Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

are two "O17" the norm in hijackthis log + having difficulty l

Started by nirsmar , Apr 02 2013 03:56 PM

This topic is locked

#1
nirsmar

Posted 02 April 2013 - 03:56 PM

Member

Member
67 posts

Hello All,

I do not know if this is the norm but I was looking at my HijackThis Log and found two "O17" which according to the key seems to be a domain hijack. I thought I would post here for clarification. I am also having difficulty lauching the Malwarebytes so I posted the HJT Log and OTL Log below. Thank you for your help.

OTL logfile created on: 4/1/2013 2:00:36 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Admin\My

Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

127.07 Mb Total Physical Memory | 38.32 Mb Available Physical Memory | 30.16% Memory free
305.88 Mb Paging File | 153.39 Mb Available in Paging File | 50.15% Paging File free
Paging file location(s): C:\pagefile.sys 192 384 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 22.98 Gb Free Space | 61.70% Space Free | Partition Type: NTFS

Computer Name: R1 | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File

Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/02/23 13:46:36 | 000,587,671 | ---- | M] () -- C:\Documents and Settings\Admin\My

Documents\Downloads\adwcleaner0.exe
PRC - [2012/12/30 14:23:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and

Settings\Admin\My Documents\Downloads\OTL.exe
PRC - [2010/03/08 03:27:49 | 000,041,800 | ---- | M] (AOL Inc.) -- C:\Program Files\Common

Files\AOL\1364077436\ee\aolsoftware.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) --

C:\WINDOWS\explorer.exe
PRC - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common

Files\AOL\acs\AOLacsd.exe
PRC - [2001/08/17 22:36:54 | 000,086,016 | ---- | M] (PCtel, Inc.) --

C:\WINDOWS\system32\pctspk.exe

========== Modules (No Company Name) ==========

MOD - [2013/02/23 13:46:36 | 000,587,671 | ---- | M] () -- C:\Documents and Settings\Admin\My

Documents\Downloads\adwcleaner0.exe
MOD - [2000/12/22 07:51:00 | 000,028,672 | ---- | M] () -- C:\WINDOWS\system32\NavLogon.dll

========== Services (SafeList) ==========

SRV - [2012/11/19 15:30:45 | 000,115,168 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] --

C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) [On_Demand | Running] --

C:\Program Files\Common Files\AOL\acs\AOLacsd.exe -- (AOL ACS)
SRV - [2001/08/17 22:36:54 | 000,086,016 | ---- | M] (PCtel, Inc.) [Auto | Running] --

C:\WINDOWS\system32\pctspk.exe -- (Pctspk)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | Auto | Stopped] -- system32\DRIVERS\NVxbar.sys -- (NVXBAR)
DRV - File not found [Kernel | Auto | Stopped] -- system32\DRIVERS\nvtunep.sys -- (nvTUNEP)
DRV - File not found [Kernel | Auto | Stopped] -- system32\DRIVERS\nvcap.sys -- (nvcap)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013/04/01 13:48:42 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel |

On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2013/04/01 13:46:41 | 000,035,144 | ---- | M] () [File_System | On_Demand | Running] --

C:\WINDOWS\system32\drivers\mbamchameleon.sys -- (mbamchameleon)
DRV - [2011/08/09 17:33:58 | 000,003,840 | ---- | M] () [Kernel | System | Running] --

C:\WINDOWS\system32\drivers\BANTExt.sys -- (BANTExt)
DRV - [2008/04/13 14:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand

| Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2006/10/31 08:25:42 | 000,151,104 | ---- | M] (Nogatech Ltd.) [Kernel | On_Demand |

Stopped] -- C:\WINDOWS\system32\drivers\NUVision.sys -- (NUVision)
DRV - [2003/06/23 12:15:14 | 000,554,304 | ---- | M] (Voyetra Turtle Beach) [Kernel | On_Demand |

Running] -- C:\WINDOWS\system32\drivers\tbcwdm.sys -- (tbcwdm)
DRV - [2003/06/23 12:15:10 | 000,149,632 | ---- | M] (Voyetra Turtle Beach) [Kernel | On_Demand |

Running] -- C:\WINDOWS\system32\drivers\tbcspud.sys -- (tbcspud)
DRV - [2003/01/10 17:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand |

Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw)
DRV - [2001/08/17 13:28:16 | 000,397,502 | ---- | M] (PCtel, Inc.) [Kernel | Boot | Running] --

C:\WINDOWS\system32\drivers\vpctcom.sys -- (Vpctcom)
DRV - [2001/08/17 13:28:16 | 000,064,605 | ---- | M] (PCtel, Inc.) [Kernel | Boot | Running] --

C:\WINDOWS\system32\drivers\vvoice.sys -- (Vvoice)
DRV - [2001/08/17 13:28:14 | 000,604,253 | ---- | M] (PCTEL, INC.) [Kernel | Boot | Running] --

C:\WINDOWS\system32\drivers\vmodem.sys -- (Vmodem)
DRV - [2001/08/17 13:28:14 | 000,112,574 | ---- | M] (PCTEL, INC.) [Kernel | On_Demand | Stopped]

-- C:\WINDOWS\system32\drivers\ptserlp.sys -- (Ptserlp)
DRV - [2001/08/17 08:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand |

Stopped] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)
DRV - [1997/12/22 22:02:46 | 000,023,936 | ---- | M] (Adaptec) [Kernel | Auto | Running] --

C:\WINDOWS\System32\drivers\aspi32.sys -- (Aspi32)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =

http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache =

http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 50 70

8E 9C CB 2C CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =

http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" =

http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer:

C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2:

C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program

Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program

Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint

Experience Technology\npViewpoint.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components:

C:\Program Files\Mozilla Firefox\components [2012/11/19 15:30:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program

Files\Mozilla Firefox\plugins
FF -

HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}:

C:\Program Files\DAP\DAPFireFox [2013/01/09 17:05:32 | 000,000,000 | ---D | M]

[2012/04/21 15:18:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Extensions
[2012/07/01 13:31:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla

Firefox\extensions
[2012/11/19 15:30:52 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla

firefox\components\browsercomps.dll
[2012/11/19 15:29:55 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla

firefox\searchplugins\bing.xml
[2012/11/19 15:29:55 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla

firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2013/02/23 17:42:52 | 000,000,027 | ---- | M]) -

C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\RunOnce: [1] C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\mbam-chameleon.exe

()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy

Package\dapcleanerie.htm ()
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm ()
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm ()
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://pcpitstop.com...t/PCPitStop.CAB

(PCPitstop Utility)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C}

http://www.update.mi...te.cab?13531602

10045 (WUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5}

http://download.eset...lineScanner.cab (Reg Error: Key error.)
O17 -

HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5A5C8D1A-CB5B-4532-97F0-35F0BDA3C853}:

NameServer = 192.168.0.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program

Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -

C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - (C:\WINDOWS\system32\NavLogon.dll) -

C:\WINDOWS\system32\NavLogon.dll ()
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/10/23 18:13:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [

NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/04/01 13:55:09 | 000,000,000 | ---D | C] -- C:\Documents and

Settings\Admin\Desktop\RK_Quarantine
[2013/04/01 13:45:02 | 000,040,776 | ---- | C] (Malwarebytes Corporation) --

C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2013/04/01 12:32:57 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Admin\Recent
[2013/03/31 15:02:55 | 000,033,588 | R--- | C] (America Online, Inc.) --

C:\WINDOWS\System32\drivers\wanatw4.sys
[2013/03/29 14:32:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\My Documents\CP

Sys 3-29-2013
[2013/03/29 14:12:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\My

Documents\tech assistance 3-29-2013
[2013/03/27 10:41:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application

Data\VSRevoGroup
[2013/03/23 18:27:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application

Data\AOL
[2013/03/23 18:26:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application

Data\Viewpoint
[2013/03/23 18:26:42 | 000,000,000 | ---D | C] -- C:\Program Files\Viewpoint
[2013/03/23 18:24:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application

Data\AOL OCP
[2013/03/23 18:23:53 | 000,000,000 | ---D | C] -- C:\Program Files\AOL
[2013/03/23 18:23:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AOL
[2013/03/23 18:23:25 | 000,000,000 | ---D | C] -- C:\Program Files\AOL Desktop 9.7
[2013/03/23 18:23:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\aolshare
[2013/03/23 18:23:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application

========== Files - Modified Within 30 Days ==========

[2013/04/01 13:48:42 | 000,040,776 | ---- | M] (Malwarebytes Corporation) --

C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2013/04/01 13:46:41 | 000,035,144 | ---- | M] () --

C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2013/04/01 12:25:46 | 000,018,059 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2013/04/01 12:25:12 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/04/01 12:25:10 | 133,316,608 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/24 13:02:05 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2013/03/23 18:27:26 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2013/03/23 08:22:34 | 000,123,728 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/03/19 18:42:21 | 000,101,134 | ---- | M] () -- C:\Documents and Settings\Admin\My

Documents\NB.htm
[2013/03/13 15:11:22 | 000,201,728 | ---- | M] (OldTimer Tools) -- C:\Documents and

Settings\Admin\Desktop\OTC.exe
[2013/03/12 12:36:36 | 000,062,976 | ---- | M] () -- C:\Documents and Settings\Admin\Local

Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/03/11 16:04:17 | 000,000,611 | ---- | M] () -- C:\Documents and

Settings\Admin\Desktop\NTREGOPT.lnk
[2013/03/11 16:04:17 | 000,000,592 | ---- | M] () -- C:\Documents and

Settings\Admin\Desktop\ERUNT.lnk
[2013/03/10 15:41:10 | 000,453,288 | ---- | M] () -- C:\Documents and Settings\Admin\My

Documents\2013JobConnection0311.pdf
[2013/03/10 13:36:27 | 000,392,296 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/03/10 13:36:27 | 000,058,596 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/03/08 15:03:00 | 000,000,917 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\Revo

Uninstaller.lnk
[2013/03/06 17:09:47 | 000,000,627 | ---- | M] () -- C:\Documents and Settings\Admin\My

Documents\HOSTS FOLDER.lnk
[2013/03/05 15:09:27 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

========== Files Created - No Company Name ==========

[2013/04/01 13:46:41 | 000,035,144 | ---- | C] () --

C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2013/03/11 16:04:17 | 000,000,611 | ---- | C] () -- C:\Documents and

Settings\Admin\Desktop\NTREGOPT.lnk
[2013/03/11 16:04:17 | 000,000,592 | ---- | C] () -- C:\Documents and

[2013/03/06 17:05:34 | 000,000,627 | ---- | C] () -- C:\Documents and Settings\Admin\My

Documents\HOSTS FOLDER.lnk
[2013/01/16 17:28:48 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/07/07 10:31:00 | 000,000,006 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2012/05/18 17:02:37 | 000,062,976 | ---- | C] () -- C:\Documents and Settings\Admin\Local

Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/06 15:04:33 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2012/04/24 12:06:09 | 000,109,216 | ---- | C] () -- C:\WINDOWS\System32\EasyHook64.dll
[2012/04/24 12:06:09 | 000,084,480 | ---- | C] () -- C:\WINDOWS\System32\EasyHook32.dll
[2012/04/15 16:07:59 | 000,001,536 | ---- | C] () -- C:\WINDOWS\System32\TrueSoft.dat
[2012/04/15 16:07:35 | 000,000,456 | ---- | C] () -- C:\WINDOWS\System32\pthsp.dat

========== ZeroAccess Check ==========

[2006/10/27 18:40:58 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 20:12:05 | 001,499,136 | ---- | M]

(Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M]

(Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 20:12:08 | 000,273,920 | ---- | M]

(Microsoft Corporation)
"ThreadingModel" = Both

========== Alternate Data Streams ==========

@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application

Data\TEMP:553CA6CA

< End of report >

=====================================================

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:13:14 PM, on 4/1/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\1364077436\ee\aolsoftware.exe
C:\Documents and Settings\Admin\My Documents\Downloads\adwcleaner0.exe
C:\Documents and Settings\Admin\My Documents\Downloads\OTL.exe
C:\Documents and Settings\Admin\My Documents\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\RunOnce: [1] C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\mbam-chameleon.exe /r /p
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: RealGuide - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com...t/PCPitStop.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1353160210045
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset...lineScanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5A5C8D1A-CB5B-4532-97F0-35F0BDA3C853}: NameServer = 192.168.0.1
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe

--
End of file - 3865 bytes

Edited by nirsmar, 02 April 2013 - 04:23 PM.

#2
1972vet

Posted 02 April 2013 - 06:49 PM

Trusted Helper

Malware Removal
99 posts

Greetings nirsmar and Welcome to the Forums,

I see only ONE entry under the "O17" category and it looks fine. Tell us...what is the difficulty with launching mbam? Will it not launch at all or does it launch, but takes some time to open? Not launching at all isn't something I would label as a "difficulty" but taking much longer to open is more suited as an example of such behavior. Please tell us exactly what you mean. Opens slowly, or not at all. Thanks!

#3
nirsmar

Posted 03 April 2013 - 11:35 AM

Member

Topic Starter
Member
67 posts

hello 1972vet...first and foremost thank you for your service!

Per the topic posting, your attention to detail is tops! I had posted the incorrect HJT log above, so below you will find the correct HJT log with TWO "O17" listed.

For MWB, when I launched the software a window opened up and showed the following:
"The Malwarebytes Anti-malware database is missing or corrupt. Would you like to download a new copy? YES - NO"

I clicked the "YES"...Under the impression that it would download or update. I waiting a while and nothing happened. At that point I checked the task manager and didn't see anything related to MWB running, so I restarted the system. I tried relaunching the program again and that time it did not show me the "missing database" window, but did not launch the program either. So, on the third attempt, I ran in Chamelon Mode and it took a long time for the program to start, but finally had it run through the "Chamelon" with results of finding NO malware.

I will clarify any questions you may have. Thank you for working with me.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:37:31 PM, on 4/2/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\1364077436\ee\aolsoftware.exe
C:\Program Files\AOL Desktop 9.7\waol.exe
C:\Program Files\AOL Desktop 9.7\shellmon.exe
C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
C:\Program Files\AOL Desktop 9.7\AOLBrowser\aolbrowser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Admin\My Documents\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: RealGuide - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{5A5C8D1A-CB5B-4532-97F0-35F0BDA3C853}: NameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{C1DB031C-DEF5-4D78-959D-B6343A61388E}: NameServer = 205.188.146.145
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe

--
End of file - 3740 bytes

Edited by nirsmar, 03 April 2013 - 11:40 AM.

#4
1972vet

Posted 04 April 2013 - 07:07 AM

Trusted Helper

Malware Removal
99 posts

I see it now, thanks! That also looks fine to me...it's an AOL proxy domain. Any particular reason why you are even asking about this? Symptoms?
...anyway, the entries in your logs look fairly innocuous to me.

If you are having issues with MBAM, there is the remote chance that some other piece of security software you have on board is interfering with it. It's not very common, nor usual since MBAM gets along fine with most other reputable security products known to mankind, but there are those sparse few occasions when one is found to be either particularly cantankerous, or configured such that it would tend to cause issues with ANY other security product you might be running.

Since MBAM ran just fine via the "Chameleon" utility, I would feel confident that malware is not an issue...which leaves only "other" software or configuration(s) to investigate.

May we see a DDS scan please?:
Disable the active protection component of your antivirus and antispyware programs by following the directions that apply Here. Next, please download the free utility DDS from any of these locations...Here, Here...or Here.
Note - Some infections may prevent certain executable files from running on your computer. If one of these download locations results in a failed run of the utility, please try the next location until you find one that will work on your machine
Double click dds.scr to run the tool

When it completes, DDS will open two (2) logs:
- DDS.txt
- Attach.txt
Save both reports to your desktop.

On your next reply, please post the contents of BOTH of those logs. Thanks!

#5
nirsmar

Posted 04 April 2013 - 11:35 AM

Member

Topic Starter
Member
67 posts

Thanks for looking at the correct HJT log for me. Below you will find the two DDS Logs you requested. Thank You.

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Admin at 13:18:30 on 2013-04-04
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AOL Desktop 9.7\waol.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\1364077436\ee\aolsoftware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AOL Desktop 9.7\AOLBrowser\aolbrowser.exe
C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
.
============== Pseudo HJT Report ===============
.
EB: RealGuide: {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: &Clean Traces - c:\program files\dap\privacy package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\dap\dapextie.htm
IE: Download &all with DAP - c:\program files\dap\dapextie2.htm
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
TCP: Interfaces\{5A5C8D1A-CB5B-4532-97F0-35F0BDA3C853} : NameServer = 192.168.0.1
TCP: Interfaces\{C1DB031C-DEF5-4D78-959D-B6343A61388E} : NameServer = 205.188.146.145
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Name-Space Handler: FTP\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\program files\dap\dapie.dll
Name-Space Handler: HTTP\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\program files\dap\dapie.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\admin\application data\mozilla\firefox\profiles\xzk36lty.default-1362958483423\
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - plugin: c:\windows\system32\npwmsdrm.dll
.
============= SERVICES / DRIVERS ===============
.
R? MBAMSwissArmy;MBAMSwissArmy
R? NUVision;Studio PCTV USB/Radio (NTSC)
R? nvTUNEP;nVidia WDM TVTuner
S? tbcspud;Santa Cruz Driver
S? tbcwdm;Santa Cruz WDM Driver
.
=============== File Associations ===============
.
ShellExec: AcroRd32.exe: print="c:\program files\adobe\acrobat 4.0\reader\AcroRd32.exe"
ShellExec: AcroRd32.exe: printto="c:\program files\adobe\acrobat 4.0\reader\AcroRd32.exe"
.
=============== Created Last 30 ================
.
2013-04-02 17:09:14 33588 ----a-r- c:\windows\system32\drivers\wanatw4.sys
2013-04-01 17:45:02 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-03-27 14:41:56 -------- d-----w- c:\documents and settings\admin\application data\VSRevoGroup
2013-03-23 22:27:51 -------- d-----w- c:\documents and settings\admin\application data\AOL
2013-03-23 22:26:44 -------- d-----w- c:\documents and settings\all users\application data\Viewpoint
2013-03-23 22:26:42 -------- d-----w- c:\program files\Viewpoint
2013-03-23 22:23:26 -------- d-----w- c:\program files\common files\AOL
2013-03-23 22:23:25 -------- d-----w- c:\program files\AOL Desktop 9.7
2013-03-23 22:23:24 -------- d-----w- c:\program files\common files\aolshare
2013-03-20 21:22:14 -------- d-sh--w- C:\found.000
.
==================== Find3M ====================
.
2013-02-21 00:19:13 14664 ----a-w- c:\windows\stinger.sys
2013-02-20 23:55:39 167344 ----a-w- c:\windows\system32\mfevtps.exe.16da.deleteme
2013-01-09 21:04:20 172032 ----a-w- c:\windows\system32\AniGIF.ocx
.
============= FINISH: 13:20:39.65 ===============

========================================================

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 10/23/2006 6:18:11 PM
System Uptime: 4/4/2013 12:11:10 PM (1 hours ago)
.
Processor: Intel® Pentium® 4 CPU 1.60GHz | Microprocessor | 1595/100mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 37 GiB total, 22.903 GiB free.
D: is CDROM ()
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 3Com 3C920 Integrated Fast Ethernet Controller (3C905C-TX Compatible)
Device ID: PCI\VEN_10B7&DEV_9200&SUBSYS_00C71028&REV_78\4&BB7B4AE&0&60F0
Manufacturer: 3Com
Name: 3Com 3C920 Integrated Fast Ethernet Controller (3C905C-TX Compatible)
PNP Device ID: PCI\VEN_10B7&DEV_9200&SUBSYS_00C71028&REV_78\4&BB7B4AE&0&60F0
Service: EL90XBC
.
==== Installed Programs ======================
.
Adobe Acrobat 4.0
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
AOL Uninstaller (Choose which Products to Remove)
Belarc Advisor 8.2
CCleaner
Download Accelerator Plus (DAP)
ERUNT 1.1j
Google Update Helper
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB952287)
InterVideo WinDVD
Malwarebytes Anti-Malware version 1.70.0.1100
Microsoft .NET Framework 2.0
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox 16.0.2 (x86 en-US)
Mozilla Maintenance Service
NVIDIA Drivers
OpenOffice.org 3.3
RealPlayer G2
Retouch Pilot Free 3.5.3
Revo Uninstaller 1.94
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219-v2)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135-v2)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
Studio PCTV USB
Turtle Beach Santa Cruz
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows Internet Explorer 8 (KB2632503)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB951978)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB973815)
Viewpoint Media Player
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows XP Service Pack 3
WinRAR archiver
.
==== End Of File ===========================

#6
1972vet

Posted 04 April 2013 - 07:50 PM

Trusted Helper

Malware Removal
99 posts

One thing I should comment on first is NO antivirus product appears in the list of installed programs. You should have something in addition to using MBAM...and using an occasional scan with "Stinger", although is better than nothing at all, does not offer any real time protection whatsoever. I might add, the Stinger drivers are ever present and would be the most likely candidate for the interference with MBAM. To remedy this, you should (if you insist on continuing to use "Stinger"), open MBAM and navigate to the "Ignore List" tab and then navigate to the location of the "Stinger" utility. Once you find it, just click to select it and then click the "Add" button at the bottom. This will insure that MBAM will ignore the activity of the "Stinger" utility. By the way, if you should experience such behavior with ANY other security product, you should do the same thing with it.

...anyway, I would prefer that you use something that offers real time protection, and "Stinger" isn't one of them. I wouldn't be one to recommend it either since it's updated only a couple times a week. Now, all that said, please let us know if you would be interested in using something else that would offer better and constant protection. Thanks!

Next, I noticed some woefully outdated software on board. Please download FileHippo's Update Checker. Double-click the FHSetup.exe file to install it. When the install completes, you'll find the Update Checker shortcut on the desk top. Double-click on it and a scan begins with the results showing in your browser. Any software it finds to be out of date, will be presented in your browser. Just click on the download link provided there to download your software updates. Ignore the beta software unless you want that...during the scanner initialization, you can click the settings link, then click the results tab and check the box "Hide beta versions". After clicking the OK button, click the "Retry" link to continue the scan with those settings. Please remember to post back your results.

...and lastly, please let us know when you performed the last system defrag. Thanks!

#7
nirsmar

Posted 05 April 2013 - 11:58 AM

Member

Topic Starter
Member
67 posts

Hello 1972Vet:

I am of course interested in running the programs that you recommend, so please let me know. On your say so 'stinger' will be uninstalled and removed if it is not useful. I ran the FileHippo's Updater and it located 7 programs (listed below) that could use updating. I should mention that nearly half of the 7 items listed, I do not use. Should they be updated for techical reasons? By the way, maybe through your expertise you could suggest an alternative to some of the list above in the DDS log. I also do not see JAVA listed in DDS or in the filehippo update list - not sure if it is still installed or disabled? I understand that JAVA could cause issues. I will look to hear back from you. Thank You.

Adobe Reader 11.0.02 - do you suggest an alternative?
Installed Version: 4.0.0.0

CCleaner 4.00.4064
Installed Version: 3.28.0.1913

RealPlayer 16.0.1.18 - NU
Installed Version: 6.0.6.46

Windows Live Messenger 2009 (14.0.8117) - NU
Installed Version: 4.7.0.3001

Windows Media Player 11 - NU
Installed Version: 9.0.0.4503

WinDVD 2011 Build 289 - NU
Installed Version: 1.0.0.1

WinRAR 4.20 (32-bit) - do you suggest an alternative?
Installed Version: 3.61.0.0

===============================================

Edited by nirsmar, 05 April 2013 - 12:42 PM.

#8
1972vet

Posted 05 April 2013 - 06:39 PM

Trusted Helper

Malware Removal
99 posts

Hello 1972Vet:

I am of course interested in running the programs that you recommend, so please let me know. On your say so 'stinger' will be uninstalled and removed if it is not useful. I ran the FileHippo's Updater and it located 7 programs (listed below) that could use updating. I should mention that nearly half of the 7 items listed, I do not use. Should they be updated for techical reasons? By the way, maybe through your expertise you could suggest an alternative to some of the list above in the DDS log. I also do not see JAVA listed in DDS or in the filehippo update list - not sure if it is still installed or disabled? I understand that JAVA could cause issues. I will look to hear back from you. Thank You.

Adobe Reader 11.0.02 - do you suggest an alternative?
Installed Version: 4.0.0.0

CCleaner 4.00.4064
Installed Version: 3.28.0.1913

RealPlayer 16.0.1.18 - NU
Installed Version: 6.0.6.46

Windows Live Messenger 2009 (14.0.8117) - NU
Installed Version: 4.7.0.3001

Windows Media Player 11 - NU
Installed Version: 9.0.0.4503

WinDVD 2011 Build 289 - NU
Installed Version: 1.0.0.1

WinRAR 4.20 (32-bit) - do you suggest an alternative?
Installed Version: 3.61.0.0

===============================================

You can use Fox-it Reader" in lieu of Adobe. If you have programs installed that you don't use, it is far better to remove them than to just keep them around serving you no purpose other than to take up space on the disk. And yes, you are right...Java has (does) and will continue to be exploited. Sun no sooner writes an update and some kid finds a hole again and the process starts all over again ad infinitum (or so it seems to have been to this date). You don't need java per se, in order to experience the web. Sometimes, an application may need it to function, but in that case, it would be included in the installer file of that particular piece of software. I haven't had any issues and I don't have java installed on my system.

For now, please install Microsoft Security Essentials. Once installed, perform a manual update and run a full system scan. Allow the software to quarantine anything it complains of. Post back your results and let us know when the last system defrag was performed. Thanks!

#9
nirsmar

Posted 08 April 2013 - 05:46 PM

Member

Topic Starter
Member
67 posts

Hello 1972Vet:

I will get to work on the steps you posted above in the next day. I did not want you to think I was not responding to your posting. Before the install of MSE, any other suggestions or alternatives.

Thank You.

#10
1972vet

Posted 08 April 2013 - 06:11 PM

Trusted Helper

Malware Removal
99 posts

Hello 1972Vet:

I will get to work on the steps you posted above in the next day. I did not want you to think I was not responding to your posting. Before the install of MSE, any other suggestions or alternatives.

Thank You.

...No problem, I'll be here when you respond. As to any other suggestions, it is typical that these troubleshoot sessions will be layered. That is, after responding to any particular set of instructions, then...(if any) other necessary steps to take will be rendered at that time. This is, as I said, typical so as NOT to set the horse before the cart. All things in there proper time. Thanks for your understanding and patience!

#11
1972vet

Posted 15 April 2013 - 08:35 AM

Trusted Helper

Malware Removal
99 posts

Still with us nirsmar? Are you still in need of assistance?

#12
1972vet

Posted 27 April 2013 - 10:17 AM

Trusted Helper

Malware Removal
99 posts

Due to lack of response, this topic will now be closed to prevent others from posting here. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter.

Other members who need assistance please start your own topic in a new thread. Thanks!

The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.

#13
1972vet

Posted 27 April 2013 - 10:17 AM

Trusted Helper

Malware Removal
99 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.

#14
nirsmar

Posted 10 May 2013 - 05:55 PM

Member

Topic Starter
Member
67 posts

Hello 1972Vet,

Thank you to the admin for re-opening this forum. Sorry for the delay 1972Vet. I must say, I think we need to take a step back because when I went to download MSE, it was taking a very long time and the system did not seem to be running correctly. I also had a search engine redirect to another language. I stopped the download of MSE and ran AdwCleaner, and it found that I had the following in the registy according to the log.

HKCU\Software\APN PIP
HKLM\Software\PIP

I went along with continuing the AdwCleaner and the log is below. I should also mention that I did a CCleaner and reboot to see if the redirect changed, which it seem to (for now.) Lastly, MWB had a difficult time updating, and does not look like it completely ran through a scan. I have posted an OTL and AdwCleaner Logs for your review.

Thank You - Thank You - Thank You

===================
# AdwCleaner v2.200 - Logfile created 05/10/2013 at 17:58:03
# Updated 02/04/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Admin - R1
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Admin\My Documents\Downloads\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Speedbit

***** [Registry] *****

Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKLM\Software\PIP

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v19.0.2 (en-US)

File : C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\xzk36lty.default-1362958483423\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1854 octets] - [01/04/2013 13:59:16]
AdwCleaner[R2].txt - [1973 octets] - [01/04/2013 14:24:26]
AdwCleaner[R3].txt - [2237 octets] - [02/04/2013 16:26:14]
AdwCleaner[R4].txt - [2297 octets] - [06/04/2013 19:31:20]
AdwCleaner[R5].txt - [1418 octets] - [14/04/2013 16:08:20]
AdwCleaner[R7].txt - [1609 octets] - [23/04/2013 14:00:32]
AdwCleaner[R8].txt - [1477 octets] - [10/05/2013 17:54:53]
AdwCleaner[S2].txt - [343 octets] - [01/04/2013 14:23:50]
AdwCleaner[S3].txt - [2393 octets] - [06/04/2013 19:32:24]
AdwCleaner[S5].txt - [1414 octets] - [10/05/2013 17:58:03]

########## EOF - C:\AdwCleaner[S5].txt - [1474 octets] ##########

OTL logfile created on: 5/10/2013 7:42:32 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Admin\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

127.07 Mb Total Physical Memory | 30.59 Mb Available Physical Memory | 19.27% Memory free
496.81 Mb Paging File | 275.65 Mb Available in Paging File | 55.48% Paging File free
Paging file location(s): C:\pagefile.sys 192 384 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 20.57 Gb Free Space | 55.21% Space Free | Partition Type: NTFS

Computer Name: R1 | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/12/30 14:23:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\My Documents\Downloads\OTL.exe
PRC - [2012/04/20 18:50:48 | 000,045,392 | ---- | M] (AOL Inc.) -- C:\Program Files\AOL Desktop 9.7\shellmon.exe
PRC - [2012/04/20 18:50:48 | 000,041,296 | ---- | M] (AOL Inc.) -- C:\Program Files\AOL Desktop 9.7\waol.exe
PRC - [2012/04/20 17:28:02 | 002,213,712 | ---- | M] (AOL Inc.) -- C:\Program Files\AOL Desktop 9.7\AOLBrowser\aolbrowser.exe
PRC - [2011/11/29 19:11:58 | 000,039,240 | ---- | M] (AOL Inc.) -- C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe
PRC - [2010/03/08 03:27:49 | 000,041,800 | ---- | M] (AOL Inc.) -- C:\Program Files\Common Files\AOL\1364077436\ee\aolsoftware.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\acs\AOLacsd.exe
PRC - [2001/08/17 22:36:54 | 000,086,016 | ---- | M] (PCtel, Inc.) -- C:\WINDOWS\system32\pctspk.exe

========== Modules (No Company Name) ==========

MOD - [2012/10/04 19:50:36 | 000,088,688 | ---- | M] () -- C:\WINDOWS\system32\cpwmon2k.dll
MOD - [2012/04/20 18:50:49 | 000,048,640 | ---- | M] () -- C:\Program Files\AOL Desktop 9.7\zlib.dll
MOD - [2012/04/20 18:50:43 | 000,094,208 | ---- | M] () -- C:\Program Files\AOL Desktop 9.7\components\Tier2Svc.dll
MOD - [2012/04/20 18:50:43 | 000,060,928 | ---- | M] () -- C:\Program Files\AOL Desktop 9.7\components\DataSvcs.dll
MOD - [2000/12/22 07:51:00 | 000,028,672 | ---- | M] () -- C:\WINDOWS\system32\NavLogon.dll

========== Services (SafeList) ==========

SRV - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) [On_Demand | Running] -- C:\Program Files\Common Files\AOL\acs\AOLacsd.exe -- (AOL ACS)
SRV - [2001/08/17 22:36:54 | 000,086,016 | ---- | M] (PCtel, Inc.) [Auto | Running] -- C:\WINDOWS\system32\pctspk.exe -- (Pctspk)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | Auto | Stopped] -- system32\DRIVERS\NVxbar.sys -- (NVXBAR)
DRV - File not found [Kernel | Auto | Stopped] -- system32\DRIVERS\nvtunep.sys -- (nvTUNEP)
DRV - File not found [Kernel | Auto | Stopped] -- system32\DRIVERS\nvcap.sys -- (nvcap)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013/05/10 18:40:14 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/08/09 17:33:58 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BANTExt.sys -- (BANTExt)
DRV - [2008/04/13 14:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2006/10/31 08:25:42 | 000,151,104 | ---- | M] (Nogatech Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NUVision.sys -- (NUVision)
DRV - [2003/06/23 12:15:14 | 000,554,304 | ---- | M] (Voyetra Turtle Beach) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tbcwdm.sys -- (tbcwdm)
DRV - [2003/06/23 12:15:10 | 000,149,632 | ---- | M] (Voyetra Turtle Beach) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tbcspud.sys -- (tbcspud)
DRV - [2003/01/10 17:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw)
DRV - [2001/08/17 13:28:16 | 000,397,502 | ---- | M] (PCtel, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\vpctcom.sys -- (Vpctcom)
DRV - [2001/08/17 13:28:16 | 000,064,605 | ---- | M] (PCtel, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\vvoice.sys -- (Vvoice)
DRV - [2001/08/17 13:28:14 | 000,604,253 | ---- | M] (PCTEL, INC.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\vmodem.sys -- (Vmodem)
DRV - [2001/08/17 13:28:14 | 000,112,574 | ---- | M] (PCTEL, INC.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ptserlp.sys -- (Ptserlp)
DRV - [2001/08/17 08:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)
DRV - [1997/12/22 22:02:46 | 000,023,936 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\aspi32.sys -- (Aspi32)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 10 E0 96 2D D5 48 CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/04/22 18:05:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}: C:\Program Files\DAP\DAPFireFox

[2012/04/21 15:18:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Extensions
[2013/04/22 18:05:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/03/07 10:31:00 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013/03/07 10:30:20 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013/03/07 10:30:20 | 000,002,086 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2013/04/14 16:12:59 | 000,000,019 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm File not found
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm File not found
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm File not found
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5A5C8D1A-CB5B-4532-97F0-35F0BDA3C853}: NameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C1DB031C-DEF5-4D78-959D-B6343A61388E}: NameServer = 205.188.146.145
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - (C:\WINDOWS\system32\NavLogon.dll) - C:\WINDOWS\system32\NavLogon.dll ()
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/10/23 18:13:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/05/10 19:31:31 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Admin\Recent
[2013/05/08 12:32:58 | 000,033,588 | R--- | C] (America Online, Inc.) -- C:\WINDOWS\System32\drivers\wanatw4.sys
[2013/05/05 16:48:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\WinRAR
[2013/05/01 15:52:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\My Documents\TECH LINKS 2013
[2013/05/01 15:50:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\My Documents\Fridge Info
[2013/04/28 20:31:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\My Documents\PRINTED DOCS
[2013/04/28 19:17:53 | 000,000,000 | ---D | C] -- C:\Program Files\gs
[2013/04/18 19:52:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\My Documents\Printed Documents

========== Files - Modified Within 30 Days ==========

[2013/05/10 18:40:14 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2013/05/10 18:00:52 | 000,018,059 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2013/05/10 18:00:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/05/10 18:00:08 | 133,316,608 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/25 16:46:48 | 000,000,799 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\File Shredder.lnk
[2013/04/23 15:27:43 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/04/22 18:05:36 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2013/04/16 17:25:59 | 004,980,736 | ---- | M] () -- C:\Documents and Settings\Admin\NTUSER.bak
[2013/04/16 16:25:43 | 000,000,400 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2013/04/14 16:20:55 | 000,014,664 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\stinger.sys

========== Files Created - No Company Name ==========

[2013/04/28 19:36:39 | 000,088,688 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2013/04/22 18:05:36 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2013/04/22 18:05:36 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2013/04/16 17:22:18 | 000,343,049 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\Backup and Old Firefox Data - March 10, 2013.zip
[2013/04/16 11:46:17 | 000,000,400 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2013/01/16 17:28:48 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/07/07 10:31:00 | 000,000,006 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2012/05/18 17:02:37 | 000,086,016 | ---- | C] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/06 15:04:33 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2012/04/24 12:06:09 | 000,109,216 | ---- | C] () -- C:\WINDOWS\System32\EasyHook64.dll
[2012/04/24 12:06:09 | 000,084,480 | ---- | C] () -- C:\WINDOWS\System32\EasyHook32.dll
[2012/04/15 16:07:59 | 000,001,536 | ---- | C] () -- C:\WINDOWS\System32\TrueSoft.dat
[2012/04/15 16:07:35 | 000,000,456 | ---- | C] () -- C:\WINDOWS\System32\pthsp.dat
[2006/10/23 19:51:05 | 004,980,736 | ---- | C] () -- C:\Documents and Settings\Admin\NTUSER.bak

========== ZeroAccess Check ==========

[2006/10/27 18:40:58 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 20:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 20:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Alternate Data Streams ==========

@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:553CA6CA

< End of report >

Edited by nirsmar, 10 May 2013 - 05:58 PM.

#15
1972vet

Posted 11 May 2013 - 07:27 AM

Trusted Helper

Malware Removal
99 posts

A summary of this thread:

Your original request for assistance was on 4/2, and consistently through to the 5th, we were working together to resolve this issue for you.

You made a request to one of the other volunteers here to re-open your thread since I closed it after nearly two weeks without seeing any response from you at all.

When it was re-opened, another week went by before I saw anything from you regarding my last posted request for an MSE scan.

Now, as of today, it is nearly 5 weeks since you created this thread and your issue(s) have morphed from a simple inquery regarding a hijackthis entry or two, along with the complaint of a slow performing mbam utility...to some perceived difficulty in downloading MSE and a suspect browser re-dirction.

To address this, according to your last posting, you went through a series of steps to try resolving this but no such instructions were posted here which directed you to do ANYTHING other than to just download MSE and perform a scan. See what I mean?

SO...I said all that, to say this:
Please, do nothing other than what is directed here and try to accomplish each instruction in the shortest time span possible for you. The reason is because malicious software issues do have a tendency to cause other complications until completely removed.

Now, as to your most recent concerns, I must point out that your description(s) thus far, are sorely lacking details and cannot be considered to be useful really, for underscoring any particular reason(s) for the issues you've complained of. Just as an example, where you say here:
"I think we need to take a step back because when I went to download MSE, it was taking a very long time and the system did not seem to be running correctly..."

...I drew a blank as to just how long of a period of time is "a very long time", and what might I possibly suggest to address your concern of a system which "did not seem to be running correctly".

You understand that those two examples are merely perception issues and nothing relative to an infected system...based upon your description, that is.

As to your adwcleaner log entries, it is apparent that you have downloaded something since we last worked together, and more likely paid little attention to the details of the downloaded programs installation instruction/options, since the entries in that log indicate an adware issue, which in that particular case is from an added, or"bundled" feature that you allowed, when you evidently should have removed a checked box somewhere along the way, which authorized this adware to enter your system.

On your next reply, please tell us how the MSE scan went for you, or whether you could download it. If you are having problems downloading, please tell us what problems you are having...that is, if you wait more than half an hour and the download never completed, that would be good information for us and would give us a clue as to which direction we should go next...otherwise, just telling us that it takes a very long time, is useless information and tells us absolutely nothing about what we might otherwise consider as a "next step" option.