Results 1 to 8 of 8

Thread: malware detected by Malwarebytes

  1. #1
    Junior Member
    Join Date
    Jul 2011
    Posts
    20

    Default malware detected by Malwarebytes

    Hi - I wonder if you can help clean my laptop. I've done numerous scans with malwarebytes and I keep getting virus's being detected even though I had removed them from the previous scan. I've got a virus or two that I can't get rid of. Can you help me clean this laptop. Many thanks.

    I am posting this a second time as I forgot to include the log files in my first post. My apologies. Please can you lock/ delete the previous one.

    DDS.TXT
    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.51.2
    Run by Breakfix at 6:05:27 on 2014-04-27
    Microsoft Windows XP Home Edition 5.1.2600.3.1256.966.1033.18.758.139 [GMT 1:00]
    .
    AV: ZoneAlarm Free Firewall Antivirus *Enabled/Outdated* {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
    AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
    FW: ZoneAlarm Free Firewall Firewall *Enabled*
    .
    ============== Running Processes ================
    .
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
    C:\Program Files\Java\jre7\bin\jqs.exe
    C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe
    C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
    C:\Program Files\Nero\Update\NASvc.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
    C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
    C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
    C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
    C:\WINDOWS\system32\igfxext.exe
    C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
    C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\WINDOWS\system32\ICO.EXE
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
    C:\Program Files\Sony\ISB Utility\ISBMgr.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
    C:\Program Files\Real\RealPlayer\update\realsched.exe
    C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    C:\WINDOWS\V0250Mon.exe
    C:\WINDOWS\system32\RunDll32.exe
    C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
    C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\TrueCrypt\TrueCrypt.exe
    C:\WINDOWS\system\Cm106eye.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    C:\WINDOWS\system32\svchost.exe -k NetworkService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com/ie
    uSearch Page = hxxp://www.google.com
    uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
    mSearchAssistant = hxxp://www.google.com/ie
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
    BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
    BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
    BHO: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
    TB: &Google: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
    TB: &Google: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
    uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
    uRun: [TrueCrypt] "c:\program files\truecrypt\TrueCrypt.exe" /q preferences /a logon
    mRun: [Apoint] c:\program files\apoint\Apoint.exe
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [Mouse Suite 98 Daemon] ICO.EXE
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [SonyPowerCfg] c:\program files\sony\vaio power management\SPMgr.exe
    mRun: [ISBMgr.exe] c:\program files\sony\isb utility\ISBMgr.exe
    mRun: [ISW] c:\program files\checkpoint\zaforcefield\ForceField.exe /icon="hidden"
    mRun: [ZoneAlarm] "c:\program files\checkpoint\zonealarm\zatray.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [Alcmtr] ALCMTR.EXE
    mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
    mRun: [AVFX Engine] c:\program files\creative\creative live! cam\videofx\StartFX.exe
    mRun: [NPSStartup] <no file>
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    StartupFolder: c:\docume~1\breakfix\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dll
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1353827154062
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
    DPF: {CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
    TCP: Interfaces\{CE5CD62E-B86A-4300-96D8-861BBD43E061} : DHCPNameServer = 192.168.0.1
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
    Notify: igfxcui - igfxsrvc.dll
    Notify: SDWinLogon - SDWinLogon.dll
    Notify: VESWinlogon - VESWinlogon.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\breakfix\application data\mozilla\firefox\profiles\3fwbtu14.default\
    FF - prefs.js: browser.startup.homepage - www.google.co.uk
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
    FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
    FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
    FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
    FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
    FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\nprpplugin.dll
    FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_12_0_0_70.dll
    FF - ExtSQL: 2014-03-17 05:28; 120b8567-cef7-4a3f-bc74-951746209d5b...ad73cee452.com; c:\documents and settings\breakfix\application data\mozilla\firefox\profiles\3fwbtu14.default\extensions\120b8567-cef7-4a3f-bc74-951746209d5b@e3f0d12e-110a-4dac-a277-22ad73cee452.com
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 KL1;kl1;c:\windows\system32\drivers\kl1.sys [2012-11-24 133208]
    R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-11-25 37352]
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-11-25 242240]
    R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2012-11-24 11352]
    R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2012-11-24 485808]
    R1 PrivateDisk;PrivateDisk;c:\windows\system32\drivers\privatediskm.sys [2004-7-6 45627]
    R1 Vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2012-8-29 526640]
    R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2012-11-25 440400]
    R2 AntiVirService;Avira Real-Time Protection;c:\program files\avira\antivir desktop\avguard.exe [2012-11-25 440400]
    R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-11-25 90400]
    R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2014-4-15 1682256]
    R2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2012-8-30 27056]
    R2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2012-8-30 497320]
    R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein hamachi\LMIGuardianSvc.exe [2014-4-8 375056]
    R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlservr.exe -svaio_vedb --> c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlservr.exe -sVAIO_VEDB [?]
    R2 NAUpdate;Nero Update;c:\program files\nero\update\NASvc.exe [2012-7-13 769432]
    R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2012-11-24 1103392]
    R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2012-11-24 1369624]
    R2 vsmon;TrueVector Internet Monitor;c:\program files\checkpoint\zonealarm\vsmon.exe -service --> c:\program files\checkpoint\zonealarm\vsmon.exe -service [?]
    R3 USBMULCD;USB Multi-Channel Audio Device Interface;c:\windows\system32\drivers\CM106.sys [2014-2-1 1506304]
    S2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-4 98304]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-4 118784]
    S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2012-11-24 168384]
    S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-3-1 161384]
    S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2013-3-30 30312]
    S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2013-3-30 36608]
    S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlagent.exe -i vaio_vedb --> c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlagent.EXE -i VAIO_VEDB [?]
    S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2013-3-30 96488]
    S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2013-3-30 12776]
    S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2013-3-30 121576]
    S3 V0250Dev;Live! Cam Notebook Pro;c:\windows\system32\drivers\V0250Dev.sys [2012-12-3 185504]
    S3 V0250Vfx;V0250Vfx;c:\windows\system32\drivers\V0250Vfx.sys [2012-12-3 6272]
    S3 VUAgent;VUAgent;c:\program files\sony\vaio update\VUAgent.exe [2014-2-26 1020976]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
    S3 X86BDA;OEM Capture;c:\windows\system32\drivers\OEMDrv.sys [2013-10-28 195712]
    .
    =============== Created Last 30 ================
    .
    2014-04-20 00:36:29 26176 ---ha-w- c:\windows\system32\hamachi.sys
    2014-04-20 00:35:51 -------- d-----w- c:\program files\LogMeIn Hamachi
    2014-04-20 00:33:58 -------- d-----w- c:\documents and settings\breakfix\local settings\application data\LogMeIn Hamachi
    2014-04-19 21:33:29 -------- d-----w- c:\documents and settings\breakfix\local settings\application data\Help
    2014-04-12 23:30:22 -------- d-----w- c:\documents and settings\breakfix\application data\Tunngle
    2014-04-12 23:30:11 27136 ----a-w- c:\windows\system32\drivers\tap0901t.sys
    2014-04-01 23:03:16 -------- d-----w- c:\documents and settings\breakfix\local settings\application data\LogMeIn
    2014-04-01 23:03:16 -------- d-----w- c:\documents and settings\all users\application data\LogMeIn
    2014-04-01 21:12:20 -------- d-----w- c:\program files\common files\3DO Shared
    2014-04-01 21:12:20 -------- d-----w- c:\program files\3DO
    .
    ==================== Find3M ====================
    .
    2014-03-17 18:09:51 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2014-03-17 18:09:50 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2014-02-05 23:26:52 920064 ----a-w- c:\windows\system32\wininet.dll
    2014-02-05 23:26:43 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2014-02-05 23:26:42 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2014-02-05 23:26:37 18944 ----a-w- c:\windows\system32\corpol.dll
    2014-02-05 22:24:05 385024 ----a-w- c:\windows\system32\html.iec
    .
    ============= FINISH: 6:08:17.67 ===============

    aswMBR.txt

    aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
    Run date: 2014-04-27 06:09:44
    -----------------------------
    06:09:44.750 OS Version: Windows 5.1.2600 Service Pack 3
    06:09:44.750 Number of processors: 1 586 0xD08
    06:09:44.750 ComputerName: YOUR-A1A59965FA UserName: Breakfix
    06:09:49.656 Initialize success
    06:21:47.453 AVAST engine defs: 14042601
    06:22:59.031 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
    06:22:59.046 Disk 0 Vendor: FUJITSU_MHV2080AT 00000096 Size: 76319MB BusType: 3
    06:22:59.046 Disk 1 \Device\Harddisk1\DR4 -> \Device\00000088
    06:22:59.062 Disk 1 Vendor: ( Size: 76319MB BusType: 0
    06:22:59.234 Disk 0 MBR read successfully
    06:22:59.234 Disk 0 MBR scan
    06:23:01.875 Disk 0 unknown MBR code
    06:23:01.890 Disk 0 Partition 1 00 12 Compaq diag NTFS 7153 MB offset 63
    06:23:04.656 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS 28615 MB offset 14651280
    06:23:07.453 Disk 0 Partition - 00 0F Extended LBA 40546 MB offset 73256400
    06:23:07.468 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 40546 MB offset 73256463
    06:23:07.890 Disk 0 scanning sectors +156296385
    06:23:08.000 Disk 0 scanning C:\WINDOWS\system32\drivers
    06:23:08.046 Service scanning
    06:26:14.656 Modules scanning
    06:26:14.765 Disk 0 trace - called modules:
    06:26:14.781 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys sptd.sys pciide.sys PCIIDEX.SYS
    06:26:14.781 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8397f998]
    06:26:14.781 3 CLASSPNP.SYS[f752cfd7] -> nt!IofCallDriver -> \Device\0000007f[0x839749e8]
    06:26:14.781 5 ACPI.sys[f7278620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x83975d98]
    06:26:17.578 AVAST engine scan C:\WINDOWS
    06:26:17.640 AVAST engine scan C:\WINDOWS\system32
    06:26:17.687 AVAST engine scan C:\WINDOWS\system32\drivers
    06:26:17.703 AVAST engine scan C:\Documents and Settings\Breakfix
    06:26:17.718 AVAST engine scan C:\Documents and Settings\All Users
    06:26:17.718 Scan finished successfully
    06:27:51.234 Disk 0 MBR has been saved successfully to "D:\Downloads\Malware Removal\MBR.dat"
    06:27:51.250 The log file has been saved successfully to "D:\Downloads\Malware Removal\aswMBR.txt"
    Attached Files Attached Files

  2. #2
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,066

    Default

    hi Breakfix,

    Can you post the last Malwarebytes scan log and we may get some more clues about the malware.

    If you start MBAM via the icon on the desktop, on the main menu there is a logs tab. Double click on the last scans log and it will open in notepad. From there you can Edit>select all, Edit>copy, then paste the log in in your reply.
    How Can I Reduce My Risk?

  3. #3
    Junior Member
    Join Date
    Jul 2011
    Posts
    20

    Default

    As requested

    Malwarebytes Anti-Malware 1.75.0.1300
    www.malwarebytes.org

    Database version: v2014.04.27.01

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    Breakfix :: YOUR-A1A59965FA [administrator]

    27/04/2014 02:53:45
    mbam-log-2014-04-27 (02-53-45).txt

    Scan type: Full scan (C:\|D:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 305071
    Time elapsed: 1 hour(s), 53 minute(s), 56 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 1
    HKCU\SOFTWARE\FLOWSURF (PUP.Optional.FlowSurf.A) -> Quarantined and deleted successfully.

    Registry Values Detected: 1
    HKCU\Software\Flowsurf|chrid (PUP.Optional.FlowSurf.A) -> Data: oglkiljdmflopemijdadoiepkhcaodjn -> Quarantined and deleted successfully.

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 11
    C:\Program Files\Flowsurf (PUP.Optional.FlowSurf.A) -> Quarantined and deleted successfully.
    C:\Program Files\Flowsurf\jid1-tofUlNEIFlkUIA@jetpack (PUP.Optional.FlowSurf.A) -> Quarantined and deleted successfully.
    C:\Program Files\Flowsurf\jid1-tofUlNEIFlkUIA@jetpack\defaults (PUP.Optional.FlowSurf.A) -> Quarantined and deleted successfully.
    C:\Program Files\Flowsurf\jid1-tofUlNEIFlkUIA@jetpack\defaults\preferences (PUP.Optional.FlowSurf.A) -> Quarantined and deleted successfully.
    C:\Program Files\Flowsurf\jid1-tofUlNEIFlkUIA@jetpack\locale (PUP.Optional.FlowSurf.A) -> Quarantined and deleted successfully.
    C:\Program Files\Flowsurf\jid1-tofUlNEIFlkUIA@jetpack\resources (PUP.Optional.FlowSurf.A) -> Quarantined and deleted successfully.
    C:\Program Files\Flowsurf\jid1-tofUlNEIFlkUIA@jetpack\resources\addon-sdk (PUP.Optional.FlowSurf.A) -> Quarantined and deleted successfully.
    C:\Program Files\Flowsurf\jid1-tofUlNEIFlkUIA@jetpack\resources\addon-sdk\lib (PUP.Optional.FlowSurf.A) -> Quarantined and deleted successfully.
    C:\Program Files\Flowsurf\jid1-tofUlNEIFlkUIA@jetpack\resources\flowsurf (PUP.Optional.FlowSurf.A) -> Quarantined and deleted successfully.
    C:\Program Files\Flowsurf\jid1-tofUlNEIFlkUIA@jetpack\resources\flowsurf\data (PUP.Optional.FlowSurf.A) -> Quarantined and deleted successfully.
    C:\Program Files\Flowsurf\jid1-tofUlNEIFlkUIA@jetpack\resources\flowsurf\lib (PUP.Optional.FlowSurf.A) -> Quarantined and deleted successfully.

    Files Detected: 12
    C:\Program Files\Flowsurf\install.ico (PUP.Optional.FlowSurf.A) -> Quarantined and deleted successfully.
    C:\Program Files\Flowsurf\atl110.dll (PUP.Optional.FlowSurf.A) -> Quarantined and deleted successfully.
    C:\Program Files\Flowsurf\fsupd.exe (PUP.Optional.FlowSurf.A) -> Quarantined and deleted successfully.
    C:\Program Files\Flowsurf\msvcr110.dll (PUP.Optional.FlowSurf.A) -> Quarantined and deleted successfully.
    C:\Program Files\Flowsurf\jid1-tofUlNEIFlkUIA@jetpack\bootstrap.js (PUP.Optional.FlowSurf.A) -> Quarantined and deleted successfully.
    C:\Program Files\Flowsurf\jid1-tofUlNEIFlkUIA@jetpack\harness-options.json (PUP.Optional.FlowSurf.A) -> Quarantined and deleted successfully.
    C:\Program Files\Flowsurf\jid1-tofUlNEIFlkUIA@jetpack\icon.png (PUP.Optional.FlowSurf.A) -> Quarantined and deleted successfully.
    C:\Program Files\Flowsurf\jid1-tofUlNEIFlkUIA@jetpack\icon64.png (PUP.Optional.FlowSurf.A) -> Quarantined and deleted successfully.
    C:\Program Files\Flowsurf\jid1-tofUlNEIFlkUIA@jetpack\install.rdf (PUP.Optional.FlowSurf.A) -> Quarantined and deleted successfully.
    C:\Program Files\Flowsurf\jid1-tofUlNEIFlkUIA@jetpack\locales.json (PUP.Optional.FlowSurf.A) -> Quarantined and deleted successfully.
    C:\Program Files\Flowsurf\jid1-tofUlNEIFlkUIA@jetpack\defaults\preferences\prefs.js (PUP.Optional.FlowSurf.A) -> Quarantined and deleted successfully.
    C:\Program Files\Flowsurf\jid1-tofUlNEIFlkUIA@jetpack\resources\flowsurf\lib\main.js (PUP.Optional.FlowSurf.A) -> Quarantined and deleted successfully.

    (end)

  4. #4
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,066

    Default

    ok thanks for the info. We will move on to adwcleaner and see what it can dig up:

    Please download adwcleaner to your desktop.
    Right click and select run as admin.
    Click on SCAN. Once the scan completes, click on report.
    Please copy/paste the report in your next reply.
    Exit Adwcleaner with File>Exit.
    How Can I Reduce My Risk?

  5. #5
    Junior Member
    Join Date
    Jul 2011
    Posts
    20

    Default

    As requested

    # AdwCleaner v3.205 - Report created 29/04/2014 at 17:08:55
    # Updated 28/04/2014 by Xplode
    # Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
    # Username : Breakfix - YOUR-A1A59965FA
    # Running from : D:\Downloads\AdwCleaner(1).exe
    # Option : Scan

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    Folder Found : C:\Documents and Settings\Breakfix\Application Data\CheckPoint\ZoneAlarm LTD Toolbar
    Folder Found : C:\Documents and Settings\Breakfix\Application Data\Mozilla\Firefox\Profiles\3fwbtu14.default\Extensions\120b8567-cef7-4a3f-bc74-951746209d5b@e3f0d12e-110a-4dac-a277-22ad73cee452.com

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Found : HKLM\Software\Description

    ***** [ Browsers ] *****

    -\\ Internet Explorer v8.0.6001.18702


    -\\ Mozilla Firefox v19.0.2 (en-US)

    [ File : C:\Documents and Settings\Breakfix\Application Data\Mozilla\Firefox\Profiles\3fwbtu14.default\prefs.js ]


    -\\ Google Chrome v

    [ File : C:\Documents and Settings\Breakfix\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


    *************************

    AdwCleaner[R0].txt - [3940 octets] - [22/03/2014 21:51:57]
    AdwCleaner[R1].txt - [4171 octets] - [22/03/2014 21:56:01]
    AdwCleaner[R2].txt - [1465 octets] - [29/04/2014 12:09:13]
    AdwCleaner[R3].txt - [1325 octets] - [29/04/2014 17:08:55]
    AdwCleaner[S0].txt - [4314 octets] - [22/03/2014 22:05:34]

    ########## EOF - C:\AdwCleaner\AdwCleaner[R3].txt - [1445 octets] ##########

  6. #6
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,066

    Default

    Looks like you have used adwcleaner before. Not much there. So if you run Malwarebytes again it finds some of the same malware again?

    On a side note you have two antivirus installed, Avria and ZA antivirus. Only need one resident active AV, not two. Its the anti-malware apps that you can have more than one of.
    I would remove one of them via the add/remove programs panel, then reboot your machine if not prompted to do so. I suggest you remove Zone alarm antivirus and its toolbar. the toolbar is probably listed separately in the list. Keep Avria as your AV.
    How Can I Reduce My Risk?

  7. #7
    Junior Member
    Join Date
    Jul 2011
    Posts
    20

    Default

    Over the past few weeks the computer has been acting very slow and sometimes the screen will go black for a second and then return back. I performed scans using Malwarebytes and it came up with viruses. I cleaned it and removed it from Quarantine and then rebooted. Then re-scaned using Avira, and it would also find viruses and i think they were the same ones. I would scan multiple times until i 'thought' it was clean. But a few days later the same would happen to computer (it seems to blink for a second) and when i run a scan it comes up with malware. I get the feeling i have malware that i can't seem to shake. I also ran scans with ESET Online Scanner and it too would find something even though I had previously ran Malwarebytes and Avira.

    Can we perform additional scans in order to be sure that there is no malware remaining?

  8. #8
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,066

    Default

    ok thanks for the info.
    Lets do this, you've posted a MBAM scan so all that malware has been taken care of, supposedly. check MBAM for updates then do another scan so we can compare the two and see if its finding the same stuff, nothing or new stuff.

    May as well do a scan with Avira also. You can find its report by right clicking on the icon in the system tray>Start Avira free Antivirus>Reports and in the right hand column find the latest Scan, double click it then select Report which will open a text file which you can copy/paste in your reply.
    Next find a Scan that was done at a earlier time so we can compare that also.

    Those items in the MBAM report you posted are usually installed along with other software. You may be asked to install the add on as a option or maybe not. Usually the add ons come in the form of toolbars, not really full blown malware but are referred to as PUP's:
    Potentially Unwanted Program. Theres a section on my web page called Know What Your Installing.
    Toolbars can be resource hogs as well as have privacy concerns. Adwcleaner does a good job of removing them.

    If you can post the logs to see what we are looking at and see if the same things are showing up, then we will go from there.
    Your screen issue may be your video adapter, we can come back to that.
    How Can I Reduce My Risk?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •