661254-v2)
    Update for Windows XP (KB2718704)
    Update for Windows XP (KB2736233)
    Update for Windows XP (KB2749655)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Update for Zip Opener
    Veo Creative Studio - Connect
    Veo Velocity Connect
    VideoToolkit01
    Viewpoint Manager (Remove Only)
    Viewpoint Media Player
    VPRINTOL
    Wajam
    WebFldrs XP
    Webroot Software
    Webshots Desktop
    WG111v2 Configuration Utility
    WildTangent Web Driver
    Windows Genuine Advantage Notifications (KB905474)
    Windows Internet Explorer 7
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows XP Service Pack 3
    WIRELESS
    WN111v2
    WordPerfect Office 12
    Zip Opener Packages
    .
    ==== Event Viewer Messages From Past Week ========
    .
    7/15/2013 10:56:24 PM, information: Windows File Protection [64004] - The protected system file oembios.sig could not be restored to its original, valid version. The file version of the bad file is 0.0.0.1 The specific error code is 0x800b0100 [No signature was present in the subject. ].
    7/15/2013 10:56:24 PM, information: Windows File Protection [64004] - The protected system file oembios.bin could not be restored to its original, valid version. The file version of the bad file is 0.0.0.1 The specific error code is 0x800b0100 [No signature was present in the subject. ].
    7/15/2013 10:03:20 PM, information: Windows File Protection [64004] - The protected system file oembios.dat could not be restored to its original, valid version. The file version of the bad file is 0.0.0.1 The specific error code is 0x800b0100 [No signature was present in the subject. ].
    .
    ==== End Of File ===========================
  4. Broni

    Broni Malware Annihilator Posts: 46,143   +251

    MBAM log is incorrect.
    Please redo.
  5. BrokePTstudent

    BrokePTstudent Newcomer, in training Topic Starter

    Lets try this one. Also apparently I ran this program along time ago because I have a lot of stuff in my quarantine and have a log dated from a long time ago....I will post it as well after what I think is the correct log.

    MBAM log
    Malwarebytes Anti-Malware (Trial) 1.75.0.1300
    www.malwarebytes.org

    Database version: v2013.07.17.09

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 7.0.5730.11
    Antonio :: ANTHONY [administrator]

    Protection: Enabled

    7/17/2013 8:43:52 PM
    mbam-log-2013-07-17 (20-43-52).txt

    Scan type: Full scan (C:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 598744
    Time elapsed: 3 hour(s), 48 minute(s), 32 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 2
    HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
    HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 2
    C:\Documents and Settings\Antonio\Local Settings\Temp\is357113909\SuperLyrics_1060-2024_v116.exe (PUP.LyricsAd) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Antonio\My Documents\Downloads\mozilla-firefox-setup.exe (Adware.ToDownload) -> Quarantined and deleted successfully.

    (end)



    OLD LOG:

    Malwarebytes Anti-Malware 1.65.0.1400
    www.malwarebytes.org

    Database version: v2012.09.07.13

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 7.0.5730.11
    Antonio :: ANTHONY [administrator]

    10/10/2012 7:04:24 PM
    mbam-log-2012-10-10 (19-04-24).txt

    Scan type: Full scan (C:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 538009
    Time elapsed: 1 hour(s), 47 minute(s), 33 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 13
    HKCR\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (Adware.Minibug) -> Quarantined and deleted successfully.
    HKCR\TypeLib\{3C2D2A1E-031F-4397-9614-87C932A848E0} (Adware.Minibug) -> Quarantined and deleted successfully.
    HKCR\Interface\{04A38F6B-006F-4247-BA4C-02A139D5531C} (Adware.Minibug) -> Quarantined and deleted successfully.
    HKCR\MiniBugTransporter.MiniBugTransporterX.1 (Adware.Minibug) -> Quarantined and deleted successfully.
    HKCR\MiniBugTransporter.MiniBugTransporterX (Adware.Minibug) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{549B5CA7-4A86-11D7-A4DF-000874180BB3} (Trojan.Agent) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{549B5CA7-4A86-11D7-A4DF-000874180BB3} (Trojan.Agent) -> Quarantined and deleted successfully.
    HKCR\CLSID\{E856B973-45FD-4559-8F82-EAB539144667} (Adware.Gdown) -> Quarantined and deleted successfully.
    HKCR\TypeLib\{DF058C45-CD18-453e-8745-5A77F60722AB} (Adware.Gdown) -> Quarantined and deleted successfully.
    HKCR\Interface\{B5A33C35-7298-4D15-8753-A2E851E2EAB3} (Adware.Gdown) -> Quarantined and deleted successfully.
    HKCR\GTDOWNDE.GTAutoFixDLCtrl.1 (Adware.Gdown) -> Quarantined and deleted successfully.
    HKCR\GTDOWNDE.GTAutoFixDLCtrl (Adware.Gdown) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Trymedia Systems (Adware.TryMedia) -> Quarantined and deleted successfully.

    Registry Values Detected: 2
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\PROGRAM FILES\COMMON FILES\REAL\WEATHERBUG\MINIBUGTRANSPORTER.DLL (Adware.Minibug) -> Data: 1 -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions|MeltMe (Malware.Trace) -> Data: C:\Documents and Settings\Antonio\Local Settings\Temporary Internet Files\Content.IE5\C96781EN\Picture_12[1].com -> Quarantined and deleted successfully.

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 4
    C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully.
    C:\Downloads\DeusExGotYSetup-dm[1].exe (Adware.TryMedia) -> Quarantined and deleted successfully.
    C:\WINDOWS\SYSTEM32\GTDownDE_87.ocx (Adware.Gdown) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Antonio\Favorites\Adult Sites\Hardcore\Yvon's Training.lnk (Adware.SurfAssistant) -> Quarantined and deleted successfully.

    (end)
  6. Broni

    Broni Malware Annihilator Posts: 46,143   +251

    [​IMG] Download RogueKiller for 32bit or Roguekiller for 64bit to your Desktop.
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Create new restore point before proceeding with the next step....
    How to:
    - Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
    - Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
    - Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
    - XP: http://support.microsoft.com/kb/948247

    Download Malwarebytes Anti-Rootkit (MBAR) from HERE
    • Unzip downloaded file.
    • Open the folder where the contents were unzipped and run mbar.exe
    • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
    • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
    • Wait while the system shuts down and the cleanup process is performed.
    • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
  7. BrokePTstudent

    BrokePTstudent Newcomer, in training Topic Starter

    Malwarebytes Anti-rootkit has been running for 24 hours and is still not done...should I cancel and restart or should I let it keep going? Here is the rougekiller log:

    RogueKiller V8.6.3 [Jul 17 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.adlice.com/forum/
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
    Started in : Normal mode
    User : Antonio [Admin rights]
    Mode : Remove -- Date : 07/25/2013 22:15:56
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 3 ¤¤¤
    [HJ POL] HKLM\[...]\System : DisableTaskMgr (0) -> DELETED
    [HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

    ¤¤¤ Scheduled tasks : 1 ¤¤¤
    [V1][SUSP PATH] At1.job : C:\DOCUME~1\Antonio\APPLIC~1\DSite\UPDATE~1\UPDATE~1.EXE - /Check [-] -> DELETED

    ¤¤¤ Startup Entries : 0 ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [LOADED] ¤¤¤

    ¤¤¤ External Hives: ¤¤¤

    ¤¤¤ Infection : ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> %SystemRoot%\System32\drivers\etc\hosts


    127.0.0.1 localhost
    65.75.216.6www.winmx.com err.winmx.com
    205.238.40.54www.winmx.com err.winmx.com
    65.75.216.6cache0.winmx.com test3201.winmx.com test3206.winmx.com
    65.75.216.7cache1.winmx.com test3202.winmx.com test3207.winmx.com
    82.43.229.238cache2.winmx.com test3203.winmx.com test3208.winmx.com
    205.238.40.1cache3.winmx.com test3204.winmx.com
    205.238.40.2cache4.winmx.com test3205.winmx.com
    65.75.216.6c3310.z1301.winmx.com c3310.z1302.winmx.com c3310.z1303.winmx.com c3310.z1304.winmx.com c3310.z1305.winmx.com c3310.z1306.winmx.com
    65.75.216.6c3311.z1301.winmx.com c3311.z1302.winmx.com c3311.z1303.winmx.com c3311.z1304.winmx.com c3311.z1305.winmx.com c3311.z1306.winmx.com
    65.75.216.6c3312.z1301.winmx.com c3312.z1302.winmx.com c3312.z1303.winmx.com c3312.z1304.winmx.com c3312.z1305.winmx.com c3312.z1306.winmx.com
    65.75.216.7c3313.z1301.winmx.com c3313.z1302.winmx.com c3313.z1303.winmx.com c3313.z1304.winmx.com c3313.z1305.winmx.com c3313.z1306.winmx.com
    65.75.216.7c3314.z1301.winmx.com c3314.z1302.winmx.com c3314.z1303.winmx.com c3314.z1304.winmx.com c3314.z1305.winmx.com c3314.z1306.winmx.com
    65.75.216.7c3315.z1301.winmx.com c3315.z1302.winmx.com c3315.z1303.winmx.com c3315.z1304.winmx.com c3315.z1305.winmx.com c3315.z1306.winmx.com
    82.43.229.238c3316.z1301.winmx.com c3316.z1302.winmx.com c3316.z1303.winmx.com c3316.z1304.winmx.com c3316.z1305.winmx.com c3316.z1306.winmx.com
    82.43.229.238c3317.z1301.winmx.com c3317.z1302.winmx.com c3317.z1303.winmx.com c3317.z1304.winmx.com c3317.z1305.winmx.com c3317.z1306.winmx.com
    205.238.40.1c3318.z1301.winmx.com c3318.z1302.winmx.com c3318.z1303.winmx.com c3318.z1304.winmx.com c3318.z1305.winmx.com c3318.z1306.winmx.com
    205.238.40.2c3319.z1301.winmx.com c3319.z1302.winmx.com c3319.z1303.winmx.com c3319.z1304.winmx.com c3319.z1305.winmx.com c3319.z1306.winmx.com
    65.75.216.6c3520.z1301.winmx.com c3520.z1302.winmx.com c3520.z1303.winmx.com c3520.z1304.winmx.com c3520.z1305.winmx.com c3520.z1306.winmx.com
    65.75.216.6c3521.z1301.winmx.com c3521.z1302.winmx.com c3521.z1303.winmx.com c3521.z1304.winmx.com c3521.z1305.winmx.com c3521.z1306.winmx.com
    [...]


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: ST3160023AS +++++
    --- User ---
    [MBR] 08100529bb7247753ee04b4ad370de63
    [BSP] 4505518f8f194d67f68cbff0f8b021ec : MBR Code unknown
    Partition table:
    0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 54 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 112455 | Size: 148985 Mo
    2 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 305235000 | Size: 3584 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[0]_D_07252013_221556.txt >>
    RKreport[0]_S_07252013_221508.txt


    RogueKiller V8.6.3 [Jul 17 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.adlice.com/forum/
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
    Started in : Normal mode
    User : Antonio [Admin rights]
    Mode : Scan -- Date : 07/25/2013 22:15:08
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 3 ¤¤¤
    [HJ POL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND
    [HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Scheduled tasks : 1 ¤¤¤
    [V1][SUSP PATH] At1.job : C:\DOCUME~1\Antonio\APPLIC~1\DSite\UPDATE~1\UPDATE~1.EXE - /Check [-] -> FOUND

    ¤¤¤ Startup Entries : 0 ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [LOADED] ¤¤¤

    ¤¤¤ External Hives: ¤¤¤

    ¤¤¤ Infection : ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> %SystemRoot%\System32\drivers\etc\hosts


    127.0.0.1 localhost
    65.75.216.6www.winmx.com err.winmx.com
    205.238.40.54www.winmx.com err.winmx.com
    65.75.216.6cache0.winmx.com test3201.winmx.com test3206.winmx.com
    65.75.216.7cache1.winmx.com test3202.winmx.com test3207.winmx.com
    82.43.229.238cache2.winmx.com test3203.winmx.com test3208.winmx.com
    205.238.40.1cache3.winmx.com test3204.winmx.com
    205.238.40.2cache4.winmx.com test3205.winmx.com
    65.75.216.6c3310.z1301.winmx.com c3310.z1302.winmx.com c3310.z1303.winmx.com c3310.z1304.winmx.com c3310.z1305.winmx.com c3310.z1306.winmx.com
    65.75.216.6c3311.z1301.winmx.com c3311.z1302.winmx.com c3311.z1303.winmx.com c3311.z1304.winmx.com c3311.z1305.winmx.com c3311.z1306.winmx.com
    65.75.216.6c3312.z1301.winmx.com c3312.z1302.winmx.com c3312.z1303.winmx.com c3312.z1304.winmx.com c3312.z1305.winmx.com c3312.z1306.winmx.com
    65.75.216.7c3313.z1301.winmx.com c3313.z1302.winmx.com c3313.z1303.winmx.com c3313.z1304.winmx.com c3313.z1305.winmx.com c3313.z1306.winmx.com
    65.75.216.7c3314.z1301.winmx.com c3314.z1302.winmx.com c3314.z1303.winmx.com c3314.z1304.winmx.com c3314.z1305.winmx.com c3314.z1306.winmx.com
    65.75.216.7c3315.z1301.winmx.com c3315.z1302.winmx.com c3315.z1303.winmx.com c3315.z1304.winmx.com c3315.z1305.winmx.com c3315.z1306.winmx.com
    82.43.229.238c3316.z1301.winmx.com c3316.z1302.winmx.com c3316.z1303.winmx.com c3316.z1304.winmx.com c3316.z1305.winmx.com c3316.z1306.winmx.com
    82.43.229.238c3317.z1301.winmx.com c3317.z1302.winmx.com c3317.z1303.winmx.com c3317.z1304.winmx.com c3317.z1305.winmx.com c3317.z1306.winmx.com
    205.238.40.1c3318.z1301.winmx.com c3318.z1302.winmx.com c3318.z1303.winmx.com c3318.z1304.winmx.com c3318.z1305.winmx.com c3318.z1306.winmx.com
    205.238.40.2c3319.z1301.winmx.com c3319.z1302.winmx.com c3319.z1303.winmx.com c3319.z1304.winmx.com c3319.z1305.winmx.com c3319.z1306.winmx.com
    65.75.216.6c3520.z1301.winmx.com c3520.z1302.winmx.com c3520.z1303.winmx.com c3520.z1304.winmx.com c3520.z1305.winmx.com c3520.z1306.winmx.com
    65.75.216.6c3521.z1301.winmx.com c3521.z1302.winmx.com c3521.z1303.winmx.com c3521.z1304.winmx.com c3521.z1305.winmx.com c3521.z1306.winmx.com
    [...]


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: ST3160023AS +++++
    --- User ---
    [MBR] 08100529bb7247753ee04b4ad370de63
    [BSP] 4505518f8f194d67f68cbff0f8b021ec : MBR Code unknown
    Partition table:
    0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 54 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 112455 | Size: 148985 Mo
    2 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 305235000 | Size: 3584 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[0]_S_07252013_221508.txt >>
  8. Broni

    Broni Malware Annihilator Posts: 46,143   +251

    Stop MBAR and re-run it from safe mode.
  9. BrokePTstudent

    BrokePTstudent Newcomer, in training Topic Starter

    Still not having any luck running the MBAR anti root kit. I started up in safe mode and let it run for 36 hours and it still wasn't complete when I canceled the scan.
  10. Broni

    Broni Malware Annihilator Posts: 46,143   +251

    [​IMG] Create new restore point before proceeding with the next step....
    How to:
    - Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
    - Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
    - Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
    - XP: http://support.microsoft.com/kb/948247

    [​IMG] Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
  11. Broni

    Broni Malware Annihilator Posts: 46,143   +251

    Still with me?
     
  12. Broni

    Broni Malware Annihilator Posts: 46,143   +251

    This topic is marked as abandoned and closed due to inactivity.
    This member will NOT be eligible to receive any more help in malware removal forum.
  13. Broni

    Broni Malware Annihilator Posts: 46,143   +251

    Reopened.
  14. Broni

    Broni Malware Annihilator Posts: 46,143   +251

    This time it's definitive.

    This topic is marked as abandoned and closed due to inactivity.
    This member will NOT be eligible to receive any more help in malware removal forum.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.