[Resolved]Slow computer with malware being detected every time it is started.

  • 55 Replies
  • 10033 Views
*

Offline Yadyrra

  • Bronze Member
  • 117
  • I love cupcakes
We have an XP computer (laptop) that is giving us the following issues:

A little background on the computer.  Computer had a virus about 5 years ago and was taken to store to get it fixed.  It worked fine for about a month and then some other issues came up.  Motherboard was recently replaced (the old one died).  We don't use it much, maybe once a week.  About four or five months ago it was full of trojans/toolbars, etc and I searched for solutions online and was able to delete toolbars (or so I thought). 

Now:
- Running slow (there is hardly anything installed)
-Every time we start the computer, Kaspersky detects malware and deletes it.

What I have done:
-Only used Kaspersky as of today's detection (adding report).

Thanks in advance, again.
------------------------------------------------------------------------------------------------------------------

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 5/24/2009 1:07:41 PM
System Uptime: 11/3/2013 1:55:45 PM (1 hours ago)
.
Motherboard: Hewlett-Packard  |  | 309B
Processor: AMD Turion(tm) 64 Mobile Technology ML-34 | U23 | 1790/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 93 GiB total, 85.241 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Realtek RTL8139 Family PCI Fast Ethernet NIC
Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_309B103C&REV_10\4&13826118&0&30A4
Manufacturer: Realtek
Name: Realtek RTL8139 Family PCI Fast Ethernet NIC
PNP Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_309B103C&REV_10\4&13826118&0&30A4
Service: rtl8139
.
==== System Restore Points ===================
.
RP18: 4/5/2013 10:29:05 PM - Software Distribution Service 3.0
RP19: 4/6/2013 9:16:01 AM - Software Distribution Service 3.0
RP20: 4/6/2013 10:57:18 AM - Software Distribution Service 3.0
RP21: 4/9/2013 7:48:31 PM - First Restore Point
RP22: 4/10/2013 7:00:48 PM - First Restore Point
RP23: 4/10/2013 7:03:55 PM - First Restore Point
RP24: 4/10/2013 7:06:38 PM - First Restore Point
RP25: 4/28/2013 12:25:11 AM - Software Distribution Service 3.0
RP26: 5/12/2013 12:45:08 PM - System Checkpoint
RP27: 5/16/2013 7:30:55 PM - Software Distribution Service 3.0
RP28: 5/16/2013 8:03:36 PM - Software Distribution Service 3.0
RP29: 9/21/2013 10:22:23 PM - Removed Internet Explorer Toolbar 4.7 by SweetPacks
RP30: 9/22/2013 9:29:49 AM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
BitGuard
Broadcom 802.11 Wireless LAN Adapter
CCleaner
Conexant AC-Link Audio
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Kaspersky Anti-Virus 2013
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Mozilla Firefox 22.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NetWaiting
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2809289)
Security Update for Windows Internet Explorer 8 (KB2829530)
Security Update for Windows Internet Explorer 8 (KB2847204)
Security Update for Windows Internet Explorer 8 (KB2870699)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB2803821-v2)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219-v2)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135-v2)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2808735)
Security Update for Windows XP (KB2813170)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820197)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2829361)
Security Update for Windows XP (KB2834886)
Security Update for Windows XP (KB2845187)
Security Update for Windows XP (KB2849470)
Security Update for Windows XP (KB2850869)
Security Update for Windows XP (KB2859537)
Security Update for Windows XP (KB2864063)
Security Update for Windows XP (KB2876217)
Security Update for Windows XP (KB2876315)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
Soft Data Fax Modem with SmartCP
Texas Instruments PCIxx21/x515/xx12 drivers.
TIPCI
Unity Web Player
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB2863058)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB973815)
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows XP Service Pack 3
.
==== End Of File ===========================
« Last Edit: November 03, 2013, 04:41:39 PM by Hoov »

*

Offline Yadyrra

  • Bronze Member
  • 117
  • I love cupcakes
Re: Slow computer with malware being detected every time it is started.
« Reply #1 on: November 03, 2013, 04:39:06 PM »
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Owner at 14:09:55 on 2013-11-03
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1022.425 [GMT -8:00]
.
AV: Kaspersky Anti-Virus *Enabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Anti-Virus *Disabled*
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\klwtblfs.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com/
mStart Page = hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={789285FD-9FEE-11E2-9E60-0014A57CB015}
uURLSearchHooks: <No Name>: {EEE6C35D-6118-11DC-9C72-001320C79847} - LocalServer32 - <no file>
BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - c:\program files\kaspersky lab\kaspersky anti-virus 2013\ieext\contentblocker\ie_content_blocker_plugin.dll
BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - c:\program files\kaspersky lab\kaspersky anti-virus 2013\ieext\virtualkeyboard\ie_virtual_keyboard_plugin.dll
BHO: LyricsWoofer: {73F8F433-14C8-48AA-8412-54BC6F8D3FA3} -
BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - c:\program files\kaspersky lab\kaspersky anti-virus 2013\ieext\urladvisor\klwtbbho.dll
BHO: SweetPacks Browser Helper: {EEE6C35C-6118-11DC-9C72-001320C79847} - LocalServer32 - <no file>
TB: SweetPacks Toolbar for Internet Explorer: {EEE6C35B-6118-11DC-9C72-001320C79847} - LocalServer32 - <no file>
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky anti-virus 2013\avp.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:60
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - c:\program files\kaspersky lab\kaspersky anti-virus 2013\ieext\virtualkeyboard\ie_virtual_keyboard_plugin.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky anti-virus 2013\ieext\urladvisor\klwtbbho.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{DAD0EABC-D227-4D70-AFB3-0088C887B1E9} : DHCPNameServer = 192.168.0.1
Notify: AtiExtEvent - Ati2evxx.dll
Notify: klogon - c:\windows\system32\klogon.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\r9li6vzh.default\
FF - plugin: c:\documents and settings\owner\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_117.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.shownSelectionUI - true
.
============= SERVICES / DRIVERS ===============
.
R0 kl1;kl1;c:\windows\system32\drivers\kl1.sys [2012-6-19 135776]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2009-8-26 593504]
R1 kltdi;kltdi;c:\windows\system32\drivers\kltdi.sys [2012-6-8 44000]
R1 kneps;kneps;c:\windows\system32\drivers\kneps.sys [2012-8-13 145040]
R2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky anti-virus 2013\avp.exe -r --> c:\program files\kaspersky lab\kaspersky anti-virus 2013\avp.exe -r [?]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2005-8-22 231424]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-4-30 35672]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\drivers\klkbdflt.sys [2012-5-25 24160]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2012-7-25 24672]
.
=============== Created Last 30 ================
.
2013-11-03 17:51:24   17813896   ----a-w-   c:\windows\system32\FlashPlayerInstaller.exe
.
==================== Find3M  ====================
.
2013-11-03 17:52:25   692616   ----a-w-   c:\windows\system32\FlashPlayerApp.exe
2013-11-03 17:52:22   71048   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-20 22:03:33   24672   ----a-w-   c:\windows\system32\drivers\klmouflt.sys
2013-10-20 22:03:33   24160   ----a-w-   c:\windows\system32\drivers\klkbdflt.sys
2013-10-20 22:03:31   135776   ----a-w-   c:\windows\system32\drivers\kl1.sys
2013-08-09 01:56:45   386560   ----a-w-   c:\windows\system32\themeui.dll
2013-08-08 06:05:59   920064   ----a-w-   c:\windows\system32\wininet.dll
2013-08-08 06:05:59   43520   ------w-   c:\windows\system32\licmgr10.dll
2013-08-08 06:05:59   1469440   ------w-   c:\windows\system32\inetcpl.cpl
2013-08-08 06:05:58   18944   ------w-   c:\windows\system32\corpol.dll
2013-08-08 01:27:48   1877760   ----a-w-   c:\windows\system32\win32k.sys
2013-08-08 00:02:34   385024   ------w-   c:\windows\system32\html.iec
.
============= FINISH: 14:11:31.06 ===============

*

Offline Yadyrra

  • Bronze Member
  • 117
  • I love cupcakes
Re: Slow computer with malware being detected every time it is started.
« Reply #2 on: November 03, 2013, 04:39:52 PM »
Type: Unknown (4)   
8.tmp   Deleted   11/3/2013 10:14:32 AM   c:\documents and settings\owner\local settings\temp\   8.tmp   
22.tmp   Deleted   11/3/2013 10:14:08 AM   c:\documents and settings\owner\local settings\temp\   22.tmp   
che11.tmp   Disinfected   11/3/2013 10:13:26 AM   c:\documents and settings\owner\local settings\temp\   che11.tmp   
lfw.exe   Deleted   11/3/2013 10:13:24 AM   c:\documents and settings\owner\local settings\temp\   lfw.exe   
Type: Trojan program (4)   
HEUR:Trojan.Win32.Generic   Deleted   11/3/2013 10:14:32 AM   c:\documents and settings\owner\local settings\temp\8.tmp//pack_2.6.1339.144.7z//   kerberos_bho.dll   
Trojan-Downloader.Win32.MultiDL.r   Deleted   11/3/2013 10:14:08 AM   c:\documents and settings\owner\local settings\temp\22.tmp//pack_2.6.1673.238.7z//   protector.dll   
HEUR:Trojan.Win32.Generic   Deleted   11/3/2013 10:14:06 AM   c:\documents and settings\owner\local settings\temp\22.tmp//pack_2.6.1673.238.7z//   bprotect.exe   
Trojan-Dropper.Win32.Agent.ioyh   Deleted   11/3/2013 10:13:41 AM   c:\documents and settings\owner\local settings\temp\22.tmp//   data0001   
Type: adware (6)   
not-a-virus:AdWare.Win32.Lyckriks.cs   Deleted   11/3/2013 11:22:14 AM   C:\System Volume Information\_restore{5EF14D0F-B6AA-462D-916F-5A5F24AA8728}\RP28\   A0068148.exe   
not-a-virus:AdWare.Win32.Lyckriks.b   Deleted   11/3/2013 11:12:24 AM   C:\System Volume Information\_restore{5EF14D0F-B6AA-462D-916F-5A5F24AA8728}\RP28\   A0068020.manifest   
not-a-virus:AdWare.Win32.WebCake.a   Deleted   11/3/2013 10:29:31 AM   C:\System Volume Information\_restore{5EF14D0F-B6AA-462D-916F-5A5F24AA8728}\RP20\   A0066625.dll   
not-a-virus:AdWare.Win32.Lyckriks.b   Deleted   11/3/2013 10:13:26 AM   c:\documents and settings\owner\local settings\temp\che11.tmp//   manifest.json   
not-a-virus:AdWare.Win32.Lyckriks.cs   Deleted   11/3/2013 10:13:24 AM   c:\documents and settings\owner\local settings\temp\lfw.exe//   LyricsWooferUPD.exe   
not-a-virus:AdWare.Win32.Lyckriks.lo   Deleted   11/3/2013 10:13:00 AM   c:\documents and settings\owner\local settings\temp\lfw.exe//130.crx//   cs.js   

*

Offline Hoov

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • 27183
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: Slow computer with malware being detected every time it is started.
« Reply #3 on: November 03, 2013, 04:41:07 PM »
RootK will be helping you. Please wait for his first post.

Former Consumer Security MVP
2011-2014

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

*

Offline Yadyrra

  • Bronze Member
  • 117
  • I love cupcakes
Hoov, thank you.. you had enough of my annoying laptops.  :LOL

*

Offline Rootk

  • Malware Removal Staff
  • Silver Member
  • 878
  • ...
Hi, I'm Rootk and I will be helping you with your problem. First off, I want you to know that I'm still in training for malware removal and my responses have to be approved before I can post them to you, therefore there will be a little delay between each post.

Please follow these steps:

1.- Download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
    • Then click Finish.
    MBAM will automatically start and you will be asked to update the program before performing a scan.
    • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
    • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
    On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
    • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
    • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
    • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
    • Click OK to close the message box and continue with the removal process.
    Back at the main Scanner screen:
    • Click on the Show Results button to see a list of any malware that was found.
    • Make sure that everything is checked, and click Remove Selected.
    • When removal is completed, a log report will open in Notepad.
    • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
    • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system, along with a fresh HijackThis log.
    • Exit MBAM when done.
    Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.




    2.- Next, download Malwarebytes Anti-Rootkit (MBAR) from this link http://www.malwarebytes.org/products/mbar/
    - Unzip the File to a convenient location. (Recommend the Desktop)
    - Open the folder where the contents were unzipped to run mbar.exe
    - Double-click on the mbar.exe file, you may receive a User Account Control prompt asking if you are sure you wish to allow the program to run. Please allow the program to run and MBAR will now start to install any necessary drivers that are required for the program to operate correctly. If a rootkit is interfering with the installation of the drivers you will see a message that states that the DDA driver was not installed and that you should reboot your computer to install it. You will see this image:



    - If you receive this message, please click on the Yes button and Malwarebytes Anti-Rootkit will now restart your computer. Once the computer is rebooted and you login, MBAR will automatically start and you will now be at the start screen. (If no Rootkit warning you will go from step 4 to 6.)

    - The following image opens, select Next.



    - The following image opens, select Update



    - When the Update completes, select Next



    - In the following window ensure "Targets" are ticked. Then select "Scan"



    - If an infection/s is found the "Cleanup Button" to remove threats will be available. A list of infected files will be listed like the following example:



    - Do not select the "Clean up Button" select the "Exit" button, there will be a warning as follows:



    - Select "Yes" to close down the program. If NO infections were found you will see the following image:



    - Select "Exit" to close down.
    - Copy and paste the two following logs from the mbar folder:

    System - log
    Mbar - log   Date and time of scan will also be shown

    Post those two logs in your reply.

    *

    Offline Yadyrra

    • Bronze Member
    • 117
    • I love cupcakes
    RootK, I appreciate all the help and all the time this wonderful team spends helping me out.

    -----------------------------------------------------------------------------------

    Malwarebytes Anti-Malware (Trial) 1.75.0.1300
    http://www.malwarebytes.org

    Database version: v2013.11.04.01

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    Owner :: OWNER-E65F42F56 [administrator]

    Protection: Enabled

    11/3/2013 6:50:15 PM
    mbam-log-2013-11-03 (18-50-15).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 185385
    Time elapsed: 30 minute(s), 45 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 34
    HKCR\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
    HKCR\CLSID\{73F8F433-14C8-48AA-8412-54BC6F8D3FA3} (PUP.LyricsAd) -> Quarantined and deleted successfully.
    HKCR\TypeLib\{9A68058C-6ABC-4721-8410-F97BDB3F1E3F} (PUP.LyricsAd) -> Quarantined and deleted successfully.
    HKCR\Interface\{B6942B10-1F2F-4915-B85D-0F064BBBB8D3} (PUP.LyricsAd) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{73F8F433-14C8-48AA-8412-54BC6F8D3FA3} (PUP.LyricsAd) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{73F8F433-14C8-48AA-8412-54BC6F8D3FA3} (PUP.LyricsAd) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{73F8F433-14C8-48AA-8412-54BC6F8D3FA3} (PUP.LyricsAd) -> Quarantined and deleted successfully.
    HKCR\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetPacks) -> Quarantined and deleted successfully.
    HKCR\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetPacks) -> Quarantined and deleted successfully.
    HKCR\Interface\{EEE6C358-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetPacks) -> Quarantined and deleted successfully.
    HKCR\Toolbar3.SWEETIE.1 (PUP.Optional.SweetPacks) -> Quarantined and deleted successfully.
    HKCR\Toolbar3.SWEETIE (PUP.Optional.SweetPacks) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetPacks) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetPacks) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3} (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3} (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A8720491-9558-4C0D-9E35-30EED15DFB2B} (PUP.LyricsAd) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A8720491-9558-4C0D-9E35-30EED15DFB2B} (PUP.LyricsAd) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} (PUP.Optional.SweetPacks) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} (PUP.Optional.SweetPacks) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUP.EXE (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\DataMngr_Toolbar (PUP.Optional.DataMngr.A) -> Quarantined and deleted successfully.
    HKCU\Software\1ClickDownload (PUP.Optional.1ClickDownload.A) -> Quarantined and deleted successfully.
    HKCU\Software\DataMngr (PUP.Optional.DataMngr.A) -> Quarantined and deleted successfully.
    HKCU\Software\LyricsWoofer (PUP.Optional.LyricsWoofer.A) -> Quarantined and deleted successfully.
    HKCU\Software\Updater By SweetPacks (PUP.Optional.SweetPacks.A) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Quarantined and deleted successfully.
    HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings (PUP.Optional.BProtector.A) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Updater By SweetPacks (PUP.Optional.SweetPacks.A) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Wow6432Node\Updater By SweetPacks (PUP.Optional.SweetPacks.A) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.

    Registry Values Detected: 7
    HKLM\SOFTWARE\Mozilla\Firefox\Extensions|{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} (PUP.Optional.SweetPacks) -> Data: C:\Program Files\Updater By SweetPacks\Firefox -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Mozilla\Firefox\Extensions\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} (PUP.Optional.SweetPacks) -> Data:  -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|bProtector Start Page (PUP.BProtector) -> Data: http://www.delta-search.com/?affID=119351&tt=gc_&babsrc=HP_ss&mntrId=1C150014A57CB015 -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|bProtectorDefaultScope (PUP.BProtector) -> Data: {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} -> Quarantined and deleted successfully.
    HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Data: 0L1N1H2O1S -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs|bProtectTabs (PUP.Optional.BrowserProtect.A) -> Data: http://www.delta-search.com/?affID=119351&tt=gc_&babsrc=NT_ss&mntrId=1C150014A57CB015 -> Quarantined and deleted successfully.
    HKLM\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Data: {789285FD-9FEE-11E2-9E60-0014A57CB015} -> Quarantined and deleted successfully.

    Registry Data Items Detected: 1
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.SweetPacks) -> Bad: (http://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={789285FD-9FEE-11E2-9E60-0014A57CB015}) Good: (http://www.google.com) -> Quarantined and repaired successfully.

    Folders Detected: 21
    C:\Documents and Settings\Owner\Application Data\Babylon (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Start Menu\Programs\hdvidcodec.com (PUP.Optional.HDVidCodec.A) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Tarma Installer (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504} (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Cache (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\BabSolution (PUP.Optional.BabSolution.A) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\BabSolution\CR (PUP.Optional.BabSolution.A) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\File Scout (PUP.Optional.FileScout.A) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\BitGuard\2.6.1673.238 (PUP.Optional.BitGuard.A) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\BitGuard\2.6.1673.238\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8} (PUP.Optional.BitGuard.A) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\BitGuard\2.6.1673.238\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension (PUP.Optional.BitGuard.A) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\BitGuard\2.6.1673.238\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings (PUP.Optional.BitGuard.A) -> Quarantined and deleted successfully.
    C:\Program Files\SweetIM\Toolbars (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
    C:\Program Files\SweetIM\Toolbars\Internet Explorer (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
    C:\Program Files\SweetIM\Toolbars\Internet Explorer\conf (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
    C:\Program Files\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
    C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
    C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\blue (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
    C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\green (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
    C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\orange (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
    C:\Program Files\LyricsFan (PUP.Optional.LyricsFan.A) -> Quarantined and deleted successfully.

    Files Detected: 127
    C:\Documents and Settings\All Users\Application Data\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.exe (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\File Scout\filescout.exe (PUP.Optional.FileScout.A) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\My Documents\Downloads\Setup.exe (PUP.Optional.Solimba) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Local Settings\Temp\B.tmp (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Local Settings\Temp\mgsqlite3.7z (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Local Settings\Temp\mgsqlite3.dll (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Local Settings\Temp\Shortcut_BundleSweetIMSetup.exe (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Local Settings\Temp\77FF50FA-BAB0-7891-B17E-768A662C9B2A\Latest\MyBabylonTB.exe (PUP.Optional.Delta) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Local Settings\Temp\is1275519350\DeltaTB.exe (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Local Settings\Temp\is1275519350\FindLyrics.exe (PUP.Optional.AdLyrics) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Start Menu\Programs\hdvidcodec.com\HDVidCodec.lnk (PUP.Optional.HDVidCodec.A) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Start Menu\Programs\hdvidcodec.com\Uninstall.lnk (PUP.Optional.HDVidCodec.A) -> Quarantined and deleted successfully.
    C:\WINDOWS\Tasks\BitGuard.job (PUP.Optional.BitGuard.A) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.dat (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.ico (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setup.dll (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\BabSolution\CR\Delta.crx (PUP.Optional.BabSolution.A) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Application Data\File Scout\uninst.exe (PUP.Optional.FileScout.A) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\BitGuard\2.6.1673.238\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.settings (PUP.Optional.BitGuard.A) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\BitGuard\2.6.1673.238\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\bl (PUP.Optional.BitGuard.A) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\BitGuard\2.6.1673.238\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\dm (PUP.Optional.BitGuard.A) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\BitGuard\2.6.1673.238\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\00 (PUP.Optional.BitGuard.A) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\BitGuard\2.6.1673.238\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\01 (PUP.Optional.BitGuard.A) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\BitGuard\2.6.1673.238\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\02 (PUP.Optional.BitGuard.A) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\BitGuard\2.6.1673.238\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\03 (PUP.Optional.BitGuard.A) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\BitGuard\2.6.1673.238\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\10 (PUP.Optional.BitGuard.A) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\BitGuard\2.6.1673.238\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\11 (PUP.Optional.BitGuard.A) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\BitGuard\2.6.1673.238\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\12 (PUP.Optional.BitGuard.A) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\BitGuard\2.6.1673.238\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\13 (PUP.Optional.BitGuard.A) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\BitGuard\2.6.1673.238\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\20 (PUP.Optional.BitGuard.A) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\BitGuard\2.6.1673.238\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\21 (PUP.Optional.BitGuard.A) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\BitGuard\2.6.1673.238\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\22 (PUP.Optional.BitGuard.A) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\BitGuard\2.6.1673.238\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\23 (PUP.Optional.BitGuard.A) -> Quarantined and deleted successfully.
    C:\Program Files\SweetIM\Toolbars\Internet Explorer\ClearHist.exe (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
    C:\Program Files\SweetIM\Toolbars\Internet Explorer\default.xml (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
    C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgcommon.dll (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
    C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgconfig.dll (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
    C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
    C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
    C:\Program Files\SweetIM\Toolbars\Internet Explorer\mghooking.dll (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
    C:\Program Files\SweetIM\Toolbars\Internet Explorer\mglogger.dll (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
    C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgsimcommon.dll (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
    C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
    C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
    C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgxml_wrapper.dll (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
    C:\Program Files\SweetIM\Toolbars\Internet Explorer\conf\logger.xml (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
    C:\Program Files\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\Microsoft.VC90.CRT.manifest (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
    C:\Program Files\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\msvcm90.dll (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
    C:\Program Files\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\msvcp90.dll (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
    C:\Program Files\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\msvcr90.dll (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
    C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\eye_icon.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
    C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\logo_32x32.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
    C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\about.html (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
    C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\affid.dat (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
    C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\basis.xml (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
    C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\bing.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
    C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\clear-history.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
    C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\content-notifier-anim-over.gif (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
    C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\content-notifier-anim.gif (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
    C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\content-notifier.js (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
    C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\dating.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
    C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\dictionary.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
    C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\eye_icon_over.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
    C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\e_cards.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
    C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\find.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
    C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\free_stuff.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
    C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\games.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
    C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\glitter.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
    C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\google.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
    C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\help.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
    C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\highlight.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
    C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\locales.xml (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
    C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\logo_16x16.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
    C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\logo_21x18.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
    C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\logo_about.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
    C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\MenuExt.html (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
    C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\more-search-providers.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
    C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\music.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
    C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\news.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
    C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\onstart.js (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
    C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\options.html (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
    C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\photos.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
    C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\search-current-site.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
    C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\shopping.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
    C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\SmileySmile.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
    C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\SmileyWink.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
    C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\sweetim_text.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
    C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\toolbar.xml (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
    C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\video.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
    C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\web-search.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
    C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\yahoo.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
    C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
    C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_bing.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
    C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_blank.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
    C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_current.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
    C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_dictionary.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
    C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_google.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
    C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_hover.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
    C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_left.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
    C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_photo.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
    C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_video.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
    C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_web.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
    C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_yahoo.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
    C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
    C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_bing.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
    C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_current.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
    C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_dictionary.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
    C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_google.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
    C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_hover.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
    C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_left.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
    C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_photo.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
    C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_video.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
    C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_web.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
    C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_yahoo.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
    C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
    C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_bing.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
    C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_current.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
    C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_dictionary.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
    C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_google.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
    C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_hover.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
    C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_left.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
    C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_photo.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
    C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_video.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
    C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_web.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
    C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_yahoo.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.

    (end)

    *

    Offline Yadyrra

    • Bronze Member
    • 117
    • I love cupcakes
    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 0.00.0.0000

    (c) Malwarebytes Corporation 2011-2012

    OS version: 5.1.2600 Windows XP Service Pack 3 x86

    Account is Administrative

    Internet Explorer version: 8.0.6001.18702

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED
    CPU speed: 1.790000 GHz
    Memory total: 1071824896, free: 493236224

    Downloaded database version: v2013.11.04.01
    Downloaded database version: v2013.10.11.02
    =======================================
    Initializing...
    ------------ Kernel report ------------
         11/03/2013 19:59:39
    ------------ Loaded modules -----------
    \WINDOWS\system32\ntkrnlpa.exe
    \WINDOWS\system32\hal.dll
    \WINDOWS\system32\KDCOM.DLL
    \WINDOWS\system32\BOOTVID.dll
    diiju.sys
    ACPI.sys
    \WINDOWS\system32\DRIVERS\WMILIB.SYS
    pci.sys
    isapnp.sys
    ohci1394.sys
    \WINDOWS\system32\DRIVERS\1394BUS.SYS
    kl1.sys
    compbatt.sys
    \WINDOWS\system32\DRIVERS\BATTC.SYS
    pciide.sys
    \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
    pcmcia.sys
    MountMgr.sys
    ftdisk.sys
    dmload.sys
    dmio.sys
    ACPIEC.sys
    \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
    PartMgr.sys
    VolSnap.sys
    atapi.sys
    disk.sys
    \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    fltmgr.sys
    sr.sys
    KSecDD.sys
    Ntfs.sys
    NDIS.sys
    Mup.sys
    \SystemRoot\system32\DRIVERS\processr.sys
    \SystemRoot\system32\DRIVERS\wmiacpi.sys
    \SystemRoot\system32\DRIVERS\ati2mtag.sys
    \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    \SystemRoot\system32\DRIVERS\usbohci.sys
    \SystemRoot\system32\DRIVERS\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\usbehci.sys
    \SystemRoot\system32\DRIVERS\imapi.sys
    \SystemRoot\system32\DRIVERS\cdrom.sys
    \SystemRoot\system32\DRIVERS\redbook.sys
    \SystemRoot\system32\DRIVERS\ks.sys
    \SystemRoot\system32\DRIVERS\i8042prt.sys
    \SystemRoot\system32\DRIVERS\klkbdflt.sys
    \SystemRoot\system32\DRIVERS\kbdclass.sys
    \SystemRoot\system32\DRIVERS\klmouflt.sys
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \SystemRoot\system32\DRIVERS\CmBatt.sys
    \SystemRoot\system32\DRIVERS\bcmwl5.sys
    \SystemRoot\system32\DRIVERS\nic1394.sys
    \SystemRoot\system32\drivers\tifm21.sys
    \SystemRoot\system32\DRIVERS\sdbus.sys
    \SystemRoot\system32\drivers\camc6hal.sys
    \SystemRoot\system32\drivers\camc6aud.sys
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\system32\DRIVERS\HSFHWATI.sys
    \SystemRoot\system32\DRIVERS\HSF_DPV.sys
    \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
    \SystemRoot\System32\Drivers\Modem.SYS
    \SystemRoot\system32\DRIVERS\klim5.sys
    \SystemRoot\system32\DRIVERS\klflt.sys
    \SystemRoot\system32\DRIVERS\audstub.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\system32\DRIVERS\psched.sys
    \SystemRoot\system32\DRIVERS\msgpc.sys
    \SystemRoot\system32\DRIVERS\ptilink.sys
    \SystemRoot\system32\DRIVERS\raspti.sys
    \SystemRoot\system32\DRIVERS\rdpdr.sys
    \SystemRoot\system32\DRIVERS\termdd.sys
    \SystemRoot\system32\DRIVERS\swenum.sys
    \SystemRoot\system32\DRIVERS\update.sys
    \SystemRoot\system32\DRIVERS\mssmbios.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\system32\DRIVERS\klif.sys
    \SystemRoot\System32\Drivers\Fs_Rec.SYS
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\Drivers\mnmdd.SYS
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\DRIVERS\rasacd.sys
    \SystemRoot\system32\DRIVERS\ipsec.sys
    \SystemRoot\system32\DRIVERS\tcpip.sys
    \SystemRoot\system32\DRIVERS\kltdi.sys
    \SystemRoot\system32\DRIVERS\netbt.sys
    \SystemRoot\System32\drivers\afd.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\system32\DRIVERS\kneps.sys
    \SystemRoot\System32\Drivers\Fips.SYS
    \SystemRoot\system32\DRIVERS\ipnat.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\system32\DRIVERS\arp1394.sys
    \SystemRoot\System32\Drivers\Cdfs.SYS
    \SystemRoot\System32\Drivers\dump_atapi.sys
    \SystemRoot\System32\Drivers\dump_WMILIB.SYS
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\System32\watchdog.sys
    \SystemRoot\System32\drivers\dxg.sys
    \SystemRoot\System32\drivers\dxgthk.sys
    \SystemRoot\System32\ati2dvag.dll
    \SystemRoot\System32\ati2cqag.dll
    \SystemRoot\System32\atikvmag.dll
    \SystemRoot\System32\ati3duag.dll
    \SystemRoot\System32\ativvaxx.dll
    \SystemRoot\system32\DRIVERS\ndisuio.sys
    \SystemRoot\system32\drivers\wdmaud.sys
    \SystemRoot\system32\drivers\sysaudio.sys
    \SystemRoot\system32\DRIVERS\mrxdav.sys
    \SystemRoot\system32\DRIVERS\srv.sys
    \SystemRoot\system32\DRIVERS\mdmxsdk.sys
    \SystemRoot\system32\DRIVERS\ipfltdrv.sys
    \SystemRoot\System32\Drivers\HTTP.sys
    \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
    \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
    \WINDOWS\system32\ntdll.dll
    \WINDOWS\system32\kernel32.dll
    ----------- End -----------
    Done!
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xffffffff86d79ab8
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-3\
    Lower Device Object: 0xffffffff86d54940
    Lower Device Driver Name: \Driver\atapi\
    <<<2>>>
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xffffffff86d79ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffffff86d02900, DeviceName: Unknown, DriverName: \Driver\PartMgr\
    DevicePointer: 0xffffffff86d79ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xffffffff86d909e8, DeviceName: \Device\00000073\, DriverName: \Driver\ACPI\
    DevicePointer: 0xffffffff86d54940, DeviceName: \Device\Ide\IdeDeviceP0T0L0-3\, DriverName: \Driver\atapi\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Done!
    Drive 0
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: FD1EFD1E

    Partition information:

        Partition 0 type is Primary (0x7)
        Partition is ACTIVE.
        Partition starts at LBA: 63  Numsec = 195350337
        Partition file system is NTFS
        Partition is bootable

        Partition 1 type is Empty (0x0)
        Partition is NOT ACTIVE.
        Partition starts at LBA: 0  Numsec = 0

        Partition 2 type is Empty (0x0)
        Partition is NOT ACTIVE.
        Partition starts at LBA: 0  Numsec = 0

        Partition 3 type is Empty (0x0)
        Partition is NOT ACTIVE.
        Partition starts at LBA: 0  Numsec = 0

    Disk Size: 100030242816 bytes
    Sector size: 512 bytes

    Scanning physical sectors of unpartitioned space on drive 0 (1-62-195351568-195371568)...
    Done!
    Scan finished
    =======================================


    Removal queue found; removal started
    Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
    Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_63_i.mbam...
    Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
    Removal finished

    *

    Offline Yadyrra

    • Bronze Member
    • 117
    • I love cupcakes
    Malwarebytes Anti-Rootkit BETA 0.00.0.0000
    http://www.malwarebytes.org

    Database version: v2013.11.04.01

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    Owner :: OWNER-E65F42F56 [administrator]

    11/3/2013 8:00:36 PM
    mbar-log-2013-11-03 (20-00-36).txt

    Scan type: Quick scan
    Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
    Scan options disabled:
    Objects scanned: 185815
    Time elapsed: 1 hour(s), 6 minute(s), 52 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    Physical Sectors Detected: 0
    (No malicious items detected)

    (end)

    *

    Offline Yadyrra

    • Bronze Member
    • 117
    • I love cupcakes

    Upon restarting the computer I noticed the desktop background loads but it takes about 5 minutes for everything else to load.

    Browsers seem to hang for a little while befor opening.  Firefox takes about 1.5 min to open and IE about a minute (no other programs running).

    *

    Offline Rootk

    • Malware Removal Staff
    • Silver Member
    • 878
    • ...
    Please follow these steps:

    1.- Download AdwCleaner by Xplode onto your Desktop.
    •   Please close all open programs and internet browsers.
    •   Double click on Adwcleaner.exe to run the tool.
    •   Click on Delete.
    •   Confirm each time with OK.
    •   Your computer will be rebooted automatically. A text file will open after the restart.
    •   Please post the content of that logfile in your reply.
    •   You can find the logfile at C:\AdwCleaner[Sn].txt.
    2.- Download Junkware Removal Tool to your desktop.
    • Shutdown your antivirus to avoid any conflicts.
    • Run the tool by double-clicking it.
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt in your next message.
    3.- Download RogueKiller and Save to the desktop.
    • Close all windows and browsers
    • Double click on RogueKiller.exe to run the tool.
    • Press the scan button.
    • A report opens on the desktop named - RKreport.txt
    • Please post it in your next reply.

    *

    Offline Yadyrra

    • Bronze Member
    • 117
    • I love cupcakes
    Update:  Windows is not hanging at startup anymore.
    ------------------------------------------------------------------------

    # AdwCleaner v3.011 - Report created 04/11/2013 at 12:41:58
    # Updated 03/11/2013 by Xplode
    # Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
    # Username : Owner - OWNER-E65F42F56
    # Running from : C:\Documents and Settings\Owner\Desktop\AdwCleaner.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    Folder Deleted : C:\Documents and Settings\All Users\Application Data\Babylon
    Folder Deleted : C:\Documents and Settings\All Users\Application Data\BitGuard
    Folder Deleted : C:\Documents and Settings\All Users\Application Data\SweetIM
    Folder Deleted : C:\Program Files\FindLyrics
    Folder Deleted : C:\Program Files\HDvidCodec.com
    Folder Deleted : C:\Program Files\Movie2KDownloader.com
    Folder Deleted : C:\Program Files\SweetIM
    Folder Deleted : C:\Documents and Settings\Owner\Start Menu\Programs\BitGuard
    File Deleted : C:\Documents and Settings\Owner\Desktop\HDVidCodec.lnk
    File Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\r9li6vzh.default\bprotector_extensions.sqlite
    File Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\r9li6vzh.default\bprotector_prefs.js
    File Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\r9li6vzh.default\invalidprefs.js
    File Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\extensions\user.js
    File Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\r9li6vzh.default\user.js

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\blaofbhgbmeikidhlkmjhbkbfohpgekf
    Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
    Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar
    Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1
    Key Deleted : HKCU\Software\5a55dfdcb73fea17
    Key Deleted : HKLM\SOFTWARE\5a55dfdcb73fea17
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{44C9CC91-6A4A-4579-B4B5-899ECDC18DC6}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35D-6118-11DC-9C72-001320C79847}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{44C9CC91-6A4A-4579-B4B5-899ECDC18DC6}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EEE6C35D-6118-11DC-9C72-001320C79847}]
    Key Deleted : HKCU\Software\Softonic
    Key Deleted : HKLM\Software\Babylon
    Key Deleted : HKLM\Software\DataMngr
    Key Deleted : HKLM\Software\Tarma Installer
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\1ClickDownload
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E6768B6932D112438F047C54D180635
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\351716A953E21214898904032EAE2E81
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\69D6A6B2ED56AF24EA6335EAD6E91CA4
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7FFA128C2B0FF414D805FC5627883401
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EDC790504E1834DBC20C9A04328FD2
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\97C3D0F82E712E241A2F969F45E3351C
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9E7F556BF224D804D96A96F0F6344789
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A189D17A469616C4688D23E192996267
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF4F885EDEE45644EB1E0C99E0162399
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE21F3FD57B244142880EF15A165A156
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420

    ***** [ Browsers ] *****

    -\\ Internet Explorer v8.0.6001.18702


    -\\ Mozilla Firefox v23.0.1 (en-US)

    [ File : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\extensions\prefs.js ]


    [ File : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\r9li6vzh.default\prefs.js ]


    *************************

    AdwCleaner[R0].txt - [7319 octets] - [04/11/2013 12:26:18]
    AdwCleaner[S0].txt - [7386 octets] - [04/11/2013 12:41:58]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7446 octets] ##########

    *

    Offline Yadyrra

    • Bronze Member
    • 117
    • I love cupcakes
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.0.7 (10.15.2013:3)
    OS: Microsoft Windows XP x86
    Ran by Owner on Mon 11/04/2013 at 12:59:21.62
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-507921405-839522115-725345543-1003\Software\SweetIM



    ~~~ Files



    ~~~ Folders



    ~~~ FireFox

    Successfully deleted: [Folder] C:\Documents and Settings\Owner\Application Data\mozilla\firefox\profiles\r9li6vzh.default\extensions\116





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Mon 11/04/2013 at 13:04:50.34
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    *

    Offline Yadyrra

    • Bronze Member
    • 117
    • I love cupcakes
    RogueKiller V8.7.6 [Oct 28 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.adlice.com/forum/
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
    Started in : Normal mode
    User : Owner [Admin rights]
    Mode : Scan -- Date : 11/04/2013 13:17:04
    | ARK || FAK || MBR |

    Bad processes : 0

    Registry Entries : 3
    [HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
    [HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
    [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    Scheduled tasks : 0

    Startup Entries : 0

    Web browsers : 0

    Particular Files / Folders:

    Driver : [LOADED]

    External Hives:

    Infection : 

    HOSTS File:
    --> %SystemRoot%\System32\drivers\etc\hosts


    127.0.0.1       localhost


    MBR Check:

    +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) TOSHIBA MK1032GAX +++++
    --- User ---
    [MBR] 2ecacdc3909af50e355b34397b1297b7
    [BSP] 83788bed4c1b626734e5927051dbaff8 : Windows XP MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 95385 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[0]_S_11042013_131704.txt >>





    *

    Offline Yadyrra

    • Bronze Member
    • 117
    • I love cupcakes
    Question about JRT and RogueKiller.  Am I supposed to clean/delete the files infected?

    I did for JRT but did not for RogueKiller.