system
October 13, 2012, 11:04pm
1
I went someplace I shouldn’t have and caught a nasty.
Mostly seems to be happening in Firefox, but there could be other nasties lurking.
Reports attached and below.
Thanks for any help you can give!
Malwarebytes Anti-Malware (PRO) 1.65.0.1400
www.malwarebytes.org
Database version: v2012.10.13.03
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Celeste :: CELESTE-DESKTOP [administrator]
Protection: Enabled
10/13/2012 4:04:25 PM
mbam-log-2012-10-13 (16-04-25).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 237361
Time elapsed: 21 minute(s), 1 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
system
October 13, 2012, 11:10pm
2
Here is the aswMBR report, below and attached.
Thanks so much!
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-13 16:52:22
16:52:22.209 OS Version: Windows 5.1.2600 Service Pack 3
16:52:22.209 Number of processors: 2 586 0xF02
16:52:22.209 ComputerName: CELESTE-DESKTOP UserName: Celeste
16:52:23.772 Initialize success
16:52:30.350 AVAST engine defs: 12101301
16:54:25.240 Disk 0 \Device\Harddisk0\DR0 → \Device\Ide\IdeDeviceP0T0L0-3
16:54:25.240 Disk 0 Vendor: WDC_WD20EARS-00MVWB0 51.0AB51 Size: 1907729MB BusType: 3
16:54:25.256 Disk 1 (boot) \Device\Harddisk1\DR1 → \Device\Ide\IdeDeviceP3T0L0-1b
16:54:25.256 Disk 1 Vendor: WDC_WD2500JS-75NCB3 10.02E04 Size: 238418MB BusType: 3
16:54:25.287 Disk 1 MBR read successfully
16:54:25.287 Disk 1 MBR scan
16:54:25.381 Disk 1 Windows XP default MBR code
16:54:25.381 Disk 1 Partition 1 00 DE Dell Utility Dell 8.0 47 MB offset 63
16:54:25.412 Disk 1 Partition 2 80 (A) 07 HPFS/NTFS NTFS 238362 MB offset 96390
16:54:25.412 Disk 1 scanning sectors +488263545
16:54:25.522 Disk 1 scanning C:\WINDOWS\system32\drivers
16:54:38.272 Service scanning
16:55:00.147 Modules scanning
16:55:09.756 Disk 1 trace - called modules:
16:55:09.803 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
16:55:09.803 1 nt!IofCallDriver → \Device\Harddisk1\DR1[0x8af11ab8]
16:55:09.803 3 CLASSPNP.SYS[b80e8fd7] → nt!IofCallDriver → \Device\Ide\IdeDeviceP3T0L0-1b[0x8aea8b00]
16:55:10.600 AVAST engine scan C:\WINDOWS
16:55:20.053 AVAST engine scan C:\WINDOWS\system32
16:58:09.678 AVAST engine scan C:\WINDOWS\system32\drivers
16:58:28.131 AVAST engine scan C:\Documents and Settings\Celeste
17:01:49.569 Disk 1 MBR has been saved successfully to “C:\Documents and Settings\Celeste\Desktop\top-humor-site.com\MBR.dat”
17:01:49.584 The log file has been saved successfully to “C:\Documents and Settings\Celeste\Desktop\top-humor-site.com\aswMBR.txt”
Let me know if this stops it
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
Run OTL
[*]Under the Custom Scans/Fixes box at the bottom, paste in the following
https://dl.dropbox.com/u/73555776/OTL_Fix.GIF
:OTL
[2012/10/08 15:54:34 | 000,019,591 | ---- | M] () (No name found) -- C:\Documents and Settings\Celeste\Application Data\Mozilla\Firefox\Profiles\lm2rqsj7.default\extensions\YouTubetoALL@ALLPlayer.org.xpi
[2011/12/31 15:26:23 | 000,013,446 | -HS- | C] () -- C:\Documents and Settings\Celeste\Local Settings\Application Data\210ix62kx62y12744267ukpick4g023cen2wf40834k
[2011/12/31 15:26:23 | 000,013,446 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\210ix62kx62y12744267ukpick4g023cen2wf40834k
:Files
C:\Documents and Settings\Celeste\Desktop\top-humor-site.com
:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.